Title:	Notice of Privacy Practices
Policy Owner:	University Privacy Officer
Applies to:	Workforce Members and Students
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	June 2017
Effective Date:	June 2017
For More Information, Contact:	University Privacy Officer
Contact Information:	privacy@uconn.edu
Official Website:	https://privacy.uconn.edu/

University of Connecticut
NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

POLICY

We understand that information about your health and program is personal. We are committed to protecting health information about you. When you register as a client or patient with one of the University’s HIPAA-Covered Components, we create a record of care and services you will receive from the University. We use this record to provide you with quality services and to comply with certain legal requirements. This notice applies to all of the information maintained by the University’s HIPAA-Covered Components about services or care provided to you. Other providers of service outside of the University of Connecticut may have different policies or notices regarding the information they maintain about your health.

Protected health information (PHI) is any information that describes your health condition or health care that you may have received. This notice explains the ways that the University of Connecticut may use and disclose the PHI that we create, collect or maintain in accordance with HIPAA. We also describe your rights and certain obligations we have regarding the use and disclosure of your PHI. The University of Connecticut is considered to be a Hybrid Entity for HIPAA purposes. This means that the University as a whole is not covered by the requirements of HIPAA. Rather, certain individual units or clinics within the University, such as the one from whom you are receiving this notice, are covered by the requirements of HIPAA. Those units and clinics covered by the requirements of HIPAA, and thereby the contents of this notice, are called the University’s HIPAA-Covered Components. Each HIPAA-Covered Component serves as a separate unit and will not share your PHI between them, except where permitted or required by law, without your permission.
Please be advised that if you are a student at the University of Connecticut, your records may be subject to the federal Family Educational Rights and Privacy Act (FERPA) and/or certain privacy laws of the State of Connecticut, rather than HIPAA. If FERPA applies and/or state law, a different set of standards may dictate both your rights and the obligations of the University with regard to your health-related records. Please refer to the University’s FERPA policy, or contact the University’s Privacy Officer at (860) 486-5256 for more information.

HIPAA requires us to:

• Make sure that any of your PHI is kept private;
• Give you this notice of our legal duties and privacy policy practices with respect to your PHI;
• Notify you of a breach of your PHI, if such breach occurs; and
• Follow the terms of the notice that is currently in effect.

HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION

The following categories describe different ways that we use and disclose your PHI. For each category we will explain what we mean and give some examples. We will not list every use or disclosure in the examples. However, all of the ways we are permitted to use and disclose PHI will fall within one of the categories.

We May Use and Disclose Your Protected Health Information For:

1. Treatment:

We may use your PHI to provide you with services. We may disclose information about you to our staff and students who work to provide you with services.

For example:

• The staff may need to know that you are taking a certain medication or have a medical condition that may affect your care, program or treatment.
• We may disclose your PHI to health providers who are involved in taking care of you.
• We may disclose your PHI to people such as family members or others who take part in your care, program or treatment.

If we are permitted to do so, we may also disclose or allow electronic access to your PHI to a health care provider you designate for follow-up care, care coordination, discharge planning and for other treatment purposes.

2. Payment:

We may use and disclose your PHI so the cost of the services you receive can be billed to health plans or to you.

For example:

• We may provide information to a vendor who acts a our billing agent.

3. Health Care Operations:

We may use and disclose your PHI for University operations. These uses and disclosures are necessary to operate our HIPAA-Covered Components and improve the quality of services.

For example:

• We may use your PHI to review our programs and services and to evaluate the performance of our staff or the performance of a contracted provider.
• We may combine health information about many individuals to decide what changes in service might be needed.
• We may also use combined information to evaluate how we are managing changes in resources or services.

4. Business Associates:

There may be some services provided by our business associates, such as a billing service, transcription service, legal counsel or accounting consultant. We may disclose your PHI to our business associate so that they can perform the job we have asked them to do. To protect your information, we require our business associates to enter into a written contract that obligates them to appropriately safeguard your information.

5. Appointment Reminders:

We may use or disclose your PHI to remind you about appointments for services or treatments.

6. Service Alternatives:

We may use or disclose your PHI to inform you about or recommend possible service or program alternatives that may be of interest to you.

7. Individuals Involved in Your Support or Payment for Your Support:

We may disclose your PHI to a family member, friend, or staff member who is involved in your care, program or treatment. We may also give information to someone who helps pay for your care, program or treatment.

8. Fundraising and Marketing:

We do not use PHI in fundraising or marketing activities.

9. Research:

Under certain circumstances, we may use and disclose your PHI for research purposes.

For example, a research project may involve comparing the progress of all individuals involved in a certain type of treatment program compared to those in a different program.

All research projects are subject to a special approval process. This process evaluates a proposed research project and its use of health information. Before we use or disclose health information for research, the project will have been approved through the University of Connecticut’s research approval process. We will ask for your permission if the researcher will have access to your name, address or other information that reveals who you are.

10. Education:

Under certain circumstances, we may use and disclose your PHI for educational purposes.

Some of the services provided by the University’s HIPAA-Covered Components are delivered by students in the University of Connecticut’s programs. These students work under the supervision of licensed practitioners. These students have full access to your care, treatment or service history unless the individual has placed restrictions on that access.

In some of our programs, University of Connecticut students observe clinical activities in order to complete portions of program requirements. You have the right to that the care, treatment or services you receive be excluded from observations.

11. As Required by Law:

We will disclose your PHI when required to do so by federal, state or local law.

12. To Avert a Serious Threat to Health or Safety:

We may use and disclose your PHI when necessary to prevent a serious threat to your health or safety or the health or safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

13. Workers' Compensation:

We may disclose your PHI for workers' compensation or similar programs. These programs provide benefits for work related injuries or illness.

14. Public Health Risk:

We may disclose your PHI for public health activities. These activities include the following:

• To prevent or control disease, injury or disability;
• To report births and deaths;
• To report abuse or neglect;
• To report reactions to medications or problems with products;
• To notify people of recalls of products they may be using;
• To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
• To notify the appropriate government authority if we believe a person has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.

15. Health Oversight Activities:

We may disclose health information to a health oversight agency for activities authorized by law. These oversight activities may include audits, investigations, inspections and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

16. Lawsuits and Disputes:

If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process. We will disclose the information only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

17. Law Enforcement:

We may disclose health information if asked to do so by law enforcement officials:

• In response to a court order, subpoena, warrant, summons or similar process;
• To identify or locate a suspect, fugitive, material witness, or missing person;
• About the victim of a crime if, under limited circumstances, we are unable to obtain the person's agreement;
• About a death we believe may be the result of criminal conduct;
• About criminal conduct within one of our programs; and
• In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.

18. Coroners, Medical Examiners and Funeral Directors:

We may disclose health information to a coroner or medical examiner. This may be necessary to identify a deceased person or determine the cause of death. We may also disclose health information about individuals to funeral directors, as necessary, to carry out their duties.

19. National Security and Intelligence Activities:

We may disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.

20. Protective Services for the President of the United States and Others:

We may disclose your PHI to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state; or to conduct special investigations.

21. Inmates:

If you are an inmate of a correctional institution or under custody of a law enforcement official, we may disclose health information about you to the correctional institution or law enforcement official.

This disclosure would be necessary:
(1) for the institution to provide you with health care
(2) to protect your health and safety or the health and safety of others; or
(3) for the safety and security of the correctional institution.

22. Sale of Protected health information:

Except when permitted by law, we will not sell your protected health information unless we receive a signed authorization from you.

YOUR RIGHTS REGARDING HEALTH INFORMATION ABOUT YOU

You have the following rights regarding health information we maintain about you:

Right to Inspect and Copy:

You have the right to inspect and copy health information that may be used to make decisions about your services. Usually, this includes health and billing records but does not include psychotherapy notes.

To inspect and copy health information that may be used to make decisions about you, you must submit your request in writing to the HIPAA-Covered Component Director. You also have the right to obtain an electronic copy of any of your protected health information that we maintain in electronic format. You have the right to receive a copy of your PHI in the electronic format you request. If you request a copy of the information, we will charge a fee of 65 ¢ per page for copying, plus the costs of mailing or other supplies associated with your request.

We may deny your request to inspect and copy information, in certain very limited circumstances. If you are denied access to health information, you may request that the denial be reviewed. Another person, chosen by the HIPAA-Covered Component, will review your request and the denial. We will comply with the outcome of the review.

Right to Request Transmission of Your Protected Health Information in Electronic Format:

You may direct us to transmit an electronic copy of your protected health information that we maintain in electronic format to an individual or entity you designate. To request the transmission of your electronic health information, you must submit the request in writing to the HIPAA-Covered Component’s Director.

Right to Amend:

If you feel that health information we have about you is incorrect or incomplete; you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the University’s HIPAA-Covered Component.

To request an amendment, your request must be made in writing and submitted to the HIPAA-Covered Component’s Director. In addition, you must provide a reason that supports your request.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

• Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
• Is not part of the health information kept by or for the HIPAA-Covered Component;
• Is not part of the information which you would be permitted to inspect and copy; or
• Is accurate and complete.

Right to an Accounting of Disclosures:

You have the right to request an "accounting of disclosures." This is a list of the disclosures the HIPAA-Covered Component made of your PHI.

To request this list or accounting of disclosures, you must submit your request in writing to the HIPAA-Covered Component’s Director. Your request must state a time period, which may not be longer than six (6) years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, on paper, or electronically). The first list you request within a 12 month period will be free. For additional lists, we may charge you for the cost of providing the list.

We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

We are not required to account for all disclosures, including disclosures for treatment, payment or health care operations. However, effective January 1, 2014, where required by law, when you request a list of disclosure of PHI that is maintained in an electronic health record, the accounting will be for three (3) years prior to the date of the request, and will include disclosures made for the purposes of treatment, payment and health care operations in addition to those disclosures listed in the University’s policy regarding accounting of disclosures. To request this list of disclosures, you must submit your request in writing to the HIPAA-Covered Component’s Director.

Please note that, at times, companies we work with (called “business associates”) may have access to your protected health information. When you request an accounting of disclosures from the University, we may provide you with the accounting of disclosures made by our business associates or the names and contact information of our business associates, so that you may then contact them directly for an accounting of disclosures.

Right to Request Restrictions:

You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or for the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. We are not required to agree to these types of requests; however, if we do agree, we will comply with your request unless the disclosure is needed to provide you emergency treatment.

You may restrict the disclosure of your PHI to a health plan (other than Medicaid or other federal health care program that requires the University to submit information) and the University must agree to your request (unless we are prohibited by law from doing so), if the restriction is for purposes of payment or other health care operations (but not treatment) and if you paid out of pocket, in full, for the item or service to which the protected health information pertains. If those two conditions are not met, we are nto required to agree to your requested restriction. To request restrictions of disclosure to a health plan, you must make your restriction request known at the time of service and complete and sign our restriction form.

Either you or the University may terminate any restriction on the disclosure of your PHI by notifying the other party in writing of the termination. The termination of the restriction will apply only to use and/or disclosure of PHI after the termination date.

Right to Request Confidential Communications:

You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.

To request confidential communications, you must make your request in writing to the HIPAA-Covered Component’s Director. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

Right to a Paper Copy of this Notice:

You have a right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice. You may obtain a copy of this Notice on any of the University’s HIPAA-Covered Components’ websites. You may obtain a paper copy of this Notice at any of the University’s HIPAA-Covered Component offices from whom you receive care.

CHANGES TO THIS NOTICE

We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for health information we already have about you as well as any information we receive in the future. We will post a copy of the current Notice in our facilities and/or on our websites. The Notice will contain the effective date of the Notice on the first page. In addition, each time you receive new services from us, we will offer you a copy of the current Notice in effect.

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with the HIPAA-Covered Component’s Director, the University’s Privacy Officer in the University’s Office of University Compliance (OUC), or with the Secretary of the U.S. Department of Health and Human Services (DHHS) Office of Civil Rights (OCR).

For instructions on filing a complaint within the HIPAA-Covered Component from whom you receive care, contact the Component’s Director:

• Speech & Hearing Clinic: (860) 486-2629
• UConn Fire Department/EMS: (860) 486-0010

Complaints made to the University Privacy Officer/OUC can be made anonymously through the Reportline:

• Website: https://uconncares.alertline.com/gcs/welcome
• Reportline phone number: (888) 685-2637

Alternatively, complainants or individuals with concerns may contact the University’s Privacy Officer directly:

University Privacy Officer
Office of University Compliance
University of Connecticut
28 Professional Park, Unit 5084
Storrs, CT 06269-5084
Phone: (860) 486-5256

To file a complaint with DHHS OCR, you must file in writing (electronic or paper), within 180 days of when you knew or should have known of the problem. Send written complaints to:

DHHS Regional Manager for Region I, Office for Civil Rights
U.S. Department of Health & Human Services Government Center
J.F. Kennedy Federal Building – Room 1875
Boston, Massachusetts 02203

You may file electronic complaints with the DHHS OCR via their web portal or via email. Instructions can be found on their website.

You will not be penalized for filing a complaint.

OTHER USES OF HEALTH INFORMATION

Other uses and disclosures of health information not covered by this Notice or the laws that apply to us will be made only with your written permission. If you provide us written permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose health information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the services that we provided you.

CONTACTS FOR FURTHER INFORMATION

If you have any questions about this notice please contact the Director of the HIPAA-Covered Component from whom you receive care, or the University’s Privacy Officer.

NON-DISCRIMINATION STATEMENT

The University of Connecticut complies with all applicable federal laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex. The University of Connecticut does not exclude people or treat them differently because of race, color, national origin, age, disability, or sex. The University of Connecticut:

• Provides free aids and services to people with disabilities to communicate effectively with us, such as qualified sign language interpreters and/or written information in other formats (large print, audio, accessible electronic formats); and,
• Provides free language services to people whose primary language is not English, such as qualified interpreters and/or information written in other languages.

If you need these services, contact (UConn Student Health Services) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

If you believe that one of the University’s HIPAA-Covered Components has failed to provide the above-described services or subjected you to discrimination, please contact Elizabeth Conklin, J.D., Associate Vice President, Office of Institutional Equity, 241 Glenbrook Road, Unit 4175, Storrs, CT 06269-4175; Phone: (860) 486-2943; Phone: (860) 679-3563; Email: equity@uconn.edu; Website: http://www.equity.uconn.edu. You can file a grievance in person or by mail, phone or email. If you need help filing a grievance, the Office of Institutional Equity is available to help you. Call 860-486-2943.

You also can file a civil rights complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, electronically through the Office for Civil Rights Complaint Portal, available at https://ocrportal.hhs.gov/ocr/portal/lobby.jsf, or by mail or phone at:
U.S. Department of Health and Human Services, 200 Independence Avenue, SW, Room 509F, HHH Building, Washington, D.C. 20201; 1-800-868-1019, 800-537-7697 (TDD). Complaint forms are available at http://www.hhs.gov/ocr/office/file/index.html.

(Spanish) ATENCIÓN: si habla español, tiene a su disposición servicios gratuitos de asistencia lingüística. Llame al (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Polish) UWAGA: Jeżeli mówisz po polsku, możesz skorzystać z bezpłatnej pomocy językowej. Zadzwoń pod numer (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Portuguese) ATENÇÃO: Se fala português, encontram-se disponíveis serviços linguísticos, grátis. Ligue para 860-679-2626 (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Italian) ATTENZIONE: In caso la lingua parlata sia l'italiano, sono disponibili servizi di assistenza linguistica gratuiti. Chiamare il numero (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(French) ATTENTION : Si vous parlez français, des services d'aide linguistique vous sont proposés gratuitement. Appelez le (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Chinese) 注意：如果您使用繁體中文，您可以免費獲得語言援助服務。請致電(UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(French Creole) ATANSYON: Si w pale Kreyòl Ayisyen, gen sèvis èd pou lang ki disponib gratis pou ou. Rele (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(German) ACHTUNG: Wenn Sie Deutsch sprechen, stehen Ihnen kostenlos sprachliche Hilfsdienstleistungen zur Verfügung. Rufnummer: (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Hindi) 􀈯ान द􀅐: यिद आप िहंदी बोलतेह􀅓 तो आपके िलए मु􀉞 म􀅐 भाषा सहायता सेवाएं उपल􀉩 ह􀅓। (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925 पर कॉल कर􀅐।.

(Russian) ВНИМАНИЕ: Если вы говорите на русском языке, то вам доступны бесплатные услуги перевода. Звоните (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Arabic) برقم اتصل .بالمجان لك تتوافر اللغویة المساعدة خدمات فإن ،اللغة اذكر تتحدث كنت إذا :ملحوظة (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Greek) ΠΡΟΣΟΧΗ: Αν μιλάτε ελληνικά, στη διάθεσή σας βρίσκονται υπηρεσίες γλωσσικής υποστήριξης, οι οποίες παρέχονται δωρεάν. Καλέστε (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Tagalog) PAUNAWA: Kung nagsasalita ka ng Tagalog, maaari kang gumamit ng mga serbisyo ng tulong sa wika nang walang bayad. Tumawag sa (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Vietnamese) CHÚ Ý: Nếu bạn nói Tiếng Việt, có các dịch vụ hỗ trợ ngôn ngữ miễn phí dành cho bạn. Gọi số (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Albanian) KUJDES: Nëse flitni shqip, për ju ka në dispozicion shërbime të asistencës gjuhësore, pa pagesë. Telefononi në (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925.

(Korean) 주의: 한국어를 사용하시는 경우, 언어 지원 서비스를 무료로 이용하실 수 있습니다. (UConn Student Health and Wellness) 860-486-4700 / (UConn Speech and Hearing Clinic) 860-486-2629 / (UConn Fire Department) 860-486-4925 번으로 전화해 주십시오.

 

This is a historic document that was adopted with minor editorial changes on 3/30/2026.