EU Privacy Notice (Effective 2008)
This EU Privacy Notice applies to personal health information of patients collected by the UPMC in the United States from the European Union (EU) in any format and employment information of the UPMC-employed workforce in EU countries. Collectively, such information is referred to as “Personal Information.”
UPMC understands that your Personal Information is sensitive and confidential. UPMC makes every reasonable effort to protect your Personal Information.
UPMC may create or maintain records containing Personal Information in conjunction with its patient care and employment-related activities at UPMC’s EU-based operations. UPMC may also receive and/or manage Personal Information for organizations that UPMC does business with within EU member countries. With respect to the handling and protection of your Personal Information, UPMC adheres to the EU Personal Information Protection Directive through a self-regulatory program. All UPMC operations that are based in an EU member country or have access to Personal Information from an EU member country will follow this EU Privacy Notice and other Privacy rules required under U.S. law (as applicable) or EU individual provider-based data protection agreements.
UPMC comprises a network of hospitals, doctors, rehabilitation services, skilled nursing services, home health services, pharmacy services, laboratory services, and other health care services. Our workforce includes our staff, physicians, students, residents, trainees, volunteers, and others providing services within these facilities, who may or may not be directly employed by UPMC.
UPMC may use your Personal Information for the business, treatment, payment, or health care operations purposes that this EU Privacy Notice describes. UPMC takes reasonable security measures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include password protection for online information systems and restricted access to your Personal Information.
UPMC will not use your Personal Information in a way that is incompatible with the purposes for which it has been collected unless authorized by you. UPMC also will take reasonable steps to ensure that Personal Information collected is relevant for its intended use, and is accurate, complete, and current.
For our Patients — UPMC may create and maintain records with Personal Information about your care. We may collect, process, and store your Personal Information for purposes such as:
- Providing health care services to you
- Designing, implementing, and/or maintaining patient care and patient-related information systems
- Maintaining medical records (including transcriptions, laboratory results, diagnostic images, and other types of clinical information)
- Performing government reporting
- Conducting auditing, accounting, financial, quality assurance, economic, and clinical analyses.
With respect to sensitive Personal Information (for example, political or religious beliefs, union membership, health matters, etc.), UPMC will not share such information except as otherwise described in this notice unless specifically authorized by you. UPMC may disclose sensitive Personal Information if required to comply with the legal process.
Upon request, UPMC will provide you with reasonable access to Personal Information that it holds about you and will take reasonable steps to permit you to correct or amend any data that is inaccurate or incomplete. If you would like to access your Personal Information, you should provide a written request to the facility where you have received services.
Questions or concerns regarding the use or disclosure of Personal Information should be directed to the UPMC Corporate Ethics and Compliance Office, U.S. Steel Tower, 600 Grant St., 58th Floor, Pittsburgh, PA 15219; telephone 412-647-5774; fax 412-623-6476; or e-mail email@example.com.
For our Workforce — UPMC normally creates and maintains records with Personal Information about your employment or staff-related services. We may collect, process, and store your Personal Information for purposes such as:
- Managing and administering employment-related matters
- Designing and administering compensation, benefits, and human resource programs
- Designing and implementing employment-related education and training programs
- Monitoring and evaluating employee conduct and performance
- Maintaining plant and employee security, health, and safety
- Facilitating communications, negotiations, transactions, and conferences
- Complying with contractual and legal obligations.
For Third Parties — UPMC may transfer Personal Information to a third party acting as its agent (for example medical consultants, tax advisers and preparers, accountants, auditors, lawyers, financial services and benefit administrators) without notice to you or your approval, as long as the third party confirms that it provides the same level of protection set forth in this EU Privacy Notice. Personal Information that is transferred will comply with the EU Data Protection Directive and any other applicable EU individual provider-based data protection agreements.
Dispute Resolution Process — if you have a dispute regarding UPMC's use of your Personal Information, you may make a complaint to UPMC. UPMC will investigate and try to resolve the dispute. If the dispute cannot be resolved internally, UPMC will participate in a dispute resolution process established by the EU Data Protection Authorities. Contact UPMC’s International and Commercial Services Division, International Privacy and Security, 200 Lothrop St., Pittsburgh, PA 15213; telephone 412-473-5130; fax 412-473-5151; or email firstname.lastname@example.org.