Privacy Disclaimer

Your Privacy

Notice of Data Security Incident

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Notice Regarding Compliance By Mercy Iowa City With HIPAA Privacy, Security and Other Regulations

Your Privacy Is Important To Us

At Mercy Iowa City, we are committed to providing our patients with Exceptional Medicine, Extraordinary Care. An important part of our commitment is our pledge to protect your nonpublic personal medical and financial information. This notice, which is required by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), informs you about our privacy practices.

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), U.S. Department of Health and Human Services (HHS) is promulgating regulations that address, among other things; 1) standards for the privacy of individually identifiable health information; 2) security standards to protect the confidentiality and integrity of health information and the information technology used to store, process, and transmit such data; and 3) standards for administrative transactions and data elements exchanged electronically that are consistent with the goals of improving the operation of the health care system and reducing administrative costs.

Please note that HHS has released some final regulations, with varying dates for compliance, and some proposed, but not final, regulations. After HHS has issued final HIPAA regulations, Mercy Iowa City will undertake a review to its policies, practices, and standards to insure compliance with all applicable regulations.

Our Privacy Pledge

Mercy Iowa City does not disclose your nonpublic personal medical and financial information, except as required or permitted by law. Mercy Iowa City does not sell patient information. We do not disclose this information, even when our patient relationships end, except as required or permitted by law.

Mercy Iowa City will ensure that its practices and standards comply with HIPAA and other applicable federal and state laws and regulations. Mercy Iowa City will work with appropriate regulatory and accreditation agencies to ensure consistency between Mercy Iowa City’s policies and HIPAA. Consistent with Mercy Iowa City's policy on statutory variances, Mercy Iowa City will uphold the higher privacy standard when there is a conflict between applicable state and federal regulations. In the event the privacy of your personal medical or financial information is compromised, Mercy Iowa City will notify you of any known breach to your unsecured information.

Information We Receive

We receive nonpublic personal medical and financial information about patients from the following sources:

1) Applications, consents, authorizations and other forms you or your representative provides;

2) Documentation collected during your care (test results, physician orders, etc.);

3) Billing and payment transactions (such as claims submission with insurance companies and payment)

with us, our affiliates or others; and

4) Outside sources pertaining to your care, such as health care providers, insurance companies and federal and state agencies.

After 4/14/03, we are required by law to document the receipt of this notice by all patients.

How We Protect Your Information

Our policies restrict access of your information to hospital employees and staff who need this information to provide care and services to you and as permitted by law. We maintain physical, electronic and procedural safeguards that comply with legal requirements to protect your nonpublic personal medical and financial information.

Mercy Iowa City has undertaken an initiative to educate its Board, officers, employees, medical staff, volunteers and others about HIPAA compliance. This training includes an annual refresher course in privacy and confidentiality.

How We Use Patient Information

We use patient medical and financial information to provide and facilitate treatment, collect payment for services and conduct hospital operations. For example, when consultation between health care providers regarding a patient is needed or a referral from one health care provider is made to another.

Mercy Iowa City may use or disclose protected health information without authorization as required by law, for public health activities, in cases of abuse, neglect or domestic violence, for health oversight activities, for judicial, administrative or worker’s compensation legal matters, for law enforcement purposes, in the care of certain decedents, for organ or tissue donation purposes, for research purposes, for specialized governmental functions and to avert serious threat to the health or safety of a person or the public.

Mercy Iowa City may use patient medical and financial information without authorization for contacting you to provide appointment reminders, describing or recommending treatment alternatives, providing information about health-related benefits and services that may be of interest to you, or soliciting funds to benefit Mercy Iowa City and its Foundation.

Other uses of your information may require separate written authorizations from you. For example, the use or disclosure of patient medical and financial information to a third-party, the release of psychotherapy notes or marketing communications regarding goods and services requires written authorization from the patient.

Your Rights

At Mercy Iowa City, you have the following rights: 1) the right to authorize disclosure of your protected health information to third parties, 2) the right to revoke previously authorized disclosures, 3) the right to request limited disclosure of your health information, 4) the right to inspect and copy your protected health information, 5) the right to amend information, 6) the right to request an accounting of disclosures of your personal health information made in the six years prior to the date of your request, subject to certain limitations provided by law (after April 14, 2003), and 7) the right to issue a complaint related to violations of the privacy of your health information. Mercy Iowa City must agree to a request to restrict disclosure to a health plan for payment or health care operations if the health information relates only to a health care item or service for which the individual has paid in full. You also have the right to request to be placed on a mailing list to receive notice of updates to Mercy Iowa City’s Privacy Notices. You may also periodically check this web site for updates.


If you have any questions about this privacy notice, wish to request personal disclosure documentation or to confidentially report an incident, please call the Compliance Hotline at 319-887-2964 or 1-888-771-0872. Mercy Iowa City will respond to your request. Requesting information or reporting an incident will not adversely affect your care at Mercy Iowa City.

By Phone: 1-800-368-1019 By Fax: 1-202-619-3818
By E-Mail: By TDD: 1-800-537-7697
By Mail: Centralized Case Management Operations
Department of Health and Human Services
200 Independence Avenue, SW
Room 509F HHH Building
Washington, DC 20201

For more information on HIPAA, please refer to:

Back to Top

Mercy On Call

Connect now to
a registered nurse.

© 2021 Mercy Iowa City. All Rights Reserved.