Privacy Policy



Effective Date:  April 14, 2003

Revised:  November 1, 2022


We are required by law to maintain the privacy of your protected health information; to provide you this detailed Notice of our legal duties and privacy practices relating to your protected health information; to notify affected individuals following a breach of unsecured protected health information; and to abide by the terms of the Notice that are currently in effect.


For Treatment.  We may use or disclose your health information in providing you with treatment and services and coordinating your care and may disclose information to other providers involved in your care.  Your protected health information may be used by doctors involved in your care and by nurses and C.N.A.s, as well as by physical, occupational and speech therapists, dietitian, pharmacists, suppliers of medical equipment or other persons involved in your care.  For example, we will contact your physician to discuss your plan of care.

For Payment.  We may use and disclose health information about you to your insurance company or other third-party payors such as Medicare or MaineCare (Medicaid) to obtain payment for health care services provided to you, or to determine your eligibility for coverage and benefits, unless you pay in full out of pocket for services provided to you and request in writing that your health information not be disclosed to third-party payors for payment purposes.

For Healthcare Operations.  We may use and disclose your health information as necessary for our business operations, such as management, personnel evaluation, education, and training and to monitor our quality of care.  We may disclose your health information to another entity with which you have or had a relationship if that entity requests your information for certain of its health care operations or health care fraud and abuse detection or compliance activities.  For example, health information of many patients may be combined and analyzed for the purposes of evaluating and improving the quality of care and planning for services. We may share your health information with providers within Accountable Care Organizations (ACO) to evaluate outcomes and ensure quality care.

HealthInfoNet:  Maine has a statewide health information exchange called HealthInfoNet. This means that certain pieces of your health information, maintained electronically, may be shared with other health care providers. For example, if you were injured in an accident and were treated by a hospital or provider that is part of HealthInfoNet, that new provider would have access to your electronic medical information, including your date of birth, allergies, and diagnoses. Specially protected information including substance abuse treatment program records, mental health treatment facility records, HIV/AIDS information and genetic test results are not automatically included in HealthInfoNet.  If you do not wish to be in included in HealthInfoNet, you may “opt-out” by filling out a form found online at, by calling 866-592-4352 or by completing a paper form we can provide. If you change your mind, you may choose to join again later, but your previous health information will not be included.


Facility Directory:  Unless you notify The Cedars that you object, we will include certain limited information about you in our facility directory.  This information may include your name, your location in the facility, your general condition, and your religious affiliation.  Our directory does not include specific medical information about you.  We may release information in our directory, except for your religious affiliation, to people who ask for you by name.  We may provide the directory information, including your religious affiliation, to any member of the clergy.

Personal Representatives: We may disclose your health information to your personal representative such as your agent under a health care power of attorney or your legal guardian.  The Cedars will make sure the person has this authority and can act for you before we take any action.

Persons Involved in Your Care or Payment for Your Care:  We may disclose health information about you to family members, close personal friends, or other persons you identify, who are involved in your care, unless you notify us that you object to and wish to prohibit or restrict such disclosures.

Emergencies:  We may use or disclose your health information as necessary in emergency treatment situations.

As Required by Law:  We may use and disclose health information about you when required to do so by state and federal law, and we will notify you of these uses and disclosures if notice is required by law.

Business Associates:  We may disclose your health information to our contractors, agents and other “business associates” that perform functions on our behalf or provide us with services if the information is necessary for such functions or services.  All of our business associates are obligated to protect the privacy of your health information and are not allowed to use or disclose any information other than as specified in our contract.

Public Health Activities:  We may use and disclose your health information to authorized public health officials so that they can carry out public health activities.  These activities may include reporting to a public health authority for preventing or controlling disease, injury, or disability; reporting elder abuse or neglect; or reporting deaths.

Reporting Victims of Abuse, Neglect or Domestic Violence:  If we believe that you have been a victim of abuse, neglect, or domestic violence, we may use and disclose your health information to notify a government authority, if authorized by law or if you agree to the report.

Health Oversight Activities:  We may use and disclose your health information to a health oversight agency for activities authorized by law, such as compliance with audits, investigations, inspections, and licensure.  These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

To Avert a Serious Threat to Health or Safety:  When necessary to prevent a serious and imminent threat to your health or safety or the health or safety of the public or another person, we may use or disclose health information, provided the disclosure is to someone able to help lessen or prevent the threatened harm.

Judicial and Administrative Proceedings:  We may disclose your health information about you in response to a court or administrative order, or in response to a qualifying government subpoena or other lawful process.  Efforts must be made to contact you about the request or to obtain an order or agreement protecting the information.

Law Enforcement:  We may disclose your health information for certain law enforcement purposes, including, for example, to comply with reporting requirements; to comply with a court order, subpoena, warrant, summons or similar legal process; or to answer certain requests for information concerning crimes.

Research:  We may use or disclose your health information for research purposes if the privacy aspects of the research have been reviewed and approved, if the researcher is collecting information in preparing a research proposal, if the information that identifies you as the patient has been removed, if the research occurs after your death or if you sign a written authorization for the use or disclosure of protected health information.

Coroners, Medical Examiners, Funeral Directors, Organ Procurement Organizations:  In the event of your death or impending death, we may release your health information to a coroner, medical examiner, funeral director or, if you are an organ donor, to an organization involved in the donation of organs and tissue.

Death: In the event of your death, we may release your health information in order to notify a family member, other person responsible for your care or a person who has been identified by you, to inform such person of your death.

Disaster Relief:  We may use and disclose health information about you to public or private entities authorized by law to assist in disaster relief efforts.

Military, Veterans and Other Specific Government Functions:  If you are a member of the armed forces, we may use and disclose your health information as required by military command authorities.  We may disclose health information for national security purposes or as needed to protect the President of the United States or certain other officials or to conduct certain special investigations.

Workers’ Compensation:  We may use or disclose your health information to comply with laws relating to workers’ compensation or other similar programs that provide benefits for work-related injuries or illness.

Inmates/Law Enforcement Custody:  If you are under the custody of a law enforcement official or a correctional institution, we may disclose your health information to the institution or official for certain purposes including the health and safety of you and others.

Fundraising Activities:  We may use your limited health Information to contact you in an effort to raise money for The Cedars.  We will only release contact information, such as your name, address and phone number and the dates health care were provided to you.  The money raised will be used to expand and improve the services and programs we provide the community.  You have the right to opt out of receiving such communications by notifying The Cedars HIPAA Privacy Officer that you do not wish to receive such communications.

Appointment Reminders:  We may use or disclose health information to remind you about appointments.

Treatment Alternatives and Health-Related Benefits and Services:  We may use or disclose your health information to inform you about treatment alternatives and health-related benefits and services that may be of interest to you.

To the U.S. Department of DHHS,  We must disclose your health information to the Secretary of the U.S. Department of Health and Human Services to investigate or determine our compliance with the federal privacy laws and regulations.


Except as described in this Notice; other uses and disclosures of your health information will only be made with your written authorization.

The types of uses and disclosures of your health information that require your authorization include but are not limited to the following: (i) any use or disclosure of psychotherapy notes, except to carry out treatment, payment or health care operations, including the use by the originator of the notes for treatment; (ii) for marketing, except if the communication is in the form of a face-to-face communication to you or is to provide you with a promotional gift of nominal value; and (iii) the sale of protected health information.

You may revoke your authorization at any time, by giving written notice to The Cedars HIPAA Privacy Officer.  If you revoke an authorization, we will no longer use or disclose your health information for the purposes covered by that authorization, except to the extent we have already taken action in reliance on the authorization.


Listed below are your rights regarding your health information.  These rights may be exercised by submitting a request in writing to The Cedars.  Each of these rights is subject to certain requirements, limitations, and exceptions.  At your request, The Cedars will supply you with the appropriate form to complete.  You have the right to:

  • Request Restrictions.  You have the right to request restrictions on our use or disclosure of your health information for treatment, payment, or health care operations.  You also have the right to restrict the health information we disclose about you to a family member, friend or other person who is involved in your care or the payment of your care.  The Cedars is not required to agree to your requested restriction, unless the request is to restrict disclosure of health information to a health plan if (i) the disclosure is for purposes of carrying out payment or health care operations (not treatment) and is not otherwise required by law; and (ii) the health information pertains solely to an item or service for which you, or a person on your behalf, other than the health plan has paid The Cedars in full.
  • Access, Inspect and Copy Protected Health Information.  You have the right to access, inspect and obtain a copy of your medical or billing records.  Access may be requested verbally or in writing.  You have the right to inspect your records within 24 hours of your request (excluding weekends and holidays).  You may request copies of your records in electronic or paper form.  We will provide you with timely access to the paper copies or electronic format within two days of the request (excluding weekends and holidays).  We may charge a reasonable fee consistent with state law for our costs in copying and mailing your requested information.
  • Right to Get Notice of a Breach.  You have the right to be notified upon a breach of any of your unsecured protected health information.  The notice will include a description of what happened, including the date, type of information involved in the breach, steps you should take to protect yourself from potential harm, mitigation of harm to you and contact procedure for answering your questions.
  • Request Amendment.  You have the right to request amendment of your health information maintained by The Cedars for as long as the information is kept by or for The Cedars.  Your request must be made in writing and must state the reason for the requested amendment.

We may deny your request for amendment if the information (a) was not created by The Cedars, unless the originator of the information is no longer available to act on your request; (b) is not part of the health information maintained by or for The Cedars; (c) is not part of the information to which you have a right of access; or (d) is already accurate and complete, as determined by The Cedars.

If we deny your request for amendment, we will give you a written denial including the reasons for the denial and the right to submit a written statement disagreeing with the denial within 60 days of your request.

  • Request an Accounting of Disclosures.  You have the right to request an accounting of certain disclosures of your health information.  This is a listing of disclosures made by The Cedars, but this does not include disclosures for treatment, payment, health care operations  unless the disclosure was through an electronic health record or certain other exceptions (for example, but not limited to, disclosures made directly to you or your personal representative or disclosures requested by you, disclosures for The Cedars facility directory or to family/caregivers).  If the disclosures were made through an electronic health record, you have the right to request an accounting of disclosures for treatment, payment, and health care operations during the previous three years.

To request an accounting of disclosures, all requests must be in submitted in writing. The health information disclosed will not be more than six years from the date of the written request. The Cedars will provide one accounting a year for free but will charge a reasonable cost-based fee if you request another one within 12 months.

  • Request a Paper Copy of This Notice.  You have the right to obtain a paper copy of this Notice, even if you have agreed to receive this Notice electronically.  You may ask us to provide a copy of this Notice at any time. In addition, you may obtain a copy of this Notice at our web site,
  • Request Confidential Communications.  You have the right to request that we communicate with you concerning your health matters in a certain manner, such as calling your cellphone instead of a home phone.  We will accommodate your reasonable requests.


Some of your health information may be subject to other laws and regulations and afforded greater protection than what is outlined in this Notice.  For instance, HIV/AIDS, substance abuse and mental health information are often given more protection.  In the event your health information is afforded greater protection under federal or state law, we will comply with the applicable law. Your written authorization will be required to share this information.


If you have any questions about this Notice or would like further information concerning your privacy rights, please contact:

Debra S. Russell, HIPAA Privacy Officer

(207) 221-7004


If you believe that your privacy rights have been violated, you may file a complaint with The Cedars or with the US DHHS Office for Civil Rights.

To file a complaint with The Cedars, contact:

Debra S. Russell, HIPAA Privacy Officer

630 Ocean Avenue

Portland, ME  04103

(207) 221-7004

All complaints must be submitted in writing.  We will not retaliate against you for filing a complaint with us or the US DHHS Office of Civil Rights.


We reserve the right to change this Notice.  We reserve the right to make the revised or changed Notice effective for all health information already received and maintained by The Cedars as well as for all health information we receive in the future.  We will post a copy of the current Notice in our facility and on our website. In addition, if material changes are made to this Notice, the Notice will contain an effective date for the revisions.  We will provide a copy of the revised Notice upon request.