Corporate Compliance and Privacy FAQs

What kind of concerns should I report to the Corporate Compliance & Privacy Office?

Report to us about:

• Accidental or unauthorized disclosures of confidential information, including patient information
• Possible conflicts of interest
• Concerns about financial improprieties
• Research misconduct
• Inappropriate use of UVA and UVA Health resources
• Violations of UVA Health’s Code of Conduct or any other policies or procedures
• Billing and coding concerns

How do I file a complaint/report?

If you have a concern such as those listed above, there are several ways to file a report:

• Submit a report online

Charlottesville Area

To report compliance issues for:

• University Medical Center (UVAMC)
• University Physicians Group (UPG)
• School of Medicine
• School of Nursing
• Claude Moore Health Sciences Library
• UVA Health Surgical Care Riverside
• Health System Development Office/UVA Health Foundation

Krista Barnes, UVA Health Chief Corporate Compliance and Privacy Officer
Annette Norton, Director of Compliance and Privacy

• Corporate Compliance and Privacy Office: 434.924.2938
• Fax: 434.243.2716
• Email: [email protected]
• Compliance Helpline: 800.235.8700
• Compliance Form: helpline.sites.virginia.edu
• Mail: UVA Health Corporate Compliance & Privacy Office
  
  PO Box 800805
  
  Charlottesville, VA 22908

Northern Virginia

To report compliance issues for:

• Culpeper Medical Center
• Prince William Medical Center
• Haymarket Medical Center
• Community Health Medical Group

Nicolette Meister, Director of Compliance and Privacy

• Phone: 877.266.7632
• Fax: 540.829.5732
• Email: [email protected]
• Compliance Hotline: 877.888.4806
• Compliance Webform: UVACommunityHealth.ethicspoint.com or UVACommunityHealthMobile.ethicspoint.com
• Mail: UVA Community Health
  
  8700 Sudley Road
  
  Manassas VA 20110

Can I report concerns anonymously?

Yes. You can report concerns anonymously through the hotlines or the forms.

Anonymous complaints are more difficult to investigate thoroughly. If you choose to file anonymously, it's helpful to include as much information as possible in the report, because Compliance staff won't be able to reach you to ask questions.  

Can someone retaliate against me for filing a complaint?

UVA Health prohibits retaliation against individuals who report violations in good faith. Please contact the Corporate Compliance and Privacy office if you have any concerns about retaliation, either before or after filing a complaint. 

Who should I call if I disagree with my bill?

Contact Patient Friendly Billing at 434.297.5416

Who should I talk to if I would like to share general feedback or express a quality-of-care concern?

We welcome your feedback. Please submit your feedback online here.

You can also contact Patient Relations directly by email or phone, listed below.

Charlottesville Area Locations

• Phone: 434.924.8315
• Email: [email protected]

Community Health Locations

• Phone: 703.369.8002
• Email: [email protected]

What is Protected Health Information (PHI)?

Protected health information (PHI) refers to any health information that is specific to you and may identify you that is created, used, or disclosed by a healthcare provider. PHI is protected under the Health Insurance Portability and Accountability Act (HIPAA). 

Educational and employment records aren't usually considered PHI. 

Can UVA Health share my PHI without my permission?

Under HIPAA, sharing of protected health information is permitted without patient authorization for the purposes of treatment, payment, and healthcare operations. This includes sharing information with outside organizations for one of these purposes.

There are a number of other exceptions to the general HIPAA authorization requirement. For more information about potential uses and disclosures of PHI without authorization, see the Notice of Privacy Practices (PDF).

Do I have to sign the Notice of Privacy Practices (NPP)?

No, you aren't required to sign the NPP in order to get treatment. Your signature serves as acknowledgment that you received the notification. Your refusal will be documented and doesn't prevent the use of your health information as permitted by HIPAA regulations.

May I refuse or opt out of any uses or disclosures of my PHI?

Yes, in some cases:

• If you are staying at the hospital as an inpatient, you can request not to be included in our facility directory (a list of patient names, locations in the hospital, and general condition). 
• You can also request that your PHI not be used for fundraising purposes. 
• If you pay out of pocket in full, you may also request that we not disclose information to your health plan.
• You may opt out of participation in electronic health information exchanges. But you should know that if you don't allow UVA Health to share information with your other health care providers, they may not have access to important information about you in an emergency situation.

You can't opt out of the use or disclosures of your PHI for other purposes of treatment, payment, and operations. 

Where can I find more information about my rights and how UVA Health uses and protects my health information?

For specific information about how medical information about you is used and disclosed to others by UVA Health, please see the Notice of Privacy Practices (PDF).

The Notice of Privacy Practices is posted in our facilities and on our public website. Paper copies are also available on request.