Rush University System for Health is committed to protecting your health information and upholding your privacy.
Regulatory Update Announcement to our Community and Government Partners
This update describes changes Rush University System for Health is making in how patient information is shared, in compliance with federal regulations.
Regulatory Update Announcement to our Community and Government Partners
HIPAA Notice of Privacy Practices
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Notice of Privacy Practices (English)
Aviso de Prácticas de Privacidad (Spanish)
General Data Protection Regulation Privacy Notice
This Notice describes Rush University System for Health's commitment to comply with the European Union’s General Data Protection Regulation.
General Data Protection Regulation Privacy Notice
When you sign up for text messages from Rush, you are signing up to receive text messages related to your relationship with Rush, including updates related to your visits, your MyChart account, one-time passcodes, billing notifications, prescription reminders and care management. These text message will come from a short code. A short code is a 5- or 6-digit phone number that is used by organizations to send text messages.
You can opt-out of SMS messages at any time by replying STOP to the respective short code message. Your opt-out request will generate one final message confirming that you have been unsubscribed. You will no longer receive SMS messages from the short code you opted out from. If you want to join again, sign up using MyChart or text HELP to the short code for instructions.
If you experience issues with text messages you can reply with the keyword HELP for more assistance, or you can get help directly at (312) 563-6600.
Carriers are not liable for delayed or undelivered messages. Message and data rates may apply for any messages sent to you from us and to us from you. Message frequency may vary.
Our Notice of Privacy Practices is available on this web page and via rush.edu/privacy.
Patient Privacy Rights
The Privacy and Security Office ensures that patient rights are respected and processes are in place that permit patients to make requests and to receive a response in a timely manner. Patient Privacy Rights granted under the Health Insurance Portability And Accountability Act (HIPAA) include those outlined in the Notice of Privacy Practices and are summarized in this video produced by the Department of Health and Human Services Office for Civil Rights.
Important Privacy Forms
Patient Privacy Rights Request Forms
We have several different forms related to patient privacy rights:
- Confidential communication
- You have the right to request that when we communicate with you about your protected health information, we use alternative ways or an alternative location
Click here to download the confidential communication form.
- Accounting of disclosures
- You have the right to get a report from us that tells you about any protected health information of yours that we or our business associates have shared about you
Click here to download the accounting of disclosures form.
- Amendment request
- You have the right to request that we change or amend your protected health information in our medical record
Click here to download the amendment request form.
Patient Privacy Opt-Out Form
(click here to download the form).
This form is used for several different purposes:
Opt Out: You can request that your information be excluded from Care Everywhere (which refers to sharing of the electronic patient record to other external healthcare entities that are also using Epic) and Cures ADT (which refers to electronically sharing of your information regarding new admissions to your Primary Care Provider (PCP).
Reverse Opt Out: You previously chose to Opt Out of Care Everywhere and Cures ADT and am now choosing to participate (Opt In).
Patient Request for Restriction of Release of Information
(click here to download the form)
- Patient Request for Restriction of Release of Information
- You have the right to request that we restrict the use or disclosure of your health information
About the Privacy Office
Mission: The Privacy Office promotes the confidentiality of patient information, also known as "protected health information" (PHI). Our mission includes providing leadership, oversight and assistance in the implementation of the Health Insurance Portability and Accountability Act (HIPAA), as well as the Health Information Technology for Economic and Clinical Health Act (HITECH). There are many federal and state laws and regulations that affect privacy and security; our goal is to ensure that Rush University Medical Center and Rush Oak Park Hospital have the right policies and procedures established to address these requirements.
What we do: The operations of the Privacy Office include such activities as administering HIPAA patient rights; providing awareness and training on privacy and security topics; conducting reviews into privacy incidents; and creating policies and procedures. Additional information about HIPAA and patient privacy can be found at the U.S. Department of Health and Human Services.
How to contact us: Please contact the Privacy Office at any time with questions or concerns at (312) 942-5303 or privacy_office@rush.edu.
Protecting your personal health information
While Rush University System for Health uses security tools and processes to keep your information safe, we also want to recommend tips that you can also use to protect your privacy and personal health information.
One of the first ways to protect yourself is by recognizing and preparing for privacy threats before they happen. Below you can find information on popular scams and tips for protecting yourself.
Telephone Call Scams
Telephone scammers try to steal your personal information, including insurance or medical information. Scams may come through phone calls from real people, robocalls, or text messages. Phone scammers can manipulate caller ID information, also called spoofing, to make it appear as if the received telephone call is coming from a legitimate Rush telephone number. This scam tactic makes the call more likely to be trusted and answered. When the call is answered, the scammer may attempt to obtain your personal information.
Email Message Scams
Scammers may also attempt to obtain your personal information by sending a malicious email in a scam called phishing. They may impersonate a legitimate business, such as Rush, and ask you to confirm or provide personal information. These emails may look legitimate and create a sense of urgency or alarm, making you feel as if you must act.
Tips for Protecting Your Personal Health Information
- Create unique passwords for your online accounts using a combination of letters, numbers and symbols.
- If available on devices such as your phone, tablet, or laptop, enable biometric access features e.g., using your fingerprint, facial recognition, voice activation, etc. to unlock your device.
- Be alert if asked for personal information (such as Social Security number, medical identification number, credit card number) or health insurance information.
- If you can’t confirm the identity of someone requesting your personal health information, call the person back using a publicly available phone number or a phone number you already have on file.
- Take a moment to carefully review your emails. Ask yourself whether you were expecting to receive the message.
- Look for common signs of fake emails – typos, grammatical errors, awkward language, extra spaces, or missing words.
- Be wary of emails that contain an attachment or a link to click, which requires you to provide personal information.
What To Do if You Receive a Telephone or Email Scam
If you believe you’ve received a fraudulent phone call or email, you can report it to RUSH and federal agencies.
- Report scams claiming to originate from Rush to Patient Relations at (312) 942-6979 or email at patient_relations@rush.edu.
- Report scams to the Federal Trade Commission at www.reportfraud.ftc.gov, or call 1-877-382-4357 (TTY: 1-866-653-4261). The FTC is the primary government agency that collects scam complaints.
- Report all robocalls and unwanted telemarketing calls to the Do Not Call Registry or at www.donotcall.gov.