Northeast Georgia Health System acknowledges and respects any individual’s right to privacy. We take your concerns related to privacy and security seriously. We therefore want you to know how we may collect, use, share, and protect your information through our website.
This privacy statement applies to all NGHS-owned websites.
Notice of Privacy Practices
Notice of Privacy Practices, Effective Date: February 2026 — Last Updated: March 2026
This notice describes how information about you may be used and disclosed, your rights with respect to your health information, and how to file a complaint concerning a violation of the privacy or security of your health information, or of your rights concerning your information. Please review it carefully. You have a right to a copy of this notice (in paper or electronic form) and to discuss it with the Privacy Office at 844-917-1115 or Privacy.Officer@nghs.com if you have any questions
How we my use and disclose information about you:
The following describes different ways that we may use and disclose medical information about you. Not every use or disclosure in a category will be listed. However, all the ways we are permitted to use and disclose information will fall within one of the following categories.
For Treatment:
We may use medical information about you to provide, coordinate, or manage your health care and related services. This includes sharing information with doctors, nurses, technicians, medical students, volunteers, and other System personnel involved in your care.
We may also disclose your medical information to health care providers outside of the System who are involved in your care, such as hospitals, nursing facilities, or other providers if you are transferred or admitted for care. In addition, we may disclose information to family members, friends, or other individuals you identify, to the extent permitted by law and consistent with your preferences.
For Payment:
We may use and disclose medical information about you so that the treatment and services provided by the System may be billed and payment collected from you, your health plan, or a third party. This may include disclosures to another health care provider or health plan for payment activities related to services you received.
You have the right to request that we not disclose medical information to your health plan only if the disclosure is for payment or health care operations and the applicable item or service has been paid for in full out‑of‑pocket.
For Health Care Operations:
We and our business associates may use and disclose medical information about you for health care operations. These activities are necessary to operate the System and ensure that all patients receive quality care.
Examples include quality assessment and improvement activities, training and education, credentialing, licensing, compliance activities, audits, legal services, business planning and development, patient safety activities, and operational improvement efforts.
We may also disclose medical information to other health care providers, health plans, or health care clearinghouses for certain health care operation purposes as permitted by law.
Use of Artificial Intelligence and Advanced Technologies
The System may use artificial intelligence (AI), machine learning, or similar advanced technologies to support the delivery of care and the efficient operation of our health system.
These tools may be used to:
- Assist clinicians with clinical documentation, such as drafting or summarizing notes
- Support administrative and operational tasks, including scheduling, billing, coding, quality improvement, and compliance activities
- Improve care coordination, patient safety, and operational efficiency
AI-supported tools are intended to support – not replace – clinical judgment or decision-making. Health care professionals remain responsible for reviewing, verifying, and finalizing all clinical documentation and care decisions.
Patient Choice Regarding AI Use:
If you prefer that AI-assisted tools not be used during your visit or in connection with your care, you may inform your health care provider. We will make reasonable efforts to honor your preference when feasible and consistent with safe, effective care and operational requirements. Your decision will not affect your access to care.
Affiliated Covered Entities (ACE)
The System participates in an Affiliated Covered Entity (ACE) as permitted by federal law. An ACE is a group of legally separate entities under common ownership or control that designate themselves as a single covered entity for purposes of compliance with the HIPAA Privacy and Security Rules.
Entities that may participate in the System’s ACE include, but are not limited to:
- Hospitals and inpatient facilities
- Outpatient clinics and ambulatory care sites
- Employed physician practices and provider groups
- Behavioral health and specialty care programs
- Diagnostic, laboratory, imaging, and ancillary service providers
- Administrative, management, and support entities that perform covered functions
As part of the ACE, participating entities may use and disclose medical information among themselves for treatment, payment, and health care operations, as permitted by HIPAA and other applicable laws. All ACE participants share a joint Notice of Privacy Practices and have agreed to protect the privacy and security of your medical information in accordance with federal and state law.
Organized Health Care Arrangements (OHCA)
Certain entities within the System may also participate in Organized Health Care Arrangements (OHCAs). An OHCA is an arrangement in which multiple health care providers participate jointly in certain health care operations, such as quality improvement, utilization review, care coordination, and operational efficiency initiatives.
Participants in an OHCA may share medical information with one another for purposes of treatment, payment, and health care operations related to the OHCA, as permitted by HIPAA and other applicable laws. Each participant in an OHCA may use or disclose medical information in accordance with its own Notice of Privacy Practices and applicable legal requirements.
Health-Related Benefits and Services:
We may use and disclose medical information to inform you of health-related benefits, services, treatment alternatives, or care coordination services that may be of interest to you. You may opt out of receiving these communications by contacting the System’s Privacy Office.
Fundraising Activities:
We may use limited medical information to contact you about fundraising efforts to support the System. You have the right to opt out of receiving fundraising communications at any time by contacting the System’s Privacy Office or informing the individual who contacts you. Opting out will not affect your treatment or payment for services.
Hospital Directory:
While you are a patient, we may include limited information about you in the hospital directory, such as your name, location, general condition, and religious affiliation, unless you request otherwise.
Special Situations:
We may disclose medical information as permitted or required by law for:
- Public health activities
We may share health information about you for certain situations such as preventing disease, helping with product recalls, preventing or reducing a serious threat to anyone’s health or safety, reporting suspected abuse, neglect, or domestic violence. Health oversight activities – We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law. - Lawsuits and legal proceedings
We may disclose your health information in response to a court order or lawful process related to a lawsuit or dispute, but only after efforts have been made to notify you of the request or to obtain a protective order. Law enforcement purposes – We may disclose information in response to legal process or for certain law enforcement purposes, including reporting deaths or suspected criminal activity on our premises or identified during emergency care. - Coroners and medical examiners
We may disclose information for certain purposes related to death investigations, including to help identify a deceased person or determine the cause of death. Organ and Tissue Donations –We may disclose information for certain purposes related to organ, eye, or tissue donation and transplantation, including sharing information with organizations that handle organ procurement or donation. - Military and Veterans
We may disclose information for certain military‑related purposes, including sharing information with military command authorities if you are a member of the armed forces, or with appropriate foreign military authorities when required. - Workers’ Compensation
We may disclose information for certain purposes related to workers’ compensation or similar programs that provide benefits for work‑related injuries or illnesses. - National security and protective services
We may disclose information for certain national security or protective service purposes, including sharing information with authorized federal officials as required by law. - Protective Services for the President and Others
We may disclose information for certain protective service purposes, including sharing information with authorized federal officials as required by law to provide protection for authorized persons or conduct special investigations. - Inmates and correctional institutions
We may disclose information to correctional institutions or law enforcement if you are in custody, as needed for your health care, safety, the safety of others, or institutional security.
Research
We may use or disclose your health information for research purposes, including records research and clinical research. Records research involves reviewing information in medical records, while clinical research may involve drugs, devices, procedures, or other interventions. For example, a records research study may review medical records to compare outcomes for patients who received different treatments for the same condition. A clinical research study may involve a patient participating in a study to test whether a new drug is safe and effective in treating a disease.
Some types of research are covered by HIPAA and other types are not. For research that uses or discloses identifiable health information from your medical records and is covered by HIPAA, we will generally obtain your written authorization. However, as permitted by law, we may use or disclose medical information without your authorization for research activities, including when an Institutional Review Board approves the research or waives authorization, when the information is reviewed solely to prepare a research protocol, when the use or disclosure is solely for research on the PHI of deceased individuals, or when a researcher receives a limited data set with nonspecific geographic information (such as ZIP code) and agrees to safeguard the information.
If you would like more information on the privacy policies regarding the use or disclosure of your health information for research that is covered by HIPAA, you may contact the NGHS Privacy Office at Privacy.Officer@nghs.com or at 1-844-917-1115.
Psychotherapy Notes:
Psychotherapy notes receive special protection under federal law and will not be disclosed except with your written authorization, pursuant to a court order, or as otherwise required by law. Psychotherapy notes may be used internally only by the mental health professional who created them, except to defend against a legal action.
Special Protections for Substance Use Disorder Records (42 CFR Part 2)
Federal law (42 CFR Part 2) provides special privacy protections for your substance use disorder (SUD) treatment records. These records cannot be disclosed without your written permission except in very limited situations: medical emergencies, scientific research conducted in compliance with federal regulations, audits, a court order that meets the requirements of 42 CFR Part 2, and reporting regarding crimes committed on premises or against personnel.
You have the option to give a single broad consent that allows us to share your SUD treatment information for treatment, payment, and healthcare operations now and in the future without needing to ask you each time. This helps your healthcare providers coordinate your care more easily.
You may choose whether to provide this broad consent, and you can change or revoke your permission at any time by contacting the System’s Privacy Office in writing. Revocation applies only to disclosures made after the revocation.
If your SUD treatment information is shared with a HIPAA-covered entity or business associate, they may share it again as allowed under HIPAA for purposes like treatment, payment, or healthcare operations. However, any further sharing must still follow the law and any limits you have placed in your written permission.
Even if you give written consent for your SUD treatment information to be shared, it is still protected by federal law. The person or organization that receives this information cannot use it to investigate you, arrest you, charge you, or take other legal or administrative action against you unless you give specific written permission for that purpose or a court order meeting strict federal requirements allows it. A general medical release form is not enough to allow your SUD information to be used in these ways.
Your rights regarding your medical information
You have the right to::
- Inspect and receive a copy of your medical record
- Request amendments to your medical information
- Request an accounting of certain disclosures
- Request restrictions on certain uses or disclosures
- Request confidential communications
- Receive a paper copy of this Notice
You have the right to request restrictions on certain uses and disclosures of your medical information. We are not required to agree to your request. However, we must agree if you pay for a service or item in full out of pocket and ask us not to share that information with your health plan for payment or health care operations.
Changes to this Notice
We reserve the right to change this Notice of Privacy Practices. Any revised notice will apply to medical information we already have about you as well as information created or received in the future. The current notice will include an effective date and will be available upon request.
Investigation of Breaches
If we determine that the privacy or security of your unsecured protected health information has been breached, we will notify you, describe mitigation steps, and advise you on actions you may take to protect yourself.
Additional Information & Complaints
If you have questions or would like more information, contact the System’s Privacy Office at 844-917-1115 or Privacy.Officer@nghs.com.
If you believe your privacy rights have been violated, you may file a complaint with the System or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.
Other Uses of Medical Information
Other uses and disclosures not described in this Notice will be made only with your written authorization or as otherwise permitted or required by law. You may revoke an authorization at any time by submitting a written request to the System’s Privacy Office.
Online Privacy and Tracking
General Information we collect & how it is used
Personal Identifying Information
Visitors can browse all NGHS websites without providing any personal identifiable information. Certain information may not be personally identifiable when standing alone (e.g., your age), but may become so when combined with other information (e.g., your age and name). Whether you provide this information is your choice; however, in many instances this type of information is required to participate in a particular activity, realize a benefit we may offer, or receive additional information you may request.
Certain pages contain forms that give visitors the option of providing us with contact information including name, physical address, phone, and email address if you choose to contact us. Providing this information is voluntary. The information you submit is shared internally with NGHS employees who need this information to help respond to your request or improve NGHS operations. Information submitted may be used to evaluate the technical functionality of our website. Information provided may also be utilized to address inappropriate use or communications associated with our website.
We do not share any personally identifiable information of any individual collected on our website with any third party unrelated to us, except in situations where we must provide information for legal purposes or investigations, to protect our rights in or the safety of our website, to protect the safety or rights of other users of our website or if so directed by such individual through a proper authorization.
Non-Personal Identifying Information
We collect non-personal information such as website usage, traffic patterns, site performance and related statistics in aggregate based on our tracking of your visits to our website. Non-personal information may include the type of browser you are using, the third-party website from which your visit originated, the operating system you are using, the domain name of your Internet service provider, the search terms you use on our website, and the specific web pages you visit.
How we collect Information
Newsletters and Email Communications
NGHS offers you the opportunity to receive e-newsletters and e-publications related to our services, news and announcements. You can sign up for free and can unsubscribe at any time through the contact information contained in those communications.
Other communications that you send to us via email may be shared with a customer service representative, employee, medical expert or other NGHS employee that is best able to respond to your inquiry. Email communications are not completely secure or confidential. It is possible that an email may be accessed or read by other internet users. Please do not use email for communications you wish to keep protected and secure.
“Phishing” is a scam designed to steal your personal information. If you receive an email that looks like it is from us asking you for your personal information, do not respond. We will never request your password, user name, credit card information or other personal information through email.
Forms and Surveys
Our website contains forms through which users may request information or supply feedback to us. In some cases, telephone numbers, email addresses or return addresses are required so that we can supply requested information to you, and in other cases, correct names and addresses are required to process credit card payments. All information collected on forms throughout our website are stored on a HIPAA-compliant server to ensure that information remains secure.
After you fill out a form, we may contact you with follow-up information related to your request. We do not provide any information supplied on our web forms to any outside organization for any reason (other than where we may be required to by law, or as necessary to process credit card information). We do not save this personal information for any other reason.
Occasionally, we may survey visitors to our site. The information from these surveys is used in aggregate form to help us understand the needs of our visitors so that we can improve our site. We generally do not ask for information in surveys that would personally identify you. If we do request contact information for follow-up, you may decline to provide it. If survey respondents provide personal information (such as an email address) in a survey, it is shared only with those people who need to see it to respond to the question or request.
Cookies
We collect information about visitors to our site using “first party cookies”, which are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser. Cookies are never associated with specific personal identities. First party cookies are distinct from third party cookies that they are created and directly served by the company hosting the website.
We may use both session ID cookies and persistent cookies. A session ID cookie expires when you close your internet browser. A persistent cookie is stored on your computer. Cookies enable us to track and target the interest of our visitors to enhance your experience on our website.
You can delete our cookies at any time. The “help” section, located on the toolbar of most browsers, will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie or how to disable cookies altogether. Since cookies allow you to take full advantage of some of our website’s best features, we recommend that you leave them turned on.
IP Addresses
Our internet server automatically tracks (but does not store) the Internet Protocol (IP) address of the computers that access our site. An IP address is a number that is assigned to your computer when you access the internet. NGHS may use this information to evaluate how visitors navigate our websites and help improve the content.
Please note that although such information is not personally identifiable, we can determine from an IP address a visitor’s Internet Service Provider and the geographic location of his or her point of connectivity.
Location Tracking
An IP address must be assigned to devices that access the internet. IP addresses are used to make the connection between your device and the websites and services you use. You can’t prevent a website or app from getting the IP address of your device.
Your IP address includes some general information about your device location and we use that information to display your approximate location in the website and mobile app user experience. We identify your device’s approximate location from your IP address, which is provided to us when you visit our website. We do this to provide you a customized experience on our website and mobile app, including the display of location-based information that is relevant to you and your care.
Please note for mobile apps, you may opt in or out of location-based services by changing the location permission settings on your device.
Analytics
NGHS utilizes Google Analytics 4 to gather certain information automatically and store for analytical purposes. This information includes browser type, referring/exit pages, operating system, date/time stamp (to the closest hour), and clickstream data. Internet (IP) addresses and internet service providers (ISP) information is collected, but not stored or retained. We use this information to track and compile non-personal information to analyze trends, monitor visitor traffic within our website content, and gather aggregate demographic information about our visitors. We may combine this log file information with other information we collect from or about you to help improve the services we offer, our marketing, analytics or website functionality.
You may choose to opt out of Google Analytics by going to the following links:
Call Tracking Metrics
We use a call tracking system, Call Tracking Metrics, to monitor the quality of some of our calls and improve our marketing efforts or website user experience. Call Tracking Metrics is a HIPAA-compliant platform that treats all personal identifiable data with a high degree of security.
Call Tracking Metrics Privacy Information
Links to other websites
Our website content may contain links to other websites not owned by NGHS. These third-party websites have different privacy notices and practices. If you submit any information to those websites, your information is governed by the Privacy Statement published on that website. We encourage you to carefully read the Privacy Statement for any website you visit.
Information Security
NGHS provides reasonable and appropriate security measures to protect our website content and any personal information you may provide against foreseeable hazards. When you enter sensitive information (such as a credit card numbers or Protected Health Information) on our forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
When you come across a web page that is secured, your browser will likely display a “closed lock” or other symbol to inform you that SSL has been enabled. The web address should start with “https://” rather than “http://”. SSL allows a secure connection between your web browser and a web server. No computer system or information however can ever by fully protected from every possible threat or hazard and therefore we cannot warrant the security of any information you transmit to us, and you do so at your own risk.
We do not share personal information with third parties unrelated to NGHS, except when required to for legal purposes or investigations. We may share your personal information with third parties who we have contracted with to help us provide services. We will ensure that these third parties have agreed not to use or disclose your personal information except to help us provide the services.