About Us

Columbia University (CU), Weill Cornell Medicine (WCM) and New-York Presbyterian Hospital (NYP) participate in an Organized Health Care Arrangement (OHCA). This allows us to share health information to conduct treatment, payment and joint health care operations. The three organizations share a single electronic health record and have access to your medical information.

In general, your health information cannot be shared without your consent. However, there are certain situations where healthcare providers may disclose information without your consent, such as for treatment purposes, public health reporting, or when required by law. For example, healthcare organizations are required to report Tuberculosis (TB) cases for public health reasons.

Health Care Information Exchange (HIE) is a way for health care professionals and patients to access and securely share medical records electronically. This ensures that authorized providers have access to your comprehensive medical history, which is important in emergencies, when traveling in the US, or when transitioning care.

If you would like to participate or opt out of HIE, fill out this form and send to privacy@cumc.columbia.edu. Once the completed form is received, your records will be updated accordingly.

If you give consent, providers at our organization can access your electronic health information from other organizations. Your health records may include a history of illnesses or injuries you have had (like diabetes or a broken bone), test results (like X-rays or blood tests), and medication lists. Providers at other healthcare organizations where you receive care can access your medical information from our organization.  Notes from behavioral health, substances use disorder, and other designated sensitive programs are not disclosed, however your current problems, allergies, and medications are shared with external organizations which may reveal sensitive information.

Yes. The federal confidentiality law and regulations (codified as 42 U.S.C. § 290dd-2 and 42 CFR Part 2 (“Part 2”)) permits patient information to be disclosed to Health Information Exchange (and other HIE systems); however, the regulation contains certain requirements for the disclosure of information by substance abuse treatment programs; most notably, patient consent is required for disclosures, with some exceptions.  When you are treated in a ColumbiaDoctors program for a Substance Use Disorder or Alcohol Abuse, you will receive a Special Notice of Privacy Practices to consent to who have access to this sensitive information.  In general, other providers at the organization will not be able to see notes created in programs specializing in Substance Use Disorder.

We offer a few options to enhance the security of your medical information.

If you have specific privacy concerns, you are encouraged to speak with your provider or contact the Privacy Office.

We take patient privacy very seriously. Our faculty and staff are routinely educated on their role in upholding patient privacy. Additionally, our office continuously monitors access into our electronic medical record system. However, we understand that patients may still have concerns regarding inappropriate access to their medical information. Please report these concerns to our office by email at privacy@cumc.columbia.edu.

Some patients are interested in reducing their digital footprint and have requested that their information be deleted from our electronic medical record systems. However, New York State law requires us to maintain patient records for a minimum of six (6) years from the date of a patient’s last visit. In the case of minors, we must keep obstetrical records and records for children for at least six (6) years of the last visit or until the child is age twenty-one (21), whichever is later. Patient records include medical information, test results, doctor’s notes, and other demographic information, including but not limited to financial information. Federal and state law restricts how we can share this information. For more information on the ways in which we may use your health information, please review our Notice of Privacy Practices (NOPP).

Patients can opt out of receiving promotional materials or marketing communications related to healthcare products or services. If you would no longer like to receive such communications:

• You can UNSUBSCRIBE by following the instructions typically found at the bottom of the email or in the text message.
• You can update your Communications Preferences from your Connect patient portal account.
• You can request to review your communications preferences with registration staff at the next appointment with your provider.
• Email the Privacy Office directly at privacy@cumc.columbia.edu if you have any questions.

If you feel that your healthcare team did not do their best to minimize the risk of disclosures, please report these concerns to our Privacy team by email privacy@cumc.columbia.edu. Include specific details about the individual(s) and their role when possible.

If you believe your patient privacy rights have been violated, please report your concerns to our office by email privacy@cumc.columbia.edu. You may also file a complaint with the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS). The OCR investigates complaints related to HIPAA violations and ensures compliance with patient privacy regulations.

For FAQ’s about how to access your medical records or request an amendment of your medical records go here.