Schedule a mobile medical unit at your business today!

NOTICE OF PRIVACY PRACTICES

& FTCA COVERAGE

Effective: February 16, 2026

Goshen Medical Center, Inc.

444 SW Center Street
Faison, NC 28341

Satellite Sites Located In:
Albemarle • Beulaville • Bolton • Bridgeton • Cape Fear • Chadbourn • Clinton (2) • Dunn • Duplin •Elizabethtown • Faison • Fayetteville • Fremont • Garland • Goldsboro • Jacksonville • Kenansville • Morehead • Mount Olive (2)• New Bern • New River • Raeford • Rockingham • Rose Hill • Rosewood • Sanford • Southport • Star • Tabor City • Wallace • Warsaw • Whiteville

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Commitment to Your Privacy

Goshen Medical Center, Inc. (“Goshen”) is committed to protecting your Protected Health Information (PHI) in accordance with:

  • The Health Insurance Portability and Accountability Act (HIPAA)
  • The HIPAA Final Rules and Security Rule updates enforced as of February 16, 2026
  • The HITECH Act
  • 42 CFR Part 2 (Substance Use Disorder Records)
  • Applicable North Carolina confidentiality laws

This Notice applies to all PHI we create or receive, including paper, electronic, telehealth, and patient portal communications.

 

Understanding Your Medical Record

Each visit — including telehealth encounters — results in a record that may include:

  • Symptoms and examination findings
  • Test results and diagnoses
  • Treatment plans
  • Billing and insurance information
  • Care coordination notes
  • Patient portal communications

Your record serves as:

  • A basis for treatment planning
  • A communication tool among providers
  • A legal document of care received
  • A billing verification tool
  • A quality improvement and public health resource

How We May Use and Disclose Your Information

We limit uses and disclosures of PHI to the minimum necessary to accomplish the intended purpose, except where HIPAA permits broader use (such as for treatment).

Treatment

We use PHI to provide, coordinate, and manage your healthcare, including telehealth services and electronic consultations.

Payment

We use PHI to obtain payment for services provided.

Collections

We may disclose limited information necessary to third-party collection agencies working on our behalf under a Business Associate Agreement that requires them to protect your PHI.

Health Care Operations

We use PHI for quality assessment, compliance, auditing, accreditation, training, and operational management.

Business Associates

We may share PHI with contracted vendors (laboratories, billing companies, IT providers, telehealth platforms).

Under 2026 HIPAA enforcement:

  • Business Associates are directly liable for HIPAA compliance.
  • Written agreements require mandatory security safeguards.
  • Required safeguards include risk analysis, encryption where applicable, multi-factor authentication, access controls, monitoring, and breach response protocols.

Telehealth & Patient Portal

If you use telehealth or our patient portal:

  • Communications are encrypted and secure.
  • You may request electronic copies of your PHI in the form and format requested, if readily producible.
  • You may direct us to transmit electronic PHI to a third-party app of your choice.
  • You are responsible for safeguarding your login credentials.
  • While we use secure technologies, transmission of information through the internet or mobile applications carries inherent risks. Patients should take precautions to protect their personal devices.

 

Reproductive Health Information Protections

Federal law prohibits the use or disclosure of PHI for criminal, civil, administrative, or investigative proceedings related to lawful reproductive health care.

Goshen Medical Center:

  • Will not disclose PHI for prohibited reproductive health investigations.
  • Will require a signed attestation when certain requests involve potentially protected reproductive health information.
  • Will deny requests that do not meet federal requirements.

Marketing and Sale of PHI

We will not:

  • Use or disclose your PHI for marketing purposes without your written authorization.
  • Sell your PHI.

Fundraising Communications

We may contact you for fundraising purposes permitted by law.

You have the right to opt out at any time by:

  • Calling our Privacy Officer, or
  • Following the opt-out instructions included in any fundraising communication.

We will not use Substance Use Disorder treatment information for fundraising.

 

Substance Use Disorder (SUD) Records – 42 CFR Part 2

If you receive SUD treatment services:

  • Your records are protected under 42 CFR Part 2.
  • These records may not be disclosed without your written consent except as permitted by law.
  • They may not be used in civil, criminal, administrative, or legislative proceedings without your specific consent or a specialized court order.
  • You may revoke consent in writing at any time.

Public Health & Legal Disclosures

We may disclose PHI as required by law for:

  • Public health reporting
  • FDA safety monitoring
  • Workers’ compensation
  • Health oversight activities
  • We may disclose PHI for law enforcement purposes when required by law or in response to a court order, subpoena, warrant, or other lawful process.
  • Organ procurement
  • Correctional institutions
  • Funeral Directors
  • Research
  • Communication with family

 

Breach Notification

If your unsecured PHI is breached, you will be notified without unreasonable delay and no later than 60 days following discovery, as required by federal law.

Your Rights

You have the right to:

  • Obtain a paper or electronic copy of this Notice.
  • Inspect and obtain a copy of your PHI within 15 days of request (one 15-day extension permitted with written explanation).
  • Receive copies in electronic form if available.
  • Direct electronic transmission to a third party.
  • Request amendments to your record.
  • Obtain an accounting of disclosures.
  • Request restrictions on certain disclosures.
  • Request confidential communications by alternative means.
  • Revoke authorizations in writing.
  • Be notified of breaches.

Reasonable, cost-based fees may apply.

 

Our Responsibilities

Goshen Medical Center is required to:

  • Maintain the privacy and security of PHI.
  • Implement administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI).
  • Conduct regular risk analyses and security evaluations.
  • Apply minimum necessary standards.
  • Provide breach notification as required.
  • Abide by this Notice.
  • Notify you of material changes.

We reserve the right to revise this Notice and make changes effective for all PHI we maintain.

Non-Discrimination Statement

Goshen Medical Center complies with applicable Federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex. Goshen Medical Center provides free language assistance services to individuals whose primary language is not English.

 

Complaints

If you believe your privacy rights have been violated, contact:

Privacy Compliance Officer, Tori Gautier
Goshen Medical Center, Inc.
Phone: 910-267-2045

Or file a complaint with:

Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F, HHH Building
Washington, D.C. 20201

There will be no retaliation for filing a complaint.

Federal Tort Claims Act (FTCA) Coverage

The Federally Supported Health Centers Assistance Acts (FSHCAA) of 1992 and 1995 extend Federal Tort Claims Act protections under 28 U.S.C. §§ 1346(b), 2401(b), and 2679–2680 to eligible health centers funded under Section 330 of the Public Health Service Act (42 U.S.C. § 254b).

Goshen Medical Center, Inc. is covered under this legislation.