HIPAA NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Last revised: January, 2017
Your health record contains personal information about you and your health. This information about you may identify you and/or relate to your past, present or future physical or mental health or condition and related health care services is referred to as Protected Health Information (“PHI”). This Notice of Privacy Practices describes how we may use and disclose your PHI in accordance with applicable law, including the Health Insurance Portability and Accountability Act (“HIPAA”), regulations promulgated under HIPAA including the HIPAA Privacy and Security Rules. It also describes your rights regarding how you may gain access to and control your PHI.
We are required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI. We are required to abide by the terms of this Notice of Privacy Practices. We reserve the right to change the terms of our Notice of Privacy Practices at any time. Any new Notice of Privacy Practices will be effective for all PHI that we maintain at that time. We will provide you with a copy of the revised Notice of Privacy Practices by posting a copy on our website or emailing you a copy.
WHO MUST FOLLOW THIS NOTICE?
This is a notice of our information privacy practices (“Notice”) that is applicable to, all departments and units in our organization, our employees, contractors, interns, volunteers, and affiliates. These persons or entities may share PHI with each other for the purposes described in this Notice.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU
This section of our Notice tells how we may use PHI about you. We will protect PHI as much as we can under the law. Sometimes state law gives more protection to PHI than federal law. Sometimes federal law gives more protection than state law. In each case, we will apply the laws that protect PHI the most.
We are required to maintain the confidentiality of the PHI of our users, and we have policies and procedures and other safeguards to help protect your PHI from improper use and disclosure such as hosting our platform on HIPAA compliant servers. To the extent required by law, we will make reasonable efforts not to use, disclose, or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request, taking into consideration practical and technological limitations.
For Treatment. Your PHI may be used and disclosed by those who are involved in facilitating your treatment or other related services provided through our Site or Mobile Apps.
For Payment. We may use and disclose PHI so that we can receive payment for the services provided to you. This will only be done with your authorization. If it becomes necessary to use collection processes due to lack of payment for services, we will only disclose the minimum amount of PHI necessary for purposes of collection.
For Health Care Operations. We may use or disclose, as needed, your PHI in order to support our business activities including, but not limited to, quality assessment activities, internal administration and planning and conducting or arranging for other business activities.
SPECIAL SITUATIONS: USE AND DISCLOSURE WITHOUT AUTHORIZATION
The following is a list of the categories of uses and disclosures of PHI permitted by HIPAA without an authorization. Applicable law and ethical standards permit us to disclose information about you without your authorization only in a limited number of situations.
Abuse or Neglect. We may disclose your PHI to a state or local agency that is authorized by law to receive reports of abuse or neglect, if we reasonably believe you have been a victim of abuse, neglect or domestic violence.
Judicial and Administrative Proceedings. We may disclose your PHI pursuant to a subpoena (with your written consent), court order, administrative order or similar process. We may also use and disclose your PHI to the extent permitted by law without your authorization, for example, to defend a lawsuit or arbitration.
Information Not Personally Identifiable. We may use or disclose health information about you in a way that does not personally identify you or reveal who you are.
Deceased Patients. We may disclose PHI regarding deceased patients as mandated by state law such as a coroner or medical examiner, or to a family member or friend that was involved in your care or payment for care prior to death, based on your prior consent. A release of information regarding deceased patients may be limited to an executor or administrator of a deceased person’s estate or the person identified as next-of-kin. PHI of persons that have been deceased for more than fifty (50) years is not protected under HIPAA.
Medical Emergencies. We may use or disclose your PHI in a medical or mental health emergency situation to medical personnel only in order to prevent serious harm. Our staff will try to provide you a copy of this notice as soon as reasonably practicable after the resolution of the emergency.
Family Involvement in Care. We may disclose information to close family members or friends directly involved in your treatment based on your consent or as necessary to prevent serious harm.
Health Oversight. If required, we may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies and organizations that provide financial assistance to the programs, such as third-party payors (for example insurance providers) based on your prior consent, and peer review organizations performing utilization and quality control.
Law Enforcement. We may disclose PHI to a law enforcement official as required by law, in compliance with a subpoena (with your written consent), court order, administrative order or similar document, for the purpose of identifying a suspect, material witness or missing person, in connection with the victim of a crime, in connection with a deceased person, in connection with the reporting of a crime in an emergency, or in connection with a crime on the premises.
Specialized Government Functions. We may review requests from U.S. military command authorities if you have served as a member of the armed forces, authorized officials for national security and intelligence reasons and to the Department of State for medical suitability determinations, and disclose your PHI based on your written consent, mandatory disclosure laws and the need to prevent serious harm.
Public Health. If required, we may use or disclose your PHI for mandatory public health activities to a public health authority authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, or if directed by a public health authority, to a government agency that is collaborating with that public health authority.
Public Safety. We may disclose your PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. If information is disclosed to prevent or lessen a serious threat it will be disclosed to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat.
Workers’ Compensation. We may use and disclose your PHI as authorized by, and to the extent necessary to comply with, laws relating to workers’ compensation or other similar programs, established by law, that provide benefits for work-related injuries or illness without regard to fault.
Research. We may use and disclose health information about you for research projects that are subject to a special approval process. We will ask you for your permission if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care at the office.
Required By Law. We will disclose health information about you when required to do so by federal, state or local law.
USE AND DISCLOSURE WITH AUTHORIZATION
Other permitted and required uses and disclosures will be made only with your consent, authorization or opportunity to object unless permitted or required by law. The following uses and disclosures of your PHI will be made only with your written authorization:
For our marketing purposes. We must also obtain your written authorization prior to using your PHI to send you any marketing materials.
For the purpose of selling your health information. We may not sell your PHI without your authorization. Your PHI will not be used for fundraising.
Special Categories of Treatment. In most cases, federal or state law requires your written authorization or the written authorization of your representative for disclosures of drug and alcohol abuse treatment, Human Immunodeficiency Virus (HIV) and Acquired Immune Deficiency Syndrome (AIDS) test results, and mental health treatment.
Other. Other uses and disclosures not described in this Notice of Privacy Practices.
YOUR RIGHTS REGARDING YOUR PHI
You have the following rights regarding PHI we maintain about you. To exercise any of these rights, please submit your request in writing to our Privacy Officer at email@example.com.
Right of Access to Inspect and Copy. You have the right, which may be restricted only in exceptional circumstances, to inspect and copy PHI that is maintained in a “designated record set”. A designated record set contains mental health/medical and billing records and any other records that are used to make decisions about your care. Your right to inspect and copy PHI will be restricted only in those situations where there is compelling evidence that access would cause serious harm to you or if the information is contained in separately maintained psychotherapy notes. We may charge a reasonable, cost-based fee for copies. If your records are maintained electronically, you may also request an electronic copy of your PHI. You may also request that a copy of your PHI be provided to another person.
Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information although we are not required to agree to the amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy. Please contact the Privacy Officer if you have any questions.
Right to an Accounting of Disclosures. You have the right to request an accounting of certain disclosures that we make of your PHI. We may charge you a reasonable fee if you request more than one accounting in any 12-month period.
Right to Request Restrictions. You have the right to request a restriction or limitation on the use or disclosure of your PHI for treatment, payment, or health care operations. We are not required to agree to your request unless the request is to restrict disclosure of PHI to a health plan for purposes of carrying out payment or health care operations, and the PHI pertains to a health care item or service that you paid for out of pocket. In that case, we are required to honor your request for a restriction.
Right to Request Confidential Communication. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. We will accommodate reasonable requests. We may require specification of an alternative address or other method of contact as a condition for accommodating your request. We will not ask you for an explanation of why you are making the request.
Breach Notification. If there is a breach of unsecured PHI concerning you, we may be required by state and/or federal law to notify you or your Provider of this breach, including what happened and what you can do to protect yourself.
Right to a Copy of this Notice. You have the right to a copy of this notice.
If you would like more information about your privacy rights, please contact Medici by emailing us at firstname.lastname@example.org. To the extent you are required to send a written request to Medici to exercise any right described in this Notice, you must submit your request to Medici at:
Medici Technologies, LLC.
600 Congress Ave., 14th floor
Austin, TX 78701
If you believe we have violated your privacy rights, you have the right to file a complaint in writing with our Privacy Officer at email@example.com. You may submit a formal complaint to the Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.
Last revised: December, 2016
- Information That We Collect
- How We Use and Share Your Information
- Access to Your Information and Choices
- Security of Your Information
- Questions and How Contact Us
Other Privacy Policies. For information about how we collect, use and share your health and medical information, please refer to our Notice of Privacy Practices.
INFORMATION THAT WE COLLECT
Information You Provide to Us
We collect information you provide to us, for example when you create or modify your account via our Mobile applications, purchase products or services from us, request information from us, contact customer support, or otherwise communicate with us. This information may include:
- Billing address
- Email address
- Telephone number
- Date of birth
- Credit card number (solely for payment purposes and not stored by Medici)
- Photos, files, videos, chat messages and other communications to physicians
- Health and medical history, condition and other health related information
Information We Collect Through Your Use of our Site
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of the Site. Google Analytics uses “cookies”, which are text files placed on your computer, to help the Site analyze how users use the site. You can find out more about how Google uses data when you visit our Site by visiting “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/).
Information Collected Through Cookies and Similar Technologies
No Information from Children Under Age 13
If you are under the age of 13, please do not attempt to register with our services (e.g. Site or Mobile Applications) or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 13, we will promptly delete that information. If you believe we have collected personal information from a child under the age of 13, please Contact Us.
HOW WE USE AND SHARE YOUR INFORMATION
To Provide Products, Services, and Information. We collect information from you in order to provide products and services that you purchase using the Site; register and service your online account; provide information that you request from us; contact you about your orders; process credit card and debit card transactions; ship products to you; send you promotional materials or advertisements about our products and services, as well as new features and offerings; administer surveys, sweepstakes, promotions and contests; provide interest-based targeted advertising to you.
Sharing with Third Parties. We may provide information, as defined in Section 2 above, to third party service providers that help us operate and manage our Site, process orders, and fulfill and deliver products and services that you purchase from us. These service providers will have access to your personal information in order to provide these services, but when this occurs we implement reasonable contractual and technical protections to limit their use of that information to helping us provide the service.
We belong to ad networks that may use your browsing history across participating websites to show you interest-based advertisements on those websites. Currently, our Site does not recognize if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads on our Site, but they will not be based on how you browse and shop.
Legal Proceedings. We may share personal information with third party companies, organizations or individuals outside of Medici if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, subpoena, legal process or enforceable governmental request.
- Detect, prevent, or otherwise address fraud, security or technical issues.
- Protect against harm to the rights, property or safety of Medici, our users, customers or the public as required or permitted by law.
ACCESS TO YOUR INFORMATION AND CHOICES
You can access and update certain information we have relating to your account through the profile settings on the Medici app. If you have questions about personal information we have about you or need to update your information, you can Contact Us, and chat with our support team through our Support page. You can opt-out of receiving marketing and promotional e-mails from Medici by using the opt-out or unsubscribe feature contained in the e-mails.
You can close your online account by going to the Privacy tab in the Medici app. If you close your account, we will no longer use your online account information or share it with third parties. We may, however, retain a copy of the information for archival purposes, and to avoid identity theft or fraud.
SECURITY OF YOUR INFORMATION
We use industry standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that e-mails and other communications you send to us through our “Contact Us” form are not encrypted, and we strongly advise you not to communicate any confidential information through these means.
QUESTIONS AND HOW TO CONTACT US
Medici Technologies, LLC
ATTN: Medici Privacy Officer
98 San Jacinto
Austin, TX 78701