THIS NOTICE DESCRIBES HOW INFORMATION YOU PROVIDE TO HEALTH CARE ORIGINALS, INC. MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The sections are as follows:
1) What is Protected Health Information (“PHI”)?
2) What PHI does HCO collect?
3) Who does HCO share my PHI with and why?
4) What are my rights to my PHI?
5) What should I do if I have a question or concern about my collected PHI?
What is Protected Health Information?
As many health care service providers, HCO receives and maintains certain personal information about all our members. Some of this personal information is protected by federal and state laws. This type of information is known as “protected health information” or “PHI”. PHI is health information that identifies or could be used to identify a specific person.
What PHI does HCO collect?
When you voluntarily give your PHI to HCO through our online website and/or through your use of our HCO programs we maintain such PHI in our secure systems. Examples of PHI you may provide to HCO include:
- When you choose to register for the HCO programs, you provide your personal information such as your name, address, medical history, and/or insurance information.
- When you use the HCO programs, we will receive health information from you such as your height, weight, cough rate, wheeze, heart rate, skin temperature, respiration rate, peak flow data, spirometry data, medication usage and exhalation pressure and any other health information that you choose to share with us.
- We may also collect your prescription, lab and claims data from available information sources to provide a more personal experience in the HCO programs.
Who does HCO share my PHI with and why?
We use or disclose your PHI for treatment, payment, or healthcare operations purposes and other purposes permitted or required by law. By registering for the HCO program, you authorize HCO to use or disclose your PHI for such purposes, which are described below.
We need your written authorization to use or disclose your health information for any purpose not covered by one of the categories below.
We will not use or disclose your PHI for marketing purposes or sell your PHI, unless you have agreed to this use or disclosure.
You can inform us at any time that you no longer allow us to use or disclose your PHI for the reasons shown below, but this will not stop any disclosure that we made based on your prior authorization.
The law permits us to use and disclose your health information for the following purposes:
- Treatment: We may use or disclose your PHI to healthcare professionals for treatment purposes. This includes to the clinical teams at your employer, health plan, and/or pharmacy benefits managers to the extent such group sponsors your use of the HCO program (i.e., the HCO benefit is paid for by your employer, health plan, etc.).
- Payment – We may use or disclose your PHI for purposes of billing and payment for the HCO programs. For example, we may disclose your PHI to your pharmacy benefits manager, health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner, or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.
- Healthcare Operations – We may use or disclose your PHI for activities necessary to support our healthcare operations, such as performing quality checks on our services, internal audits, arranging for legal services, data analysis or developing reference ranges for our services. We also disclose your PHI to your health plan, employer’s clinical team, health care benefits consultant, or benefits manager clinical team, if your use of the HCO services is available and paid for by one of those groups. We provide only the minimal PHI to accomplish the intended purpose of the use and disclosure of the PHI. These entities are also required to keep the PHI confidential and secure.
- Business Associates – We may disclose your PHI to other companies or individuals that need the information to provide services to us. These other entities, known as “business associates,” are required to also keep the PHI confidential and secure. For example, we may provide information to companies that assist us with support services or billing of our services.
- De-identifiable and Aggregated Format – We may use and disclose your PHI in a de-identifiable and aggregated manner to review our impact on all our members health and in hopes of making the HCO programs even more effective to help you with your management of your chronic condition.
- Research – We may also use and disclose PHI for research purposes when an Institutional Review Board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of your PHI and determined that the researcher does not need to obtain your authorization prior to using your PHI for research purposes.
- As Required by Law – We may use or disclose your PHI as required by law.
- Law Enforcement Activities, Legal Proceedings and Court Orders – We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence. We may disclose your PHI if required to do so with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process during a judicial or administrative proceeding. We may also disclose PHI to those assisting in disaster relief efforts so that others can be notified about your condition, status and location.
- Family and Friends: At your request, we may disclose PHI to a family member, friend, or anyone else you inform us to provide the information to.
- Other Uses and Disclosures: As permitted by HIPAA, we may disclose your PHI to:
- Public Health Authorities
- The Food and Drug Administration
- Health Oversight Agencies
- Military Command Authorities
- National Security and Intelligence Organizations
- Correctional Institutions
- Organ and Tissue Donation Organizations
- Coroners, Medical Examiners and Funeral Directors
- Workers Compensation Agents
What are my rights to my PHI?
You have rights to your PHI that we collect. You can request HCO restrict the use and disclosure of your PHI by sending a written request to the address below.
You can access your PHI we logged or PHI you provided us online at any time by logging in to your user account or you can request we send your health information by alternative means to an alternative address. Once you review your PHI, if you see any problems with your PHI, you may request amendments to your PHI by making a written request to us at the address below. We may deny the request in some cases. If we deny your request to change your PHI we will provide you with a written explanation of the reason for the denial and additional information regarding further actions that you may take.
You also have the right to receive a list of certain disclosures of your PHI made by us in the past six years from the date of your written request to us at the address below. Under the law, this does not include disclosures made for purposes of treatment, payment, or healthcare operations or certain other purposes we have stated above. Please be aware that we are required as stated in the Health Insurance Portability and Accountability Act (HIPAA) of 1996 to notify you in the event of a breach involving your PHI and will do so as required by law.
Para recibir una copia de este aviso en español, llame a Asistencia para miembros de HCO al (585) 471-8215 o envíe un mensaje por correo electrónico a firstname.lastname@example.org.
What should I do if I have a question or concern about my collected PHI?
If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against any individual for filing a complaint.
Health Care Originals, Inc.
1, Pleasant St., Suite 442
Rochester, NY 14604
You can also call us at 585.471.8215.