THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This Notice of Privacy Practices (the “Notice”) tells you about the ways we may use and disclose your protected health information (“medical information”) and your rights and our obligations regarding the use and disclosure of your medical information.
(1) OUR OBLIGATIONS We maintain the privacy of your medical information and notify affected individuals following a breach of unsecured medical information, in each case to the extent required by state and federal law. We provide you this Notice explaining our legal duties and privacy practices with respect to medical information about you.
(2) HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU The following categories describe the different ways that we typically use and disclose medical information, the purposes for such uses and disclosures, and the reasons for such uses and disclosures. As noted below, we may contact you via different methods that you may approve, such as via text message, email, or through your Buy Upneeq account. In most instances, your initial communication with us will be through an interaction with the Medical Group through the Buy Upneeq website or app. Specifically speaking, the applicable Medical Group may communicate with you in the following specific ways and for the following specific purposes: Type & Purpose Email communications;
To obtain information from you necessary to provide services to you, communicate with you about your diagnosis and treatment and provide you with information on special offers and deals Texts; To obtain information from you necessary to provide services to you and communicate with you about your diagnosis and treatment Customer Service Emails, texts, or app notifications; To provide you with updates on problems with orders, late shipments, and other questions applicable to your provider visit(s) Tracking emails; To notify you when prescriptions have been shipped, will arrive, and other confirmations Order information; To provide information on content of orders (additional products or samples) Referral programs; To provide you with information on benefits you may receive if you refer another patient to the Medical Group. Additionally, the applicable Medical Group may use and disclose your medical information for the following reasons. These categories are intended to be general descriptions only, and not a list of every instance in which we may use or disclose your medical information. Please understand that for these categories, the law generally does not require us to get your authorization in order for us to use or disclose your medical information. For Treatment. We may use and disclose medical information about you to provide you with health care treatment and related services, including coordinating and managing your health care.
We may disclose medical information about you to physicians, nurses, other health care providers and personnel who are providing or involved in providing health care to you (both within and outside of the applicable Medical Group(s)). For example, should your care require referral to a pharmacy for the provision of prescription drugs, we may provide that pharmacy with your medical information in order to aid the pharmacist in his or her treatment of you. For Payment. We may use and disclose medical information about you so that we or may bill and collect from you, an insurance company, or a third party for the health care services we provide. This may also include the disclosure of medical information to obtain prior authorization for treatment and procedures from your insurance plan.
For example, we may send a claim for payment to your insurance company, and that claim may have a code on it that describes the services that have been rendered to you. If, however, you pay for an item or service in full, out of pocket and request that we not disclose to your health plan the medical information solely relating to that item or service, as described more fully in Section IV of this Notice, we will follow that restriction on disclosure unless otherwise required by law.
For Health Care Operations. We may use and disclose medical information about you for our health care operations. These uses and disclosures are necessary to operate and manage our practice and to promote quality care. For example, we may need to use or disclose your medical information in order to assess the quality of care you receive or to conduct certain cost management, business management, administrative, or quality improvement activities or to provide information to our insurance carriers. Quality Assurance and Utilization Review. We may need to use or disclose your medical information for our internal processes to assess and facilitate the provision of quality care to our patients. We may need to use or disclose your medical information to perform a review of the services we provide in order to evaluate whether that the appropriate level of services is received, depending on condition and diagnosis. Credentialing and Peer Review.
We may need to use or disclose your medical information in order for us to review the credentials, qualifications and actions of our health care providers. Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that we believe may be of interest to you. Appointment Reminders and Information about Health Related Benefits and Services. We may use and disclose medical information, in order to contact you (including, for example, contacting you by phone and leaving a message on an answering machine) to provide appointment reminders and other information. We may use and disclose medical information to tell you about health-related benefits or services that we believe may be of interest to you.
See also the specific types of communications noted above. Vendors. There are some services (such as billing or legal services) that may be provided to or on behalf of the Medical Groups through contracts with third parties, and other members of its corporate family. When these services are contracted, we may disclose your medical information to our vendor so that they can perform the job we have asked them to do. To protect your medical information, however, we require the business associate to appropriately safeguard your information. Individuals Involved in Your Care or Payment for Your Care. We may disclose medical information about you to a friend or family member who is involved in your health care, as well as to someone who helps pay for your care, but we will do so only as allowed by state or federal law (with an opportunity for you to agree or object when required under the law), or in accordance with your prior authorization. As Required by Law.
We will disclose medical information about you when required to do so by federal, state, or local law or regulations. Other. Subject to applicable legal requirements, and where appropriate for your medical care or required by law, we may also use your medical information (i) to avert an imminent threat of injury to health or safety, (ii) for organ donation purposes, for research, (iii) to appropriate military authorities if you are in the armed forces, (iv) for workers’ compensation programs, (v) for public health activities, (vi) for health oversight activities, (vii) for other legal matters, (viii) for law enforcement purposes, (ix) to coroners and medical examiners, or (x) for marketing or fundraising purposes Electronic Disclosures of Medical Information. Under the law of certain states, we are required to provide notice to you if your medical information is subject to electronic disclosure. This Notice serves as general notice that we may disclose your medical information electronically for treatment, payment, or health care operations or as otherwise authorized or required by state or federal law. In some cases, communications between you and Apostrophe will include health information in unencrypted forms (most notably email and text).
The information included within these communications will never include highly-sensitive information including your medical history, medication prescribed outside of the Buy Upneeq Platform, and the photos your provide in your consultation. You are authorizing us to communicate with you using unencrypted mediums (like email and text) for some PHI including, but not limited to your treatment plan, the name of your Provider, and the condition you’re seeking treatment for. With this authorization, you understand the following risks of communicating using unencrypted mediums: Email and texts can be forwarded, printed, intercepted, and stored by anyone with access to your email inbox or mobile phone. These mediums are convenient, but are not appropriate for emergencies or time-sensitive information. Your employers typically has the right to access any email received or sent by a person at work. Staff other than your healthcare provider may read and process email.
Clinically relevant messages and responses will be documented and become part of your medical record at your Physician’s discretion. We are not liable for information lost or misdirected due to technical errors or failures. (3) OTHER USES OF MEDICAL INFORMATION Authorizations. There are times we may need or want to use or disclose your medical information for reasons other than those listed above, but to do so we will need your prior authorization. Other than expressly provided herein, any other uses or disclosures of your medical information will require your specific written authorization. Psychotherapy Notes, Marketing and Sale of Medical Information. Most uses and disclosures of “psychotherapy notes,” uses and disclosures of medical information for marketing purposes, and disclosures that constitute a “sale of medical information” under applicable state and federal law require your authorization. The Medical Groups do not anticipate that they will or sell medical information or use or disclose any psychotherapy notes created by a Provider in the course of providing you mental health therapy except by your Provider to provide you with ongoing mental health care. Right to Revoke Authorization.
If you provide us with written authorization to use or disclose your medical information for such other purposes, you may revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose your medical information for the reasons covered by your written authorization. You understand that we are unable to take back any uses or disclosures we have already made in reliance upon your authorization, and that we are required to retain our records of the care that we provided to you. (4) YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU Certain laws and regulations provide you with certain rights regarding the medical information we have about you. The following is a summary of those rights. Right to Inspect and Copy. Under most circumstances, you have the right to inspect and/or copy your medical information that we maintain in our possession in a designated record set, which generally includes your medical and billing records. To inspect or copy your medical information, you must submit your request to do so in writing to the applicable Medical Group at firstname.lastname@example.org. If you request a copy of your information, we may charge a fee for the costs of copying, mailing, or certain supplies associated with your request. The fee we may charge will be the amount allowed by state law. If your requested medical information is maintained in an electronic format (e.g., as part of an electronic medical record, electronic billing record, or other group of records maintained by the applicable Medical Group that is used to make decisions about you) and you request an electronic copy of this information, then we will provide you with the requested medical information in the electronic form and format requested, if it is readily producible in that form and format.
If it is not readily producible in the requested electronic form and format, we will provide access in a readable electronic form and format as agreed to by the applicable Medical Group and you. In certain very limited circumstances allowed by law, we may deny your request to review or copy your medical information. We will give you any such denial in writing. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by the applicable Medical Group will review your request and the denial. The person conducting the review will not be the person who denied your request. We will abide by the outcome of the review. Right to Amend. If you feel the medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by the applicable Medical Group. To request an amendment, your request must be in writing and submitted to email@example.com. In your request, you must provide a reason as to why you want this amendment. If we accept your request, we will notify you of that in writing. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that (i) was not created by us (unless you provide a reasonable basis for asserting that the person or organization that created the information is no longer available to act on the requested amendment), (ii) is not part of the information kept by the applicable Medical Group, (iii) is not part of the information which you would be permitted to inspect and copy, or (iv) is accurate and complete. If we deny your request, we will notify you of that denial in writing. Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures” of your medical information. This is a list of the disclosures we have made for up to six years prior to the date of your request of your medical information, but may not include disclosures for Treatment, Payment, or Health Care Operations (as described in this Notice) or disclosures made pursuant to your specific authorization (as described in this Notice), or certain other disclosures. To request a list of accounting, you must submit your request in writing to firstname.lastname@example.org. Your request must state a time period, which may not be longer than six years. Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a twelve-month period will be free. For additional lists, we may charge you a reasonable fee for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for Treatment, Payment, or Health Care Operations. You also have the right to request a restriction or limitation on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. Except as specifically described below in this Notice, we are not required to agree to your request for a restriction or limitation.
If we do agree, we will comply with your request unless the information is needed to provide emergency treatment. In addition, there are certain situations where we won’t be able to agree to your request, such as when we are required by law to use or disclose your medical information. To request restrictions, you must make your request in writing to email@example.com. In your request, you must specifically tell us what information you want to limit, whether you want us to limit our use, disclosure, or both, and to whom you want the limits to apply. As stated above, in most instances we do not have to agree to your request for restrictions on disclosures that are otherwise allowed. However, if you pay or another person (other than a health plan) pays on your behalf for an item or service in full, out of pocket, and you request that we not disclose the medical information relating solely to that item or service to a health plan for the purposes of payment or health care operations, then we will be obligated to abide by that request for restriction unless the disclosure is otherwise required by law. You should be aware that such restrictions may have unintended consequences, particularly if other providers need to know that information (such as a pharmacy filling a prescription).
It will be your obligation to notify any such other providers of this restriction. Additionally, such a restriction may impact whether an insurance company will pay for related care that you may not want to pay for out of pocket (and which would not be subject to the restriction). Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you through a personal email address and not at work or, conversely, only at work and not a personal email address. To request such confidential communications, you must make your request in writing to firstname.lastname@example.org. We will not ask the reason for your request, and we will use our best efforts to accommodate all reasonable requests, but there are some requests with which we will not be able comply. Your request must specify how and where you wish to be contacted. Right to an Email or Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. To obtain a copy of this Notice, you must make your request in writing to email@example.com. Right to Breach Notification. In certain instances, we may be obligated to notify you (and potentially other parties) if we become aware that your medical information has been improperly disclosed or otherwise subject to a “breach” as defined in and/or required by applicable law.
(5) CHANGES TO THIS NOTICE We reserve the right to change this Notice at any time, along with our privacy policies and practices. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well, as any information we receive in the future. We will post a copy of the current notice, along with an announcement that changes have been made, as applicable, on our website and in any physical office in which the Medical Groups practice medicine. When changes have been made to the Notice, you may obtain a revised copy by writing to firstname.lastname@example.org.
(6) COMPLAINTS If you believe that your privacy rights as described in this Notice have been violated, you may file a complaint with the applicable Medical Group at email@example.com. The Medical Groups will not retaliate against any individual who files a complaint. You may also file a complaint with the Secretary of the Department of Health and Human Services.