HIPAA NOTICE OF PRIVACY PRACTICES
Effective April 28, 2023
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Scope of Notice
This Notice of Privacy Practices (“Notice”) applies to all PHI about you held or transmitted by Sequon, LLC (DBA Altruix) and each of its subsidiaries and affiliates who are under common control and/or common ownership that are subject to HIPAA (as defined below) (collectively, “we” or “us”).
“PHI” means protected health information, which is any individually identifiable health information about your past, present or future physical or mental health or condition, the provision of healthcare to you, or your payment for healthcare. PHI may include information about your condition or treatment, diagnostic tests and images, and related health information.
We are dedicated to maintaining the privacy of your PHI. We are required by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”) to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. We are also required by law to notify affected individuals following a breach of unsecured PHI.
We must abide by the terms of this Notice while it is in effect. This Notice will remain in effect until we replace it. We reserve the right to change the terms of this Notice at any time, provided the changes comply with applicable law. If we change the terms of this Notice, the new terms will apply to all PHI we maintain, including PHI that was created or received before such changes were made. If we change this Notice, we will post the new Notice on our website and will provide copies upon request.
Uses and Disclosure of PHI that Do Not Require an Authorization
The following categories describe the different ways that we may use and disclose your PHI without your authorization. Not every use and disclosure within a category will be listed. Your PHI may be stored in paper, electronic or other form and may be disclosed electronically or by other methods.
- Treatment. We may use and disclose your PHI for treatment purposes. For example, we may disclose PHI to another healthcare provider to whom we refer you. Moreover, we may use and disclose your PHI electronically, such as by providing care to you via telehealth (which involves the use of electronic communications via live two-way audio or video).
- Payment. We may use and disclose your PHI to obtain reimbursement for the treatment and services you receive from us or another entity involved with your care. Payment activities include billing, collections and claims management. These activities also include determinations of eligibility and coverage to obtain payment from you, an insurance company, or another third party. For example, we may send claims to your health insurance provider containing PHI.
- Health Care Operations. We may use and disclose your PHI for health care operations purposes. Health care operations include quality assessment and improvement activities, arranging for legal services, conducting training programs, reviewing the competence and qualifications of healthcare professionals, licensing activities, and sending you information about refill reminders, our health-related products and services, possible treatment options or alternatives that may interest you, or appointment reminders. We may use and disclose PHI for customer service, business planning, and development, including disclosing PHI to tracking technology vendors that are our “Business Associates” (as described below) to analyze how you interact with our website or patient portal. We may make incidental disclosures of limited PHI, such as by mailing statements to you with your name on the envelope.
- Business Associates. We may disclose your PHI to third parties who provide services to us or on our behalf, known as Business Associates. We require our Business Associates to enter an agreement to safeguard your PHI and otherwise protect your privacy as required by law.
- Electronic Data Exchanges. Consistent with applicable law, we may send you text messages, emails or other electronic communications for treatment, payment, health care operations and other permitted purposes. We may participate in one or more Health Information Exchanges (HIEs) and may electronically share your PHI for treatment, payment, healthcare operations and other permitted purposes with other participants in the HIE. HIEs allow your healthcare providers to efficiently access and use your PHI as necessary for treatment and other lawful purposes. You may request to opt out of participation in HIEs.
- Individuals Involved in Your Care or Payment for Your Care/Personal Representatives. We may disclose your PHI to your family or friends or any other individual identified by you when they are involved in your care or in the payment for your care. Additionally, if a person has the authority by law to make healthcare decisions for you, we may disclose PHI about you to such personal representative and treat that representative the same way we would treat you with respect to your PHI. We may also disclose your PHI to a public or private entity authorized by law to assist in disaster relief efforts to notify, or assist in notifying, a family member or personal representative about your location, general condition or death.
- Required by Law. We may use or disclose your PHI when we are required to do so by law. For example, we may disclose PHI about you to the U.S. Department of Health and Human Services if it requests such information to determine that we are complying with federal privacy law.
- Public Health Activities. We may disclose your PHI to public health authorities or other governmental authorities for public health purposes including preventing and controlling disease, reporting child abuse or neglect and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity. We may disclose PHI to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition as necessary in the conduct of a public health intervention or investigation.
- Health Oversight Activities. We may disclose your PHI to a health oversight agency for authorized activities such as audits, investigations, inspections, licensing and disciplinary actions.
- Abuse, Neglect or Domestic Violence. If we reasonably believe you are a victim of abuse, neglect, or domestic violence, we may disclose your PHI to a government authority, including a social service protective agency, authorized by law to receive reports of abuse, neglect or domestic violence.
- Judicial and Administrative Proceedings. We may disclose your PHI in response to an order from a court or administrative agency. We may also disclose your PHI in response to a subpoena, discovery request or other lawful process, but only if efforts have been made to tell you about the request or to obtain an order protecting the requested PHI.
- Law Enforcement. We may disclose your PHI for law enforcement purposes as permitted by HIPAA.
- Coroners, Medical Examiners and Funeral Directors. We may disclose your PHI to coroners, medical examiners and/or funeral directors for purposes such as identification, determining the cause of death, and fulfilling duties relating to deceased individuals.
- Research. We may use or disclose your PHI for research when permitted by law, including when an institutional review board or privacy board has reviewed the research proposal and established a process to ensure the privacy of the requested PHI and approved the research.
- Serious Threat to Health or Safety. We may use or disclose PHI when permitted by applicable law to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
- Worker’s Compensation. We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
- Specialized Government Functions. We may use and disclose PHI for specialized government functions, including military and veterans activities, national security and intelligence activities, and to correctional institutions.
- Organ Donation. We may use and disclose your PHI to entities involved in procuring, banking, and transplanting organs, eyes and tissues to assist with donation or transplantation.
- Limited Data and De-identified Data. We may remove most information that identifies you from a set of data and use and disclose this data set for research, public health and healthcare operations, provided the recipients of the data set agree to keep it confidential. We may also de-identify your PHI and use and disclose the de-identified information for purposes permitted by law.
- Fundraising. If we participate in a fundraising activity, we may contact you to raise funds for us or a related foundation. You have the right to opt of receiving fundraising communications.
Use and Disclosure of PHI Pursuant to an Authorization
In any other situation not described in this Notice, we will ask for your written authorization before using or disclosing information about you, in accordance with applicable law. Most uses and disclosures of PHI for marketing purposes and disclosures that constitute a sale of PHI will be made only with your written authorization. You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI for the purpose previously authorized, except to the extent that we have already taken action in reliance on the authorization.
Your Rights Regarding Your PHI
You have the following rights regarding the PHI maintained by us. If you have given another individual a medical power of attorney, if another individual is appointed as your legal guardian or if another individual is authorized by law to make healthcare decisions for you (such as your custodial parent) (known as a “personal representative”), that individual may exercise any of the rights listed below for you.
- Confidential Communications. You have the right to receive confidential communications of your PHI. You may request that we communicate with you through alternate means or at an alternate location, and we will accommodate your reasonable requests. You must submit your request in writing to us. If we are unable to contact you using the ways or locations you have requested, we may contact you using the information we have.
- Restrictions. You have the right to request restrictions on certain uses and disclosures of PHI for treatment, payment or healthcare operations. You also have the right to request that we restrict our disclosures of PHI to only certain individuals involved in your care or the payment of your care. You must submit your request in writing to us. We are not required to comply with your request, except we are required to agree if your request is to restrict disclosures to a health plan for purposes of carrying out payment or healthcare operations, and the information pertains solely to a healthcare item or service for which you, or a person on your behalf (other than the health plan), has paid us out-of-pocket in full. If we agree to comply with your request, we will be bound by such agreement, except when otherwise required by law or in the event of an emergency.
- Access. You have the right to inspect and obtain copies of your PHI that we maintain and to direct us to send your PHI stored in an electronic record to another person designated by you, with limited exceptions. This right applies to PHI used to make decisions about you or payment for your care, subject to limited exceptions provided by law. You must submit your request in writing to us using the information provided at the end of this Notice. In most cases, we will provide access to you or the person you designate to get access within 30 days of your request or, if applicable, any shorter time period required by law.
We may deny your request to inspect and/or obtain a copy your PHI in certain limited circumstances, such as if we reasonably conclude that it would be detrimental to you. If we deny your request, we will inform you of the reason for the denial, and, in most cases, you may request a review of the denial. If you request PHI that we maintain on paper, we may provide photocopies. If you request PHI that we maintain electronically, you have the right to an electronic copy in the form and format you request if readily producible. We may impose a reasonable cost-based fee for the costs of copying, mailing, labor and supplies associated with your request.
- Amendment. You have a right to ask us to amend your PHI if you believe it is incorrect or incomplete. You must submit your request in writing to us using the information provided at the end of this Notice and provide a reason to support the requested amendment. We may, under certain circumstances, deny your request by sending you a written notice of denial. If we deny your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
- Accounting of Disclosures. You have a right to receive an accounting of certain disclosures of PHI we have made. This right does not include disclosures made pursuant to an authorization and certain other disclosures. You must submit your request in writing to us using the information provided at the end of this Notice, and you must specify the time period involved (which must be for a period of time less than 6 years from the date of your request). Your first accounting within a period of 12 months will be free of charge. However, we may charge you a reasonable cost-based fee for the costs involved in fulfilling any additional request made within the same 12 month period. We will inform you of such costs in advance so that you may withdraw or modify your request to save costs.
You may complain to us and/or to the Secretary of the Department of Health and Human Services (“the Secretary”) if you believe that your privacy rights have been violated. You may submit complaints to us by contacting our Privacy Officer at firstname.lastname@example.org or by calling our Privacy Officer at (443) 837-0200. We will not retaliate against you if you file a complaint with our Privacy Officer or the Secretary. You may file a complaint with Secretary by contacting the U.S. Department of Health and Human Services Office for Civil Rights at 200 Independence Avenue, S.W., Washington, D.C. 20201; 1-877-696-6775; or www.hhs.gov/ocr/privacy/hipaa/complaints/.
For more information about your privacy rights, please contact our Privacy Officer at email@example.com or (443) 837-0200.