Version 1.0 – Posted December 1, 2022 Last updated – 09 14 2022
A.1 Our Commitment to You
Gradient Health, Inc is committed to maintaining the privacy of your health information. As part of our services or during your treatment with us, physicians, nurses, and other personnel may collect information about your health history and current health status. This Notice explains how that information, called “Protected Health Information” (PHI), may be used and disclosed to others. The terms of this Notice apply to health information produced or obtained by Gradient Health, Inc.
A.2 Our Legal Duties
The HIPAA Privacy Law requires us to provide this Notice to you regarding our privacy practices, our legal duties to protect your health information and your rights concerning health information about you. We are required to follow the privacy practices described in this Notice whenever we use or disclose your protected health information (PHI). Other companies or persons that perform services on our behalf, called Business Associates, must also protect the privacy of your information. Business Associates are not allowed to release your information to anyone else unless specifically permitted by law.
A.3 Uses and Disclosures of Protected Health Information
A.3.1 What Health Information We Collect
As part of our services or during your treatment with us, physicians, nurses, and other personnel may collect information about your health history and current health status. The information we collect is generally personal information as defined under privacy statutory regulations and protected health information as defined under HIPAA. We collectively refer to this information as personal information in this Notice.
We may collect directly from you all or some of the following:
|Personal Information you may provide||Name, email and contact detailsAdd all types of information collected through the ways covered by this notice (website, application etc.)|
|What do we do with the information?||To provide research services |
|Can you withdraw your consent?||Yes, at any time by contacting us at firstname.lastname@example.org |
A.3.2 How We Use and Disclose Your Health Information
The HIPAA Privacy Law permits Gradient Health to make uses and disclosures of your health information for purposes of treatment, payment and health care operations. However, Gradient Health, Inc’s use of health information will not be used in the following ways:
- Treatment: We will use and may share health information about you for your health care and treatments or coordinate/manage your treatment. For example, a nurse or medical assistant will obtain treatment information about you and record it in a medical record. Alternatively, one of our physicians may use information about you for a consultation with or a referral to another physician to diagnose your illness and determine which treatment option, such as surgery or medication, will best address your health needs. Except in emergency circumstances, we will make a “good faith effort” to get your permission prior to making disclosures outside Gradient Health for treatment purposes.
- Payments: We may use and disclose health information about you to obtain payment for the care and services we have provided. We may use and disclose health information about your treatment and services to bill and collect payment from you, your insurance company or a third-party payer. For example, we may need to give your insurance company information before it approves or pays for the health care services we recommend for you. The insurance company may use that information to determine eligibility or coverage for insurance benefits, review services provided to you for health necessity, and undertake utilization review activities.
- Healthcare Operations: We may use and share health information about you for Gradient Health’s health care operations, which include planning, management, quality assessment, and improvement activities for the treatments that we deliver. For example, we may use your health information to evaluate the skills of our physicians, nurses, and other health care providers in caring for you. We also may use your information to review quality and health outcomes. We will obtain your written permission before making disclosures to others outside Gradient Health for health care operations purposes.
- Health-Related Benefits, Services and Treatment Alternatives: We may also contact you about new or alternative treatments or other health care services. For example, we may offer to mail you newsletters, coupons, or announcements.
- Appointment Reminders: We may use and disclose health information to contact you for appointment reminders and to communicate necessary information about your appointment.
- People Assisting in Your Care: In certain limited situations, Gradient Health may disclose essential health information to people such as family members, relatives, or close friends who are helping care for you or helping you pay your health care bills. We will disclose information to them only if these people need to know the information to help you. For example, we may provide limited information to a family member so that they may pick up a prescription for you. Generally, we will ask you prior to making disclosures if you agree to such disclosures. If you are unable to make health-related decisions or it is an emergency, Gradient Health will determine if it would be in your best interest to disclose pertinent health information about you to the people assisting in your care.
- Workers Compensation: If you are seeking compensation due to a work-related injury, we may release health information about you to the extent necessary to comply with laws relating to Workers Compensation claims.
- Employers: We may release health information to your employer if we provide health treatment to you at the request of your employer, and the health care services are provided either to conduct an evaluation relating to medical surveillance of the workplace or to evaluate whether you have a work-related illness or injury. In such circumstances, we will provide you with written notice of such information disclosure. Any other disclosures to your employer will be made only if you sign a specific authorization to release that information.
- Correctional Facilities: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose health information about you to the correctional institution or law enforcement official only as required by law or with your written permission. We may release your health information for your health and safety, for the health and safety of others, or for the safety and security of the correctional institution.
We may use or disclose your health information for the purposes outlined in this Notice.
- Law Enforcement: In certain circumstances, we may be legally required to share certain personal information held by us, which may include your health information. We may disclose your health information to a law enforcement official if required or allowed by law, such as gunshot wounds and some burns. We may also disclose information about you to law enforcement that is not a part of your health record for the following reasons:
- To identify or locate a suspect, material witness, victim of a crime, or missing person
- About a death we believe may be the result of criminal conduct
- About criminal conduct at our location
- In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
- Fundraising Communications: We may contact you as part of a fundraising effort. For example, we may use your information to contact you to raise money for Gradient Health and its operations. We would only release your name, address and phone number, and the dates you received services at Gradient Health. If you do not want us to contact you for fundraising efforts, you must notify Gradient Health in writing.
- Research: Federal law permits Gradient Health to use or disclose health information about you for research purposes if the research is reviewed and approved by an institutional review board or a privacy board to protect the privacy of your health information before the study begins. We may disclose your information if we have your written authorization to do so. In some situations, researchers may be allowed to use information about you in a restricted way to determine whether the potential study participants are appropriate. We will make a “good faith effort” to acquire your permission or rejection to participate in any research study prior to releasing any protected information about you.
- Health Oversight Activities: We must disclose health information to a health oversight agency for activities that are required by federal, state or local law. Oversight activities include investigations, inspections, industry licensures, and government audits. These activities are necessary to enable government agencies to monitor various health care systems, government programs, and industry compliance with civil rights laws.
- Public Health Risks: As authorized by law, we may disclose health information about you to public health or legal authorities whose official responsibilities generally include the following:
- To prevent or control disease, injury or disability;
- To report births and deaths;
- To report child abuse or neglect;
- To report reactions to medications or problems with products;
- To notify people of recalls of products they may be using;
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and
- To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
- Serious Threat to Health or Safety: Consistent with applicable laws, we may disclose your health information if the disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We also may disclose your health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
- Organ and Tissue Donation: Consistent with applicable law, we may release your health information to organ procurement organizations or others engaged in the transplantation of organs to enable a possible transplant.
- Specialized Government Functions: If you are a member of the military or a veteran, we will disclose health information about you as required by command authorities; or if you give us your written permission. We may also disclose your health information for other specialized government functions such as national security or intelligence activities.
- Lawsuits and Disputes: If you are involved in a lawsuit, dispute, or other judicial proceedings, we may disclose health information about you in response to a court order or subpoena, other lawful processes, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
- Coroners, Medical Examiners, and Funeral Directors: We may release your health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or to determine the cause of death. We may also release your health information to a funeral director, as necessary, to carry out his/her duties.
- Required by HIPAA Law: The Secretary of the Department of Health and Human Services (HHS) may investigate privacy violations. If your health information is requested as part of an investigation, we are required to share your information with HHS.
A.3.3 Circumstances Which Require Your Written Consent Prior to Disclosure
For any purpose other than the ones described above, we may only use or share your health information when you give us your written authorization to do so. For example, you will need to sign an authorization form before sending your health information to your life insurance company. You may revoke your authorization, at any time, in writing, except to the extent that we have taken action in reliance on the authorization. We may not use or disclose your health information without an authorization that is valid as per HIPAA Privacy Rule – “45 CFR § 164.508 – Uses and disclosures for which an authorization is required”. Link: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html
- Marketing: We must also obtain your written authorization before using your health information to send you any marketing materials. The only exceptions to this requirement are that:
- We can provide you with marketing materials in a face-to-face encounter or a promotional gift of minimal value if we so choose
- We may communicate with you about products or services relating to your treatment, to coordinate or manage your care, or provide you with information about different treatments, providers or care settings.
- Sale: For any disclosure of your health information, which constitutes a sale of health information.
- Highly Confidential Information: Federal and state law requires special privacy protections for certain “Highly Confidential Information” about you, including any part of your health information that is about:
- Child abuse and neglect
- Domestic abuse of an adult with a disability
- Mental illness or developmental disability treatment or services
- Alcohol or drug dependency diagnosis, treatment, or referral
- HIV/AIDS testing, diagnosis, or treatment
- Sexually transmitted disease
- Sexual assault
- Genetic testing
- In Vitro Fertilization (IVF)
- Information maintained in psychotherapy notes
Before we share your Highly Confidential Information for a purpose other than those permitted by law, we must obtain your written permission.
- Other Uses: Other uses and disclosures of your health information, not described above, will be made only with your written authorization.
A.3.4 Your Rights Regarding Your Health Information
You have certain rights regarding your health information, which are explained below. You may exercise these rights by submitting a request in writing to email@example.com:
- Right to inspect and copy: If you would like to inspect or receive a copy of your PHI that is contained in a designated record set (e.g., health and billing records), we are required to provide you access to such information within 30 days after receipt of your request (with up to a 30-day extension if required with notice). We may charge you a reasonable fee to cover duplication, mailing and other costs incurred by us in complying with your request.
We may deny your request for access to your personal information as permitted by HIPAA. For example, we may deny your request if we believe the disclosure will endanger your life or that of another person. Depending on the circumstances of the denial, you may have a right to have this decision reviewed.
- Right to Request Restrictions on Use and Disclosure: You have the right to request a restriction or limitation on certain uses and disclosures of your health information. To request restrictions, you must make your request in writing to firstname.lastname@example.org. In your request, you must tell us:
- What information you wish to limit
- Whether you wish to limit our use, disclosure, or both
- To whom you want the limits to apply – for example, if you want to prohibit disclosures for insurance payment, health care operations, for disaster relief purposes, to persons involved in your care, or to your spouse.
You or your personal representative must sign it.
We are not required to agree to your request, but we will attempt to accommodate reasonable requests when appropriate. We retain the right to terminate an agreed-to restriction if we believe such termination is appropriate. In the event of a termination by us, we will notify you of such termination. You also have the right to terminate, in writing or orally, any agreed-to restriction. If we agree to the requested restriction, we may not use or disclose your personal information in violation of that restriction unless it is needed to provide emergency treatment.
- Right to Request Amendment: If you believe that any health information we have about you is incorrect or incomplete, you have the right to ask us to change the information for as long as Gradient Health maintains the information. To request an amendment to your health information, your request must be in writing, signed, and submitted to Gradient Health.
If we deny your request, we will provide you with a written explanation. You may respond with a statement of disagreement that will be maintained with your records. We will respond to your request within 60 days (with up to a 30-day extension if needed with notice).
- Right to Receive Confidential Communications: You have the right to request that we communicate with you about your health information in a confidential manner or at a specific location. For example, you may ask that we only contact you via mail to a post office box. You must submit your request in writing to Gradient Health. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests.
- Right to Receive an Accounting of Certain Disclosures: With some exceptions, you have the right to receive an accounting of certain disclosures we have made, if any, of your health information. Your accounting request must be in writing and signed by you or your personal representative and submitted to Gradient Health. Your request must specify the time in which the disclosures were made. You may receive one free accounting in any 12-month period. We will charge you for additional requests.
This right only applies to disclosures for purposes other than treatment, payment or health care operations as described in this Notice. It also excludes disclosures we may have made to you, your family members or friends involved in your care. The right to receive this information is subject to certain exceptions, restrictions and limitations as allowed by HIPAA.
- Right to Obtain a Copy of this Notice: You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive the Notice electronically. You may ask us to give you a copy of this Notice at any time.
- Right to Cancel Authorization to Use or Disclose: Other uses and disclosures of your health information not covered by this Notice or the laws that govern us will be made only with your written authorization. You have the right to revoke your authorization in writing at any time, and we will discontinue future uses and disclosures of your health information for the reasons covered by your authorization. We are unable to take back any disclosures that were already made with your authorization, and we are required to retain the records of the care that we provided to you.
In addition, you have the right to be notified if you are affected by a breach of unsecured personal information.
A.4 COMPLAINTS/CONTACT US
If you believe that we have violated your privacy rights, you may file a complaint with us by notifying us at email@example.com
. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services if you feel that your rights have been violated. There will be no retaliation from Gradient Health for making a complaint. Brooks Stephenson @ firstname.lastname@example.org Effective Date:
This notice is effective on September 15, 2022.