Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY
This Notice of Privacy Practices (the “Notice”) describes the privacy practices of Medminder Systems, Inc. (“Medminder”) and members of its Affiliated Covered Entity (“Medminder ACE”). An Affiliated Covered Entity is a group of Covered Entities and Health Care Providers under common ownership or control that designates itself as a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). The members of the Medminder ACE may share Protected Health Information (“PHI”) with each other for the treatment, payment, and health care operations of the Medminder ACE and as permitted by HIPAA and this Notice. For a complete list of the members of the Medminder ACE, please contact the Medminder Privacy Office.
Medminder is committed to protecting the privacy of our patients’ PHI. PHI is information which: identifies you, or can reasonably be used to identify you, and relates to: your physical or mental health or condition, health care services provided to you or payment for those health care services. We safeguard all oral, written and electronic PHI. We have internal policies and procedures designed to protect the privacy and security of your PHI. Medminder is required by law, including HIPAA, to protect the privacy of your PHI and to provide you with a copy of this Notice. This Notice describes how we may collect, use and disclose your PHI and your rights concerning your PHI. We and our employees and workforce members are required to follow the terms of this Notice or any change to it that is in effect. We are also required to follow state privacy laws when they are stricter or more protective of your PHI than the federal law.
Uses and Disclosures of Your PHI for Treatment, Payment and Health Care Operations
We may use and disclose your PHI for treatment, payment and health care operations without your written authorization. The following categories describe and provide some examples of the different ways that may use and disclose your PHI for these purposes:
We may use and disclose your PHI to provide and coordinate the treatment, medication and services you receive. For example, we may:
- Use and disclose your PHI to provide and coordinate the treatment, medication and services you receive at Medminder.
- Disclose your PHI to other third parties, such as pharmacies, doctors, hospitals or other health care providers to assist them in providing care to you or for care coordination. In some instances, uses and disclosures of your PHI for these purposes may be made through a Health Information Exchange or similar shared system.
- Contact you to provide treatment-related services, such as refill reminders, adherence communications or treatment alternatives (e.g., available generic products).
We may use and disclose PHI for payment purposes—to be paid for the health care services provided to you. Payment includes activities such as: submitting claims to insurance companies/health plans or government programs; participating in utilization review activities; coordinating benefits and collection activities. We may also tell your health plan about a treatment or medication you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
Health Care Operations
We may use and disclose your PHI for health care operations — those activities necessary to operate our health care business. For example, we may:
- Use and disclose your PHI to monitor the quality of our health care services, to provide customer services to you, to resolve complaints and to coordinate your care.
- Transfer or receive your PHI if we buy or sell pharmacy locations. If ownership of our organization or one of our affiliates changes as a result of a sale, transfer, merger or consolidation, your PHI may be disclosed to the new entity.
- Use and disclose your PHI to contact you about health-related products, services or opportunities that may interest you, such as programs for Medminder patients.
- Disclose your PHI to other HIPAA Covered Entities that have provided services to you so that they can improve the quality and efficacy of the health care services they provide or for their health care operations.
- Use your PHI to create de-identified data, which no longer identifies you, and which may be used or disclosed for analytics, business planning or other purposes.
Other Uses and Disclosures of Your PHI That Do Not Require Specific Authorization
There are some services provided by Medminder through contracts with business associates. Examples include medical directors, outside attorneys and a copy service we use when making copies of your health record. When these services are contracted, we may disclose your health information so that they can perform the job we’ve asked them to do and bill you or your third-party payer for services rendered. To protect your health information, however, we require the business associate to appropriately safeguard your information as required by law.
Individuals Involved in Your Care or Payment for Your Care
We may disclose your PHI to a friend, personal representative, family member or any other person you identify as a caregiver, who is involved in your care or the payment related to that care. For example, we may provide prescriptions and related information to your caregiver on your behalf. We may also make these disclosures after your death unless doing so is inconsistent with any prior expressed preference documented by Medminder. Upon your death, we may disclose your PHI to an administrator, executor or other individual authorized under law to act on behalf of your estate. If you are a minor, we may release your PHI to your parents or legal guardians when permitted or required by law.
We may disclose your PHI as necessary to comply with laws related to workers’ compensation or similar programs.
We may disclose your PHI to law enforcement officials as permitted or as required by law. For example, we may use or disclose your PHI to report certain injuries or to report criminal conduct that occurred on our premises. We may also disclose your PHI in response to a court order, subpoena, warrant or other similar written request from law enforcement officials.
Required by Law
We will disclose your PHI when required to do so to comply with federal, state or local law.
Public Health and Safety Purposes
We may disclose your PHI in certain situations to help with public health and safety issues when we are required or permitted to do so, for example to prevent disease; report adverse reactions to medications; report suspected abuse, neglect or domestic violence; or to prevent or reduce a threat to anyone’s health or safety.
For Treatment Alternatives/Distribution of Health-Related Benefits and Services
We may use and disclose your health information to tell you about or recommend possible treatment options or alternatives that may be of interest to you. We may also use or disclose your health information to provide health-related benefit and service information that may be of interest to you.
Health Oversight Activities
We may disclose your PHI to an oversight agency for certain activities including audits, investigations, inspections, licensure or disciplinary actions, or civil, administrative and criminal proceedings, and as necessary for oversight of the health care system, government programs or compliance with civil rights laws.
Coroners, Medical Examiners and Funeral Directors
We may disclose PHI to coroners, medical directors or funeral directors so that they can carry out their duties.
Organ or Tissue Donation
We may disclose your PHI to organ procurement organizations.
Unless prohibited by law, we may disclose your PHI to your Personal Representative if you have one. A Personal Representative is a person who has legal authority to act on your behalf regarding your health care. For example, an individual named as a health care proxy or a parent or guardian of an unemancipated minor is a Personal Representative.
We may use or disclose your PHI to notify or assist in notifying a family member, personal representative or any other person responsible for your care regarding your location, general condition or death. We may also disclose your PHI to disaster relief organizations so that your family or other persons responsible for your care can be notified of your location, general condition or death.
Under certain circumstances, we may use or disclose your PHI for research purposes. For example, we may use or disclose your PHI as part of a research study when the research has been approved by an institutional review board and there is an established protocol to ensure the privacy of your information.
If you are or become an inmate of a correctional institution, we may disclose your PHI to the institution or its agents to assist them in providing your health care, protecting your health and safety or the health and safety of others.
Specialized Government Functions
We may disclose your PHI to authorized federal officials for the conduct of military, national security activities and other specialized government functions.
Uses or Disclosures for Purposes that Require Your Authorization
Use and disclosure of your PHI for other purposes may be made only with your written authorization and unless we have your authorization we will not:
- Use or disclose your PHI for marketing purposes.
- Sell your PHI to third parties (except for in connection with the transfer of a business to another health care provider required to comply with HIPAA).
- Share psychotherapy notes (if applicable).
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice or otherwise permitted by law. You may revoke your authorization at any time by submitting a written notice to the Medminder Systems, Inc. Privacy Office located at 30 Wexford Street, Needham, MA 02494. Your revocation will be effective upon receipt; however, it will not undo any use or disclosure of your PHI that occurred before you notified us, or any actions taken based upon your authorization.
Although your health record is the property of the Pharmacy, the information belongs to you. You have the following rights regarding your health information:
Right to Inspect and Copy PHI
With some exceptions, you have the right to review an electronic or paper copy your health information. You must submit your request in writing to Medminder Systems Inc. Privacy Office, 30 Wexford St. Needham, MA, 02494. We may charge a fee for the costs of copying, mailing or other supplies associated with your request. We may deny your request to inspect and copy your record in certain limited circumstances. If we deny your request, we will notify you in writing and let you know if you may request a review of the denial.
Right to Request an Amendment
If you feel that the PHI we maintain about you is incomplete or incorrect, you may request that we amend it. For example, if your date of birth is incorrect, you may request that the information be corrected. To request an amendment, submit a written request to the Medminder Privacy Office at the address above. You must include a reason that supports your request. If we deny your request for an amendment, we will provide with you a written explanation of why we denied it.
Right to an Accounting of Disclosures
You have the right to request an “accounting of disclosures”. This is a list of certain disclosures we made of your health information, other than those made for purposes such as treatment, payment, or health care operations. You must submit your request in writing to Medminder Systems Inc. Privacy Office, 30 Wexford St., Needham, MA, 02494. Your request must state a time period which may not be longer than six years from the date the request is submitted and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a twelve-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions
You have the right to request additional restrictions on our use and disclosure of your PHI by sending a written request to the Medminder Privacy Office. We are not required to agree to your request except where the disclosure is to a health plan or insurer for purposes of carrying out payment or health care operations, is not otherwise required by law and the PHI is related to a health care item or service for which you, or a person on your behalf, has paid in full out-of-pocket. If you do not want a claim for payment submitted to your health plan on record, please discuss with the pharmacist or health care provider when you check in for care or before your prescription is sent to the pharmacy.
Right to Request Confidential Communications
You have the right to request that we communicate with you about your health care information in a certain way or at a specific address. For example, you may ask us to mail your information to an address other than your home address. To request confidential communication of your PHI, submit a written request to the Medminder Privacy Office. Your request must state how, where or when you would like to be contacted. We will accommodate all reasonable requests.
Written Requests and Additional Information
You may request additional information about Medminder’s privacy practices by contacting the Medminder Privacy Officer: Medminder Systems, Inc., 30 Wexford St., Needham, MA 02494.
Obtain a Copy of the Notice
You have the right to obtain a paper copy of our current Notice at any time. You may obtain a copy of this Notice at our website, www.medminder.com. You may also do so by contacting the Medminder Privacy Office.
Right to Receive Notice of a Privacy Breach
You have the right to receive a written notice if we discover a breach of your unsecured PHI and we determine through a risk assessment that notification is required.
TO REPORT A COMPLAINT
If you believe your privacy rights may have been violated, you have a right to complain to Medminder by filing a complaint to the Medminder Privacy Office, 30 Wexford St., Needham, MA 02494 or with the Secretary of Health and Human Services. You will not be penalized or otherwise retaliated against in any way for filing a complaint.
CHANGES TO THIS NOTICE OF PRIVACY PRACTICES
We may change the terms of this Notice of Privacy at any time as permitted by law and to make the revised Notice effective for PHI we already have about you as well as any information we receive in the future, as of the effective date of the revised Notice. If we make material or important changes to our privacy practices, we will promptly revise our Notice. Upon request to the Privacy Office, Medminder will provide a revised Notice to you. We will also post the revised Notice on our Web site at www.medminder.com.