Notice of Privacy Practices
ONclick Healthcare Incorporated (“ONclick Healthcare”)
HIPAA Compliant: ONclick Healthcare is a health care provider. As such we are subject to the rules and regulations of the of the Health Insurance Portability and Accountability Act of 1996 (as amended) (“HIPAA”) Our compliance with HIPAA ensures that access, process, and storage of protected health information follows best practices for keeping your highly sensitive data secure. This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
INTRODUCTION
ONclick Healthcare service providers will share health information with the doctors, nurse practitioners, care navigators’ other health care providers who provide services for our Transition Care Management Program.
This notice uses the words “protected health information (PHI)” or “health information.” Those words are defined in the HIPAA regulations. In simple terms, your “protected health information” is information about you and your healthcare that we use and disclose for your treatment and payment for your care, and for our healthcare operational purposes. It includes basic identifying information like your name, address, age, race, phone number, as well as information in your medical records and billing records. PHI can be oral, or in paper or electronic formats.
WHO MUST FOLLOW THIS NOTICE?
We provide you, the patient, with health care by working with doctors, nurse practitioners, care navigators and other health care providers (referred to as we, our or us). This is a joint notice of our information privacy practices. The following people or groups will follow this notice:
All ONclick Healthcare employees and contractors.
These employees and contractors include doctors, nurse practitioners, care navigators (referred to as providers) and others.
OUR PLEDGE TO YOU
We understand that your protected health information is private and personal. We are committed to protecting it. This notice applies to all the records of your care provided through our program, whether created by staff members or our providers. We will gladly explain this notice to you or your family member.
We are required by law to:
Keep your protected health information private.
Give you this notice describing our legal duties and privacy practices for your protected health information.
Notify you as outlined in state and federal law if a breach of your unsecured protected health information has occurred.
Follow the terms of the notice that is currently in effect.
We do not sell or share any SMS data to anyone without consent
HOW WE MAY USE AND SHARE YOUR PROTECTED HEALTH INFORMATION
This section of our notice tells how we may use and share your protected health information, including sharing electronically. In situations not covered by this notice or otherwise allowed by law and regulation, we will get a separate written permission from you before we use or share your protected health information. You can later cancel your permission by notifying us in writing.
We will protect your protected health information as much as we can under the law. Sometimes state law gives more protection to your information than federal law. Sometimes federal law gives more protection than state law. In each case, we will apply the laws that protect your information the most.
Treatment: We will use and share your protected health information, both internally and externally, to provide you with health care treatment and to coordinate or manage your treatment with other health care providers. An example is sending medical information about you to your doctor or a nurse as part of a referral. We may also share your information with other types of health care providers, such as pharmacies, home health agencies, specialty hospitals, or long-term care facilities.
Payment: We will use and share your protected health information so we can be paid for treating you. An example is giving information about you to your health plan or to Medicare. We may also need to give information to your health plan to get approval for certain services or to find out if your plan will pay for certain treatment. We may also share your health information with other health care providers involved in your healthcare, such as your personal physician, anesthesiologist, ambulance services, so that they may receive payment for their services. We may also give your healthcare information to individuals who are responsible for payment for your health care, such as the named insured on your health insurance policy. For example, the person named may receive a copy of an explanation of benefits (EOB) related to your care.
Health Care Operations: We will use and share your medical information for our health care operations. A few examples are using information about you for:
Improving the quality of care, we give you.
Disease management, wellness management, or population health programs.
Patient surveys.
Training students.
Business planning and administration.
Resolving patient complaints.
Getting or keeping our accreditation.
Compliance and legal services.
We may also share your protected health information with people or companies (called business associates) we use to help us with our operations.
Family Members, Personal Representatives, and Others Involved in Your Care: Unless you tell us otherwise, we may share your protected health information with your friends, family members, or others you have named who help with your care or who can make decisions on your behalf about your health care. Also, if you cannot agree due to an emergency, we may share needed protected health information about you with your family or friends who are involved in your care, based on professional judgment of what is in your best interest. In rare instances, even without your permission, we may share your information with others if the physician or health care provider feels it is in your best interest.
Electronic Sharing and Pooling of Your Information: We may take part in or make possible the electronic sharing or pooling of healthcare information. The most common way we do this is through local or regional health information exchanges (HIEs). Two other types of HIEs we participate in are described in the next two sections. HIEs help doctors, hospitals and other healthcare providers within a geographic area or community provide quality care to you. If you travel and need medical treatment, HIEs allow other doctors or hospitals to electronically contact us about you. All of this helps us manage your care when more than one doctor is involved. It also helps us to keep your health bills lower (avoid repeating lab tests). And finally, it helps us to improve the overall quality of care provided to you and others.
ONclick Healthcare.: We participate in the Health Information Exchange (HIE). Your health information is stored electronically, and providers employed by, or associated with ONclick Healthcare Inc. may use and share your health information for treatment, payment, and health care operations.
State-Based Health Information Exchange: Our program may participate in statewide internet-based HIE. As permitted by law, your health information will be shared through the HIE to provide faster access, better coordination of care and to assist healthcare providers, health plans, and public health officials in making more informed decisions. To opt in or out of the HIE, you must notify the HIE yourself. To obtain the HIE contact information, please contact the Privacy Officer.
Appointment Reminders: We may contact you by phone, email, or text messaging with appointment reminders.
Internet Based Products and Services: Working with third parties, we may share your health information so we can offer you internet-based products or services. Using the products or services, you can:
Schedule appointments.
Find a physician or get access to your medical information through a secure web portal.
Treatment Options and Health-Related Benefits and Services: We may contact you about possible treatment options, health-related benefits, or services that we offer.
INFORMATION SHARING THAT IS REQUIRED OR PERMITTED BY LAW
We are required or permitted by federal, state, or local law to report or share your health information for various purposes. Some of these required or permitted purposes are:
Public Health Activities: We may share your protected health information as required or permitted by law to public health authorities or government agencies whose official activities include preventing or controlling disease, injury, or disability. For example, we must report certain information about births, deaths, and various diseases to government agencies. We may use your health information in order to report to monitoring agencies any reactions to medications or problems with medical devices. We may also share, when requested, your protected health information with public health agencies that track opioid usage, contagious diseases or that are involved with preventing epidemics.
Required by Law: We are sometimes required by law to report certain information. For example, we must report child and elder abuse and neglect, and in some states, spouse abuse or neglect. We are required to report certain types of injuries, such as injuries caused by firearms. We also must give information to your employer about work-related illness, injury, or workplace-related medical surveillance. Another example is that we must share information about tumors with state tumor registries.
Public Safety: We may, and sometimes must, share your health information in order to prevent or lessen a serious threat to you or to the health or safety of a particular person or the general public.
Health Oversight Activities: We may share your health information with a health oversight agency when allowed by law for health oversight activities. Health oversight agencies include the agencies that run Medicare and Medicaid, and state medical or nursing licensing boards. Health oversight activities include audits, investigations, or inspections.
The activities are necessary so the government can monitor health care treatment and spending, government programs and also compliance with civil rights laws.
Coroners, Medical Examiners and Funeral Directors: We may share health information about deceased patients with coroners, medical examiners, and funeral directors to identify a deceased person, determine the cause of death, or other duties as permitted.
Military, Veterans, National Security and Other Government Agencies: We may use or share your health information for national security purposes, intelligence activities or for protective services for the President or certain other persons as allowed by law. We may share your health information with the military for military command purposes when you are a member of the armed forces. We may share medical information with the Secretary of the Department of Health and Human Services for investigating or determining our compliance with HIPAA.
Judicial or Administrative Proceedings: We may use or share your health information in response to court orders or subpoenas only when we have followed procedures required by law.
Law Enforcement: We may share your health information if law enforcement officials ask us to or if we have a legal obligation to notify the appropriate law enforcement or other agencies:
In response to a court order, subpoena, warrant, summons or similar legal process.
Regarding a victim or death of a victim of a crime in limited circumstances.
In emergency circumstances to report a crime, or the location or victims of a crime.
Disaster Relief Purposes: We may use or share your health information with public or private disaster organizations, like the American Red Cross, so that your family can be told of your location and condition in case of disaster or emergency. We may also use it to help in coordination of disaster relief efforts.
Workers’ Compensation: We may share your health information for workers’ compensation benefits or similar programs that provide benefits for work-related injuries or illnesses if you tell us that workers’ compensation is the payer for your visit(s). Your employer or workers’ compensation carrier may request the entire medical record for your workers’ compensation claim. This medical record may include details regarding your health history, current medications you are taking, and treatments.
OTHER USES AND DISCLOSURES OF YOUR HEALTH INFORMATION
Apart from what we say in this Notice, we will not use or share your health information unless we get your written permission. Under HIPAA, this permission is called an “authorization.” If you give us written permission to use or disclose your health information, you may revoke (take back) that permission in writing at any time. If you revoke your permission, we will no longer use or disclose your health information for the purpose involved. However, we cannot retrieve any disclosures that we already made based on your prior permission.
We will get your written permission to use and disclose your health information for these specific purposes when required by law:
Psychotherapy Notes. Psychotherapy notes are special notes by a mental health professional that document or analyze the contents of a conversation during a private counseling session or a group, joint, or family counseling session. Psychotherapy notes are kept separate from the rest of your health information, and they may not be used or disclosed without your written permission, except as may be required by law.
Sensitive Medical Information. We may obtain a written permission from you, when required by state and federal laws, to use or share sensitive medical information, such as mental health, substance abuse, or genetic testing information.
THIS NOTICE DOES NOT APPLY TO THE FOLLOWING HEALTH RELATED ACTIVITIES
Some activities may not be covered by this notice and are referred to as Hybrid activities under HIPAA. If you seek services at our wellness or health fairs, for occupational health services, employee health related services, research activities conducted by academic institutions after your information has been legitimately sent to them, or direct access lab services, this notice and HIPAA do not apply.
YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION
Your rights are listed below. Some of the rights require a written request form. You can get the appropriate written request form from the departments outlined below.
Requesting Your Information (Access or Copy): In most cases, when you ask in writing, you can look at or get a copy of your protected health information in your medical records or applicable parts of your billing record in paper or electronic format. You may also request that we send electronic copies directly to a person or entity chosen by you. We will give you a form to fill out to make the request. You can look at medical information about you for free. If you request paper or electronic copies of the information, we may charge a fee to cover the cost of copying, mailing, and supplies. To request a copy of your information, contact our Privacy Officer, set forth below.
If we say no to your request to look at the information or get a copy of it, we will tell you why in writing. Also, you may ask us in writing to review that decision. A health care professional will review your request and the decision. The person who makes the review will not be the same person who said no to your request. We will follow the outcome of the review.
Correcting Your Information (Amendment): If you believe that information about you is wrong or not complete, you can ask us in writing to correct the records (make an amendment). We will give you a form to fill out to make the request. We may say no to your request to correct a record if the information was not created or kept by us or if we believe the record is complete and correct. If we say no to your request, you can ask us in writing to review that denial.
Obtaining a List of Certain Disclosures (Accounting of Disclosures): You can ask to receive a list of certain disclosures we have made of your protected health information during the last six years. To get the list, ask for the Privacy Officer. Your request must be in writing and state the time period (up to six years) for the listing. The first request in a 12-month period is free. We will charge you for any additional requests for our cost of producing the list. We will give you an estimate of the cost when you request the additional list.
Right to Ask for Confidential Communications: You have the right to ask us to communicate with you about health care matters in a certain way or at a certain address. For example, you can ask that we only contact you at a different location from your home address, such as work, or only contact you by mail instead of by phone. Your request must tell how or where you want to be contacted. We do not require a reason. We will agree to all reasonable requests.
Right to Ask for a Restriction: You can ask in writing that we limit our use or sharing of your protected health information for treatment, payment, and operational purposes. We are not required to agree to most requests. Any time you make a written request, we will consider the request and tell you in writing of our decision to accept or deny your request. We are legally required to agree to only one type of restriction request: if you have paid us in full for a health procedure or item for which we would normally bill your health plan, we must agree to your request not to share information about that procedure or item with your health plan. For example, if you saw a counselor and paid in full for the services rather than submitting the expenses to your health plan, you may ask that your health information related to the counseling not be shared with your health plan.
Right to Receive Notice of a Privacy Breach: We will tell you if we discover a breach of your health information. Breach means that your health information was disclosed or shared in an unintended way and there is more than a low probability that it has been compromised. The notice will tell you about the breach, about steps we have taken to lessen any possible harm from the breach, and actions that you may need to take in response to the breach.
Right to a Paper Copy of This Notice: You have the right to a paper copy of this notice. If you have received this notice electronically, you still can have a paper copy of this notice. You may ask us to give you a copy of this notice at any time.
To ask questions about any of these rights, or to obtain a paper copy of this notice, contact the Privacy Officer. You may also obtain a copy of this notice at our website.
CHANGES TO THIS NOTICE
We may change our privacy practices from time to time. Changes will apply to current medical information, as well as new information after the change occurs. If we make an important change, we will change this notice. We will also post the new notice in our facilities and on our website. You can ask in writing for a copy of this notice at any time by contacting the Privacy Officer. If our notice has materially changed, we will give you a copy of the notice the next time you register for treatment.
DO YOU HAVE CONCERNS OR COMPLAINTS?
If you think your privacy rights may have been violated, you may contact us at (email address) or call the Privacy Officer. You may also send a written complaint to the U.S. Department of Health and Human Services, Office of Civil Rights at OCRComplaint@hhs.gov or Centralized Case Management Operations, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Room 509F HHH Bldg., Washington, D.C. 20201. We will not take any action against you or change our treatment of you for filing a complaint.
CONTACT INFORMATION
ONclick Healthcare Privacy Officer Phone: (818) 272-8260; Ext. 1002
Email: info@onclickhealth.com