Notice of Privacy Practices
HIPAA Notice of Privacy Practices
EmsanaCare’s HIPAA Notice of Privacy Practices
LAST UPDATED: March 3, 2023
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This HIPAA Notice of Privacy Practices (the “Notice”) is being provided to you on behalf of EmsanaCare, Inc. (referred to herein as “EmsanaCare”, “we”, “our” or “us”). The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) requires that we provide you this Notice to describe our legal obligations and your legal rights regarding the protected health information (“PHI”) we collect, create, share or store.
PHI is information about you that we obtain to provide our services to you and that can be used to identify you. It includes your name and contact information, as well as information about your health, medical conditions and providers. It may relate to your past, present or future physical or mental health or condition, or the provision or health care products and services to you. Among other things, this Notice describes how your PHI may be used and disclosed to carry out health care operations, or for any other purposes that are permitted or required by law, and how you can get access to your PHI.
Our Responsibilities to Protect Your Protected Health Information. EmsanaCare is not a Covered Entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”), however EmsanaCare is a Business Associate of employer-sponsored, managed care organization-sponsored, health insurance company-sponsored, and non-profit-sponsored health plans, third party administrators, pharmacy benefit managers, healthcare information technology providers, health administrative services organizations, and other organizations (collectively, “Providers”) that are Covered Entities or Business Associates to Covered Entities in the ordinary course of its business.
HIPAA requires that we protect your PHI. Additionally, we are required to notify you of our legal duties and abide by the privacy practices detailed in this Notice, unless more protective laws or regulations apply. This Notice applies to all EmsanaCare health care services and our employees. To receive a copy of this Notice, please Ccontact uUs at email@example.com or to view a copy of this Notice on our website, please visit www.emsanacare.com/HIPAA.print this web page.
HIPAA requires that we protect your PHI. Additionally, we are required to notify you of our legal duties and abide by the privacy practices detailed in this Notice, unless more protective laws or regulations apply. This Notice applies to all EmsanaCare health care services and our employees. To receive a copy of this Notice, please contact us at firstname.lastname@example.org or print this web page.
Our Uses and Disclosures of Your Protected Health Information. Uses and disclosures not requiring your authorization. EmsanaCare collects, creates and stores PHI in its internal systems. Additionally, when we contract with third parties to perform certain services for us, these third-party service providers, known as Business Associates, can access PHI to perform these services on our behalf. They are required by law and their agreements with us to protect PHI in the same way we do.
The following categories describe different ways that we use and disclose your PHI. We have provided you with examples in certain categories; however, not every permissible use or disclosure will be listed in this Notice. Except where prohibited by federal or state laws requiring special privacy protections, we may use and disclose your PHI without your prior authorization for treatment, payment and health care operations as follows:
- Operations. We may use and share your PHI to operate EmsanaCare, improve your care and contact you when necessary. As part of our health care operations, we may share your PHI with our accountants, attorneys, consultants and others to ensure we are complying with laws applicable to us.
- Care Coordination. We may also share your PHI with other health care providers and plans for their business operations if they have or had a patient relationship with you.
- Feedback. To improve your care experience, we may send you surveys or requests for feedback regarding our services or the services of providers you have received care from.
You may opt out of these types of communications by following the instructions provided in the survey or feedback request. Example: We use your PHI to review the quality of services you received or the performance of the professionals who provided care to you.
We may also use or disclose your PHI without your prior authorization for other purposes outlined below. Applicable laws require that we meet certain conditions before disclosing PHI for these purposes:
- Appointments and Services. We may contact you to remind you of an appointment or provide information about extra benefits or financial awards available under your health plan. You may ask us to contact you in a specific way (for example, home or mobile phone). We may also contact you to provide you with information about other services and benefits we offer.
- Help with Public Health and Safety Issues. We may share PHI in certain situations such as to prevent disease, support product recalls, report adverse reactions or product complaints, prevent or reduce a serious threat to another’s health or safety, or report necessary information regarding a deceased person to a coroner, medical examiner or funeral director.
- Conduct Research. We may disclose your PHI to researchers when: (a) individual identifiers have been removed; or (b) an institutional review board or privacy board has (x) reviewed the research proposal; (y) reviewed the established protocols to ensure the privacy of the requested information; and (z) approves the research. Additionally, we may use and disclose your PHI for human subject research purposes, subject to the confidentiality provisions of state and federal law. If your PHI will be used as a part of such research, you may be asked to complete a HIPAA authorization and study consent form to authorize specific PHI uses and/or disclosures.
- Comply with Federal, State or Local Law, Judicial or Administrative Proceedings or Law Enforcement. We may use and disclose PHI when required to do so by federal, state or local law, judicial or administrative proceedings or law enforcement. For example, we may disclose PHI to government agencies or law enforcement personnel about victims of abuse, neglect or domestic violence or pursuant to federal, state or local laws, subpoena or court order.
- Address Workers’ Compensation, Law Enforcement, and Specific Government Requests. We may use or share PHI about you for workers’ compensation claims, law enforcement purposes or with a law enforcement official, special government functions such as military, national security, and presidential protective services and with health oversight agencies for legally authorized activities.
Uses and disclosures requiring your authorization. Disclosures related to human immunodeficiency virus (HIV) test results, diagnosis of acquired immune deficiency virus (AIDS) or an AIDS-related condition, or information about alcohol or drug treatment you received in a related treatment program will not be made without your authorization except as required or allowed by law. Before we use, disclose or sell your PHI for a reason other than those reasons described above, we will get your written authorization. You may revoke written authorization at any time, by contacting us in writing. Once we receive your written revocation, it will apply to future PHI uses and disclosures.
Opportunity to Object to Certain Disclosures.
Disclosures to Family, Friends or Others. We may provide your PHI to a family member, friend or other person you indicate is involved in your care or payment for your care, unless you contact us in writing to object.
Health Information Exchanges. We may share PHI through secure electronic means both to and from health care providers treating you. If you do not wish to participate in EmsanaCare Health Information Exchanges, you must contact us in writing to object.
The Right to Request Limits on How We Use and Share Your PHI. You may ask us to not to use or share certain PHI for treatment, payment, or health care operations. We are not required to agree to your request and may deny your request if we believe it may impact your care. If you pay for our services out-of-pocket in full, you may ask us not to share your PHI for the purpose of payment or our health care operations. We will agree to this request unless a law requires us to share it. To request such limitation, you must contact us in writing. If we agree to your request, we will document our agreement and abide by it except in emergency situations.
The Right to Choose How We Send Your PHI to You. You have the right to request that we communicate with you in a certain way or at a certain location. For example, you can ask that we send email to you at a different email address or to contact you at work or by postal mail. We will accommodate all reasonable requests when able to do so.
The Right to See and Get Copies of Your Health Information. You or your legally authorized representative may request to see or get an electronic or paper copy of your medical record and other PHI we have about you. We will provide a copy and/or summary within the time frames established by law and we may charge a reasonable cost-based fee. In certain situations provided by law, we may deny your request. If we do, we will inform you in writing of our reasons for denying your request and explain how you may have the denial reversed, if applicable. Additionally, you may access the chat transcripts of your EmsanaCare visits and related care plans at any time in the EmsanaCare app’s “History” tab.
The Right to Get a List of Those with Whom We’ve Shared Your PHI. You have the right to request a list (or an “accounting”) of certain disclosures of your PHI for up to six years prior to the date of your request, including with whom we shared your PHI and reasons for sharing. To get this list, you must contact us in writing.
The Right to Correct or Update Your PHI. If you believe there is a mistake in or that a piece of important information is missing from your medical record or other PHI we have about you, you may ask us to correct such information. To do so, you must Contact Us in writing specify your requested correction or update as well as your reason for making such request. We will inform you after we make your requested change(s) and advise those to whom we have disclosed your information of your requested changes. In certain situations, we may deny your request. If we do, we will let you know in writing within 60 days of receiving your request of our reasons for denial and you will have the right to file a statement of disagreement with us. Please note, any future disclosures of the disputed information will include your written disagreement statement.
The Right to Receive This Notice. You have the right to request a paper copy of this Notice at any time, even if you have agreed to receive it electronically. To receive a copy of this Notice, please contact us or to view a copy of this Notice on our website, please visit our www.EmsanaCare.com/legal-and-privacy.
The Right to Privacy Notification. We are required to notify you if we (or one of our Business Associates) discover a breach of your unsecured PHI.
Changes To This Notice. If our privacy practices should change at any time in the future, we will promptly change and post a new notice. We reserve the right to apply any changes to our privacy practices or this Notice to the PHI we maintain, including PHI collected before the date of the change.
Complaints and Contact Information. If you believe that your privacy rights have been violated or you disagree with a decision we made about your PHI, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue SW, Washington, D.C. 20201; calling 1-877-696-6775; or visiting www.hhs.gov/ocr/privacy/hipaa/complaints.
If you have any questions about this Notice or any complaints about our privacy practices, please contact us at the address below. Please note, we will not retaliate against you for filing a complaint. You should keep a copy of any notices you send to us or the EmsanaCare Privacy Office for your records.
EmsanaCare Privacy Officer
275 Battery Street, Suite 480
San Francisco, CA 94111