MeMD NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. OUR PLEDGE REGARDING YOUR MEDICAL INFORMATION
We understand that medical information about you and your health is personal. We are dedicated to maintaining the privacy and integrity of your protected health information (“PHI”), which is information about you that may be used to identify you (such as your name, social security number, or address), and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In providing services, we will receive and create records containing your PHI. We need these records to provide you with quality care and to comply with certain federal and state legal requirements.
We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. To the extent required by law, when using or disclosing your PHI or when requesting your PHI from another covered entity, we will make reasonable efforts not to use, disclose, or request more than the minimum necessary set of your PHI or, if needed by us, no more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request, taking into consideration practical and technological limitations.
This Notice of Privacy Practices applies to all of the records of your care generated by MeMD®. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or other Notice in effect at the time of the use or disclosure).
II. HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU.
For Treatment
This is the most important use and disclosure of your PHI. MeMD® will use or disclose your medical information to provide treatment and deliver the services you have requested, for example for purposes of a telemedicine consultation or in connection with the provision of follow-up treatment. Use and disclosure of your medical information may include, without limitation, creation of an electronic health record and appointment reminders, discussion with your treating health care practitioners to facilitate your health care oversight, investigation of research opportunities or treatment alternatives for your health care issues, identification of health-related benefits and services that may be of interest to you, and to communicate important health information with members of your family. We may also disclose PHI to other providers involved in your treatment.
For Payment
Your PHI will be used and disclosed, as needed, to obtain payment for your health care services provided by our providers. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
For Health Care Operations
MeMD® may also collect aggregate data about your health (in an anonymous manner) for statistical analysis, improvement of services, and customization of web design, content layout, and services. This includes internal administration and planning, as well as various activities that improve the quality and cost effectiveness of the care that we deliver to you. We may also combine medical information about MeMD® patients to decide what additional services we should offer, what services are not needed, and if certain new treatments are effective. We may also disclose information to health care providers and other MeMD® professionals for review and learning purposes. There are some services provided in our organization through contracts with business associates, who may gain access to PHI. Examples of business associates include management consultants, quality assurance reviewers, shredding companies, and translation services. We may disclose your PHI to our business associates so that they can perform the job we have asked them to do in order to provide better healthcare services to you. To protect your PHI, we require our business associates to sign an agreement stating that they will appropriately safeguard your PHI to in accordance with applicable federal and state laws (including HIPAA standards).
To Avert a Serious Threat to Health or Safety
MeMD® may use and disclose your PHI when necessary to prevent a serious threat to your health and safety, or to the health and safety of the public or another person. Any disclosure would only be to someone able to help prevent the threat or to the extent necessary to comply with state and federal laws to prevent or control disease, injury, or disability regarding public health.
At Your Request
MeMD® may disclose information when requested by you. This disclosure may require written or verbal authorization by you.
OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES OF PHI THAT MAY BE MADE WITHOUT YOUR AUTHORIZATION OR OPPORTUNITY TO AGREE OR OBJECT
Required By Law
We may use or disclose your PHI to the extent that the use or disclosure is required by federal, state, or local laws or regulations. The use or disclosure will be made in compliance with the law or regulation and will be limited to the relevant requirements of the law or regulation. You will be notified, if required by law or regulation, of any such uses or disclosures.
Health Oversight Activities
We may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Victims of Abuse, Neglect, or Domestic Violence
We may disclose your PHI to a public health authority that is authorized by law to receive reports of child or elder abuse or neglect. In addition, we may disclose your PHI if we believe that you have been a victim of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Legal Proceedings
We may use and disclose PHI in responding to a court or administrative order, subpoena, or discovery request. We may also use and disclose your PHI to the extent permitted by law without your authorization, for example, to defend a lawsuit or arbitration.
Law Enforcement
We may disclose your PHI to the police or other law enforcement officials as required or permitted by law: (1) in response to a court order, subpoena, warrant, summons, or similar process; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) to notify them about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; (4) to notify them about a death we believe may be the result of criminal conduct; (5) to notify them about criminal conduct at MeMD® or with one of our health care providers; and (6) in emergency circumstances, to report a crime, the location of a crime or the victims of a crime, or the identity, description, or location of the person who committed the crime.
Food and Drug Administration
We may disclose your PHI to a person or company required by the Food and Drug Administration for the purpose of quality, safety, or effectiveness of FDA-regulated products or activities including to report adverse events, to report product defects or problems, to report biologic product deviations, to track products, to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance, as required.
Decedents, Coroners, Funeral Directors, and Organ Donation
We may disclose your PHI to a coroner or medical examiner for identification purposes, determining cause of death, or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose your PHI to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may also disclose such information in reasonable anticipation of your death. Your PHI may additionally be used and disclosed for cadaveric organ, eye, or tissue donation purposes.
Research that Does Not Involve Your Treatment
We may disclose your PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI. When a research study does not involve any treatment, we may disclose your PHI to researchers. To do this, we will either ask your permission to use your PHI or we will use a special process that protects the privacy of your PHI. In addition, we may use information that cannot be identified as your PHI, but that includes certain limited information (such as your date of birth and dates of service). We will use this information for research, quality assurance activities, and other similar purposes and we will obtain special protections for the information disclosed.
Military Activity and National Security
We may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State, under certain circumstances. We may use and disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law. We may use and disclose your PHI to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state, or conduct special investigations.
Criminal Activity
Consistent with applicable federal and state laws, we may disclose your PHI if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose your PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.
Inmates
If you are an inmate of a correctional institution or under custody of a law enforcement official, we may disclose your PHI to the correctional institution or the law enforcement official. This is necessary for the correctional institution to provide you with health care, to protect your health and safety and the health and safety of others, and to protect the safety and security of the correctional institution.
Public Health Risks
We may disclose your PHI for public health activities. These activities generally include the following: to prevent or control disease, injury, or disability; to report births and deaths; to report reactions to medications or problems with products; to notify people of recalls of products they may be using; and to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition. We will only make this disclosure when required or authorized by law or if you authorize such disclosure.
Workers’ Compensation
We may disclose your PHI as authorized to comply with workers’ compensation laws and other similar legally-established programs.
USES AND DISCLOSURES OF PHI BASED UPON YOUR WRITTEN AUTHORIZATION
Other uses and disclosures of your PHI will be made only with your written authorization, unless otherwise permitted or required by law as described in this Notice. You may revoke this authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose your PHI for the reasons covered by your written authorization. Please understand that we are unable to take back any disclosures already made with your authorization, and we are required to retain our records of the care we provide to you. If you are not present or able to agree or object to the use or disclosure of the PHI, then your provider may, using professional judgement, determine whether the disclosure is in your best interest.
OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES OF PHI THAT REQUIRE PROVIDING YOU THE OPPORTUNITY TO AGREE OR OBJECT
Others Involved in Your Health Care or Payment for Your Care
Unless you object, we may disclose to a member of your family, a relative, a close friend, or any other person you identify, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or any other person that is responsible for your care of your location, general condition, or death. Finally, we may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.
Special Categories of Treatment Information
In most cases, federal and/or state law requires your written authorization or the written authorization of your representative for disclosures of drug and alcohol abuse treatment, Human Immunodeficiency Virus (HIV) and Acquired Immune Deficiency Syndrome (AIDS) test results, and mental health treatment.
Research Involving Your Treatment
When a research study involves your treatment, we may disclose your PHI to researchers only after you have signed a specific written authorization. In addition, an Institutional Review Board (IRB) will already have reviewed the research proposal, established appropriate procedures to ensure the privacy of your PHI, and approved the research. You do not have to sign the authorization, but if you refuse you cannot be part of the research study and may be denied research-related treatment.
Fundraising Activities
We may use demographic information and your dates of service for our own fundraising purposes; otherwise we will obtain your authorization. If you do not want us to contact you for fundraising efforts, you must notify us in writing at the address listed at the end of this Notice.
III. YOUR RIGHTS REGARDING YOUR PHI
You have the following rights with respect to your PHI. You may contact MeMD® to obtain additional information and instructions for exercising the following rights.
You have the right to inspect and copy your PHI
You may request access to your medical and billing records maintained by us, for so long as we maintain such information. You may inspect and request copies of the records. Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and laboratory results that are subject to law that prohibits access to PHI. Under such limited circumstances, we may deny you access to a portion of your records. If you are denied access to your PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review. Please contact our HIPAA Compliance Officer if you have questions about access to your PHI. If you desire access to your records, you must submit your request in writing. If your medical information is maintained in an electronic health record, you may obtain an electronic copy of your medical information and, if you choose, instruct us to transmit such copy directly to an entity or person you designate in a clear, conspicuous, and specific manner. If you request paper copies, we will charge you for the costs of copying, mailing, labor, and supplies associated with your request. Our fee for providing you an electronic copy of your medical information will not exceed our labor costs in responding to your request for the electronic copy (or summary or explanation). You should take note that, if you are a parent or legal guardian of a minor, certain portions of the minor’s PHI will not be accessible to you (for example, records pertaining to health care services for which the minor can lawfully give consent and therefore for which the minor has the right to inspect or obtain copies of the record, or where the health care provider determines, in good faith, that access to the records requested by the representative would have a detrimental effect on the provider’s professional relationship with the minor or on the minor’s physical safety or psychological well-being).
You have the right to request a restriction of your PHI
You may ask us not to use or disclose any part of your PHI for the purposes of treatment, payment, or health care operations. You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes, such as assisting in the notification of such individuals regarding your location and general condition. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction, unless the disclosure is to a health plan for a payment or health care operation purpose and the medical information relates solely to a health care item or service for which we have been paid out-of-pocket in full. Your request must state the specific restriction requested and to whom you want the restriction to apply. This request must be in writing. We will send you a written response.
You have the right to request to receive confidential communications
You may request to receive your PHI by alternative means of communication or at alternative locations. For example, you can request that we only contact you at work or by mail. To request confidential communications, you must make your request in writing. We will not ask you for the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
You have the right to amend your records
You have the right to request that we amend PHI maintained in your medical or billing records generated by us or our providers. If you desire to amend your records, your request must be in writing. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply. If we deny your request, you will be permitted to submit a statement of disagreement for inclusion in your records. You have the right to add a 250-word document addendum to your PHI.
You have the right to receive an accounting of disclosures.
Upon written request, you may obtain an accounting of certain disclosures of your PHI made by us during any period of time six years prior to the date of your request, except that for requests made on or after January 1, 2011 that relate to treatment, payment, or health care operation disclosures from our electronic health record system, the accounting period is three years. Your written request should indicate in what form you want the list (for example, on paper or electronically). If you request an accounting more than once during a twelve month period, we will charge you for the costs involved in fulfilling your additional request. We will inform you of such costs in advance, so that you may modify or withdraw your request to save costs. In addition, we will notify you as required by law if there has been a breach of the security of your PHI.
You have the right to obtain a paper copy of this Notice
Upon request, you may obtain a paper copy of this Notice. Even if you have agreed to receive such Notice electronically, you are still entitled to a paper copy of this Notice. To obtain a paper copy of this Notice, please contact the MeMD® HIPAA Compliance Officer using the contact information at the end of this Notice.
Social media
In order to maintain a professional relationship consistent with professional standards, providers are not permitted to have interactions and communications with patients outside of the normal practices necessary for treatment. Interactions and communications between patients and providers must adhere to applicable federal and state laws and be supported by the provider’s code of ethics. Patients and providers are required to respect the privacy of each other’s presence on social media and to maintain strict professional boundaries and an overall professional relationship focused on treatment.
Protocol for communications
All communications between patients and providers must occur via phone or the use of the MeMD® secure platform. In the event a patient needs to reach a provider prior to the next scheduled session to communicate information that is of importance to the scheduling of the next session, treatment, or for another pertinent reason, the patient should contact Care Coordination during normal business hours. If Care Coordination cannot assist with the matter, Care Coordination will send an email to the provider requesting assistance. However, a provider’s response may take up to 72 hours.
IV. OUR PLEDGE REGARDING YOUR FINANCIAL INFORMATION
This Notice applies to all of the financial records generated by MeMD®. All financial records created will be held confidentially by MeMD®, unless MeMD® is required by law to disclose the information.
V. HOW WE MAY USE AND DISCLOSE FINANCIAL INFORMATION ABOUT YOU
MeMD® will only use your financial information to transact business with you and for everyday business purposes of the company. We will not share this information with any unauthorized affiliates or non-affiliates.
VI. OUR PLEDGE REGARDING OUR WEBSITE.
No data transmission over the Internet can be guaranteed to be 100% secure. But, we strive to protect your personal information from unauthorized access, use, or disclosure. When you interact on our web site, all of your information is transmitted through the Internet using Secure Socket Layers (SSL) technology. SSL technology causes your browser to encrypt your information before transmitting it to our secure server. SSL technology, an industry standard, is designed to prevent someone other than operators of our web site from capturing and viewing your personal information. Once your information leaves our Secure Site, MeMD® is no longer able to control further disclosure of your information. If you choose to share your PHI over email, you acknowledge the risk of unsecured communication. Additionally, you should be aware of the information collected through cookies. Cookies are text information files that your web browser places on your computer when you visit a website. Cookies assist in providing non-personal information from you as an online visitor. It can be used in the customization of your preferences when visiting our website. Most browsers accept cookies automatically, but can be configured not to accept them or to indicate when a cookie is being sent. We use Google Analytics, a third-party tracking service, which uses cookies to track non-personally identifiable information about our visitors to our main site in the aggregate to capture usage and volume statistics. We have no access to or control over these cookies. This Notice covers the use of cookies by our company only and does not cover the use of cookies by any third-party.
VII. CHANGES TO THIS STATEMENT
MeMD® will occasionally update this Notice of Privacy Practices to reflect company and customer feedback, or as regulated by federal and/or state law. This Notice is effective for health information we already have about you as well as any information we receive in the future. MeMD® encourages you to periodically review this Notice to be informed about how MeMD® is protecting your information. In addition, at any time you may request a copy of the most current Notice in effect.
VIII. QUESTIONS OR COMPLAINTS
If you have any questions about this Notice of Privacy Practice, please contact us using one of the following methods: mail MeMD® Patient Relations, Attn: HIPAA Compliance Officer, 7332 East Butherus Drive, Suite 104, Scottsdale, AZ 85260; phone 1-855-636-3669; fax 1-480-247-6482; or email hipaacompliance@memd.me. If you believe your privacy rights have been violated, or if you believe that MeMD® has not adhered to this Notice, you may file a complaint with MeMD® or with the Secretary of the Department of Health and Human Services, Office for Civil Rights. To file a written complaint with MeMD®, contact us at MeMD® Patient Relations, Attn: HIPAA Compliance Officer, 7332 East Butherus Drive, Suite 104, Scottsdale, AZ 85260; phone 1-855-636-3669; fax 1-480-247-6482; or email hipaacompliance@memd.me. You will not be penalized by us for filing a complaint.
IX. CONTACT
The name and address of the person you may contact for further information concerning our Notice of Privacy Practices is:
Jessica Griffith
MeMD® HIPAA Compliance Officer
7332 E. Butherus, Suite 104
Scottsdale, AZ 85260
hipaacompliance@memd.me
1-855-636-3669