VERICARDIA
HIPAA NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
[PRIVACY OFFICIAL/OTHER PRIVACY CONTACT]
SUMMARY
This is a notice on how we may use and disclose your protected health information and your rights and choices when it comes to your information.
Our Uses and Disclosures
We may use and disclose your information as we provide services to you, bill for services, run our organization, do research, comply with the law, law enforcement, or government requests and respond to lawsuits and legal actions.
Your Choices
You have some choices about how we use and share information related to you as we communicate with you, provide Services to you, market our Services and raise funds.
Your Rights
You have a right to:
Get a copy of your electronic protected health information.
Correct your protected health information.
Ask us to limit the information we share, in some cases.
Get a list of those with whom we've shared your information.
Request confidential communication.
Get a copy of this privacy notice.
File a complaint if you believe we have violated your privacy rights.
PURPOSE
Healthcare Innovation Technologies Inc., the owner of VeriCarida mobile application, and its affiliates (“VeriCardia,” “we,” “our,” and/or “us”) respect your privacy. We are also legally required to maintain the privacy of your protected health information (the “PHI”) under the Health Insurance Portability and Accountability Act (the “HIPAA”) and other federal and state laws.
This Notice of Privacy Practices (the “Notice”) applies to individuals who use our website www.vericardia.com (the “Site”), VeriCardia mobile application (the “App”), and related services, including the virtual ECG reviews (the “ECG Reviews”) and online consultations (the “Online Consultations”) (collectively, the “Services”) provided by board-certified cardiologists (the “Cardiologist(s)”).
This Notice describes:
Our legal duties and privacy practices regarding your PHI, including our duty to notify you following a data breach of your unsecured PHI.
Our permitted uses and disclosures of your PHI.
Your rights regarding your PHI.
If you have any questions about this Notice, please contact info@vericardia.com.
PHI DEFINED
Your PHI is health information about you which someone may use to identify you and which we keep or transmit in electronic, oral, or written form. Your PHI includes information such as your name, contact information, past, present, or future physical or mental health or medical conditions, payment for health care products or services and prescriptions.
SCOPE
We create a record of the care and health services you receive, in order to provide Services to you, and to comply with certain legal requirements. This Notice applies to all PHI that we generate.
We, our employees and other workforce members follow the duties and privacy practices that this Notice describes including any changes to this Notice once they take effect.
CHANGES TO THIS NOTICE
We may change the terms of this Notice, and the changes will apply to all your PHI we have collected and/or generated. We will notify you of any changes to this Notice by sending you a notice to the email address you provided to us during registration on the App. Any such revisions will take effect one week after the posting. You understand and agree that your continued access or use of the App after such change signifies your acceptance of the updated or modified Notice.
DATA BREACH NOTIFICATION
We will promptly notify you if a data breach occurs that may have compromised the privacy or security of your PHI.
USES AND DISCLOSURES OF YOUR PHI
The law permits and requires us to use and disclose your PHI for various reasons which we explain in this Notice. We have included some examples, but we have not listed every permissible use or disclosure. When using or disclosing PHI or requesting your PHI from another source, we will make reasonable efforts to limit our use, disclosure, or request about your PHI to the minimum we need to accomplish our intended purpose.
Uses and Disclosures for Treatment, Payment, or Health Care Operations
Treatment. We may use or disclose your PHI and share it with Cardiologists. For example, we might disclose information you provide through the App with Cardiologists providing Services to you.
Payment. We may use and disclose your PHI to receive payments for Services. For example, we might share your PHI with our payment service providers.
Health Care Operations. We may use and disclose your PHI to run the App and improve the Services. For example, we may use your PHI to manage the App or to monitor the quality of the Services.
Other Uses and Disclosures
We may share your information in other ways, usually for public health or research purposes or to contribute to the public good. For more information on permitted uses and disclosures, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. For example, these other uses and disclosures may involve:
Our Business Associates. We may use and disclose your PHI to outside persons or entities that perform services on our behalf (Business Associates). The law requires our business associates and their subcontractors to protect your PHI the same way we do. We also contractually require our Business Associates to use and disclose your PHI only as permitted, as well as to appropriately safeguard your PHI;
Legal Compliance. We may share your PHI for legal compliance purposes, for example, if the Department of Health and Human Services requires it when investigating our compliance with privacy laws;
Public Health and Safety Activities. We may share your PHI to: report injuries, births, and deaths; prevent disease; report adverse reactions to medications or medical device product defects; report suspected child neglect or abuse or domestic violence; or avert a serious threat to public health or safety;
Responding to Legal Actions. We may share your PHI to respond to a court or administrative order or subpoena; discovery request; or another lawful process;
Research. We may share your PHI for certain types of health research that do not require your authorization, for example, if an institutional review board has waived the written authorization requirement;
Medical Examiners or Funeral Directors. We may share your PHI with coroners, medical examiners, or funeral directors when an individual dies.
YOUR CHOICES
For certain health information, you can tell us your preferences regarding what we share. If you have a clear preference for how we should share your information in the situations described below, please contact us and we will make reasonable efforts to follow your instructions.
You have both the right and choice to tell us whether to:
Share information, such as your PHI, general condition, or location, with your family, close friends, or others involved in your care;
Share information in a disaster relief situation, such as to a relief organization to assist with locating or notifying your family, close friends, or others involved in your care.
We may share your PHI if we believe it is in your best interest, according to our best judgment, and if you are unable to tell us your preference, for example, if you are unconscious or when needed to lessen a serious and imminent threat to health or safety.
FUNDRAISING
We may contact you for fundraising efforts, but you can tell us not to contact you again.
USES AND DISCLOSURES THAT REQUIRE AUTHORIZATION
In these cases we will only share your PHI if you give us your written permission:
Marketing our services;
Selling or otherwise receiving compensation for disclosing your PHI;
Certain research activities;
Other uses and disclosures not described in this Notice.
You may revoke your authorization at any time, but it will not affect information that we already used and disclosed.
YOUR RIGHTS
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
You have the right to:
Inspect and Obtain a Copy of Your PHI. You have the right to see or obtain an electronic copy of the PHI that we maintain about you (right to request access).
we may require you to make access requests in writing or by submitting an electronically signed form;
we may charge a reasonable, cost-based fee for the costs of copying, mailing, or supplies associated with your request;
you may request that we provide a copy of your PHI to a family member, another person, or a designated entity;
you may request that we direct a copy of your PHI to a third party of your choice on a standing, regular basis;
if you request a copy of your PHI, we will generally decide to provide or deny access within 30 days, however, if we cannot act within 30 days, we will give you a reason for the delay in writing and inform you on when you can expect us to act on your request;
we may deny your request for access in certain limited circumstances.
Make Amendments. You may ask us to correct or amend PHI that we maintain about you that you think is incorrect or inaccurate. For these requests:
you must submit requests in writing or electronically, specify the inaccurate or incorrect PHI, and provide a reason that supports your request;
we will generally decide to grant or deny your request within 60 days and if we cannot act within 60 days, we will give you a reason for the delay in writing and include when you can expect us to complete our decision, which will be no longer than an additional 30 days;
we may deny your request for an amendment if you ask us to amend PHI that is not part of our record, that we did not create, that is not part of a designated record set, or that is accurate and complete;
if we deny your request, we will inform you why in writing;
we will append the material created or submitted in accordance with this paragraph to your designated record.
Request Additional Restrictions. You have the right to ask us to limit what we use or share about your PHI (right to request restrictions). You can contact us and request us not to use or share certain PHI for treatment, payment, or operations purposes. We may require that you submit this request in writing. For these requests:
we are not required to agree;
we may say “no” if it would affect the Services; but
we will agree not to disclose information to a health plan for purposes of payment or health care operations if the requested restriction concerns a health care item or service for which you or another person, other than the health plan, paid in full out-of-pocket, unless it is otherwise required by law.
Request an Accounting of Disclosures. You have the right to request an accounting of certain PHI disclosures that we have made. For these requests:
we will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures, such as disclosures that you asked us to make; and
we will provide one accounting a year for free, but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Request Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or at a specific address. For these requests you must specify how or where you wish to be contacted and we will accommodate only reasonable requests.
Make Complaints. You have the right to complain if you feel we have violated your rights. We will not retaliate against you for filing a complaint. You may either file a complaint directly with us by contacting info@vericardia.com or with the Office for Civil Rights at the US Department of Health and Human Services.