Healogics, Inc. ("HEALOGICS")
Effective date of this Notice: December 9, 2016
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
HEALOGICS provides clinical management, data aggregation, and administrative services to hospital wound care centers. In order to serve you, HEALOGICS will receive personal information about your health from you, your physicians, your treating hospital, and others who provide you with health care services.
HEALOGICS acts as a business associate of its hospital clients and, therefore, HEALOGICS is subject to certain provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH Act"). We are required in our contracts with health care providers and health plan sponsors to keep your information in accordance with HIPAA and the HITECH Act. This Notice of our privacy practices is designed to comply with HIPAA and the HITECH Act, and to inform you of how we may use and disclose your information. This Notice applies only to the extent required by law. The hospital where you receive wound care services may have separate policies and a separate notice that governs how your protected health information is used or disclosed.
Kinds of Information Covered by This Notice
This Notice applies to any information in our possession that is used to make decisions about your care and would allow someone to identify you and learn something about your health ("protected health information" or "PHI"). It does not apply to information that contains nothing that could reasonably be used to identify you.
Who Must Abide by This Notice
HEALOGICS and its employees, staff, and other personnel whose work is under the direct control of HEALOGICS must comply with this Notice. The people and organizations to which this Notice applies (referred to as “we,” “our,” and “us”) have agreed to abide by its terms. We may share PHI with each other for purposes of treatment, and as necessary, for payment and health care operations activities as described below.
Our Legal Duties
How We May Use or Disclose Your PHI
- We are required by our contracts with covered entities, such as hospitals, to maintain the privacy of your PHI.
- We are required to comply with applicable federal and state laws that may affect how we use and disclose your PHI.
We may use your PHI, or disclose it to others, as allowed in state and federal law, and in our contracts with covered entities, such as hospitals. We may use or disclose your PHI as needed for purposes related to treatment, payment, and health care operations. Examples of how we may use and disclose your PHI include, but are not limited to:
. We may use your PHI to enhance your medical care and services. This means that our nurses, technicians, and other health care professionals may read your PHI to learn about your medical condition and use it to help you make decisions about your care. We will also disclose your information to others who provide you with medical treatment or services. For instance, we may use PHI to suggest ways to improve your overall health.
We will use or disclose your PHI as necessary for activities relating to payment for health care services. For instance, an independent third party auditor may view it for purposes of verifying accuracy of billing. A hospital, or HEALOGICS on behalf of a hospital, may disclose your PHI for verification of benefits.
3. Health Care Operations
. We may use your PHI for activities that are necessary to operate and manage this organization. For example, we may read your PHI to review the performance of our staff. We may disclose your PHI as necessary to others who we contract with to provide administrative services. This list includes, but is not limited to, our lawyers, auditors, accreditation services, and consultants. We may also transfer information we collect, including PHI, to a third party in connection with a sale of all, or substantially all, of the assets of the business entity holding the information. We may transmit PHI to other covered entities for certain health care operations of those other entities, as permitted by law.
4. Legal Requirement to Disclose Information.
We will disclose your information when we are required to do so by law. This includes reporting information to government agencies that have the legal responsibility to monitor the health care system. For instance, we may be required to disclose your PHI, and the PHI of others, if we are audited by a state or federal health care agency. We will also disclose your PHI when we are required to do so by a court order or other judicial or administrative process.
5. To Report Abuse.
We may disclose your PHI when the information relates to a victim of abuse, neglect, or domestic violence. We will make this report only in accordance with laws that require or allow such reporting, or with your permission.
6. Law Enforcement.
We may disclose your PHI for law enforcement purposes. This includes providing information to help locate a suspect, fugitive, material witness, or missing person, or in connection with suspected criminal activity. We must also disclose your PHI to a federal agency investigating our compliance with federal privacy regulations.
7. Specialized Purposes.
We may disclose the PHI for a number of specialized purposes. We will only disclose as much information as is necessary for the purpose. For instance, we may disclose your information to coroners, medical examiners, and funeral directors; to organ procurement organizations (for organ, eye, or tissue donation); or for national security and intelligence purposes. We may disclose the PHI of members of the armed forces as authorized by military command authorities. We may also disclose PHI about an inmate to a correctional institution or to law enforcement officials to provide the inmate with health care, to protect the health and safety of the inmate and others, and for the safety, administration, and maintenance of the correctional institution. We may also disclose your PHI to your employer for purposes of workers' compensation and work site safety laws (OSHA, for instance). We may disclose PHI to organizations engaged in emergency and disaster relief efforts. We may contact you as part of a fundraising effort. You will have the opportunity to opt out of receiving future fundraising communications if you receive written fundraising communications from us.
8. To Avert a Serious Threat.
We may disclose your PHI if we decide that the disclosure is necessary to prevent serious harm to the public or to an individual. The disclosure will only be made to someone who is able to prevent or reduce the threat.
9. Family and Friends.
We may disclose your PHI to a member of your family or to someone else who is involved in your medical care or payment for care. We may notify family or friends if you are in the hospital, and tell them of your general condition. This may include telling a family member about the status of a claim, or what benefits you are eligible to receive. In the event of a disaster, we may provide information about you to a disaster relief organization so they can notify your family of your condition and location. We will not disclose your information to family or friends if you object. We may also disclose to your personal representatives who have authority to act on your behalf (for example, to parents of minors or to someone with a power of attorney).
We may disclose your PHI in connection with medical research projects if allowed under federal and state laws and rules. We may disclose PHI for use in a limited data set for purposes of research, public health or health care operations, but only if a data use agreement has been signed.
11. Information to Patient.
We may use your PHI to provide you with additional information. This may include sending appointment reminders to the phone, address, or e-mail that you have furnished to us or the hospital where you are being treated. This may also include giving you information about treatment options, alternative settings for care, or other health-related services.
12. To Business Associates and Subcontractors.
We may hire third parties that may need your PHI to perform certain services on our behalf. Under HIPAA and the HITECH Act, these third parties must protect any PHI they receive from us, or create and/or maintain on our behalf, in the same way that we must guard your PHI.
13. Public Health Oversight.
We may disclose your PHI to a public health oversight agency for oversight activities authorized by law. This includes uses or disclosures in civil, administrative or criminal investigations; licensure or disciplinary actions (for example, to investigate complaints against health care providers); inspections; and other activities necessary for appropriate oversight of government programs (for example, to investigate Medicaid fraud).
14. For Lawsuits and Disputes.
We may disclose PHI in response to an order of a court or administrative agency, but only to the extent expressly authorized in the order. We may also disclose PHI in response to a subpoena, a lawsuit discovery request, or other lawful process, but only if we have received adequate assurances that the information to be disclosed will be protected. We may also disclose PHI in a lawsuit, whether actually filed or threatened, as necessary, if related to any payment or health care operations purposes, including defense of any professional malpractice claims.
In all other situations HEALOGICS will not use or disclose your PHI without your written authorization. The authorization must meet the requirements of the Privacy Rules. Unless otherwise permitted by law, HEALOGICS will not directly or indirectly receive remuneration in exchange for your PHI unless we have obtained your written authorization. If you give HEALOGICS a written authorization, you may cancel your authorization, except for uses and disclosures that have already been made based on your authorization. When using or disclosing your PHI or requesting your PHI from another covered entity, HEALOGICS will take reasonable efforts to limit such use, disclosure, or request, to the extent practicable, to the PHI maintained in a limited data set, or if needed, to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request respectively.
. We will ask for your written authorization if we plan to use or disclose your PHI for reasons not covered in this notice. If you authorize us to use or disclose your PHI, you have the right to revoke the authorization at any time. If you want to revoke an authorization, send a written notice to the Privacy Official listed at the end of this notice. You may not revoke an authorization for us to use and disclose your information to the extent that we have already given out your information or taken other action in reliance on the authorization.
2. Request Restrictions.
You have the right to ask us to restrict how we use or disclose your PHI. We are required to comply with a request for restriction where the disclosure is to a health plan for purposes of carrying out payment or health care operations, and the PHI pertains solely to a health care item or service for which the health care provider has been paid out of pocket in full. We will consider all other requests, but we are not required to agree. If we do agree, we will comply with the request unless the information is needed to provide you with emergency treatment. A restriction cannot prevent uses and disclosures that are required by the Secretary of DHHS to determine or investigate HEALOGICS's compliance with the Privacy Rules, or that are otherwise required by law.
3. Confidential Communication.
You have the right to ask us to communicate with you at a special address or by a special means. For example, you may ask us to send letters that contain your PHI to a different address rather than to your home. Or you may ask us to speak to you personally on the telephone rather than sending your PHI by mail. We will agree to reasonable requests.
4. Inspect and Receive a Copy of PHI.
Much of the PHI related to your treatment is held by hospitals, rather than HEALOGICS. You have a right to inspect the PHI about you that we have in a designated record set, and to receive a copy of it. This right is limited to information about you that is kept in records that are used to make decisions about you. For instance, this includes medication lists, lab results, and encounter information. Where your PHI is contained in an Electronic Health Record, you have the right to obtain a copy of such information in an electronic format and you may request that HEALOGICS transmit such copy directly to an entity or person designated by you, provided that any such choice is clear, conspicuous, and specific. If you want to review or receive a copy of these records, you must make the request in writing. We may charge a fee for the cost of copying and mailing the records. To ask to inspect your records, or to receive a copy, contact the person listed under “Whom to Contact” at the end of this Notice. We will respond to your request within 30 days. We may deny you access to certain information. If we do, we will give you the reason, in writing. We will also explain how you may appeal the decision.
5. Amend PHI.
You have the right to ask us to amend PHI about you in a designated record set which you believe is incorrect or incomplete. You must make this request in writing, and give us the reason you believe the information is not correct or complete. We will respond to your request in writing within 60 days. We may deny your request if we did not create the information, if it is not part of the records we use to make decisions about you, if the information is something you would not be permitted to inspect or copy, or if the PHI is already complete and accurate.
6. Accounting of Disclosures.
You have a right to receive an accounting of certain disclosures of your information to others. This accounting will list the times we have given your PHI to others. The list will include dates of the disclosures, the names of the people or organizations to whom the information was disclosed, a description of the information, and the reason. We will provide the first list of disclosures you request at no charge. We may charge you for any additional lists you request during the following 12 months. You must tell us the time period you want the list to cover. You may not request a time period longer than six years. We cannot include disclosures made before April 14, 2003. Disclosures for the following reasons will generally not be included on the list: disclosures for treatment, payment, or health care operations; disclosures for national security purposes; disclosures to correctional or law enforcement personnel; disclosures that you have authorized; and disclosures made directly to you.
The right to receive an accounting of the disclosures HEALOGICS has made of your PHI from an Electronic Health Record relating to treatment, payment, or health care operations is limited to the three years immediately prior to the date the accounting is requested (or shorter is requested).
7. Paper Copy of this Privacy Notice.
You have a right to receive a paper copy of this Notice. If you have received this Notice electronically, you may receive a paper copy by contacting the person listed under “Whom to Contact” at the end of this Notice.
You have a right to complain about our privacy practices, if you think your privacy has been violated. You may file your complaint with the person listed under “Whom to Contact” at the end of this Notice. You may also file a complaint with the Secretary of the U. S. Department of Health and Human Services, at the Office for Civil Rights. All complaints must be in writing. We will not take any retaliation against you if you file a complaint.
9. Right to Receive Written Notification of a Breach.
You have the right to receive written notification of a breach where your unsecured protected health information has been accessed, acquired, used, or disclosed to an unauthorized person as a result of a breach. Unless specified in writing by you to receive the notification by electronic mail, HEALOGICS will provide such written notification by first-class mail or, if necessary, by such other substituted forms of communication allowable under the law.
Our Right to Change This Notice
We reserve the right to change our privacy practices, as described in this Notice, at any time. We reserve the right to apply these changes to any PHI which we already have, as well as to PHI we receive in the future. Before we make any change in the privacy practices described in this Notice, we will write a new Notice that includes the change. The new Notice will include an effective date. We will make the new Notice available upon request.
Who to Contact.
Contact the person listed below:
- For more information about this Notice, or
- For more information about our privacy policies, or
- If you want to exercise any of your rights, as listed on this Notice, or
- If you want to request a copy of our current Notice of privacy practices.
Kassandra Stone Shubow, Privacy Officer
5220 Belfort Rd. Suite 130
Jacksonville, Florida 32256
904.446.3400 (Main Line)
Anonymous Ethics & Compliance Helpline: 888.999.9460
Click here to download this document