IntelliCentrics SEC3URE Platform
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
HIPAA Notice of Privacy Practices Addendum
This HIPAA Notice is effective from October 10, 2020.
Among other things, this HIPAA Notice describes how PHI may be used or disclosed to carry out treatment, payment, or healthcare operations, or for any other purposes that are permitted or required by law.
We are required to provide this HIPAA Notice pursuant to HIPAA.
Certain medical information known as “Protected Health Information” or “PHI” is protected by HIPAA. Generally, PHI is health information, including demographic information, collected from you or created or received by a healthcare provider (such as the Facility using SEC3URE LINK or SEC3URE VISITOR MANAGEMENT), a healthcare clearinghouse, a health plan, from which it is possible to individually identify you and that relates to:
- Your past, present or future physical or mental health or condition;
- The provision of healthcare to you, including your location within a healthcare facility; or
- The past, present or future payment for the provision of healthcare to you.
OUR PRIVACY PLEDGE FOR MEDICAL INFORMATION
We understand that medical information about you and your health is personal, and we are committed to protecting it. In the course of providing services through SEC3URE LINK with information provided to us by a Facility, we create procedure schedules and other records regarding healthcare treatment services provided to you. In the course of providing services through SEC3URE VISITOR MANAGEMENT with information provided to use by a Facility, we create information relating to a patient’s location within a Facility, including patient room, admission dates, discharge dates, and related information.
This HIPAA Notice applies to all the medical records and medical information practices of any third party that assists in the performance of services through SEC3URE LINK or SEC3URE VISITOR MANAGEMENT. Your personal doctor or healthcare provider, including the Facility using SEC3URE LINK or SEC3URE VISITOR MANAGEMENT, may have different policies or notices regarding the use and disclosure of your medical information created by them. Moreover, this Notice and its terms and conditions do not extend to information submitted directly by you, whether through SEC3URE LINK or through SEC3URE VISITOR MANAGEMENT, because such information is submitted pursuant to your express or implied authorization and does not constitute PHI.
OUR USE AND DISCLOSURE OF YOUR MEDICAL INFORMATION
We are permitted under HIPAA to use and disclose medical information in many different ways. The following categories describe different ways that we use and disclose medical information about you, or on behalf of the Facility using SEC3URE LINK or SEC3URE VISITOR MANAGEMENT. For each category of uses and disclosures, we will explain what we mean and present an example. While not every use or disclosure in a category will be listed, all the ways we are permitted to use or disclose information will fall within one of the categories.
- For Treatment. We may use or disclose medical information about you to facilitate medical treatment or services by healthcare providers. We may disclose medical information about you to providers, including hospitals, doctors, nurses, technicians, medical students or other personnel who are involved in taking care of you. We can share your health information with providers in person or remotely through the use of audio, video or online technology, which may be referred to as telemedicine.
For example, we might disclose information about the date or timing of your procedure to determine if the procedure may be scheduled or if a conflict exists. Similarly, we may use or disclose your medical information to allow determination of possible treatment options or alternatives that may be of interest to you.
- For Payment. We may use and disclose medical information about you to determine eligibility for health plan benefits, to facilitate payment for the treatment and services you receive from healthcare providers, or to allow you to determine benefit eligibility or responsibility under your applicable healthcare coverage.
For example, we may tell your healthcare provider about your medical history to determine whether a particular treatment is warranted at the Facility and whether such procedure may be experimental, investigational, or medically necessary. We also may share medical information with a utilization review or pre-certification service provider. Likewise, we may share medical information with another entity to assist with the adjudication or subrogation of health claims or to another health plan to coordinate benefit payments.
- For Healthcare Operations. We may use and disclose medical information about you for operations that are necessary for us to provide services to you or the Facility using SEC3URE LINK or SEC3URE VISITOR MANAGEMENT.
For example, we may use your medical information to conduct quality assessment and improvement activities, to assess our operational or financial risks and to perform other activities relating to use or performance of the Platform. In addition, we may use your medical information to conduct or arrange for medical review, legal services, audit services, and fraud and abuse detection programs, as well as business planning and development, such as cost management and general administrative activities.
- Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that we believe may be of interest to you.
For example, you may be scheduled for a specific procedure at a Facility, and because of that procedure, your healthcare provider may advise or recommend other treatment options or alternatives that we can share with you.
- To Business Associates. We are a “business associate” to the Facilities using SEC3URE LINK or SEC3URE VISITOR MANAGEMENT, and we may contract with individuals and entities who will be our business associates to perform various functions on our behalf or to provide certain services for us. To perform these functions or to provide these services, our business associates may create, receive, maintain, transmit, use, or disclose your medical information, but only after they have agreed in writing with us to implement appropriate safeguards regarding your medical information.
For example, we may disclose your medical information to a business associate to communicate with you about the scheduling of your healthcare procedure or treatment or to provide support services, such as utilization management, records audit, or benefits determination.
- As Authorized by You. If you request, we will disclose your medical information to you or your personal representative, as well as to persons authorized by you to receive such medical information. Note, however, we are not required to disclose information to a personal representative if we have reasonable belief that:
- You have been, or may be, subjected to domestic violence, abuse, or neglect by such person; or
- Treating such person as your personal representative could endanger you; and
- In the exercise of our professional judgment, we determine it is not in your best interest to treat the person as your personal representative.
- To Family and Friends. Your PHI may be used or disclosed to family members, other relatives, close personal friends or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if (1) your agreement is obtained; (2) you are provided with the opportunity to object to the disclosure, and you do not object; or (3) it can be reasonably inferred that you do not object to the disclosure.
- As Required by Law. We will disclose medical information about you when required to do so by federal, state or local law. For example, we may disclose medical information when required by public health disclosure laws or by a court order in a litigation proceeding such as a malpractice action.
- To Avert a Serious Threat to Public Health or Safety. We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be made to someone able to help prevent the threat. For example, we may disclose medical information about you in a proceeding regarding the licensure of a physician.
- Public Health Risks. We may disclose medical information about you for public health activities. These activities generally include the following:
- To prevent or control disease, injury or disability;
- To report births and deaths;
- To report child abuse or neglect;
- To report reactions to medications or problems with products;
- To notify people of recalls of products they may be using;
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and
- To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will make this disclosure only if you agree or when required or authorized by law.
- Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. Examples of these oversight activities include: audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the healthcare system, government programs and compliance with civil rights laws.
- Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We also may disclose medical information about you in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made to inform you about the request or to obtain an order protecting the information requested.
- Law Enforcement. In the following situations, we may release medical information if asked to do so by a law enforcement official:
- In response to a court order, subpoena, warrant, summons or similar process;
- To identify or locate a suspect, fugitive, material witness or missing person;
- About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
- About a death we believe may be the result of criminal conduct;
- About criminal conduct at a hospital; and
- In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
- Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information to funeral directors as necessary to carry out their duties.
- Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye or tissue transplantation, or to an organ donation bank, as necessary to facilitate organ or tissue donation or transplantation.
- Military and Veterans. If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
- National Security and Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.
- Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with healthcare; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
- Electronic Disclosures of Medical Information. Some jurisdictions require that we provide notice to you if your medical information is subject to electronic disclosure. This HIPAA Notice services as general notice that we may disclose your medical information electronically for treatment, payment or healthcare operations or as otherwise authorized or required by state or federal law.
OTHER USES OF MEDICAL INFORMATION
We will not sell or use or disclose your medical information for marketing purposes. The term “marketing” does not include any of the following communications: (i) a face-to-face communication made by we to you; (ii) a promotional gift of nominal value provided by we to you; (iii) a communication to describe our health-related products or services (or payment for such products or services) that are provided by us, so long as we do not receive direct or indirect payment in exchange for the making of the communication; (iv) a communication for treatment, including case management or care coordination, or to recommend alternative treatments; or (v) a communication made to provide refill reminders or communicate about a drug or biologic that is being prescribed provided any payment received in exchange for the communication is a reasonable amount.
Other uses and disclosures of medical information not covered by this HIPAA Notice or the laws that apply to us will be made only with your written permission. In addition to marketing communications as described above, this includes use or disclosure of “psychotherapy notes,” or disclosures of medical information that constitute “sale of medical information” under HIPAA. If you provide us such permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. It is important to note that we are unable to take back any disclosures already made with your permission, and that we are required to retain the medical information for our records. If the privacy laws of a particular state impose a stricter privacy standard, we will comply with the stricter law.
YOUR RIGHTS REGARDING YOUR MEDICAL INFORMATION
You have the following rights regarding certain medical information we maintain about you:
* * *
- Right to Inspect and Copy. You have the right to inspect and copy your medical information that may be used to perform services via SEC3URE LINK. If the information is maintained electronically, and you request an electronic copy, we will provide a copy in the electronic form and format you request, if the information can be readily produced in that form and format. If the information cannot be readily produced in the form or format requested, we will work with you to come to an agreement on the form and format. If we cannot agree on an electronic form and format, we will provide you with a paper copy.
However, please note that your healthcare records are not maintained by us and instead reside with the Facility using SEC3URE LINK or SEC3URE VISITOR MANAGEMENT. Therefore, to obtain information or make a request concerning your health information with respect to services beyond SEC3URE LINK or SEC3URE VISITOR MANAGEMENT or with respect to your specific medical condition or procedure, please contact the respective Facility where you received the healthcare treatment services facilitated through use of SEC3URE LINK or where you authorized and received visitors through use of SEC3URE VISITOR MANAGEMENT.
If you request a copy of the information, you may be charged a reasonable fee for the costs of copying, mailing or other supplies related to your request. Note: Your request to inspect and copy your medical information may be denied in certain very limited circumstances. If you are denied access to your medical information, you may request that the denial be reviewed by submitting a written request to Privacy@IntelliCentrics.com
- Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us. To request an amendment, your request must be made in writing and submitted to Privacy@IntelliCentrics.com. Your request must include a reason that supports your request. Note: Your request to amend your medical information may be denied if it is not in writing or does not include a reason to support the request. In addition, your request may be denied if you ask we to amend information that:
If your request to amend your medical information is denied, you may file a statement of disagreement with we and any future disclosures of the disputed information will include your statement.
- Is not part of the medical information kept by or for us;
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the information that you would be permitted to inspect and copy; or
- Is already accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request an “accounting” of certain disclosures of your medical information. The accounting will not include (1) disclosures for purposes of treatment, payment or healthcare operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends and family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures.
To request this list or accounting of disclosures, you must submit your request in writing to Privacy@IntelliCentrics.com. Your request must state a time period, which may not be longer than six years before the date of your request. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be free. You may be charged for the costs associated with providing additional lists. We will notify you of the cost involved and you may withdraw or modify your request at that time before any costs are incurred. If the accounting of disclosures cannot be provided within 60 days of the date of your request, an additional 30 days is allowed if we give you a written statement of the reasons for the delay and the date by which the accounting will be provided.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or healthcare operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. We are not required to agree to your request. To request restrictions, you must make your request in writing to Privacy@IntelliCentrics.com. Your request must include:
- The information you want to limit;
- Whether you want to limit our use, disclosure or both; and
- To whom you want the limits to apply (for example, disclosures to your spouse).
- Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we contact you only at work or by mail. Note, however, that a request to receive medical information by email will not be secure because the information is sent through your employer’s corporate email system and is not encrypted. To request confidential communications, make your request in writing to Privacy@IntelliCentrics.com. You are not required to provide a reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- Right to be Notified of a Breach. You (and potentially other parties) have the right to be notified if we or a business associate become aware of a breach of unsecured medical information that results in improper use or disclosure about you. Any such notification will be made to you in accordance with applicable state or federal law.
- Right to a Paper Copy of this HIPAA Notice. You have the right to a copy of this HIPAA Notice. You may ask us to give you a copy of this HIPAA Notice at any time. Even if you have agreed to receive this HIPAA Notice electronically, you are still entitled to a paper copy of this HIPAA Notice upon your request.
If you have any questions regarding your rights with respect to your medical information, or if you contact the business associate and are not satisfied with the outcome of your request, please contact us at Privacy@IntelliCentrics.com.
CHANGES TO THIS HIPAA NOTICE
We reserve the right to change this HIPAA Notice and to make the revised or changed notice effective for medical information we already have about you, as well as any information we receive in the future. If we make any material change to this HIPAA Notice, we will provide you with a copy of our revised Notice at the time required and in a manner permitted by law.
If you believe your privacy rights have been violated, you may file a complaint with us, the applicable Facility, by mail with: U.S. Department of Health & Human Services, Centralized Case Management Operations, 200 Independence Avenue SW, Room 509F HHH Bldg., Washington, DC 20201, or email at OCRComplaint@hhs.gov or via the OCR Online Portal. To file a complaint with us or to address any questions regarding this HIPAA Notice, us at Privacy@IntelliCentrics.com.
All complaints must be submitted in writing. We will not retaliate against or penalize you for filing a complaint.
ACKNOWLEDING THIS HIPAA NOTICE
Should you request a paper copy of this HIPAA Notice, we may request that you affirmatively acknowledge receipt and acceptance thereof in writing.