Last Updated: 6 September 2024
Version: 1.0
Many of the services that NowPatient offers are covered by the Health Insurance Portability and Accountability Act, or HIPAA. This means that we follow rules about how we keep your Protected Health Information, or PHI, private and secure. The following Notice of Privacy Practices describe more about how we comply with HIPAA and tell you about your rights to your PHI.
To learn how NowPatient collects, uses, and discloses information we obtain in connection with our provision of services through our website, mobile applications, or other online services please refer to the privacy policy. This policy applies to information collected in conjunction with those services, except with respect to individually identifiable health information that is considered Protected Health Information (“PHI”) under HIPAA.
Privacy Officer Contact Information: Privacy Officer, via email dpo@nowpatient.com
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices is for the NowPatient Covered Entity. If you have questions about the NowPatient Covered Entity, please contact our Privacy Officer at the contact information listed above.
By acknowledging receipt, you agree that you have received this notice on behalf of yourself and/or your minor dependents, if any.
Your Rights
Get an electronic or paper copy of your medical record
You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
We will provide a copy or a summary of your health information, usually within fifteen (15) days of your request.
We may charge a reasonable, cost-based fee.
You can ask us to provide an electronic copy of your electronic health record to a designee of your choice
Ask us to correct your medical record
You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
We may say “no” to your request, but we’ll tell you why in writing within 60 days.
Request confidential communications
You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
We will say “yes” to all reasonable requests.
Ask us to limit what we use or share
You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
Get a list of those with whom we’ve shared information
You can ask for a list (accounting) of the times we’ve shared your health information for six (6) years prior to the date you ask, who we shared it with, and why.
We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within twelve (12) months.
Get a copy of this privacy notice
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
You can complain if you feel we have violated your rights by contacting us using the information at the top of this notice.
You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting Health and Human Service website.
We will not retaliate against you for filing a complaint.
Your Choices
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
Share information with your family, close friends, or others involved in your care
Share information in a disaster relief situation
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
In these cases we never share your information unless you give us written permission:
Marketing purposes, as the term “marketing” is defined under HIPAA
Sale of your information, as the term “sale of protected health information” is defined under HIPAA
Most sharing of psychotherapy notes
Our Responsibilities:
We are required by law to maintain the privacy and security of your protected health information.
We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
We must follow the duties and privacy practices described in this notice and give you a copy of it.
We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
Our Uses and Disclosures
We may use and share your information as we:
Treat you
We can use your health information and share it with other professionals who are treating you.
Example: A telemedicine doctor treating you for flu symptoms shares information with your primary care provider.
Example: We may send you appointment reminders.
Example: We may send you information about treatment alternatives.
Run our organization
We can use and share your health information to run our practice, improve your care, and contact you when necessary.
Example: We use health information about you to manage your treatment and services.
Example: We use health information about you to provide you information about our health-related products and services.
Example: We use health information about you to improve the way we provide care to patients, including developing and improving the technologies that we use to deliver care.
Bill for your services
We can use and share your health information to bill and get payment from health plans or other entities.
Example: We give information about you to your health insurance plan so it will pay for your services.
How else can we use or share your health information? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information on your rights under HIPAA.
Help with public health and safety issues
We can share health information about you for certain situations such as:
Preventing disease
Helping with product recalls
Reporting adverse reactions to medications
Reporting suspected abuse, neglect, or domestic violence
Preventing or reducing a serious threat to anyone’s health or safety
Service Providers
We will share your information with service providers, known as “business associates,” who assist us with treating you, obtaining payment for treatment, and with our operations. Before doing so, we require each business associate to sign a contract agreeing to maintain the privacy and security of your information.
Do research
We can use or share your information for health research. Also, we may use aggregated information about user trends, characteristics, and preferences that we have compiled through third parties to help our outreach activities. This data is not specific information about you or anyone else specifically but rather generalized information about groups of people. If you do not wish for your data to be included, please contact us via one of the methods at the top of this notice.
Comply with the law
We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Respond to organ and tissue donation requests
We can share health information about you with organ procurement organizations.
Work with a medical examiner or funeral director
We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
Address workers’ compensation, law enforcement, and other government requests
We can use or share health information about you:
For workers’ compensation claims.
For law enforcement purposes or with a law enforcement official.
With health oversight agencies for activities authorized by law.
For special government functions such as military, national security, and presidential protective services.
State Laws
Many state laws further restrict how we may use and share your health information. For example, state laws may require that we obtain your permission before sharing information about substance use disorders, sexually transmitted diseases, or psychotherapy information. We will follow these more stringent state laws.
Notice Regarding Use of Technology
We may use electronic software, services, and equipment, including without limitation email, video conferencing technology, cloud storage and servers, internet communication, cellular network, voicemail, facsimile, electronic health record, and related technology to share your health information with you and others. We will encrypt your information where encryption is reasonable, unless you instruct us otherwise, such as if you instruct us to send test results through unencrypted email or text. We will take reasonable measures to safeguard the data transmitted, as well as ensure its integrity against intentional or unintentional breach or corruption. However, in very rare circumstances security protocols could fail, causing a breach of privacy or security of PHI.
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our website.