HIPAA Notice of Privacy Practice
Notice of Privacy Practices
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
I. Who We Are
This Notice describes the privacy practices of Mindstrong Health Services, P.C. (“Mindstrong,” “we,” “us,” or “our”) in relation to health information about you (“Protected Health Information” or “PHI”), which we collect, create, and transmit through our mobile applications (the “Apps”). Our Apps are designed to measure brain health and provide access to healthcare services. Notably, our Health App and Care App allow individuals to obtain care in a convenient location from providers who may be remote, and likewise enable providers to provide care to individuals who may be at remote locations, using these measurements of brain health.
II. Our Privacy Obligations
We understand that your health information is personal and we are committed to protecting your privacy. In addition, we are required by law to maintain the privacy of your PHI, to provide you with this Notice and to notify you in the event of a breach of your unsecured PHI. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).
III. Permissible Uses and Disclosures Without Your Written Authorization
In certain situations, we must obtain your written authorization in order to use and/or disclose your PHI. However, unless the PHI is Highly Confidential Information (as defined in Section IV.B below) and the applicable law regulating such information imposes special restrictions on us, we may use and disclose your PHI without your written authorization for the following purposes:
- Treatment. We use and disclose your Protected Health Information to provide treatment and other services to you through our Apps. Please see the following descriptions of each of the Apps.
- Health App. The Health App will collect information about your brain health by recording the way you interact with the touch screen on your mobile device, such as the patterns of your keystrokes, taps and scrolls. It also allows you to communicate with your health care provider remotely.
- Care App. The Care App will enable you to communicate with your health care provider remotely.
Sometimes, you may be unavailable to object to a disclosure. In that case, we may exercise our professional judgment to determine whether a disclosure is in your best interests. If we disclose information under such circumstances, we would disclose only information that is directly relevant to the person’s involvement with your care.
If you participate in a research study that utilizes the Discovery App, the Discovery App will collect information about your brain health to support an academic medical center’s or other research organization’s clinical research activities.
IV. Uses and Disclosures Requiring Your Written Authorization
For any purpose other than the ones described above in Section III, we only use or disclose your Protected Health Information when you give us your written authorization.
- Marketing. We must obtain your written authorization prior to using your PHI for purposes that are marketing under the HIPAA privacy rules. For example, we will not accept any financial payments from other organizations or individuals in exchange for making communications to you about treatments, health care providers, care coordination, products or services unless you have given us your authorization to do so or the communication is permitted by law. We may give you promotional gifts of nominal value without obtaining your written authorization.
- Sale of Protected Health Information. We will not share your information as part of a sale of PHI without your written authorization.
- Psychotherapy Notes. We will not use or disclose psychotherapy notes about you without your authorization except for use by the mental health professional who created the notes to provide treatment to you, for our internal training programs on providing mental health services, or to defend ourselves in a legal action or other proceeding brought by you.
- Uses and Disclosures of Your Highly Confidential Information. Federal and state law requires special privacy protections for certain health information about you (“Highly Confidential Information”), including substance use disorder records and other health information that is given special privacy protection under state or federal laws other than HIPAA. In order for us to disclose any Highly Confidential Information for a purpose other than those permitted by law, we must obtain your authorization.
- Cancelation of Your Authorization. You may revoke your authorization, except to the extent that we have taken action in reliance upon it, by delivering a written cancelation to the Privacy Officer identified below.
VI. Your Individual Rights
- For Further Information; Complaints. If you would like more information about your privacy rights, are concerned that we have violated your privacy rights, or disagree with a decision that we made about access to your PHI, you may contact our Privacy Officer. You may also file a written complaint with the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services. Upon request, the Privacy Office will provide you with the correct address for OCR. We will not retaliate against you if you file a complaint with us or OCR.
- Right to Request Additional Restrictions. You may request additional restrictions on our use and disclosure of your PHI for following activities: (1) for treatment, payment and health care operations; (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care; or (3) to notify or assist in the notification of such individuals regarding your location and general condition. While we will consider all requests for additional restrictions carefully, we are not required to agree to most requested restrictions. We will honor a request to restrict our disclosure to a health plan for payment or health care operations purposes if the disclosure is not required by law and the information pertains solely to a health care item or service for which you (or someone on your behalf other than the health plan) have paid us out of pocket in full. If you wish to request additional restrictions, please obtain a request form from our Privacy Officer and submit the completed form to the Privacy Office.
- Right to Receive Alternative Communications. You may request, and we will accommodate, any reasonable written request for you to receive your PHI by alternative means of communication or at alternative locations.
- Right to Inspect and Copy Your Health Information. You may request access to inspect and obtain a copy of your medical and billing records maintained by us. Under limited circumstances, we may deny you access to a portion of your records. If you desire access to your records, please obtain a record request form from the Privacy Officer and submit the completed form to the Privacy Officer. If you request copies, we may charge you a reasonable copy fee.
- Right to Amend Your Records. You have the right to request that we amend your PHI maintained in your medical or billing records. If you desire to amend your records, please obtain an amendment request form from the Privacy Officer and submit the completed form to the Privacy Officer. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply.
- Right to Receive an Accounting of Disclosures. Upon request, you may obtain an accounting of certain disclosures of your Protected Health Information made by us during any period of time prior to the date of your request provided such period does not exceed six years. If you request an accounting more than once during a twelve (12) month period, we may charge you a reasonable fee for the accounting statement.
- Right to Receive Paper Copy of this Notice. Upon request, you may obtain a paper copy of this Notice, even if you agreed to receive such notice electronically.
VII. Effective Date and Duration of This Notice
- Effective Date. This Notice is effective on September 24, 2018.
- Right to Change Terms of this Notice. We may change the terms of this Notice at any time. If we change this Notice, we may make the new notice terms effective for all your PHI that we maintain, including any information created or received prior to issuing the new notice. If we change this Notice, we will post the new notice on our website at www.mindstronghealth.com. You also may obtain any new notice by contacting the Privacy Officer.
VIII. Privacy Officer
You may contact the Privacy Officer at firstname.lastname@example.org or by mail at:
248 Homer Ave.
Palo Alto, CA 94301