HIPAA Notice of Privacy Practices
Last Updated: February 1, 2022
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
EFFECTIVE DATE OF NOTICE: February 1, 2018
We are required by law to provide individuals with notice of our legal duties and privacy practices with respect to your "Protected Health Information" (defined below). This Notice describes the privacy practices of Shared Harvest|myCovidMD™, its employees and other personnel (“Company” or “we” or “us” or “our”).
I. Our responsibility
The Company and the members of our workforce are committed to protecting the privacy and confidentiality of your personal information and test results.
The Company is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to keep your Protected Health Information confidential. This Notice describes our legal duties and privacy practices, and explains your privacy rights. When we use or disclose your Protected Health Information, we are required to abide by the terms of this Notice.
II. What is protected health information Protected Health Information is your demographic information, medical history, testing results, and other health information that is collected, generated, used, and communicated by the Company in connection with testing results and the other services we offer (collectively, the “Services”). Examples of Protected Health Information include your name, date of birth, medical record number, social security number, and testing results.
III. How we use and disclose your health information Your Protected Health Information may be used and disclosed for employment, treatment, payment, healthcare operations and other purposes permitted or required by law. The Company may use and disclose your Protected Health Information for the following purposes:
With your permission, we may disclose your Protected Health Information to the party who has engaged us to perform Services. For example, we may use your Protected Health Information to perform our testing services and disclose your testing results to your employer.
We may use or disclose your Protected Health Information to obtain payment for healthcare services we provide. For example, we may use and disclose your information to send a bill to your employer to receive payment for the services provided to you.
HEALTH CARE OPERATIONS
We may use and disclose your Protected Health Information for our healthcare operations. For example, we may use your Protected Health Information to monitor the quality of our testing services and review the competence and qualifications of our laboratory professionals.
PERSONS INVOLVED IN YOUR CARE OR PAYMENT FOR YOUR CARE
We may disclose your Protected Health Information to persons involved in your care or payment for your care, such as a physician, family member, relative, or close friend, unless you object or ask us not to.
We may disclose Protected Health Information about you to your authorized personal representative, such as a lawyer, administrator, executor or other authorized person responsible for you or your estate.
MINORS' PROTECTED HEALTH INFORMATION
We may disclose Protected Health Information about minors to their parents or legal guardians.
DISCLOSURES TO BUSINESS ASSOCIATES
We may disclose your Protected Health Information to other companies or individuals, known as "Business Associates," who provide services to us. For example, we may use a company to host medical records or perform billing services on our behalf. Our Business Associates are required to protect the privacy and security of your Protected Health Information and notify us of
any improper disclosure of information.
AS REQUIRED BY LAW
We must disclose your Protected Health Information when required to do so by any applicable federal, state or local law.
PUBLIC HEALTH ACTIVITIES
We may disclose your Protected Health Information for public health-related activities. Examples include: reporting to authorized public health authorities; public health investigations; or notifying a manufacturer of a product regulated by the U.S. Food and Drug Administration of a possible problem encountered when using the product in our testing process.
HEALTH OVERSIGHT ACTIVITIES
We may disclose your Protected Health Information to a healthcare oversight agency for activities that are authorized by law, such as audits, investigations, inspections and licensure activities. For example, we may disclose your Protected Health Information to agencies responsible for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.
JUDICIAL AND ADMINISTRATIVE PROCEEDINGS
Under certain circumstances, we may disclose your Protected Health Information in the course of a judicial or administrative proceeding in response to a court order, subpoena or other lawful process.
We may disclose your Protected Health Information to the police or other law enforcement officials as required by law or in compliance with a court order, warrant, subpoena, summons, or other legal process for locating a suspect, fugitive, witness, missing person, or victim of a crime.
THREATS TO HEALTH OR SAFETY
We may disclose Protected Health Information to prevent or reduce the risk of a serious and imminent threat to the health or safety of an individual or the general public.
VICTIMS OF ABUSE, NEGLECT, OR VIOLENCE
If required or authorized by law, we may disclose Protected Health Information to a government agency, such as social services or a protective services agency, if we reasonably believe that an individual adult or child is the victim of abuse, neglect, or domestic violence.
DE-IDENTIFIED, ANONYMIZED OR PSEUDONYMIZED INFORMATION
“De-identified” or “pseudonymized” information is data we have stripped of your personally identifiable information, such as your name, address, or birthdate, though it may be possible to re-identify such information. “Anonymized” information is when personal information is stripped of all identifiers and cannot reasonably be linked back to you.
We may use “de-identified” or “pseudonymized” information for various purposes, including:
● For quality control and validation:
○ In accordance with regulatory requirements, we may de-identify, store and use samples and information for internal quality control, validation, research and development. This is an important use for us to maintain the quality of our Services and to develop new Services.
○ In accordance with regulatory requirements, we may also share de-identified samples and information for quality assurance and validation purposes. Such sharing is essential to maintaining the quality of testing in testing laboratories.
● For research purposes:
○ We may use or disclose de-identified information for general research purposes. This may include research collaborations with third parties, such as universities, hospitals, or other laboratories, in which we utilize de-identified clinical cases at the individual or in the aggregate, and we may present or publish such information. This may also include commercial collaborations with private companies for research purposes.
ALL OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
We will ask for your written authorization before using or disclosing your Protected Health Information for any purpose not described herein. You may revoke your authorization, in writing, at any time, except for disclosures that the company has already acted upon. A revocation of authorization must be submitted to the address listed in Section VIII below.
IV. Your rights regarding your medical information
You have the following rights with respect to your Protected Health Information. To exercise any of these rights, please contact us using the contact information provided at the end of this Notice.
ACCESS TO PROTECTED HEALTH INFORMATION
You, or your authorized or designated personal representative, have the right to inspect and copy the Protected Health Information maintained by us. We may deny access to certain information for specific reasons, for example, where Federal and state laws regulating us prohibit us from disclosing certain information.
RESTRICTIONS ON USES AND DISCLOSURES
You have the right to request restrictions on our use and disclosure of your Protected Health Information. You also have the right to request a restriction on the Protected Health Information we disclose about you to someone who is involved in your care or payment for your care, such as a family member or friend. Except as described in this section, we are not required to agree to your request. We must agree to your request if the disclosure has been made to a health plan for the purpose of payment or health care operations and the disclosure relates to an expense for which you have been paid out of pocket. To request restrictions, you must send a written
request to firstname.lastname@example.org.
You have the right to request that we communicate with you about your Protected Health Information by alternative means or to an alternative address. Your request must be in writing and must specify the alternative means or location. We will accommodate reasonable requests for confidential communications.
CORRECT OR UPDATE INFORMATION
If you believe the Protected Health Information we maintain about you contains an error, you may request that we correct or update your information. Your request must be in writing and must explain why the information should be corrected or updated. We may deny your request under certain circumstances and provide a written explanation.
ACCOUNTING OF DISCLOSURES
You may request a list, or accounting, of certain disclosures of your Protected Health Information made by us or our business associates for purposes other than treatment, payment, healthcare operations and certain other activities. The request must be in writing and the list will include disclosures made within the prior six years.
COPY OF NOTICE
Upon request, you may obtain a paper or electronic copy of this Notice.
V. Information breach notification
We are required to notify you following the discovery of a breach of unsecured Protected Health Information, unless there is a demonstration, based on a risk assessment, that there is a "low probability" that the Protected Health Information has been compromised. You will be notified in a timely fashion, no later than 60 days after discovery of the breach.
VI. Questions and complaints
If you have questions or concerns about our privacy practices or would like a more detailed explanation about your privacy rights, please contact us using the contact information below. If you believe that we may have violated your privacy rights, you may submit a complaint to us.
You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request. The Company will not take retaliatory action against you and you will not be penalized in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
VII. Changes to our notice of privacy practices
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. We will promptly post any changes to this Notice on our website at www.sharedharvestfund.org or www.covidmd.org. Please review this website periodically to ensure that you are aware of any updates.
VIII. Contact information
When communicating with us regarding this Notice, our privacy practices, or your privacy rights, please contact the us using the following contact information:
10000 Washington Blvd Ste #600
Culver City, CA 90232