THIS NOTICE DESCRIBES HOW YOUR PERSONAL INFORMATION, INCLUDING YOUR MEDICAL INFORMATION, MAY BE USED AND/OR DISCLOSED BY APOSTROPHE, INC. AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
APOSTROPHE’S COMMITMENT TO YOUR PRIVACY
Apostrophe is dedicated to maintaining the privacy of your personal information, including your protected health information (“PHI”) that may be collected on our website, my.ApostropheHealth.com (“Site”).
WHAT INFORMATION DO WE COLLECT?
We may collect your IP address and other data about the equipment you use to visit the Site, the patterns of searching and browsing that preceded access to the Site and the patterns of searching and browsing the Site. The technical term for this collection is the collection of “cookies.” You may disable cookies and similar items by adjusting your browser preferences at any time; however, this may limit your ability to take advantage of all the features on this Site.
We may use and disclose your activity information unless restricted by this policy or by law. Some examples of the ways we use your activity information include:
- Customizing your experience on the Site, including managing and recording your preferences
- Marketing, product development, and research purposes
- Tracking resources and data accessed on the Site
- Developing reports regarding Site usage, activity, and statistics
- Assisting users experiencing Site problems
- Enabling certain functions and tools on this Site
We may collect personal information and medical information you provide to us as you register for the Site, as you sign up for or request certain services from us, or as you enter information during an interactive activity on our Site. Any information that is generated in the course of the use of those services or activities is also collected. For example:
- We may collect PHI when we provide online education about plan requirements, incentive and savings opportunities
- We may collect PHI when we perform a health survey to assess your health risk
- We may collect PHI in order to provide cost estimates and quality information about availablehealth care providers
- We may collect PHI in order to tailor our outreach to you about any chronic conditions or recommended care guidelines
Personal information includes your name, contact information, social security numbers, participant identification number and related information. Protected health information, or PHI, is information about you that may be used to identify you (such as your name, social security number or address), and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of healthcare to you, or (c) your past, present, or future payment for the provision of healthcare. In conducting its business, we will receive and create records containing your PHI. We are required by law to maintain the privacy of your PHI and to provide you with notice of its legal duties and privacy practices with respect to your PHI.
HOW MAY WE USE AND DISCLOSE YOUR PHI?
We may use and disclose your PHI in the following ways:
- Treatment, Payment and Healthcare Operations. Apostrophe is permitted to use and disclose your PHI for purposes of (a) treatment, (b) payment and (c) healthcare operations. For example:
- We may disclose your PHI when arranging a referral to a physician or healthcare provider. We may use or disclose your PHI when we arrange for expert medical opinions or bundled surgeries.
- We may use and disclose your PHI to your health insurer or health plan in connection with the processing and payment of claims and other charges.
- Authorization. We are permitted to use and disclose your PHI upon your written authorization. You may revoke your authorization at any time.
- As Required by Law. We may use and disclose your PHI to the extent required by law.
The following are examples of when disclosure of your PHI may be required by law:
- Public Health Activities. We may disclose your PHI to public health authorities or other governmental authorities for purposes including preventing and controlling disease, reporting child abuse or neglect, reporting domestic violence and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity. We may, in certain circumstances, disclose PHI to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.
- Workers’ Compensation. We may disclose your PHI to comply with workers’ compensation programs and other similar programs for work-related illnesses or injuries.
- Health Oversight Activities. We may disclose your PHI to a regulatory agency for audits, investigations, inspections, licensing and disciplinary actions.
- Judicial and Administrative Proceedings. We may disclose your PHI in response to an order from a court or administrative agency, or in response to a subpoena or discovery request.
- Law Enforcement. We may disclose your PHI to a law enforcement official, such as for purposes of identifying or locating a suspect, fugitive, material witness or missing person.
- We may disclose PHI to coroners, medical examiners and funeral directors for purposes such as identification, determining the cause of death and fulfilling duties relating to decedents.
- Organ Procurement. We may use or disclose PHI for the purposes of organ donation and transplantation.
- We may use or disclose PHI that is necessary for certain research purposes.
- Threat to Health or Safety. We may use or disclose PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
- Specialized Government Functions. We may use and disclose the PHI of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits. Apostrophe may also disclose PHI to federal officials for intelligence and national security purposes.
WHAT ARE YOUR RIGHTS REGARDING YOUR PHI?
You have the following rights regarding the PHI maintained by us:
- Confidential Communication. You have the right to receive confidential communications of your PHI. You may request that we communicate with you through alternate means or at an alternate location, and we will accommodate your reasonable requests. You must submit your request in writing to us.
- Restrictions. You have the right to request restrictions on certain uses and disclosures of PHI for treatment, payment or healthcare operations. You also have the right to request that we restrict our disclosures of your PHI to only certain individuals involved in your care or the payment of your care. You must submit your request in writing to us. We are not required to comply with your request. However, if we agree to comply with your request, we will be bound by such agreement, except when otherwise required by law or in the event of an emergency.
- Inspection and Copies. You have the right to inspect and copy your PHI. You must submit your request in writing to us. We may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. We may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, we will inform you of the reason for the denial, and you may request a review of the denial.
- Amendment. You have a right to request that we amend your PHI if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is maintained by us. You must submit your request in writing to us and provide a reason to support the requested amendment. We may, under certain circumstances, deny your request by sending you a written notice of denial. If we deny your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
- Accounting of Disclosures. You have a right to receive an accounting of all disclosures we have made of your PHI. However, that right does not include disclosures made for treatment, payment or healthcare operations, disclosures made to you about your treatment, disclosures made pursuant to an authorization, and certain other disclosures. You must submit your request in writing to us and you must specify the time period involved (which must be for a period of time less than six years from the date of the disclosure). Your first accounting will be free of charge. However, we may charge you for the costs involved in fulfilling any additional request made within a period of 12 months. We will inform you of such costs in advance, so that you may withdraw or modify your request to save costs.
- Breach Notification. You have the right to be notified in the event that we (or any of our business associates) discovers a breach of unsecured PHI.
- Complaint. You may complain to us and to the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated. To file a complaint with us, you must submit a statement in writing to us at the following email address: firstname.lastname@example.org. We will not retaliate against you for filing a complaint.
- Further Information. If you would like more information about your privacy rights, please contact us by calling 970.444.1450 and ask to speak to the CEO.
IS MY PHI SECURE?
We protect oral, written and electronic PHI throughout our organization. We will take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information, including computer safeguards, secured files and buildings and restrictions on who may access your PHI. We will store all PHI you provide through our Site on our secure (password- and firewall-protected) servers. All electronic transmissions of your PHI will be protected by encryption technology. We do not sell your PHI to anyone.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping the password you use for accessing our Site confidential; we will not ask you for your password (except when you log in to our Site).
We must must abide by the terms of this Notice while it is in effect. This current Notice is dated June 14, 2016, and will remain in effect until we replace it. We reserve the right to change the terms of this Notice at any time, as long as the changes are in compliance with applicable law. If we change the terms of this Notice, the new terms will apply to all PHI that we maintain, including PHI that was created or received before such changes were made. If we change this Notice, we will post the new Notice on our Site and will make the new Notice available upon request.