HIPAA Privacy Policy

Hipaa Notice Of Privacy Policy

shrinkMD at http://www.shrinkMD.com

Effective 7/4/2022

This notice describes how medical information about you may be used and disclosed and how you can obtain access to this information. Please review it carefully.

The terms of this Notice of Privacy Practices (“Notice”) apply to shrinkMD, its affiliates and its employees. ShrinkMD will share protected health information of patients as necessary to carryout treatment, payment, and health care operations as permitted by law. We are required by law to maintain the privacy of our patients’ protected health information and to provide patients with notice of our legal duties and privacy practices with respect to protected health information. We are required to abide by the terms of this notice for as long as it remains in effect. We reserve the right to change the terms of this notice as necessary and to make a new notice of privacy practices effective for all protected health information maintained by shrinkMD. We are required to notify you in the event of a breach of your unsecured protected health information. We are also required to inform you that there may be a provision of state law that relates to the privacy of your health information that may be more stringent than a standard or requirement under the Federal Health Insurance Portability and Accountability Act (“HIPAA”). HIPAA is a federal program that requires that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper or orally, are kept properly confidential. This Act gives you, the patient, significant rights to understand and control how your health information is used.

Uses And Disclosures Of Your Protected Health Information:

Authorization and Consent:

Except as outlined below, we will not use or disclose your protected health information for any purpose other than treatment, payment or health care operations unless you have signed a form authorizing such use or disclosure. You have the right to revoke such authorization in writing, with such revocation being effective once we actually receive the writing; however, such revocation shall not be effective to the extent that we have taken any action in reliance on the authorization, or if the authorization was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy or the policy itself.

We collect information that you provide to us. We collect personal information that you voluntarily provide to us when you register on the Website, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Website (such as by posting messages in our online forums or entering competitions, contests or giveaways) or otherwise when you contact us. The personal information that we collect depends on the context of your interactions with us and the Website, the choices you make and the products and features you use. The personal information we collect may include the following: Personal Information Provided by You. We collect names; phone numbers; email addresses; mailing addresses; job titles; usernames; passwords; contact preferences; contact or authentication data; billing addresses; debit/credit card numbers; and other similar information. All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

Uses and Disclosures for Treatment:

We will make uses and disclosures of your protected health information as necessary for your treatment. Healthcare providers involved in your care will use information in your medical record and information that you provide about your symptoms and reactions for your course of treatment that may include procedures, medications, tests, medical history, etc.

Uses and Disclosures for Payment:

We will make uses and disclosures of your protected health information as necessary for payment purposes. During the normal course of business operations, we may forward information regarding your medical procedures and treatment to your insurance company to arrange payment for the services provided to you. We may also use your information to prepare a bill to send to you or to the person responsible for your payment.

Uses and Disclosures for Health Care Operations:

We will make uses and disclosures of your protected health information as necessary, and as permitted by law, for our health care operations, which may include clinical improvement, professional peer review, business management, accreditation, and licensing, etc. For instance, we may use and disclose your protected health information for purposes of improving clinical treatment and patient care.

Individuals Involved in Your Care:

We may from time to time disclose your protected health information to designated family, friends and others who are involved in your care or in payment of your care to facilitate that person’s involvement in caring for you or paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited protected health information with such individuals without your approval. We may also disclose limited protected health information to a public or private entity that is authorized to assist in disaster relief efforts for that entity to locate a family member or other persons that may be involved in some aspect of caring for you.

Business Associates:

Certain aspects and components of our services are performed through contracts with outside persons or organizations, such as auditing, accreditation, outcomes data collection, legal services, etc. At times it may be necessary for us to provide your protected health information to one or more of these outside persons or organizations who assist us with our health care operations. In all cases, we require these associates to appropriately safeguard the privacy of your information.

Appointments and Services:

We may contact you to provide appointment updates or information about your treatment or other health-related benefits and services that may be of interest to you. You have the right to request, and we will accommodate reasonable requests by you to receive communications regarding your protected health information from us by alternative means or at alternative locations. For instance, if you wish appointment reminders to not be left on voice mail or sent to a particular address, we will accommodate reasonable requests. With such request, you must provide an appropriate alternative address or method of contact. You also have the right to request that we not send you any future marketing materials and we will use our best efforts to honor such request.

Research:

In limited circumstances, we may use and disclose your protected health information for research purposes. In all cases where your specific authorization is not obtained, your privacy will be protected by strict confidentiality requirements applied by an Institutional Review Board which oversees the research or by representations of the researchers that limit their use and disclosure of your information.

Other Uses and Disclosures:

We are permitted and/or required by law to make certain other uses and disclosures of your protected health information without your consent or authorization for the following:
• Any purpose required by law.
• Public health activities such as required reporting of immunizations, disease, injury, birth and death, or in connection with public health investigations.
• If we suspect child abuse or neglect; if we believe you to be a victim of abuse, neglect, or domestic violence.
• To the Food and Drug Administration to report adverse events, product defects, or to participate in product recalls.
• To your employer when we have provided health care to you at the request of your employer.
• To a government oversight agency conducting audits, investigations, civil or criminal proceedings.
• Court or administrative ordered subpoena or discovery request.
• To law enforcement officials as required by law if we believe you have been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
• To coroners and/or funeral directors consistent with law.
• If necessary to arrange an organ or tissue donation from you or a transplant for you.
• If you are a member of the military, we may also release your protected health information for national security or intelligence activities; and
• To workers’ compensation agencies for workers’ compensation benefit determination.

Disclosures Requiring Authorization:

Psychotherapy Notes:

We must obtain your specific written authorization prior to disclosing any psychotherapy notes unless otherwise permitted by law. However, there are certain purposes for which we may disclose psychotherapy notes, without obtaining your written authorization, including the following: (1) to carry out certain treatment, payment or healthcare operations (e.g., use for the purposes of your treatment, for our own training, and to defend ourselves in a legal action or other proceeding brought by you), (2) to the Secretary of the Department of Health and Human Services to determine our compliance with the law, (ending or lessening a serious or imminent threat to the health or safety of a person or the public.3) as required by law, (4) for health oversight activities authorized by law, (5) to medical examiners or coroners as permitted by state law, or (6) for the purposes of prep

Genetic Information:

We must obtain your specific written authorization prior to using or disclosing your genetic information for treatment, payment or health care operations purposes. We may use or disclose your genetic information without your written authorization only where it would be permitted by law.

Marketing:

We must obtain your authorization for any use or disclosure of your protected health information for marketing.

Third Party Analytics:

Our website uses third party analytics to understand how visitors interact with our site. We use this to improve our website and business practices.

These include:

Google Analytics, Google Ads, Hotjar, Facebook Pixels, and other analytics trackers. These trackers track things like user preferences, use experiences, how long you stayed on the site or which webpages you might have visited. No personal information is obtained or utilized for this, and it is used for our marketing. If you want to know more about each, please refer to their policy on their respective websites. We will not assist or permit any third party to pass information to Google, Facebook or any analytics company that could recognize as personally identifiable information. Some of these analytics use cookies to track users. Cookies are automatically embedded into browsers. You may shut cookies off, but it may render certain websites unusable. Our website uses cookies to deliver our product efficiently.

Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our website. We automatically collect certain information when you visit, use or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about who and when you use our website and other technical information. This information is primarily needed to maintain the security and operation of our website, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies.

We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources. In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, as well as from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account (e.g., Facebook or Twitter), we receive personal information about you such as your name, email address, and gender. Any personal information that we collect from your social media account depends on your social media account’s privacy settings.

How we keep your information safe:

We aim to protect your personal information through a system of organizational and technical security measures. We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cyber criminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our website is at your own risk. You should only access the Website within a secure environment.

Sale of Protected Information:

We must obtain your authorization prior to receiving direct or indirect remuneration in exchange for your health information; however, such authorization is not required where the purpose of the exchange is for:
• Public health activities.
• Research purposes if we receive only a reasonable, cost-based fee to cover the cost to prepare and transmit the information for research purposes.
• Treatment and payment purposes.
• Health care operations involving the sale, transfer, merger or consolidation of all or part of our business and for related due diligence.
• Payment we provide to a business associate for activities involving the exchange of protected health information that the business associate undertakes on our behalf (or the subcontractor undertakes on behalf of a business associate) and the only remuneration provided is for the performance of such activities;
• Providing you with a copy of your health information or an accounting of disclosures.
• Disclosures required by law.
• Disclosures of your health information for any other purpose permitted by and in accordance with the Privacy Rule of HIPAA, if the only remuneration we receive is a reasonable, cost- based fee to cover the cost to prepare and transmit your health information for such purpose or is a fee otherwise expressly permitted by other law; or
• Any other exceptions allowed by the Department of Health and Human Services.
We will never sell any of your personal data to a third party.

Practice Ownership Change:

If our medical practice is sold, acquired, or merged with another entity, your protected health information will become the property of the new owner. However, you will still have the right to request copies of your records and have copies transferred to another physician.

Rights That You Have Regarding Your Protected Health Information:

Access to Your Protected Health Information:

You have the right to copy and/or inspect much of the protected health information that we retain on your behalf. For protected health information that we maintain in any electronic designated record set, you may request a copy of such health information in a reasonable electronic format, if readily producible.

Amendments to Your Protected Health Information:

You have the right to request in writing that protected health information that we maintain about you be amended or corrected. We are not obligated to make requested amendments, but we will give each request careful consideration. If an amendment or correction request is made, we may notify others who work with us if we believe that such notification is necessary.

Restrictions on Use and Disclosure of Your Protected Health Information:

You have the right to request restrictions on uses and disclosures of your protected health information for treatment, payment, or health care operations. We are not required to agree to most restriction requests but will attempt to accommodate reasonable requests when appropriate. You do, however, have the right to restrict disclosure of your protected health information to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the protected health information pertains solely to a health care item or service for which you, or someone other than the health plan on your behalf, has paid shrinkMD in full. If we agree to any discretionary restrictions, we reserve the right to remove such restrictions as we deem appropriate. We will notify you if we remove a restriction imposed in accordance with this paragraph. You also have the right to withdraw, in writing or orally, any restriction by communicating your desire to do so to the individual responsible for medical records.

Right to Notice of Breach:

We take very seriously the confidentiality of our patients’ information, and we are required by law to protect the privacy and security of your protected health information through appropriate safeguards. We will notify you in the event a breach occurs involving or potentially involving your unsecured health information and inform you of what steps you may need to take to protect yourself.

Controls for do not track features:

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

California residents with specific privacy rights:

If you are a resident of California, you are granted specific rights regarding access to your personal information. California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

CCPA Privacy Notice

The California Code of Regulations defines a “resident” as:
(1) every individual who is in the State of California for other than a temporary or transitory purpose and
(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as “non-residents.”

Paper Copy of this Notice:

You have a right, even if you have agreed to receive notices electronically, to obtain a paper copy of this notice.

Complaints:

If you believe your privacy rights have been violated, you can file a complaint with shrinkMD. If you wish to file a complaint with the Secretary of the United States Department of Health and Human Services, please go to the website of the Office for Civil Rights (www.hhs.gov/ocr/hipaa/), call 202-619-0257 (toll free 877-696-6775), or mail to:

Secretary of the US – Department of Health and Human Services
200 Independence Ave S.W.
Washington, D.C. 20201

There will be no retaliation for filing a complaint. We are required by law to provide individuals with this notice of our legal responsibilities and privacy practices with respect to Protected Health Information. We are also required to maintain the privacy of, and abide by the terms of the notice currently in effect. If you have any questions in reference to this form, please ask to speak with our HIPAA Compliance Officer in person or by phone at the number listed above.

The name and address of the person you can contact for further information concerning our privacy practices are at https://www.shrinkMD.com