HIPAA

HIPAA Notice of Privacy Practice

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. 

 

PLEASE REVIEW IT CAREFULLY. 

 

At Cecelia Health (“Cecelia”), we take privacy very seriously and make every effort to protect your personal information. As a health care organization, we comply with all applicable federal and state privacy and data protection laws and have implemented policies and technologies that demonstrate that commitment. Your success in the health and wellness programs we offer depends on our ability to build trust. If you ever have any questions about our Privacy practices, you can contact us at: privacyrequest@ceceliahealth.com

 

Entities and Individuals Covered by this Notice 

 Cecelia offers virtual health and wellness programs (the “Cecelia Programs”). For purposes of this notice (this “Notice”), when you open an account, complete one of our online forms, or participate in the Cecelia Programs, we consider this as using our “Health Care Services.” When you use our Health Care Services, Cecelia, its health screeners or trainers, and other health care providers (“we” or “us”) provide you with health care. This Notice describes the information privacy practices that any providers of Cecelia’s Programs comply with, whether they are licensed and/or certified health care professionals or non-certified professionals, or whether they are employed or contracted with Cecelia. These individuals may share your health information with each other for the purposes of treatment, payment, or health care operations that are described in this Notice and as allowed and required by law. 

 

Cecelia is considered a “covered entity” under the federal law known as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA requires Cecelia to keep the information we collect from and about you secure and protected from improper use or disclosure (the “Security Rule”) and to make it available to you and to others when it is permitted and appropriate (the “Privacy Rule”). The information that we receive that relates to your past, present and future physical or mental health, to the provision of health care services to you or to the payment for such services is called protected health information (“PHI”). PHI is distinguished from “personal information” in that if you only browse on our public website but do not take a clinical assessment or enroll in a Cecelia Program, we keep any personal information that we collect from you safe, private, and confidential under the terms of our PRIVACY POLICY. Cecelia will not sell or accept any in-kind remuneration for you protected health information or your personal information and we will not permit our business partners to do so either.  

 

Types of Information Covered by this Notice  

When it is appropriate, we may collect PHI directly from you and other times we will potentially collect PHI from you through an authorized may connected device (such as a scale, blood pressure or blood glucose monitor). Your exercise and food tracking that may be disclosed to wellness trainers or educators and other participants in the Health Care Services in which you are enrolled. We may also receive and share PHI through health information exchanges. You may opt out of health information exchange and disable access to your health information by contacting us at privacyrequest@ceceliahealth.com. Even if you choose to opt-out, public health reporting and Controlled Dangerous Substances information, as part of the State Prescription Drug Monitoring Program (PDMP), will still be available to providers as permitted by law. 

 

When it comes to your health information, you have certain rights, and we have certain responsibilities. Below, are some examples of the different ways that we may use and disclose your PHI. Not all possibilities are listed, but all of the ways that we may use and disclose PHI fall within one of the categories below. Some uses and disclosures require a valid HIPAA authorization and other can be made without your permission. sometimes we limit the amount of PHI that we disclose to the minimum amount necessary and other time we are permitted to disclose more, like when a doctor requires your health information for your medical treatment. 

 

The list below includes examples of ways that we may disclose PHI about you without a written authorization from you. 

 

 

Our Responsibilities and Your Rights Regarding Your PHI 

 Cecelia is required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this notice and at your request we must give you a copy of it. Cecelia will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time but any disclosure that have been made cannot be retrieved. 

 

You have the following rights regarding PHI that we maintain about you. You may contact us to obtain additional information and instructions for exercising these rights in any of the manners described at the end of this Notice. 

 

Right to Request Additional Restrictions

While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction with the exception where you request that we not disclose PHI to a health plan and the PHI relates solely to a health care item or service for which you personally have paid in full. 

  • You may request restrictions on our use and disclosure of your PHI for treatment, payment, and health care operations.  
  • You may also request restrictions on our use and disclosure of your PHI to relatives, close friends, or other people identified by you and involved with your care or with payment related to your care or to notify or assist in notifying those individuals regarding your location and general condition.  
  • These requests must be in writing, and we will send you a written response.  
  • If we agree with the request, we will comply with your request except to the extent that disclosure has already occurred or to the extent needed to provide you with emergency treatment.  

 

Right to Receive Confidential Communications

Our Health Care Services only work through an online digital platform. Therefore, a request for alternative communications may make it impossible for Cecelia to provide you with our Health Care Services. 

  • You may request to receive your PHI by alternative means of communication or at alternative locations.  
  • For example, you can request that we only contact you at work or by mail.  
  • You must make your request in writing. We will not ask you for the reason for your request. We will accommodate all reasonable requests.  

 

Your Right to Inspection and Obtain a Copy

You have an absolute right to obtain copies of the PHI that we collect and use in the course of providing the Health Care Services to you. You do not have a right to obtain copies of PHI that we have de-identified or aggregated to conduct research or that is in data sets that we use to study and improve the quality of our business, to train our employees, or to manage the legal and financial aspects of our business. 

  • Your request for access or a copy of PHI must be made in a manner that allows us to reliably conclude that you are who you say you are.  
  • You may request a copy of PHI about you in writing on paper, or you may request your PHI electronically by emailing privacyrequest@ceceliahealth.com  
  • You can request a copy or a summary of your health information. There may charge a reasonable, cost-based fee. 
  • Depending on the scope of your request, or the form/format you request we prepare your PHI in, it may take up to 30 days to complete that work, which we may extend by another 30 days if necessary to prepare the data. 
  • We will provide one copy of your PHI per calendar year at no cost to you. If you request more than one copy per calendar year, we may charge you for copying and mailing/transmission. We will provide an estimate before proceeding. 

 

Right to Amend, Correct or Add to Your Medical Record

  • You can ask us to correct health information about you that you think is incorrect or incomplete.  
  • If we deny your request, you will be permitted to submit a statement of disagreement that will be included in your records. 
  • We may not be able to fulfill your request, but you will receive an explanation as to why in writing within 60 days. 
  • You request that we add an addendum to your PHI that is maintained in your medical record. 

 

Right to Receive an Accounting of Disclosures

  • You can request that we provide you with an “accounting of disclosures,” which summarizes the people and organizations outside of Cecelia to whom we have disclosed PHI about you (other than other covered entities that have a relationship with you and that have received PHI for permitted purposes as described above in this Notice).  
  • Your request must be in writing or electronically.  
  • We will provide (or transmit at your request) one accounting of disclosures per calendar year at no cost to you.  
  • If you request more than one accounting of disclosures per calendar year, we may charge you the costs of fulfilling your request, and we will supply you with an estimate before proceeding. 

 

Copy of this Notice

You are entitled to a copy of this Notice. You may obtain a copy of this Notice at our website: www.ceceliahealth.com. You may print out a paper copy of this Notice from our website at any time. You are also entitled to ask that we print this Notice and mail it to you. To receive a paper copy of this Notice from us, you may contact us in any of the manners described at the end of this Notice. 

 

 

Disclosure We Make at Your Request  

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want, and we will help you achieve your goals. 

 

In these cases, you have both the right and choice to request that we: 

  • Share information with your family, close friends, or others involved in your care 
  • Share information in a disaster relief situation 
  • Include your information in a hospital directory 

 

If you are not able to tell us your preference, for example if you are not able to respond to us or we are unable to reach you, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety. 

 

In these cases we never share your information unless you give us written permission: 

  • Marketing purposes 
  • Sale of your information 
  • Most sharing of psychotherapy notes 

  

Cecelia’s Permitted Uses and Disclosures 

HIPAA permits us to use and disclose your PHI in certain circumstances without having to obtain your consent or approval.  

 

Treatment 

  • We can use your health information and share it with other professionals who are treating you. 
  • Example: A doctor treating you for an injury asks another doctor about your overall health condition.

 

To run our organization – this is referred to as health care operations 

  • We can use and share your health information to run our practice, improve your care, and contact you when necessary. 
  • Example: We use health information about you to manage your treatment and services. 

 

To bill for your services 

  • We can use and share your health information to bill and get payment from health plans or other entities. 
  • Example: We give information about you to your health insurance plan so it will pay for your services. 

 

When Cecelia uses or discloses PHI to a third party to assist with a treatment, payment and health care operations, function, we enter into business associate agreements. In doing so, we obligate those third-parties to protect your PHI in the same manner that we do. However, if you interact with any of our business associates, and have any questions or issues about your PHI, please contact Cecelia directly so that we can assist with addressing your questions.  

 

 

HIPAA also permits Cecelia to make disclosure without your authorization for the following purposes: 

 

To help with public health and safety issues 

We can share health information about you for certain situations such as: 

  • Preventing disease 
  • Helping with product recalls 
  • Reporting adverse reactions to medications 
  • Reporting suspected abuse, neglect, or domestic violence 
  • Preventing or reducing a serious threat to anyone’s health or safety 

 

To conduct research 

We can use or share your information for health research. 

 

 

To comply with the law 

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law. 

 

 

To respond to organ and tissue donation requests 

We can share health information about you with organ procurement organizations. 

 

 

To work with a medical examiner or funeral director 

We can share health information with a coroner, medical examiner, or funeral director when an individual dies. 

 

 

To address workers’ compensation, law enforcement, and other government requests 

We can use or share health information about you: 

  • For workers’ compensation claims 
  • For law enforcement purposes or with a law enforcement official 
  • With health oversight agencies for activities authorized by law 
  • For special government functions such as military, national security, and presidential protective services 

 

To respond to lawsuits 

We can share health information about you in response to a court or legal actions administrative order, or in response to a subpoena. 

 

 

Minimum Necessary 

To the extent required by law, when Cecelia uses or discloses your PHI or when we request your PHI from another covered entity, we will make reasonable efforts not to use, disclose, or request more than the minimum amount of PHI necessary for us to accomplish the intended purpose. 

 

How else can we use or share your health information? 

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. 

 

Change to the Terms of This Notice or Questions 

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request and on our website. 

 

For any inquires or subject rights request pertaining to your medical record, please contact: privacyrequest@ceceliahealth.com