THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Who Must Follow this Notice
Moving Analytics, Inc. (“Company”) provides you with health coaching services by working with health coaches and other health care providers (referred to as “we,” “our,” or “us”) when you apply for or participate in the Movn Program (the “Services”). This is a joint notice of our information privacy practices (“Notice”). The following people or groups will follow this Notice:
- any health care provider who provides services to you at or from Company’s locations. These professionals include health coaches and others;
- any health care provider that utilizes our Services to deliver a remote coaching program to you; and
- our employees, contractors, and volunteers, including regional support offices and affiliates. These entities, sites, and locations may share medical information with each other for treatment, payment, or health care operations purposes described in this Notice.
In addition, we also use and share your information for other reasons as allowed and required by law. If you have any questions about this Notice, please see our contact information on the last page of this Notice.
Our Commitment to Your Privacy
We are dedicated to maintaining the privacy and integrity of the protected health information that we receive from you as part of your application for or participation in the Services (“PHI”). PHI is information about you that we receive from you as part of your application for or participation in the Services that may be used to identify you (such as your name, social security number, or address), and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In providing services to you, we will receive and create records containing your PHI. We need these records to provide you with quality care and to comply with certain legal requirements.
We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or other Notice in effect at the time of the use or disclosure).
This Notice applies to the records of services you receive at or from Company, whether created by our staff or your healthcare provider. Your health care providers may have different practices or notices about their use and sharing of medical information in their own offices, locations or clinics. We will gladly explain this Notice to you or your family member.
How We May Use and Disclose Protected Health Information
We are required to maintain the confidentiality of your PHI, and we have policies and procedures and other safeguards to help protect your PHI from improper use and disclosure. The following categories describe different ways that we use your PHI within Company and disclose your PHI to persons and entities outside of Company. We have not listed every use or disclosure within the categories below, but all permitted uses and disclosures will fall within one of the following categories. In addition, there are some uses and disclosures that will require your specific authorization.
How much PHI may legally be used or disclosed without your written permission will vary depending, for example, on the intended purpose of the use or disclosure. Sometimes we may only need to use or disclose a limited amount of PHI, such as to send you a reminder or to confirm your health insurance coverage. At other times, we may need to use or disclose more PHI such as when a doctor is providing medical treatment.
- Disclosure at your request. We may disclose information when requested by you. This disclosure at your request may require written authorization by you.
- Treatment. This is the most important use and disclosure of your PHI. We may use and disclose your PHI to a physician or health care provider to provide treatment and other services to you. In addition, we may contact you to provide reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may also disclose PHI to other providers involved in your treatment.
- Health care operations. We may use and disclose your PHI for our health care operations and the health care operations of certain other entities that have or have had a relationship with you. These health care operations include internal administration and planning and various activities that improve the quality and cost effectiveness of the care delivered to you. Examples include, but are not limited to, using information about you to improve quality of care, quality assessment activities, disease management programs, patient satisfaction surveys, compiling medical information, training, de-identifying PHI and benchmarking.
- Business associates. Some services in our organization are provided through our contracts with business associates. Examples of business associates include accreditation agencies, management consultants, quality assurance reviewers, and billing and collection services. We may disclose your PHI to our business associates so that they can perform the job we have asked them to do. To protect your PHI, we require our business associates to sign a contract or written agreement stating that they will appropriately safeguard your PHI.
Special Situations that Do Not Require Your Authorization
The following categories describe unique circumstances in which Company may use or disclose your PHI without your authorization.
- Public health activities. We may disclose your PHI for the following public health activities to: (1) prevent or control disease, injury or disability; (2) report births and deaths; (3) report regarding the abuse or neglect of children, elders and dependent adults; (4) report reactions to medications or problems with products; (5) notify people of recalls of products they may be using; (6) notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and (7) notify emergency response employees regarding possible exposure to HIV/AIDS, to the extent necessary to comply with state and federal laws.
- Victims of abuse, neglect or domestic violence. If we reasonably believe you are a victim of abuse, neglect, or domestic violence, we may disclose your PHI to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect, or domestic violence.
- Health oversight activities. We may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Lawsuits and other legal disputes. We may use and disclose PHI in responding to a court or administrative order, a subpoena, or a discovery request. We may also use and disclose your PHI to the extent permitted by law without your authorization, for example, to defend a lawsuit or arbitration.
- Law enforcement officials. We may disclose your PHI to the police or other law enforcement officials as required or permitted by law: (1) in response to a court order, subpoena, warrant, summons or similar process; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; (4) about a death we believe may be the result of a criminal conduct; (5) about criminal conduct at Company; and (6) in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
- Decedents. We may disclose your PHI to a coroner or medical examiner as authorized by law.
- Research that does not involve your treatment. When a research study does not involve any treatment, we may disclose your PHI to researchers. To do this, we will either ask your permission to use your PHI or we will use a special process that protects the privacy of your PHI. In addition, we may use information that cannot be identified as your PHI, but that includes certain limited information (such as your date of birth and dates of service). We will use this information for research, quality assurance activities, and other similar purposes and, if we disclose this limited information, we will obtain special protections for the information disclosed.
- Specialized government functions. We may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State, under certain circumstances. We may use and disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law. We may use and disclose your PHI to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state, or conduct special investigations.
- Inmates. If you are an inmate of a correctional institution or under custody of a law enforcement official, we may disclose PHI about you to the correctional institution or the law enforcement official. This is necessary for the correctional institution to provide you with health care, to protect your health and safety and the health and safety of others, and to protect the safety and security of the correctional institution.
- Workers’ compensation. We may disclose your PHI as authorized by and to the extent necessary to comply with state laws relating to workers’ compensation or other similar programs.
- As required by law. We may use and disclose your PHI when required to do so by any other law not already referred to in the preceding categories. For example, the Secretary of the Department of Health and Human Services may review our compliance efforts, which may include seeing your PHI.
Situations Requiring Your Written Authorization
If there are reasons we need to use your PHI that have not been described in the sections above, we will obtain your written permission. This permission is described as a written “authorization.” If you authorize us to use or disclose PHI about you, you may revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose PHI about you for the reasons stated in your written authorization, except to the extent we have already acted in reliance on your authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and we are required to retain our records of the care we provide to you.
Your Rights Regarding Your PHI
You have the following rights regarding PHI we maintain about you. You may contact us to obtain additional information and instructions for exercising the following rights.
- Right to request additional restrictions. You may request restrictions on our use and disclosure of your PHI (1) for treatment, payment and health care operations, (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care, or (3) to notify or assist in the notification of such individuals regarding your location and general condition. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction, unless the request is regarding a disclosure to a health plan for a payment or health care operation purpose and the PHI relates solely to a health care item or service for which we have been paid out-of-pocket in full. This request must be in writing. We will send you a written response. If we agree with the request, we will comply with your request except to the extent that disclosure has already occurred or if you are in need of emergency treatment and the information is needed to provide the emergency treatment.
- Right to receive confidential communications. You may request to receive your PHI by alternative means of communication or at alternative locations. For example, you can request that we only contact you at work or by mail. To request confidential communications, you must make your request in writing. We will not ask you for the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- Inspection and copies. You may request access to your medical record file and billing records maintained by us. You may inspect and request copies of the records. Under limited circumstances, we may deny you access to a portion of your records. If you are denied access to PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
- If you desire access to your records, you must submit your request in writing. If your PHI is maintained in an electronic health record, you may obtain an electronic copy of your PHI and, if you choose, instruct us to transmit such copy directly to an entity or person you designate in a clear, conspicuous, and specific manner.
- If you request paper copies, we will charge you for the costs of copying, mailing, labor and supplies associated with your request. Our fee for providing you an electronic copy of your PHI will not exceed our labor costs in responding to your request for the electronic copy (or summary or explanation).
- You should take note that, if you are a parent or legal guardian of a minor, certain portions of the minor’s PHI will not be accessible to you (e.g., records pertaining to health care services for which the minor can lawfully give consent and therefore for which the minor has the right to inspect or obtain copies of the record; or the health care provider determines, in good faith, that access to the client records requested by the representative would have a detrimental effect on the provider’s professional relationship with the minor client or on the minor’s physical safety or psychological well-being).
- Right to amend your records. You have the right to request that we amend PHI maintained in your medical record file or billing records. If you desire to amend your records, your request must be in writing. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply. If we deny your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
- Right to addendum. You have the right to add an addendum to your PHI maintained in your medical record.
- Right to receive an accounting of disclosures. Upon written request, you may obtain an accounting of certain disclosures of your PHI made by us during any period of time five years prior to the date of your request. Your written request should indicate in what form you want the list (for example, on paper or electronically). If you request an accounting more than once during a twelve (12) month period, we will charge you for the costs involved in fulfilling your additional request. We will inform you of such costs in advance, so that you may modify or withdraw your request to save costs. In addition, we will notify you as required by law if there has been a breach of the security of your PHI.
To the extent required by law, when using or disclosing your PHI or when requesting your protected health information from another covered entity, we will make reasonable efforts not to use, disclose, or request more than the minimum amount of protected health information necessary to accomplish the intended purpose of the use, disclosure, or request, taking into consideration practical and technological limitations.
Changes to this Notice
We may change the terms of this Notice from time to time. Changes will apply to current PHI, as well as new PHI after the change occurs. We will post the new Notice on our website at www.movinganalytics.com/hipaa. Upon your request, you may obtain any revised Notice by calling or emailing us and requesting that a revised copy be sent to you in the mail.
Concerns or Complaints
If you desire further information about your privacy rights, are concerned that we have violated your privacy rights, or disagree with a decision that we made about access to your PHI, you may contact our Privacy Officer (listed below). Finally, you may send a written complaint to the U.S. Department of Health and Human Services, Office of Civil Rights. Our Privacy Officer can provide you the address. We will not take any action against you for filing a complaint.
How to Contact Us
If you would like more information about your privacy rights, please contact Company by calling (213) 400-8441 and ask to speak with the Privacy Officer. To the extent you are required to send a written request to Company to exercise any right described in this Notice, you must submit your request to Company at:
Moving Analytics, Inc., 16969 Von Karman Ave. STE 220, Irvine, CA 92606