NOTICE OF PRIVACY PRACTICES

 THIS NOTICE DESCRIBES HOW THE MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY

 First Mile Care, Inc. is required by law to maintain the privacy of your individually identifiable patient health information (PHI). We are also required to provide you with this detailed notice of our legal duties and privacy practices relating to your PHI. We will not use or disclose your PHI, unless required or permitted by applicable federal, state, and local law.

 This Notice applies to our use and disclosure of your PHI for purposes of enrollment, eligibility, and payment under the Diabetes Prevention Program (DPP), as well as our use and disclosure of your information for purposes of providing you with coaching or services under the Diabetes Prevention Program (DPP). In addition, the persons, entities, sites, and locations providing these services may share PHI with each other for life style coaching, payment, or program operations purposes as described in this notice.

 First Mile Care understands that your health information is highly personal and we are committed to safeguarding your privacy. Please read this Notice of Privacy Practices thoroughly. It describes how we may use and disclose your PHI.

 I. PERMITTED or REQUIRED USE or DISCLOSURE

The following lists various ways in which we may use or disclose your PHI:

A.     For coaching. We may disclose your PHI to pertinent DPP coach(es) providing you with lifestyle management training and services. For example, your DPP coach(es) may be informed of your latest fasting glucose test and/or hemoglobin A1c test results First Mile Care receives from you or your physician to help guide curriculum delivery.

B.     For Payment. We may use and disclose your PHI for billing and payment purposes. We may disclose your PHI to your personal representative, or to an insurance or managed care company, Medicare, Medicaid or the sponsoring agency.

C.     Emergencies. We may use or disclose your PHI as necessary in emergency treatment situations.

D.    Law Enforcement Purposes. We will disclose your PHI to the police or other law enforcement officials when required by law, such as identifying a criminal suspect or a missing person or providing information about a crime victim or criminal conduct.

E.     Required by Law. We will disclose PHI about you when legally bound by federal, state or local law. Examples include disclosures in response to a court order, subpoena, mandatory state reporting, or information necessary to comply with other laws.

F.     Specialized Government Functions. We will use and disclose PHI to the Department of Veterans Affairs, at your request, to determine whether you are eligible for certain benefits.  We will disclose your PHI, when legally mandated, regarding government functions such as national security, intelligence activities, and military.

G.    More Stringent State and Federal Laws. State law is more stringent than HIPAA in several areas. Certain federal laws also are more stringent than HIPAA.  First Mile Care will continue to abide by these more stringent state and federal laws.

II. PERMITTED USE OR DISCLOSURE WITH AN OPPORTUNITY FOR YOU TO AGREE OR OBJECT

A.     Individuals Involved in Your Care or Payment for Your Care. We may disclose your PHI to a friend or family member who is involved in your diabetes prevention program. This would include persons named in any durable health care power of attorney or similar document provided to us. You have a right to request that your information not be shared with some or all of your family or friends. In addition, we may disclose your PHI to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location.

B.     Reporting Victims of Abuse, Neglect or Domestic Violence. If we believe that you have been a victim of abuse, neglect or domestic violence, we may use and disclose your PHI to notify a government authority, if you agree to report or if legally required.

C.     Health Information Exchange. If a statewide or regional Health Information Exchange (“HIE”) operates in this state we may share your health records electronically with the exchange for the purposes of improving the overall quality of health care services provided to you. The HIE is functioning as our business associate and, in acting on our behalf, the HIE will transmit, maintain and store your PHI for treatment, payment and health care operation purposes. The HIE has a duty to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality and integrity of your medical information. State law may provide you rights to restrict, opt-in or opt-out of the exchange.

III. USE OR DISCLOSURE REQUIRING YOUR AUTHORIZATION

A.     Marketing. Subject to certain limited exceptions, your written authorization is required in cases where we receive any direct or indirect financial remuneration in exchange for making the communication to you which encourages you to purchase a product or service or for a disclosure to a third party who wants to market their products or services to you.

B.     Research. We will obtain your written authorization to use or disclose your PHI for research purposes when required by HIPAA.

C.     Sale of PHI. Subject to certain limited exceptions, disclosures that constitute a sale of PHI requires your written authorization.

D.    Other Uses and Disclosures. Any other uses and disclosures of PHI not covered by this notice or the laws that apply to us will be made only with your written authorization. You may revoke that authorization in writing, at any time. You understand that we are unable to take back any disclosures we have already made with your authorization.

IV. YOUR HEALTH INFORMATION RIGHTS

You have the following individual rights concerning your PHI; exercise of these rights may require submitting a written request to First Mile Care. At your request, First Mile Care will supply you with the appropriate form to complete.

A.     Right to Inspect and Copy. Subject to certain limited exceptions, you have the right to access your PHI and to inspect and copy your PHI as long as we maintain the data. You will be charged a reasonable copying fee in accordance with applicable federal or state law.

You also have the right to request your PHI in electronic format in cases where we utilize electronic health records.

If we deny your request for access to your PHI, we will notify you in writing with the reason for the denial. You have the right to have this decision reviewed.

B.     Right to Amend You have the right to amend your PHI for as long as First Mile Care maintains the data. Your request must state the reason for the requested amendment.

We may deny your request for changes if

•      First Mile Care did not create the information

•      The information is not part of the designated record set

•      The information would not be available for your inspection (due to its condition or nature) or

•      The information is accurate and complete

If we deny your request for amendment, we will give you a written denial including the reasons for the denial and the right to submit a written statement disagreeing with the denial.

C.     Right to an Accounting of Disclosures. You have a right to receive an accounting of the disclosures of your PHI that we have made, except for the following disclosures:

·       To carry out life style coaching, payment, or program operations

·       To you

·       To persons involved in your care

·       For national security or intelligence purposes

·       To correctional institutions or law enforcement official

Your written request must include a time period that is within six years from the date of your request. In any given 12-month period, we will provide you with an accounting of the disclosures of your PHI at no charge. Any additional requests for an accounting within that time period will be subject to a reasonable fee for preparing the accounting.

D.    Right to Request Restrictions. You have the right to request restrictions on certain uses and disclosures of your PHI to carry out coaching, payment or program functions or to prohibit such disclosure. However, while First Mile Care will consider your request, it is not required to agree to the requested restrictions.

E.      Right to Confidential Communications. You have the right to receive confidential communications of your PHI by alternative means or at alternative locations.

F.     Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice of Privacy Practices upon request.

V. BREACH OF UNSECURED PHI

If there is a breach of unsecured PHI that affects your information, First Mile Care is required to notify you of the breach.

 VI. SHARING AND JOINT USE OF YOUR PHI

In the course of the diabetes prevention program and in furtherance of First Mile Care’s mission to improve the health of the community, we may share your PHI with other organizations as described below.

A.     Business Associates. We may share your PHI with business associates and their subcontractors contracted to perform business functions on First Mile Care’s behalf. Agreements signed between business associates and First Mile Care assures that the associates safeguard all PHI with the same attention as First Mile Care.

VII. CHANGES TO THIS NOTICE

 We will abide by the terms of the Notice currently in effect. We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for the PHI we already have about you as well as any information we receive in the future. We will post a copy of the current notice on our web site. You can also ask for a current copy of the Notice at any time.

VIII. FOR FURTHER INFORMATION OR TO FILE A COMPLAINT

If you have any questions about this Notice or would like further information concerning your privacy rights, please contact First Mile Care.

If you believe that your privacy rights have been violated, you may file a complaint in writing with First Mile Care or with the Secretary of the Department of Health and Human Services.

 You will not be retaliated against for filing a complaint.

 First Mile Care Compliance and Privacy Officer

3000 Sand Hill Road, Suite 3-210, Menlo Park, CA 92025