NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW THE MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
First Mile Care, Inc. is required by law to maintain the privacy of your individually identifiable patient health information (PHI). We are also required to provide you with this detailed notice or our legal duties and privacy practices relating to your PHI. We will only use or disclose your PHI as permitted or required by applicable state law.
This Notice applies to our use and disclosure of your PHI for purposes of enrollment, eligibility and payment under the diabetes prevention program (DPP) as well as our use and disclosure of your information for purposes of providing you with coaching or services under the diabetes prevention program (DPP). In addition, the above persons, entities, sites, and locations may share PHI with each other for life style coaching, payment, or program operations purposes as described in this notice.
First Mile Care understands that your health information is highly personal, and we are committed to safeguarding your privacy. Please read this Notice of Privacy Practices thoroughly. It describes how we will use and disclose your PHI.
I. PERMITTED or REQUIRED USE or DISCLOSURE
The following lists various ways in which we may use or disclose your PHI:
A. For coaching. We may disclose your PHI to pertinent DPP coach(es) providing you with lifestyle management training and services. For example, your DPP coach(es) may be informed of your latest fasting glucose test and or hemoglobin A1c test results First Mile Care receives from you or your physician to help guide curriculum delivery.
B. For Payment. We may use and disclose your PHI for billing and payment purposes. We may disclose your PHI to your personal representative, or to an insurance or managed care company, Medicare, Medicaid or the sponsoring agency.
C. Emergencies. We may use or disclose your PHI as necessary in emergency treatment situations.
D. Law Enforcement Purposes. We will disclose your PHI to the police or other law enforcement officials as required by law, such as identifying a criminal suspect or a missing person, or providing information about a crime victim or criminal conduct.
E. Required by Law: We will disclose PHI about you when required by federal, state or local law. Examples include disclosures in response to a court order / subpoena, mandatory state reporting, or information necessary to comply with other laws.
F. Specialized Government Functions. We will disclose your PHI regarding government functions such as military, national security and intelligence activities, as authorized by law. We will use and disclose PHI to the Department of Veterans Affairs to determine whether you are eligible for certain benefits.
G. More Stringent State and Federal Laws: State law is more stringent than HIPAA in several areas. Certain federal laws also are more stringent than HIPAA. First Mile Care will continue to abide by these more stringent state and federal laws.
a. More Stringent Federal Laws: The federal laws include applicable internet privacy laws, such as the Children’s Online Privacy Protection Act and the federal laws and regulations governing the confidentiality of PHI regarding substance abuse treatment.
b. More Stringent State Laws: State law is more stringent when the individual is entitled to greater access to records than under HIPAA. State law also is more restrictive when the records are more protected from disclosure by state law than under HIPAA. In cases where we provide life style coaching to a patient who resides in a neighboring state, we will abide by the more stringent applicable state law.
II. PERMITTED USE or DISCLOSURE WITH AN OPPORTUNITY FOR YOU TO AGREE OR OBJECT
A. Individuals Involved in Your Care or Payment for Your Care. We may disclose your PHI to a friend or family member who is involved in your diabetes prevention program. This would include persons named in any durable health care power of attorney or similar document provided to us. You have a right to request that your information not be shared with some or all of your family or friends. In addition, we may disclose your PHI to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location.
B. Reporting Victims of Abuse, Neglect or Domestic Violence. If we believe that you have been a victim of abuse, neglect or domestic violence, we may use and disclose your PHI to notify a government authority, if authorized by law or if you agree to the report.
C. Health Information Exchange: If a statewide or regional Health Information Exchange (“HIE”) operates in this state we may share your health records electronically with the exchange for the purposes of improving the overall quality of health care services provided to you. The HIE is functioning as our business associate and, in acting on our behalf, the HIE will transmit, maintain and store your PHI for treatment, payment and health care operation purposes. The HIE has a duty to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality and integrity of your medical information. State law may provide you rights to restrict, opt-in or opt-out of the exchange.
III. USE OR DISCLOSURE REQUIRING YOUR AUTHORIZATION
A. Marketing: Subject to certain limited exceptions, your written authorization is required in cases where we receive any direct or indirect financial remuneration in exchange for making the communication to you which encourages you to purchase a product or service or for a disclosure to a third party who wants to market their products or services to you.
B. Research: We will obtain your written authorization to use or disclose your PHI for research purposes when required by HIPAA.
C. Sale of PHI: Subject to certain limited exceptions, disclosures that constitute a sale of PHI requires your written authorization.
D. Other Uses and Disclosures: Any other uses and disclosures of PHI not covered by this notice or the laws that apply to us will be made only with your written authorization. You may revoke that authorization in writing, at any time. You understand that we are unable to take back any disclosures we have already made with your authorization.
IV. YOUR HEALTH INFORMATION RIGHTS
You have the following individual rights concerning your PHI:
Exercise of these rights may require submitting a written request to First Mile Care. At your request, First Mile Care will supply you with the appropriate form to complete.
A. Right to Inspect and Copy. Subject to certain limited exceptions, you have the right to access your PHI and to inspect and copy your PHI as long as we maintain the data. You will be charged a reasonable copying fee in accordance with applicable federal or state law.
You also have the right to request your PHI in electronic format in cases where we utilize electronic health records.
If we deny your request for access to your PHI, we will notify you in writing with the reason for the denial. You have the right to have this decision reviewed.
B. Right to Amend You have the right to amend your PHI for as long as First Mile Care maintains the data. Your request must state the reason for the requested amendment.
We may deny your request for changes if
First Mile Care did not create the information
The information is not part of the designated record set
The information would not be available for your inspection (due to its condition or nature) or
The information is accurate and complete
If we deny your request for amendment, we will give you a written denial including the reasons for the denial and the right to submit a written statement disagreeing with the denial.
C. Right to an Accounting of Disclosures. You have a right to receive an accounting of the disclosures of your PHI that we have made, except for the following disclosures:
To carry out life style coaching, payment, or program operations
To persons involved in your care
For national security or intelligence purposes
To correctional institutions or law enforcement official
Your written request must include a time period that is within six years from the date of your request. In any given 12-month period, we will provide you with an accounting of the disclosures of your PHI at no charge. Any additional requests for an accounting within that time period will be subject to a reasonable fee for preparing the accounting.
D. Right to Request Restrictions. You have the right to request restrictions on certain uses and disclosures of your PHI to carry out coaching, payment or program functions or to prohibit such disclosure. However, First Mile Care will consider your request but is not required to agree to the requested restrictions.
E. Right to Confidential Communications. You have the right to receive confidential communications of your PHI by alternative means or at alternative locations.
F. Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice of Privacy Practices upon request.
V. BREACH OF UNSECURED PHI
If a breach of unsecured PHI affecting you occurs, First Mile Care is required to notify you of the breach.
VI. SHARING AND JOINT USE OF YOUR PHI
In the course of the diabetes prevention program and in furtherance of First Mile Care’s mission to improve the health of the community, we will share your PHI with other organizations as described below who have agreed to abide by the terms described below:
A. Business Associates. We will share your PHI with business associates and their Subcontractors contracted to perform business functions on First Mile Care’s behalf.
VII. CHANGES TO THIS NOTICE
We will abide by the terms of the Notice currently in effect. We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for the PHI we already have about you as well as any information we receive in the future. We will post a copy of the current notice on our web site. You can also ask for a current copy of the Notice at any time.
VIII. FOR FURTHER INFORMATION OR TO FILE A COMPLAINT
If you have any questions about this Notice or would like further information concerning your privacy rights, please contact First Mile Care.
If you believe that your privacy rights have been violated, you may file a complaint in writing with First Mile Care or with the Secretary of the Department of Health and Human Services.
You will not be retaliated against for filing a complaint.
First Mile Care Compliance and Privacy Officer
3000 Sand Hill Road
Menlo Park, CA 92025