Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
EFFECTIVE JUNE 26, 2017
This Notice of Privacy Practices (the “Notice”) tells you about the ways we may use and disclose your protected health information (“medical information”) and your rights and our obligations regarding the use and disclosure of your medical information. This Notice applies to Bailey Health of California P.C., Bailey Health of Colorado P.C., Bailey Health of Connecticut P.C., Bailey Health of Florida LLC, Bailey Health of Georgia P.C., Bailey Health of Illinois P.C., Bailey Health of Kentucky PSC, Bailey Health of Maine P.C., Bailey Health of Massachusetts P.C., Bailey Health of Michigan P.C., Bailey Health of Missouri LLC, Bailey Health of Montana P.C., Bailey Health of Nebraska LLC, Bailey Health Medicine of New York P.C., Bailey Health of North Carolina P.C., Bailey Health Medicine of New York P.C., Bailey Health of Pennsylvania P.C., Bailey Health of South Carolina P.C., Bailey Health of Tennessee P.C., Bailey Health of Texas PLLC, Bailey Health of Virginia LLC, Bailey Health of Washington P.C., Bailey Health of Wisconsin P.C., Bailey Health of Wyoming P.C., and other entities related to the Bailey Health entities, including their providers and employees, as well as certain Bailey Health vendors and related entities, such as Hims Inc. (“Hims”) (collectively, the “Practice”).
1. OUR OBLIGATIONS
We are required by law to:
- Maintain the privacy of your medical information, to the extent required by state and federal law;
- Give you this Notice explaining our legal duties and privacy practices with respect to medical information about you;
- Notify affected individuals following a breach of unsecured medical information under federal law; and
- Follow the terms of the version of this Notice that is currently in effect.
2. HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU
The following categories describe the different ways that we typically use and disclose medical information, the purposes for such uses and disclosures, and the reasons for such uses and disclosures.
As noted below, we may contact you via different methods that you may approve, such as via text message, email, or thorough your Bailey Health or Hims account. In most instances, your initial communication with the Practice will be through an interaction with the Practice on the Bailey Health website or app, which communication may include the completion by you of a questionnaire or other asynchronous communication with the Practice, and the subsequent communication back to you by the Practice of further medical information.
Specifically speaking, the Practice may communicate with you in the following specific ways and for the following specific purposes:
Type & Purpose
- Email communications; To provide you with information on special offers and deals
- Customer Service Emails, texts, or app notifications; To provide you with updates on problems with orders, late shipments, and other questions applicable to your doctor’s visit(s)
- Tracking emails; To notify you when prescriptions have been shipped, will arrive, and other confirmations
- Order information; To provide information on content of orders (additional products or samples)
- Follow-up texts; To allow a doctor or nurse to contact you with changes to your course of treatment
- Referral programs; To provide you with information on benefits you may receive if you refer another patient to the Practice.
Additionally, the Practice may use and disclose your medical information for the following reasons. These categories are intended to be general descriptions only, and not a list of every instance in which we may use or disclose your medical information. Please understand that for these categories, the law generally does not require us to get your authorization in order for us to use or disclose your medical information.
- For Treatment.We may use and disclose medical information about you to provide you with health care treatment and related services, including coordinating and managing your health care. We may disclose medical information about you to physicians, nurses, other health care providers and personnel who are providing or involved in providing health care to you (both within and outside of the Practice). For example, should your care require referral to a pharmacy for the provision of prescription drugs, we may provide that pharmacy with your medical information in order to aid the pharmacist in his or her treatment of you.
- For Payment.We may use and disclose medical information about you so that we or may bill and collect from you, an insurance company, or a third party for the health care services we provide. This may also include the disclosure of medical information to obtain prior authorization for treatment and procedures from your insurance plan. For example, we may send a claim for payment to your insurance company, and that claim may have a code on it that describes the services that have been rendered to you. If, however, you pay for an item or service in full, out of pocket and request that we not disclose to your health plan the medical information solely relating to that item or service, as described more fully in Section IV of this Notice, we will follow that restriction on disclosure unless otherwise required by law.
- For Health Care Operations. We may use and disclose medical information about you for our health care operations. These uses and disclosures are necessary to operate and manage our practice and to promote quality care. For example, we may need to use or disclose your medical information in order to assess the quality of care you receive or to conduct certain cost management, business management, administrative, or quality improvement activities or to provide information to our insurance carriers.
- Quality Assurance and Utilization Review. We may need to use or disclose your medical information for our internal processes to assess and facilitate the provision of quality care to our patients. We may need to use or disclose your medical information to perform a review of the services we provide in order to evaluate whether that the appropriate level of services is received, depending on condition and diagnosis.
- Credentialing and Peer Review. We may need to use or disclose your medical information in order for us to review the credentials, qualifications and actions of our health care providers.
- Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that we believe may be of interest to you.
- Appointment Reminders and Information about Health Related Benefits and Services. We may use and disclose medical information, in order to contact you (including, for example, contacting you by phone and leaving a message on an answering machine) to provide appointment reminders and other information. We may use and disclose medical information to tell you about health-related benefits or services that we believe may be of interest to you. See also the specific types of communications noted above.
- Business Associates. There are some services (such as billing or legal services) that may be provided to or on behalf of our Practice through contracts with business associates, such as Hims, Inc. When these services are contracted, we may disclose your medical information to our business associate so that they can perform the job we have asked them to do. To protect your medical information, however, we require the business associate to appropriately safeguard your information.
- Individuals Involved in Your Care or Payment for Your Care. We may disclose medical information about you to a friend or family member who is involved in your health care, as well as to someone who helps pay for your care, but we will do so only as allowed by state or federal law (with an opportunity for you to agree or object when required under the law), or in accordance with your prior authorization.
- As Required by Law. We will disclose medical information about you when required to do so by federal, state, or local law or regulations.
- Other. Subject to applicable legal requirements, and where appropriate for your medical care or required by law, we may also use your medical information (i) to avert an imminent threat of injury to health or safety, (ii) for organ donation purposes, for research, (iii) to appropriate military authorities if you are in the armed forces, (iv) for workers’ compensation programs, (v) for public health activities, (vi) for health oversight activities, (vii) for other legal matters, (viii) for law enforcement purposes, (ix) to coroners and medical examiners, or (x) for marketing or fundraising purposes
- Electronic Disclosures of Medical Information. Under the law of certain states, we are required to provide notice to you if your medical information is subject to electronic disclosure. This Notice serves as general notice that we may disclose your medical information electronically for treatment, payment, or health care operations or as otherwise authorized or required by state or federal law.
3. OTHER USES OF MEDICAL INFORMATION
- Authorizations. There are times we may need or want to use or disclose your medical information for reasons other than those listed above, but to do so we will need your prior authorization. Other than expressly provided herein, any other uses or disclosures of your medical information will require your specific written authorization.
- Psychotherapy Notes, Marketing and Sale of Medical Information.Most uses and disclosures of “psychotherapy notes,” uses and disclosures of medical information for marketing purposes, and disclosures that constitute a “sale of medical information” under HIPAA require your authorization. The Practice does not anticipate that it will obtain psychotherapy notes or sale medical information.
- Right to Revoke Authorization. If you provide us with written authorization to use or disclose your medical information for such other purposes, you may revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose your medical information for the reasons covered by your written authorization. You understand that we are unable to take back any uses or disclosures we have already made in reliance upon your authorization, and that we are required to retain our records of the care that we provided to you.
4. YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU
Federal and state laws provide you with certain rights regarding the medical information we have about you. The following is a summary of those rights.
- Right to Inspect and Copy. Under most circumstances, you have the right to inspect and/or copy your medical information that we maintain in our possession in a designated record set, which generally includes your medical and billing records. To inspect or copy your medical information, you must submit your request to do so in writing to the Practice’s HIPAA Officer at the address listed in Section VI below. If you request a copy of your information, we may charge a fee for the costs of copying, mailing, or certain supplies associated with your request. The fee we may charge will be the amount allowed by state law. If your requested medical information is maintained in an electronic format (e.g., as part of an electronic medical record, electronic billing record, or other group of records maintained by the Practice that is used to make decisions about you) and you request an electronic copy of this information, then we will provide you with the requested medical information in the electronic form and format requested, if it is readily producible in that form and format. If it is not readily producible in the requested electronic form and format, we will provide access in a readable electronic form and format as agreed to by the Practice and you. In certain very limited circumstances allowed by law, we may deny your request to review or copy your medical information. We will give you any such denial in writing. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by the Practice will review your request and the denial. The person conducting the review will not be the person who denied your request. We will abide by the outcome of the review.
- Right to Amend. If you feel the medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by the Practice. To request an amendment, your request must be in writing and submitted to the HIPAA Officer at the address listed in Section VI below. In your request, you must provide a reason as to why you want this amendment. If we accept your request, we will notify you of that in writing. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that (i) was not created by us (unless you provide a reasonable basis for asserting that the person or organization that created the information is no longer available to act on the requested amendment), (ii) is not part of the information kept by the Practice, (iii) is not part of the information which you would be permitted to inspect and copy, or (iv) is accurate and complete. If we deny your request, we will notify you of that denial in writing.
- Right to an Accounting of Disclosures. You have the right to request an "accounting of disclosures" of your medical information. This is a list of the disclosures we have made for up to six years prior to the date of your request of your medical information, but may not include disclosures for Treatment, Payment, or Health Care Operations (as described in Sections II A, B, and C of this Notice) or disclosures made pursuant to your specific authorization (as described in Section III of this Notice), or certain other disclosures. If we make disclosures through an electronic health records (EHR) system, you may have an additional right to an accounting of disclosures for Treatment, Payment, and Health Care Operations. Please contact the Practice’s HIPAA Officer at the address set forth in Section VI below for more information regarding whether we have implemented an EHR and the effective date, if any, of any additional right to an accounting of disclosures made through an EHR for the purposes of Treatment, Payment, or Health Care Operations. To request a list of accounting, you must submit your request in writing to the Practice’s HIPAA Officer at the address set forth in Section VI below. Your request must state a time period, which may not be longer than six years (or longer than three years for Treatment, Payment, and Health Care Operations disclosures made through an EHR, if applicable). Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a twelve-month period will be free. For additional lists, we may charge you a reasonable fee for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a restriction or limitation on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. Except as specifically described below in this Notice, we are not required to agree to your request for a restriction or limitation. If we do agree, we will comply with your request unless the information is needed to provide emergency treatment. In addition, there are certain situations where we won’t be able to agree to your request, such as when we are required by law to use or disclose your medical information. To request restrictions, you must make your request in writing to the Practice’s HIPAA Officer at the address listed in Section VI of this Notice below. In your request, you must specifically tell us what information you want to limit, whether you want us to limit our use, disclosure, or both, and to whom you want the limits to apply. As stated above, in most instances we do not have to agree to your request for restrictions on disclosures that are otherwise allowed. However, if you pay or another person (other than a health plan) pays on your behalf for an item or service in full, out of pocket, and you request that we not disclose the medical information relating solely to that item or service to a health plan for the purposes of payment or health care operations, then we will be obligated to abide by that request for restriction unless the disclosure is otherwise required by law. You should be aware that such restrictions may have unintended consequences, particularly if other providers need to know that information (such as a pharmacy filling a prescription). It will be your obligation to notify any such other providers of this restriction. Additionally, such a restriction may impact whether an insurance company wil pay for related care that you may not want to pay for out of pocket (and which would not be subject to the restriction).
- Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at home and not at work or, conversely, only at work and not at home. To request such confidential communications, you must make your request in writing to the Practice’s HIPAA Officer at the address listed in Section VI below. We will not ask the reason for your request, and we will use our best efforts to accommodate all reasonable requests, but there are some requests with which we will not be able comply. Your request must specify how and where you wish to be contacted.
- Right to an Email or Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. To obtain a copy of this Notice, you must make your request in writing to the Practice’s HIPAA Officer at the address set forth in Section VI below.
- Right to Breach Notification. In certain instances, we may be obligated to notify you (and potentially other parties) if we become aware that your medical information has been improperly disclosed or otherwise subject to a “breach” as defined in and/or required by HIPAA and applicable state law.
5. CHANGES TO THIS NOTICE
We reserve the right to change this Notice at any time, along with our privacy policies and practices. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well, as any information we receive in the future. We will post a copy of the current notice, along with an announcement that changes have been made, as applicable, on our website and in any physical office in which the Practice practices medicine. When changes have been made to the Notice, you may obtain a revised copy by sending a letter to the Practice’s HIPAA Officer at the address listed in Section VI below.
If you believe that your privacy rights as described in this Notice have been violated, you may file a complaint with the Practice at the following address or phone number:
- Bailey Health
- Attn: HIPAA Officer
- 1 Letterman Drive, San Francisco, Building C, Suite 3500, California 94129
To file a complaint, you may either call, email, or send a written letter. The Practice will not retaliate against any individual who files a complaint. You may also file a complaint with the Secretary of the Department of Health and Human Services.
In addition, if you have any questions about this Notice, please contact the Practice’s HIPAA Officer at the address or phone number listed above.