Information you provide to a My Health Onsite facility while being treated as a patient of that facility is defined as “Protected Health Information” under the Health Insurance Portability and Accountability Act and attendant regulations (HIPAA) and is subject to our Notice of Privacy Practices.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
The amount of personal information that we know about you is entirely up to you to decide. We will only know personal information about you if you choose to share this information about yourself; however, some Services may not be available unless we obtain a certain amount of personal information
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
Information by which you may be personally identified, such as name, postal address, email address, telephone number, or any other information the Website collects that is defined as personal or personally identifiable information under applicable law (“personal information”);
Information that is about you, but does not identify you individually; and /or
Information about your internet connection, the equipment you use to access the Website and usage details.
We collect this information:
Directly from you when you provide it to us;
Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses and information collected through cookies, web beacons, and other automatic data collection technologies described below.
Information that you provide by filling in forms on our Website;
Records and copies of your correspondence (including email addresses) if you contact us;
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information we collect through automatic data collection technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing activities and patterns, including:
Details of your visits to our Website, including traffic data, location data, and other communication data and the resources that you access and use on the Website;
Information about your computer and internet connection, including your IP address, operating system, and browser type.
The technologies we use for this automatic data collection may include:
Cookies. Cookies are small data files that are sent by a website and stored on your computer. Cookies are used by most websites and can contain information about your use of our Website. Most browsers have a setting to turn off the automatic acceptance of cookies. If you do not want to accept cookies from our Website, use the internet Options or Preference menu items in your browser to turn cookies off or receive warnings when cookies are sent to your computer. However, you should be aware that portions of our Website will not function properly if you do not accept cookies.
Web Beacons. A web beacon is a small transparent image placed on a website that may track visits to a particular page. If you set your browser to decline or deactivate cookies, web beacons cannot function because they are used in conjunction with cookies.
The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service.
The Website is not intended for use by children under the age of 18.
Specifically, the Website is not designed or intended to attract children under the age of 13. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at email@example.com.
2. HOW DO WE USE COLLECTED INFORMATION
In Short: We use collected information to provide services to you, communicate with you, improve your Website experience, and for business purposes.
The information we collect (automatically and when you provide it) during your visit to our website is used for the following purposes:
Monitor, review, measure, and analyze utilization of the Website;
Modify and enhance the Website;
Improve the content and design of the Website;
Maintain the safety, security, and integrity of the Website, Services, databases, other technology assets, and business;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity;
Activities to verify or maintain the quality or safety of Services and to improve, upgrade, or enhance Services;
Conduct research and analysis;
Respond to your requests for information, products or services;
Respond to your questions and concerns;
Distribute news and other health information requested by Website visitors;
Administer user accounts;
To fulfill any other purpose for which you provide it;
Notify you about changes to the Website or any products or services we offer;
In any other way we may describe when you provide the information;
For any other purpose with your consent.
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
In Short: We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.
We may process or share your data that we hold based on the following legal basis:
Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental request, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
More specifically, we may need to process your data or share your personal information in the following situations:
Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.
4. HOW LONG DO WE KEEP YOUR INFORMATION?
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archive), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
5. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. We are not responsible for circumvention of any privacy settings or security measure contained on the Website.
Please keep in mind that when you voluntarily disclose information about yourself in the public domain (for example, through bulletin boards, chat rooms, emails) it can be collected and used by third parties to contact you or for unauthorized purposes.
You should only access the Services within a secure environment.
6. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: You may review, change, or terminate your account at any time.
We strive to make sure that our information is reliable, accurate, and up-to-date. While personal information is maintained by us, you may access the personal information that we have collected directly from you, to the extent required by law, to review, update, and correct inaccuracies. There may be limits to the amount of information we can practically provide. For example, we may limit access to personal information where the burden or expense of providing access would be disproportionate to the risks to an individual’s privacy or where doing so would violate others’ rights.
You may ask us to delete all or some of your personal information. Please note that some information may remain in our records even after you request deleting of your personal information, to the extent required by applicable laws. To request to review, update, or delete your personal information, please submit your request to:
Medical Risk Solutions LLC
2710 Rew Circle, Suite 200
Ocoee, FL 34761
Please note that our Website is not intended for visitors located in the EEA, as My Health Onsite is a U.S.A. entity providing services in the U.S.A. Any personal information collected about EEA visitors through the Website is processed in the United States by us or a party acting on our behalf. When you provide personal information to us through the Website, you consent to the transfer, storage, and processing of your personal information in the United States.
7. CONTROLS FOR DO-NOT-TRACK FEATURES
Medical Risk Solutions LLC
2710 Rew Circle, Suite 200
Ocoee, FL 34761
4825-7560-9304, v. 1
TERMS & CONDITIONS
HIPAA OMNIBUS NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY
Each time you visit a health care provider, a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, a plan for future care or treatment, and billing-related information. This notice applies to all of the records of your care generated by the health center, whether made by health center staff members, agents of the health center, or your personal doctor.
We are required by law to maintain the privacy of protected health information, provide a description of our privacy practices with respect to protected health information, and notify affected parties in the event of a breach of unsecured protected health information. We will abide by the terms of this Notice.
USES AND DISCLOSURES
How we may use and disclose Health Information about you: The following categories describe examples of the way we use and disclose health information:
Treatment: We may use health information about you to provide you treatment and services. We may disclose health information about you to doctors, nurses, technicians, medical students, or other staff members who are involved in taking care of you at the health center. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. The doctor may need to tell the dietician about the diabetes so appropriate meals can be arranged. Different departments of the health center also may share health information about you in order to coordinate the different things you may need, such as prescriptions, lab work, and x-rays. We may also provide a subsequent health care provider with copies of various reports that should assist in treating you.
Payment: We may use and disclose health information about your treatment and services to your insurance company or a third party. For example, we may need to give your insurance company information about treatment for reimbursement to you.
Health Care Operations: Members of the medical staff and/or quality improvement team may use information in your health record to assess the care and outcomes in your case and others like it. The results will then be used to continually improve the quality of care for all patients we serve. For example, we may combine health information about many patients to evaluate the need for new services or treatment. We may disclose information to doctors, nurses, and students for educational purposes. And we may combine health information we have with that of other affiliated facilities to see where we can make improvements. We may remove information that identifies you from this set of health information to protect your privacy.
Business Associates: There are some services provided in our organization through business associates we have contracted with to perform the agreed upon services and billing where in the course of their work will directly or indirectly use, transmit, copy, view, transport, interpret or process PHI. They are prohibited from re-disclosing PHI and are bound by a Business Associate Agreement requiring them by federal law to appropriately safeguard your information.
As Required By Law: Your medical information will be disclosed when we are required to do so by federal, state or local authorities, laws, rules and/or regulations.
Lawsuits and Disputes: If you are involved in a lawsuit or dispute, your medical information may be disclosed in response to a court or administration order, subpoena, discovery request, or other lawful process by someone else involved in the dispute.
Law Enforcement: Your health information may be disclosed to law enforcement agencies to support government audits and inspections, to facilitate law-enforcement investigations, and to comply with government mandated reporting.
Public Health Purposes: We may release your medical information for public health activities, such as:
To prevent or control disease , injury or disability
To report births or deaths
To report child abuse or neglect
To report reactions to medications or problems with products
To notify people of recalls of products they may be using
To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
To notify the proper government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Oversight Agencies: Federal law allows us to release your protected health information to appropriate health oversight agencies or for health oversight activities to include audits, civil, administrative or criminal investigations: inspections; licensure or disciplinary actions; and for similar reasons related to the administration of healthcare.
Coroners, Medical Examiners and Funeral Directors: We may disclose your protected health information to funeral directors or coroners consistent with applicable law to allow them to carry out their duties.
Specialized Government Functions: We may disclose your protected health information for specialized government functions as authorized by law such as for military and veterans’ activities and for national security purposes.
Correctional Institutions: If you are an inmate of a correctional institution, we may disclose to the institution or its agents the protected health information necessary for your health and the health and safety of other individuals.
Workers Compensation: If you seek treatment for a work-related illness or injury we must provide full information in accordance with state specific laws regarding workers’ compensation claims. Once state specific requirements are met and an appropriate written request is received only the records pertaining to the work-related illness or injury may be disclosed.
ADDITIONAL USES AND DISCLOSURES
Appointment Reminders: Your health information may be used by our staff to send you appointment reminders. When disclosing information, primarily appointment reminders, we may leave messages on answering machines or voicemail of a telephone number that you have provided.
Information and Treatments: Your health information may be used to send you information that you may find interesting on the treatment and management of your medical condition, health related products and services, health related benefits, possible treatment alternatives, population based activities relating to improving health or reducing health care costs, conduct in training programs or reviewing competence and satisfaction of health care professionals.
Individuals Involved in Your Care: We may release health information about you to a family member or guardian who is involved in your medical care. In an emergency or in situations where you are incapacitated or not otherwise present, we may disclose your PHI to family members, friends, caregivers or others, when the circumstances indicate that such disclose is authorized by you and is in your best interest. In these situations we will only disclose your PHI that is relevant to such other person’s involvement in your care. In addition, we may disclose health information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location. If you have any objection to sharing your medical information in this way, please contact the HIPAA Compliance Officer listed at the end of this notice.
Research: Under certain circumstances, your medical information may be used and disclosed for research purposes. All research projects involving patients’ medical information must be approved through a special review process to protect patient confidentiality. You will only become a part of a research project if you agree to do so and sign a consent form.
Future Communications: We may communicate to you via newsletters, mail outs or other means regarding treatment options, health related information, disease-management programs, wellness programs, or other community based initiatives or activities our health center is participating in.
Organized Health Care Arrangement: This health center and its medical staff members have organized and are presenting you this document as a joint Notice. Information will be shared as necessary to carry out treatment, payment and health care options. Physicians and ancillary staff may have access to protected health information in their offices to assist in reviewing past treatment as it may affect treatment at the time.
Affiliated Covered Entity: Protected health information will be made available to health center personnel at local affiliated health centers as necessary to carry out treatment, payment and health care operations. Caregivers at other health centers may have access to protected health information at their locations to assist in reviewing past treatment information as it may affect treatment at this time. Please contact the HIPAA Compliance Officer for further information on the specific sites included in this affiliated covered entity.
Other uses and disclosures of health information not covered by this Notice (including psychotherapy notes) or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose health information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose health information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we have provided to you.
YOUR INDIVIDUAL RIGHTS
Although your health record is the physical property of the healthcare practitioner or health center that compiled it, you have the right to:
Inspect and Copy: You have the right to inspect and obtain a copy of the health information that may be used to make decisions about your care. Usually, this includes medical records, but does include psychotherapy notes. To see or get a copy of your medical information, you must submit a written request.
Amend: If you feel that health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the health center. Any request for an amendment must be sent in writing to the HIPAA Compliance Officer. We may deny your request for an amendment and if this occurs, you will be notified of the reason for the denial.
An Accounting of Disclosures: You have the right to request an accounting of disclosures. This is a list of certain disclosures we make of your health information for purposes other than treatment, payment or health care operations where an authorization was not required.
Request Restrictions: You have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. Any request for a restriction must be sent in writing to the HIPAA Compliance Officer.
We are required to agree to your request only if 1) except as otherwise required by law, the disclosure is to your health plan and the purpose is related to payment or health care operations (and not treatment purposes), and 2) the information pertains solely to health care services for which you have paid out of pocket in full. For other requests, we are not required to agree. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we contact you at work instead of your home. The health center will grant reasonable requests for confidential communications at alternative locations and/or via alternative means only if the request is submitted in writing. We reserve the right to contact you by other means and at other locations if you fail to respond
to any communication from us that requires a response. We will notify you in accordance with your original request prior to attempting to contact you by other means or at another location.
A Paper Copy of This Notice: You have the right to a paper copy of this Notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this Notice.
Notified of A Breach – We will notify you if we discover a breach of your unsecured protected health information.
To exercise any of your rights, please obtain the required forms from the HIPAA Compliance Officer and submit your request in writing.
CHANGES TO THIS NOTICE
We reserve the right to change this Notice and the revised or changed Notice will be effective for information we already have about you as well as any information we receive in the future. The current Notice will be posted in the health center and on our website and will include the effective date.
If you believe your privacy rights have been violated, you may submit a comment or complaint about our privacy practices to the address listed at the end of this Notice. You may also submit a written complaint to the U.S. Department of Health and Human Services. You will not be penalized for filing a complaint.
HIPAA Compliance Officer
Medical Risk Solutions dba My Health Onsite
2710 Rew Circle, Suite 200
Ocoee, FL 34761
If you have any questions about this Notice, you may contact the HIPAA Compliance Officer by telephone at 407-654-5414.