Privacy policy.
THIS NOTICE DESCRIBES HOW PERSONAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. IF YOU HAVE ANY QUESTIONS OR REQUESTS, PLEASE CONTACT THE PRIVACY CONTACT LISTED AT THE END OF THIS NOTICE.
Einstein Advisors ("Agency", "we", "our" or "us") is committed to protecting the privacy of your health information. In conducting our business, we will create records regarding you and the services we provide to you. A federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), requires Agency to take reasonable steps to ensure the privacy of your "Protected Health Information" (as defined below) and to provide you with this notice of Privacy Practices. We will abide by the terms of our Notice of Privacy Practices currently in effect.
This notice describes your rights concerning "Protected Health Information" ("PHI") about you. PHI is information that may identify you and that relates to (a) your past, present, or future physical or mental health or condition or (b) the past, present or future payment for your health care.
It may be necessary to change the terms of this notice in the future. We reserve the right to make changes and to make the new notice effective for all PHI that we maintain about you, including PHI we created or maintained in the past. If we make material changes to our privacy practices, we will provide you with the revised notice, which we may provide to you in hard copy or electronically, as permitted by applicable law.
This notice is effective March 13, 2019.
Uses and Disclosures of Your PHI
This section of the notice explains how Agency uses and discloses your PHI as required or permitted by law. As explained below, in some instances we may request your written authorization to use or disclose PHI.
Required Disclosures. Use and disclosure of your PHI may be required by the Secretary of the Department of Health and Human Services to investigate and/or determine Agency's compliance with HIPAA's privacy regulations.
2. Uses and Disclosures Related to Treatment, Payment and Health Care Operations. Agency and its business associates may use or disclose PHI for activities related to treatment, payment and health care operations. As described in the next section entitled "Your Privacy Rights", you have the right to request a restriction on the use and disclosure of your PHI for treatment, payment or health care operations purposes.
Since we are not a health care provider, we do not engage in treatment of individuals and, accordingly, we will not share your information for such purposes. Examples of activities related to payment include payment of health care claims or collection of premiums. Examples of activities related to health care operations include quality assessment and improvement, underwriting, audit services, legal services, data aggregation, business planning and development, administrative activities related to compliance, customer services, fraud and abuse prevention and detection, and complaint resolution.
3. Other Uses and Disclosures of Your PHI. In addition to the uses and disclosures described above, Agency may use or disclose PHI for the following purposes: for public health activities (for example, to alert public health authorities of public health risks to prevent or control disease, injury or disability or handle situations where a child is abused or neglected or for example, to notify the FDA of problems with a product regulated by the FDA, to notify a person who has been exposed to a communicable disease or may be at risk of spreading or contracting a disease or condition, or providing information to an employer when the employer is allowed to have the information for work-related reasons); for health oversight activities (for example, to assist in investigations relating to insurance fraud); for judicial and administrative proceedings (for example, in response to a subpoena or discovery request); for certain law enforcement purposes (for example, required reporting to certain courts or victims, to report a crime, or identify a suspect); for protection against serious harm (for example, to protect victims of abuse, neglect or domestic violence); for specialized government functions (for example, to assist in national security, military and intelligence activities); for certain government-approved research purposes (if certain conditions are met); for workers' compensation purposes (for example, when required by workers' compensation laws); to a coroner, medical examiner, or funeral director (to permit them to carry out their legal duties); in order to facilitate organ donations and transplants; when necessary to prevent or lessen a serious and imminent threat to health or safety; or when required to do so by federal, state, or local law.
4. Use and Disclosure to Family Members or Other Personal Representatives. We may disclose PHI to a family member, guardian, executor, administrator or other person identified by you and authorized by law to act on your behalf with respect to health care. When disclosing information to such a person, we will take appropriate steps to verify the identity of such person.
5. Use and Disclosures to Plan Sponsor (Employer). We may disclose PHI to an employer-sponsor of a group health plan, if applicable, provided that any such plan sponsor certifies: (a) that the information provided will be maintained in a confidential manner and shall not be used for employment related decisions or for other employee benefit determinations or in any other manner not permitted by law; and (b) that the plan documents contain provisions concerning restrictions on how the plan sponsor may use or further disclose PHI.
6. Use and Disclosure to Contact You Regarding Health-Related Benefits and Services. Agency or its business associates may contact you regarding health-related benefits and services that may be of interest to you.
7. Uses and Disclosures to Business Associates. We may disclose PHI to our business associates, such as information systems consultants, production vendors and actuarial consultants, who perform services on our behalf. When we disclose information to a business associate, we will require the business associate to protect the privacy of your PHI through a written agreement with Agency.
8. Uses and Disclosures That Require Your Written Authorization. Your prior written authorization would be required before we may disclose PHI for marketing purposes, disclose PHI if Agency receives remuneration for distribution of the communication, or disclose psychotherapy notes. Other uses and disclosure of your PHI not described in this Notice of Privacy Practices will be made only with your written authorization, unless otherwise permitted or required by law as described in this notice. You may revoke such authorization at any time, except to the extent Agency or its business associates or other entities have relied on such disclosure. Revocation will not affect any uses or disclosures made with your permission before it was revoked. Also, if you gave us permission to disclose your information in order to obtain insurance coverage, you may not revoke it if other law allows the insurer to contest a claim under the policy or the policy itself.
9. Genetic Information. To the extent applicable, we will not disclose any genetic information in our possession for underwriting purposes.
10. Other Applicable Law. In the event applicable law, other than HIPAA, prohibits or materially limits our uses and disclosures of PHI, as described above, we will restrict our uses or disclosures of PHI in accordance with the more stringent standard.
Your Privacy Rights
This section of the notice describes your rights as an individual with respect to your PHI and summarizes how you may exercise these rights.
Right to Restrict Uses and Disclosures for Treatment, Payment and Health Care Operations Purposes. You have the right to request that we restrict uses and disclosures of your PHI for activities related to treatment, payment and health care operations as described above. Any such request must be made in writing to the address provided below and must state: (a) what PHI you want restricted; (b) whether the restriction shall apply to the "use" or "disclosure" of PHI, or both; and (c) to whom the restriction applies. Though we will evaluate all requests for restrictions, we are not required to agree to the restriction. If we agree to the restriction, we will abide by it, except in the case of emergency treatment or as required by law. We may terminate our agreement to a restriction if you agree to or request the termination of the restriction. In addition, we may notify you that we are terminating our agreement to a restriction as of a specified date, and that the restriction will no longer apply to PHI created or received by us after such date.
2. Right to Request Confidential Communications. You may request that we communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may wish to receive communications from us at your work location rather than your home. Any such request must be made in writing to the address provided below and must include a reason in support of your request. We will evaluate all such requests. We will try to follow your request, if it is reasonable and as required under law.
3. Right to Access, Inspect and Copy Your PHI. You have a right to request access to your PHI in order to inspect or copy PHI that we use to make decisions about you (including medical records and billing records), other than psychotherapy notes or information compiled in reasonable anticipation of, or for use in, a criminal, civil or administrative action or proceeding. Any such request must be made in writing to the address provided below. If we approve your request, we may charge a reasonable fee for such copying of your PHI. Under certain circumstances, we may deny your request for access to your PHI. If your request is denied, we will notify you of our reason for the denial and you may have the right to have such denial reviewed.
4. Right to Amend Your PHI. You have the right to request that we amend PHI that we use to make decisions about you if you believe the information is incorrect or inaccurate. Any such request must be made in writing to the address provided below and must include a reason in support of your request. Under certain circumstances, we may deny your request for amendment of your PHI. If your request is denied, we will notify you of our reason for the denial, your right to submit a written statement of disagreement or to have the request for amendment included with future disclosures, and your right to file a complaint with our Customer Care Department and/or the Secretary of the Department of Health and Human Services. If your request for amendment is granted, we will notify you that the amendment was approved. We will also ask you to identify relevant persons who should be informed of the amendment and ask that you agree to our communication with such persons.
5. Right to an Accounting of Disclosures. You have the right to receive a listing of how the Agency disclosed your PHI to other people or organizations. There are certain disclosures that are not included in the listing, for example, disclosures made to you about your own health information or disclosures that you give us permission to make.
6. Right to a Copy of Notice of Privacy Practices. You have the right to receive a paper copy of this notice upon request, even if you agreed to receive this notice electronically. You may request a paper copy of our most current notice at any time by contacting our Compliance Department at 386-956-0256.
7. Right to Notice of Breach. We implement appropriate administrative, physical and technical safeguards and security systems to protect your PHI. If, despite these efforts, there is a breach of your unsecured PHI, you will be notified.
Complaints
You may file a complaint in writing with Agency's Compliance Department or the Secretary of the Department of Health and Human Services if you believe your privacy rights have been violated. Direct your complaints to be filed with Agency to the address provided below. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services within 180 days of a violation of your rights. We will not retaliate against you for filing a complaint.
Additional Information
If you have any questions or need further assistance regarding this notice or to request assistance with any of the items listed above, please call our Compliance Department at 386-956-0256. The address to send any requests or to file complaints relating to your privacy rights (as described above) is Einstein Advisors, 201 Brookgreen Way, DeLand, FL 32724.