At Health, we recognize that your health information is sensitive and we take great care to protect your privacy. We are committed to complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), along with all other applicable federal, state, and local laws, rules, and regulations designed to protect your health information.
📋 Our Commitment to Compliance
Health maintains a comprehensive compliance program that includes regular audits, staff training, and continuous monitoring of our systems. We have designated Privacy and Security Officers responsible for ensuring that all aspects of our organization adhere to HIPAA regulations.
Key Compliance Measures
- Regular workforce training on privacy and security protocols
- Annual risk assessments and mitigation strategies
- Strict access controls for Protected Health Information (PHI)
- Business Associate Agreements (BAAs) with all third-party vendors
- Comprehensive incident response and breach notification procedures
🔒 Protected Health Information (PHI)
We collect, use, and disclose your Protected Health Information (PHI) in accordance with federal and state laws. PHI includes any information that can identify you and relates to your past, present, or future physical or mental health, the provision of healthcare, or payment for healthcare.
How We Use and Disclose Your PHI
- Treatment: We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services.
- Payment: We may use and disclose your PHI to bill and collect payment from you or a third-party payer.
- Healthcare Operations: We may use and disclose your PHI for quality assurance, training, and other operational purposes.
- As Required by Law: We may disclose your PHI when required by federal, state, or local law.
🛡️ Security Safeguards
Health implements administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI (ePHI).
🔐 Administrative
Policies, procedures, workforce training, and risk management strategies to manage access to PHI.
🏢 Physical
Facility access controls, workstation security, and device management to protect physical infrastructure.
💻 Technical
Encryption, access controls, audit controls, and transmission security to protect ePHI in transit and at rest.
👤 Your Rights Under HIPAA
As a patient, you have specific rights regarding your health information. We are committed to honoring these rights:
📄 Right to Access
You have the right to inspect and obtain a copy of your medical and billing records.
✏️ Right to Amend
You may request to amend your health records if you believe they are incomplete or inaccurate.
📊 Accounting of Disclosures
You have the right to request a list of certain disclosures we have made of your PHI.
🔕 Right to Request Restrictions
You may request restrictions on how we use or disclose your PHI for treatment, payment, or operations.
📧 Alternative Communication
You may request that we communicate with you about medical matters in a specific way or at a certain location.
⚠️ Right to a Paper Copy
You have the right to receive a paper copy of this Notice of Privacy Practices upon request.
🚨 Breach Notification Policy
In the unlikely event of a breach of unsecured PHI, Health is committed to prompt notification in accordance with the HIPAA Breach Notification Rule. We will notify:
- Individuals: Within 60 days of discovering the breach, via first-class mail or email if consented.
- Department of Health and Human Services (HHS): Within 60 days for breaches affecting 500+ individuals; annually for smaller breaches.
- Media: For breaches affecting more than 500 residents of a state or jurisdiction, as required by HHS.
⚖️ Our Responsibilities
Health is legally required to maintain the privacy and security of your protected health information, provide you with this notice of our legal duties and privacy practices, and notify you following a breach of your unsecured protected health information.
Contact Our Privacy Officer
If you have questions about this notice, wish to exercise your rights, or have concerns about how your information has been handled, please contact our Privacy Officer:
New York, NY 10001