HIPAA

RXAPPS:  NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices is mandated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  It describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law.  It also describes your rights to access and control your protected health information.  “Protected health information” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services.

We are required to abide by the terms of this Notice of Privacy Practices.  We may change the terms of our notice at any time.  Any such new notice will be effective for all protected health information that we maintain at that time.  Upon your request, you may obtain any revised Notice of Privacy Practices by calling us and requesting that a revised copy be sent to you in the mail or asking for one at the time of your next visit.

1.  Uses and Disclosures of Protected Health Information

Uses and Disclosures of Protected Health Information Based Upon Your Written Consent

Your protected health information may be used and disclosed by RxApps and others outside RxApps that are involved in your care and treatment for the purpose of providing health care services to you.  Your protected health information may also be used and disclosed as necessary to pay health care bills and to otherwise support the operation of RxApps.

Set forth below are examples of the types of uses and disclosures of your protected health care information that RxApps is permitted to make.  These examples are not meant to be exhaustive, but rather to describe for you the types of uses and disclosures that may be made by RxApps.

Treatment:  We may use and disclose your protected health information to provide, coordinate, or manage your health care and any related services.  For example, we may disclose your protected health information to a physician or health care provider (e.g., a specialist or a laboratory) who, at the request of your physician or RxApps, becomes involved in your care.

Payment:  Your protected health information may be used, as needed, to obtain payment for your health care services.  For example, obtaining approval for a hospital stay may require that your relevant protected health information be disclosed to a health plan to obtain approval for the hospital admission.

Healthcare Operations:  We may use or disclose, as needed, your protected health information in order to support the normal business activities of RxApps.  Examples of these activities include, but are not limited to, quality assessment activities, employee review activities, training, licensing, and conducting or arranging for other business activities.

We also may need to share your protected health information with certain of our “business associates,” third parties that perform various activities (e.g., billing, transcribing records) for RxApps.  Whenever an arrangement between RxApps and a business associate involves the use or disclosure of your protected health information, we will have in place the legally required safeguards to protect the privacy of your health information.

Uses and Disclosures of Protected Health Information Based upon Your Written Authorization

Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described below.  You may revoke your authorization, at any time, in writing, except to the extent that RxApps has taken an action in reliance on the use or disclosure indicated in the authorization.

Other Uses and Disclosures That May Be Made and to Which You May Agree or Object

In the circumstances listed below, you may agree or object to the use or disclosure of the protected health information in the manner described.  In the absence of agreement or objection, RxApps may, using professional judgment, determine whether the disclosure of health information is in your best interest.  If such a determination is made, only the protected health information that is relevant to your health care will be disclosed.

Others Involved in Your Healthcare:  Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your health care.  If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interests, based on our professional judgment.  We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, general condition or death.  Finally, we may use or disclose your protected health information to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.

Emergencies:  In an emergency treatment situation, we may have to use or disclose your protected health information in a context in which consent for the release of information has not already been given.  If this happens, RxApps will try to obtain your consent to the release of information as soon as reasonably practicable after the delivery of the treatment.  If RxApps is required to treat you and has attempted to obtain your consent but is unable to obtain your consent, it may still use or disclose your protected health information to treat you.

Other Permitted and Required Uses and Disclosures That May Be Made Without Your Consent, Authorization or Opportunity to Object

There are other circumstances in which we may have to use or disclose your protected health information, even without your consent or authorization.  These situations include:

Communication Barriers:  If RxApps attempts to obtain consent from you but is unable to do so due to substantial communication barriers and RxApps determines, using professional judgment, that you would consent to the use or disclosure under the circumstances, we may use and disclose your protected health information.

Disclosure Required By Law:  We may use or disclose your protected health information to the extent that the use or disclosure is required by law.  The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law.  You will be notified, as required by law, of any such uses or disclosures.

Public Health:  We may disclose your protected health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information.  The disclosure will be made for the purpose of controlling disease, injury or disability.  We may also disclose your protected health information, if directed by the public health authority, to a government agency that is collaborating with the public health authority.

Health Oversight:  We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections.  Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.

Legal or Administrative Proceedings or Investigations:  We may disclose protected health information in the course of any judicial or administrative proceeding or investigation, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in certain conditions in response to a subpoena, discovery request or other lawful process or request.

Food and Drug Administration:  We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products; to enable product recalls; to make repairs or replacements; or to conduct post marketing surveillance, as required.

Law Enforcement:  We may disclose protected health information, so long as applicable legal requirements are met, for law enforcement purposes.  These law enforcement purposes include requests:  (1) pursuant to legal processes or as otherwise required by law; (2) for limited information for identification and location purposes; (3) pertaining to potential victims of a crime; (4) relating to suspicion that a death has occurred as a result of criminal conduct; (5) in the event that a crime occurs at RxApps; or (6) relating to a medical emergency (not at RxApps) and it is necessary to alert law enforcement regarding a potential crime.

Threat to Public Safety:  Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.  We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.

2.  Your Rights

Set forth below is a statement of your rights with respect to your protected health information and a brief description of how you may exercise these rights.

You have the right to inspect and copy your protected health information.  This means you may inspect and obtain a copy of protected health information about you that is contained in a designated record set for as long as we maintain the protected health information.  A “designated record set” contains medical records and any other records that RxApps uses for making decisions about you.

Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding, and protected health information that is subject to law that prohibits access to protected health information.  In some circumstances, you may have a right to review a decision that denies you access to information.  Please contact our Privacy Contact if you have questions about access to your health information.

You have the right to request a restriction on the use or disclosure of your protected health information.  This means you may ask us not to use or disclose any part of your protected health information for the purposes of treatment, payment or healthcare operations.  You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices.  Your request must state the specific restriction requested and to whom you want the restriction to apply.  However, RxApps is not required to agree to a restriction that you request.  If RxApps believes it is in your best interest to permit use and disclosure of your protected health information, your protected health information will not be restricted.  If RxApps does agree to a requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment for you.  With this in mind, please discuss any restriction you wish to request in advance with the Privacy Contact listed below.

You have the right to request to receive confidential communications of your protected health information from RxApps by alternative means or at an alternative location.  We will accommodate reasonable requests.  We also may condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact.  We will not request an explanation from you as to the basis for the request.  Please make such requests in writing to our Privacy Contact.

You may have the right to have RxApps amend your protected health information.  This means you may request an amendment of protected health information about you in a designated record set for as long as we maintain this information.  In certain cases, we may deny your request for an amendment.  If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.  Please contact our Privacy Contact if you have questions about amending your medical record.

You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information.  This right does not apply to all disclosures; in particular, it does not apply to disclosures for purposes necessary to carry out treatment, payment or healthcare operations as described in this Notice of Privacy Practices.  It excludes disclosures we may have made to you, you, for a facility directory, to family members or friends involved in your care, or for notification purposes.  The right to receive this information is subject to additional exceptions, restrictions and limitations.

3.  Complaints

You may complain to us or to the Secretary of Health and Human Services if you believe your privacy rights have been violated by us.  You may file a complaint with us by notifying our Privacy Contact of your complaint.  We will not retaliate against you or you for the filing of such a complaint.

You may reach our Privacy Contact, John Moore at RxApps, privacy@rxapps.com or 617.823.7623.  John can provide further information about this Notice and the policies and procedures set forth herein.