HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY

HIPAA Notice of Privacy Practices

Everly Health and its affiliates (collectively “Everly” or “we”) are committed to safeguarding your personally identifiable health information. Under the Health Insurance Portability and Accountability Act of 1996 (or “HIPAA”), this information is referred to as “individually identifiable health information” and “protected health information.” Under corresponding state statutes, such as California’s Confidentiality of Medical Information Act or Virginia Code § 32.1-127.1:03, such information may be referred to by other nomenclature, such as “medical information” or a “health record.” This Notice refers to all such health information as “PHI” or “protected health information.” Examples of documents that may contain your PHI include laboratory test orders and test results. This Notice does not apply to certain services that we perform that are not governed by HIPAA or corresponding state health care or medical privacy statutes.

 

HOW WE USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION

Uses And Disclosures Not Requiring Your Authorization

We may use and disclose your health information for treatment, payment and healthcare operations purposes, as such terms are defined under HIPAA, or to the extent required by law. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your PHI will fall into one of the categories listed below:

  • Treatment : We may use and disclose your PHI for the purposes of “treatment” (as defined by HIPAA). This includes, for example, when we or our workforce members perform laboratory tests or review their results with you. It also includes, among other things, the coordination or management of care with other providers or workforce members, or the referral of a patient from one health care provider to another, such as, for example, when a clinician orders a laboratory test from a clinical laboratory or a medication order to a pharmacy.
  • Payment : We may use and disclose your PHI for the purposes of “payment” (as defined by HIPAA). This includes, for example, when we bill you for services we have furnished to you. It also includes, among other things, determining eligibility or coverage (including coordination of benefits or the determination of cost sharing amounts), billing, claims management, collection activities, obtaining payment from third party payers, review of health care services with respect to medical necessity, appropriateness of care, or justification of charges, utilization review activities, precertification and preauthorization of services, concurrent and retrospective review of services, disclosure of certain information to consumer reporting agencies and related health care data processing.
  • Health Care Operations : We may use and disclose your PHI for the purposes of “health care operations” (as defined by HIPAA). This includes, for example, the use of your PHI in our general business and administrative activities, such as providing health care services to you and customer service. It also includes, among other things, care coordination and case management, population-based activities relating to improving health or reducing costs, protocol and clinical guideline development, quality assessments and improvement activities, auditing functions, evaluating practitioner and provider performance, cost management analysis and customer service, and the creation of limited data sets and de-identified health information.
  • Public Health Activities, etc . As permitted by HIPAA, we may disclose your health information to public health authorities, workers compensation agents, social services agencies or other governmental authorities for purposes of preventing and controlling disease and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity.
  • Health Oversight Activities . We may disclose your health information to a health oversight agency for authorized activities such as audits, investigations, inspections, licensing and disciplinary actions relating to the healthcare system or government benefit programs.
  • Decedents . We may, under certain circumstances, disclose your health information to authorized representatives of decedents.
  • Business Associates . Everly Health may provide your PHI to other companies or individuals that need it to provide services to us. These companies are called Business Associates. They are also required to safeguard your PHI.
  • Individuals Involved in Your Care : We may disclose relevant PHI to a family member, friend, caregiver or other individual involved in your healthcare or for payment of your healthcare if you agree or do not object. We may use or disclose your PHI to notify your family or personal representative of your location or condition.
  • Emergency Situations : We may use and disclose your PHI if necessary to prevent or lessen a serious threat to your health and safety or that of another person.
  • As Required by Law; Legal Process or Proceedings : We may use and disclose your PHI as required by law. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI as required to comply with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process in the course of a judicial or administrative proceeding, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information.
  • Research : We may use or disclose PHI for research purposes when permitted by law, such as when an Institutional Review Board ( an administrative body established to protect the rights and welfare of human research subjects recruited to participate in research activities) or privacy board has reviewed the research proposal and plans to safeguard the privacy of your PHI and determined that your authorization is not required. We may also use or disclose PHI about deceased patients to researchers if certain requirements are met. We may use and disclose a limited data set containing some of your PHI for research purposes. However, we will only disclose a limited data set if we enter into a data use agreement with the recipient.
  • Incidental Uses and Disclosures : Sometimes, your PHI may be used or disclosed in the course of our primary uses and disclosures, such as for treatment, payment or healthcare operations.

 

Uses And Disclosures Requiring Your Authorization

We need your authorization to use or disclose your PHI for any purpose not covered by this Notice or the laws that apply to us. You may revoke any authorization you sign at any time in writing. If you revoke your authorization, we will no longer use or disclose your PHI except to the extent we have already taken action to satisfy your authorization.

 

YOUR HEALTH INFORMATION RIGHTS

You have the following rights with respect to your PHI:

  • Restrictions . The right to request restrictions on certain uses and disclosures of protected health information. We are not required to comply with your request. However, if we agree to comply with your request, we will be bound by such agreement, except when otherwise required by law or in the event of an emergency.
  • Confidential Communications . The right to reasonable requests to receive confidential communications of protected health information by alternative means or at alternative locations.
  • Copies of Medical Information . The right to inspect and copy your protected health information. You must submit your request in writing to us. We may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. We may deny your request to inspect and/or copy your health information in certain limited circumstances. If that occurs, we will inform you of the reason for the denial, and you may request a review of the denial.
  • Requests for Amendment . You have a right to request that we amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is maintained by us. You must submit your request to us in writing and provide a reason to support the requested amendment. We may, under certain circumstances, deny your request by sending you a written notice of denial. If we deny your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
  • Accounting of Disclosures . You have a right to receive an accounting of all disclosures we have made of your health information. However, that right does not include disclosures made for treatment, payment or healthcare operations, disclosures made to you about your treatment, disclosures made pursuant to an authorization, and certain other disclosures. You must submit your request to us in writing and you must specify the time period involved (which must be for a period of time less than six years from the date of the disclosure). Your first accounting will be free of charge. However, we may charge you for the costs involved in fulfilling any additional request made within a period of 12 months. We will inform you of such costs in advance, so that you may withdraw or modify your request to save costs.
  • Breach . You have the right to be notified in the event that we or our subcontractor discovers a breach of unsecured protected health information.
  • Copy of Notice . You have the right to obtain a paper copy of this Notice from us at any time upon request.
  • Complaint . You may file a complaint to Everly Health or to the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated. To file a complaint with us, you must submit a statement in writing to privacy@everlyhealth.com or Privacy Officer, Everly Health, Inc., 823 Congress Avenue, 12th Floor, Austin, TX 78701. We will not retaliate against you for filing a complaint.

 

HOW TO EXERCISE YOUR RIGHTS

You may exercise any of the foregoing rights by presenting a written request privacy@everlyhealth.com or Everly Health, Inc.

Attention: Privacy Officer

823 Congress Avenue, 12th floor

Austin, TX 78701

 

Last Updated: February 22, 2023