Spora Medical Notice of Privacy Practices
Date: May 15, 2020
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Spora Medical, PC ("Spora Medical") is committed to protecting the privacy and security of your health information. To that end, we operate in compliance with all applicable privacy and data protection laws including the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH") and implementing regulations (“HIPAA”).
This Notice of Privacy Practices describes the practices that we will follow with respect to the privacy of the health information of users of our website and related services, including the telehealth services (the “Services”). We are required to abide by the terms of this Notice of Privacy Practices.
What Health Information We Collect
In providing our Services, information we collect may constitute Protected Health Information (“PHI”) under HIPAA. PHI is personal (individually identifiable) information about you that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care, which is created, received, transmitted or maintained by Spora Medical.
What Information We Disclose
When you use our Services, Spora Medical may use and disclose your PHI for the purposes described below. These uses and disclosures do not require your prior authorization. You may revoke your authorization for us to use or share your PHI at any time, except for uses or disclosures we have already made. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by Spora Medical:
Treatment: We will use and disclose your PHI to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with another provider. For example, your PHI may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you.
Payment: We may use and share your health information to obtain payment for our services. For example, we may disclose your PHI to your health plan to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our services.
Health Care Operations: We may use and share your health information for our operations related to health care. For example, this may include quality assessment activities, employee review activities, licensing, fundraising activities, and conducting or arranging for other business activities.
Business Associates: From time to time, we work with other companies and individuals who help us deliver our services, known as “business associates.” These entities are required to keep any PHI confidential and store it securely. For example, we use business associates to help store the data that we collect.
De-identifiable and Aggregated Data: We may use and disclose your PHI in a de-identifiable and aggregated manner to analyze our users’ experiences and help improve our services.
As Required by Law: We may use or disclose your PHI if state or federal laws require it.
Public Health and Safety: We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person. We may also disclose PHI to those assisting in disaster relief efforts so that others can be notified about your condition, status and location.
Law Enforcement Activities: We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence.
Legal Proceedings: We may disclose PHI to respond to a court or administrative order, or in response to a warrant, investigation demand or other legal process.
Individuals Involved in Your Care or Payment of Your Care: Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose PHI to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, general condition or death. Finally, we may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.
Communicable Diseases: We may disclose your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health Oversight: We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include local, state, and federal government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
Abuse or Neglect: We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration: We may disclose your PHI to a person or company required by the Food and Drug Administration for the purpose of quality, safety, or effectiveness of FDA-regulated products or activities including, to report adverse events, product defects or problems, biologic product deviations; to track products; to enable product recalls; to make repairs or replacements; or to conduct post marketing surveillance, as required.
Workers’ Compensation: We may disclose your PHI as authorized to comply with workers’ compensation laws and other similar legally-established programs.
Other Uses and Disclosures: As permitted by HIPAA, we may disclose your PHI to:
Military Command Authorities
National Security and Intelligence Organizations
Organ and Tissue Donation Organizations
Coroners, Medical Examiners and Funeral Directors
Note Regarding State Law
Where state law is more restrictive of disclosure than federal law, we are required to follow the more restrictive state law.
As a user of Spora Medical’s services, you have rights with respect to your health information:
Changes to the Terms of this Notice
From time to time, we may change this privacy statement, which is applicable to all PHI we maintain about you. For example, as we update and improve our services, new features may require modifications to the privacy statement. The new notice will be available on our website. Accordingly, please check back periodically.