THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

 

1. Introduction. A CareReach, Inc., a Delaware corporation with offices located at 8880 Rio San Diego Drive, STE 800, San Diego, CA 92108, (the “Company” or “we”) is dedicated to maintaining the privacy of your protected health information (PHI). “PHI” includes all individually identifiable information created, received, or maintained by Company, or on Company’s behalf, relating to your past, present, or future physical or mental health condition, treatment for that condition, or payment for that treatment. In conducting our business, we will create records regarding you and the services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We are also required by law to provide you with this Notice of our legal duties and privacy practices concerning your PHI. By law, we must follow the terms of the current version of this Notice that is in effect at the time.

The terms of this Notice of Privacy Practices for Protected Health Information (“Notice”) apply to all records containing your PHI that are created or retained by, or on behalf of, Company.

We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and applicable California privacy laws.

 

If Company obtains your written authorization for a use or disclosure not described in this Notice, you may revoke or modify that authorization at any time by submitting the appropriate form to:
 

Privacy Official
A CareReach, Inc.
8880 Rio San Diego Drive, STE 800
San Diego, CA  92108
 

The Privacy Official will provide you with a copy of the form upon request.

​

​2. How We Will Use and Disclose Your PHI Without Your Authorization. Company will use and disclose your PHI without first obtaining your written authorization only as described in this Notice. 

a. Uses and Disclosures for Treatment. Company will use and disclose your PHI for treatment (“Treatment”).  Treatment includes the provision, coordination, or management of health care and related services by one or more health care providers. For example, Company might use your PHI to coordinate your care with your internist.

b. Uses and Disclosures for Payment. Company will use and disclose your PHI for payment (“Payment”). Payment includes, but is not limited to, billing, obtaining payment under a contract of insurance, and related health care data processing.  For example, Company may use your PHI to prepare a bill to obtain reimbursement for its services from you or from your insurance company.

c. Uses and Disclosures for Home Care Operations. Company will use and disclose your PHI for home care operations (“Operations”). Operations include, but are not limited to, quality assessment and improvement activities, case management and care coordination, evaluating the performance of Company employees, employee training, Company compliance programs, investigating and resolving complaints of privacy violations, business planning and development, and business management and general administrative activities. Company may also disclose PHI as part of an investigation into a fraudulent claim.

d. Disclosures to Business Associates. Company has contracted with one or more third parties (referred to as a “Business Associate”) to use and disclose your PHI to perform services for Company. Company will obtain the Business Associate’s written agreement to safeguard the privacy of your PHI.  Examples of these third parties include, but are not limited to, software billing companies and companies that provide integrated services.

 

3. How We May Use and Disclose Your PHI Without Your Authorization. Federal law generally permits Company to make certain uses or disclosures of PHI without your permission.  Federal law also requires Company to list in the Notice each of these categories of disclosures.  The listing is below.

a. Uses or Disclosures Required by Law. Company may use or disclose your PHI as required by any statute, regulation, court order, or other mandate enforceable in a court of law.  Any such use or disclosure will be made in compliance with the law and will be limited to what is required by the law.
b. Disclosures for Workers’ Compensation. Company may disclose your PHI as required or permitted by state or federal workers’ compensation laws.
c. Disclosures to Client Representative, Family Members, or Close Friends. Company may disclose your PHI to your authorized client representative, a family member, or a close friend who is involved in your care or payment for your care if (a) the person is the authorized client representative named on your Client Services Agreement, (b) you are present and agree to the disclosure, or (c) you are not present or not capable of agreeing, and Company determines that it is in your best interest to disclose the information.
d. Disclosures for Judicial and Administrative Proceedings. Company may disclose your PHI in an administrative or judicial proceeding in response to a subpoena or a request to produce documents. Company will disclose your PHI in these circumstances only if the requesting party first provides written documentation that the privacy of your PHI will be protected.
e. Disclosures for Law Enforcement Purposes. Company may disclose your PHI for law enforcement purposes to a law enforcement official, such as to identify or locate suspects, fugitives, witnesses or victims of a crime, to report deaths from a crime, and to report crimes that occur on our premises or relate to our staff or your care services.
f. Incidental Disclosures. Company may use or disclose your PHI in a manner that is incidental to the uses and disclosures described in this Notice.
g. Disclosures for Public Health Activities. Company may disclose your PHI to a government agency responsible for preventing or controlling disease, injury, disability, child abuse or neglect, etc. Company may disclose your PHI to a person or entity regulated by the Food and Drug Administration (“FDA”) if the disclosure relates to the quality or safety of an FDA-regulated product, such as a medical device.
h. Disclosures for Health Oversight Activities. Company may disclose your PHI to a government agency responsible for overseeing the health care system or health-related government benefit programs.  These oversight activities include, for example, audits; investigations, proceedings, or actions; inspections; and disciplinary actions; or other activities necessary for appropriate oversight of the health care system, government programs, and compliance with applicable laws.
i. Disclosures About Victims of Abuse, Neglect, or Domestic Violence. Company may disclose your PHI to the responsible government agency if (a) the Privacy Official reasonably believes that you are a victim of abuse, neglect, or domestic violence; and (b) Company is required or permitted by law to make the disclosure. Company will promptly inform you that such a disclosure has been made unless Company determines that informing you would not be in your best interests.
j. Disclosures To Avert a Serious Threat to Health or Safety. Company may use or disclose your PHI to reduce a risk of serious and imminent harm to you, another person, or the public.  Any disclosure would only be to someone able to help prevent the threat of harm.
k. Disclosures to HHS. Company may disclose your PHI to the United States Department of Health and Human Services (“HHS”), the government agency responsible for overseeing Company’s compliance with federal privacy laws and regulations regulating the privacy of PHI.
l. Uses and Disclosures for Research. Company may use or disclose your PHI for research, subject to conditions.  “Research” means systemic investigation designed to contribute to generalized knowledge.
m. Disclosures in Connection with Your Death. Company may disclose your PHI to a coroner for identification purposes.
n. Uses and Disclosures for Specialized Government Functions. Company may disclose your PHI to the appropriate federal officials for intelligence and national security activities authorized by law or to protect the President or other national or foreign leaders. If you are a member of the U.S. Armed Forces or of a foreign armed force, Company may use or disclose your PHI for activities deemed necessary by the appropriate military commander. If you were to become an inmate in a correctional facility, Company may disclose your PHI to the correctional facility in certain circumstances.

If applicable state law does not permit the disclosure described above, Company will comply with the stricter state law.
 

4. Our Disclosures of Your PHI With Your Prior Authorization. Company is required to obtain your written authorization in the following circumstances: (a) to use or disclose in-person and virtual care notes (except when needed to provide you with the services covered by the Client Services Agreement, for payment purposes, to defend against litigation filed by you, and in other limited circumstances); (b) to use your PHI for marketing purposes (except in limited circumstances); (c) to sell your PHI; and (d) to use or disclose your PHI for any purpose not previously described in this Notice. Company also will obtain your authorization before using or disclosing your PHI when required to do so by (a) state law, such as laws restricting the use or disclosure of genetic information or information concerning HIV status; or (b) other federal law, such as federal law protecting the confidentiality of substance abuse records. You may revoke an authorization in writing at any time, except to the extent that we have already taken action in reliance on your authorization.

Company also will obtain your written authorization prior to disclosing your PHI with someone providing communications assistance, such as an interpreter.

​

5. Your Privacy Rights. You may exercise the rights described below. The forms referenced below can be obtained from Company’s Privacy Official.

a. Right To Access Your PHI. You may make a verbal request to the Privacy Official to review your PHI on file with Company or to receive copies of it in paper or electronic form, by submitting the appropriate form to the Privacy Official. The Privacy Official will provide access or will deliver copies to you within 30 days of your request, unless the PHI is not available on-site, in which case the review will occur within 60 days of your request. Company may extend the deadline by up to an additional 30 days. Company will provide you with a written explanation of any denial of your request for access or copies. Company may charge you a reasonable, cost-based fee for photocopies or for mailing. If there will be a charge, the Privacy Official will first contact you to determine whether you wish to modify or withdraw your request.

b. Right To Amend PHI. You may amend your PHI on file with Company by submitting the appropriate request form to the Privacy Official. Company will respond to your request within 30 days. Company may extend the deadline by up to an additional 30 days. If Company denies your request to amend, Company will provide a written explanation of the denial. You would then have 30 days to submit a written statement explaining your disagreement with the denial. Your statement of disagreement would be included with any future disclosure of the disputed PHI.

c. Right to an Accounting of Disclosures of Your PHI. You may request an accounting of certain of Company’s disclosures of your PHI by submitting the appropriate form to the Privacy Official. Company will provide the accounting within 60 days of your request. Company may extend the deadline by up to an additional 30 days. Company will provide the first accounting during any 12-month period without charge. Company may charge a reasonable, cost-based fee for each additional accounting during the same 12-month period. If there will be a charge, the Privacy Official will first contact you to determine whether you wish to modify or withdraw your request.

d. Right To Request Additional Restrictions on the Use or Disclosure of Your PHI. You may request that Company place restrictions on the use and disclosure of your PHI for Treatment, Payment, or Operations, in addition to the restrictions required by federal law, by submitting the appropriate request form to the Privacy Official. Company will notify you in writing within 30 days of your request whether it will agree to your requested restriction. Company is not required to agree to your request unless (a) you request that Company not disclose your PHI to a health insurance company, Medicare, or Medicaid for payment or Operations purposes; (b) you, or someone on your behalf, has paid Company in full for the service to which the PHI pertains; and (c) Company is not required by law to disclose to the insurer, Medicare, or Medicaid the PHI that is the subject of your request.

e. Right To Request Communications by Alternative Means or to an Alternative Location. If you submit the appropriate request form to the Privacy Official, Company will honor your reasonable request to receive PHI by alternative means or at an alternative location. Furthermore, we will accommodate a request if you tell us that not doing so would endanger you.

f. Right To Receive Notice of a Breach of Your Unsecured PHI. If we discover a breach of your unsecured PHI, Company will notify you of the breach and provide the information required by law.

g. Right to a Paper Copy of This Notice. At any time, you may request that the Privacy Official provide you with a paper copy of this Notice.

​

6. Personal Representatives. Any person with the legal authority to act as your personal representative will have all the rights that you have regarding your protected health information. There are several ways a person may acquire legal authority to act as your personal representative, including, but not limited to: (a) if you sign a written document giving the person the formal authority to make healthcare decisions on your behalf, which may be a general power of attorney or any specific power of attorney authorizing the person to act on your behalf for health care purposes; and (b) if a court issues an order appointing the person to act as your conservator or guardian. Any person claiming to have legal authority to act as your personal representative must provide satisfactory proof of authority, such as the documents referenced above.

​

7. Your Right To File a Complaint. If you believe that your privacy rights have been violated because Company has used or disclosed your PHI in a manner inconsistent with this Notice, because Company has not honored your rights as described in this Notice, or for any other reason, you may file a complaint in one, or both, of the following ways:

a. Internal Complaint: You can submit a complaint using the appropriate complaint form to:
    Privacy Official
    A CareReach, Inc.
    8880 Rio San Diego Drive, STE 800
    San Diego, CA  92108

You can obtain a complaint form by calling 619-821-8186 and asking for the Privacy Official.

​

b. Complaint to HHS: You may submit a complaint by mail to:
Secretary of the U.S. Department of Health and Human Services
Hubert H. Humphrey Building
200 Independence Ave. SW
Washington, DC  20201

​

8. Company’s Anti-retaliation Policy. Company will not retaliate against you for submitting an internal complaint, a complaint to HHS, or for exercising your other rights as described in this Notice or under applicable law.

​

9. Whom To Contact for More Information About Company’s Privacy Policies and Procedures. If you have any questions about this Notice, or about how to exercise any of the rights described in this Notice, you should contact Company’s Privacy Official by mail at:

Privacy Official
A CareReach, Inc.
8880 Rio San Diego Drive, STE 800
San Diego, CA  92108

You can also call (833) 737-3224 and ask for the Privacy Official.

 

10. Revisions to the Privacy Policy and to the Notice. Company has the right to change this Notice or Company’s privacy policies and procedures at any time. If the change to Company’s privacy policies and procedures would have a material impact on your rights, Company will notify you of the change by promptly mailing (either electronically or by U.S. Postal Service) a revised Notice to you, in accordance with applicable regulations, which reflects the change. Any change to Company’s privacy policies and procedures, or to the Notice, will apply to your PHI created or received before the revision. A copy of the most up to date version of this notice is available on our website at https://ACareReach.com/. Furthermore, you may request a physical copy of our most current Notice at any time from our office.