Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

ProMedTek, Inc. (“ProMedTek”) places the security of patient (“Patient”, “You” or “Your”) protected health information (“PHI”) as one of our top priorities. We strive to exceed the requirements outlined under the United States Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This Notice of Privacy Practices (“Notice”) summarizes the policies by which ProMedTek (“We”, ”Our” or “Us”) may use and disclose your PHI collected while using Replexa+ (“Services”), and how you may obtain access to your information.

1. Our Use and Disclosure of PHI

ProMedTek uses and discloses your PHI for normal activities that fall under the categories of treatment, payment, and healthcare operations as permitted under HIPAA. Below are several examples of those activities – please note not every scenario is included.

Treatment. Treatment includes providing, coordinating, and managing your care. We keep record of the PHI provided to us throughout the use of our Services. This may include your prescription information, results of Services rendered, and other information. We learn about your history and progress through our provision of the Services. We may disclose this information so that your physician or other medical personnel can meet your healthcare needs.

Payment. Payment includes billing, coverage, and claims activity. We keep record of the Services you receive so we can receive payment for the use of these Services.

Healthcare Operations. We use your PHI to improve our Services and train staff, and for care coordination, business management, quality improvement, performance evaluation, marketing activities permitted under HIPAA, customer service activities, and other business purposes.

Consistent with HIPAA, we may also use or disclose your PHI to:

  • Comply with requirements of federal, state, or local laws
  • Assist in public health and safety activities, such as tracking diseases or medical devices
  • Inform authorities in order to protect victims of abuse, neglect, or domestic violence
  • Comply with federal and state health oversight activities, audits, inspections and investigations
  • Respond to law enforcement officials, report crimes or emergencies, or pursuant to judicial or administrative orders, subpoenas, or other lawful process (such as lawsuits or legal actions)
  • Work with coroners, medical examiners, and funeral directors for them to fulfill their duties or as authorized by law
  • Conduct research or research-related purposes (following internal review protocols to balance privacy and research needs)
  • Prevent or reduce a serious threat to anyone’s health or safety
  • Assist in specialized government functions, such as national security, intelligence, and protective services
  • Perform military and veteran activities, if you are an armed forces member or veteran
  • Inform a correctional institution or in custodial situations, such as if you are an inmate
  • Serve workers’ compensation purposes, such as to carriers or your employer if you are injured at work, as authorized by and as necessary to comply with relevant laws
  • Conduct case management, care coordination, or related functions
  • Communicate with individuals, such as friends and family, who are involved in your care or involved in the payment for that care
  • Communicate for notice or disaster relief purposes, included regarding decedents
  • Communicate within our organization for treatment, payment, or healthcare operations
  • Communicate with other providers, health plans, or their related entities for their treatment, payment, or healthcare operations activities
  • Provide information to other third parties with whom we do business in order to allow those third parties to provide services to us or on our behalf (Don’t worry—in these situations, we require third parties to provide us with assurances that they will safeguard your PHI.)

Any other uses or disclosures not outlined in this Notice may only be conducted after receiving your written permission. Consistent with HIPAA, we will also obtain your permission before we use or disclose your PHI for purposes which require an authorization. You may revoke your permission at any time, in writing, to the extent you determine appropriate. If you do so, we will no longer use or disclose your PHI for the reasons outlined in your written statement. However, we are unable to take back any disclosures made prior to receiving your written revocation.

2. Our Responsibilities with Respect to your PHI

We’re required by HIPAA to:

  • Maintain the privacy and security of your PHI
  • Provide this Notice setting forth our legal duties and privacy practices regarding PHI
  • Abide by the terms of the version of this Notice currently in effect
  • Tell you if there has been a security breach that compromises the privacy or security of your PHI

In addition, ProMedTek will limit the collection and use of PHI to the minimum needed to deliver effective service, provide appropriate support to physicians and caregivers, and to conduct our business. When disclosing your PHI is required for payment, treatment, or healthcare operations, we will attempt to disclose the minimum level of information possible in order to appropriately fulfill the request or need. ProMedTek will also restrict access to your PHI amongst our staff. Any individuals who violate the company’s confidentiality practices will be subject to disciplinary action.

When working with other entities who may come into contact with your PHI, ProMedTek requires these vendors to have a Business Associate Agreement in place to uphold the same level of confidentiality.

3. Your HIPAA Rights with Respect to your PHI

You have the following rights with respect to your PHI maintained by ProMedTek.

  • Inspect and copy. You have the right to ask to inspect and receive a copy of your PHI, whether electronic or in paper. We may, in certain limited circumstances, deny your request, or part of your request, to inspect or copy your PHI. If we do so, we will inform you of the reason for the denial. We will provide a copy or a summary of your PHI, usually within 30 days of receiving your request.
  • Amend. You have the right to ask us to amend your PHI if you feel that it is incorrect or incomplete. We may, in certain limited circumstances, deny your request to amend your PHI. If we do so, we will tell you why in writing within 60 days and about your right to submit a statement of disagreement for inclusion in your records.
  • Accounting of disclosures. You have the right to request a list of our disclosures of your PHI made over the past six years, who we shared your PHI with, and why. This right does not apply to disclosures made for treatment, payment, or healthcare operations; disclosures made to you about your treatment; disclosures made pursuant to an authorization; and certain other disclosures.
  • Restrictions on disclosure. You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or our operations. We’re not required to comply with such requests, and we may say “no” if it would affect your care. If you pay for a Service out of pocket in full, you can ask us not to share that information for the purpose of payment or our operations. We will say “yes” unless a law requires us to share that information, such as in certain emergency situations.
  • Confidential communication. You have the right to request that we communicate with you in a specific way, such as at a specific telephone number, or to send mail to a different address. We will say “yes” to all reasonable requests.
  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your HIPAA rights and make choices about your PHI. We will make sure the person has this authority and can act for you before we take any action.

4. Changes to this Notice

We occasionally review this Notice to make sure it complies with applicable laws and conforms to changes in our business. We may need to update this Notice, and we reserve the right to do so at any time. If we change the terms of this Notice, the new terms will apply to all PHI that we maintain about you, including PHI that was created or received before such changes were made. We will post the new Notice on our website and will update the “Effective Date” at the bottom of this page so you can tell if it has changed since you last visited. We will make the Notice available upon request. Your continued use of the Services constitutes your acceptance of the terms of such revised Notice.

5. Complaints

If you believe that your privacy rights have been violated or that we have not followed our obligations under HIPAA, you may file a complaint with us and/or with the Secretary of Health and Human Services. We will not retaliate against you or penalize you for filing such complaint.

To file a complaint with us, email [email protected] or write to 4110 N Scottsdale Rd Ste 270, Scottsdale, AZ 85251, Attn: HIPAA Compliance Officer, or call (866) 388-2410.

To file a complaint with the Secretary of Health and Human Services, call (877) 696-6775 or write to 200 Independence Avenue S.W., Washington, D.C. 20201, or visit www.hhs.gov/ocr/privacy/hipaa/complaints.

6. Contacting ProMedTek

To exercise any of your rights outlined in this Notice, or for more information about our privacy practices, email [email protected], write to 4110 N Scottsdale Rd Ste 270, Scottsdale, AZ 85251, Attn: HIPAA Compliance Officer, or call (866) 388-2410 and ask to speak with the HIPAA Compliance Officer.