Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

ProMedTek, Inc. (“ProMedTek”) places the security of patient (“Patient”, “You,” or “Your”) Protected Health Information (“PHI”) as one of our top priorities. PHI includes information we have created or received regarding your health or treatment plan. It includes your medical records and personal information, such as your name, social security number, address, and phone number. We strive to exceed the requirements outlined under the United States Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This Notice of Privacy Practices (“Notice”) summarizes the policies by which ProMedTek (“We”, ”Our,” or “Us”) may use and disclose your PHI collected while using Replexa+ (“Services”) and how you may obtain access to your information.

1. Our Use and Disclosure of PHI

ProMedTek uses and discloses your PHI for normal activities that fall under the categories of treatment, payment, and healthcare operations as permitted under HIPAA. Below are several examples of those activities – please note that not every scenario is included.

Treatment. Treatment includes providing, coordinating, and managing your care. We keep a record of the PHI provided to us throughout our Services. This may include your prescription information, results of Services rendered, and other information. We learn about your history and progress through our provision of the Services. We may disclose this information so your physician or other medical personnel can meet your healthcare needs.

Payment. Payment includes billing, coverage, and claims activity. We keep a record of the Services you receive so we can receive payment for using these Services.

Healthcare Operations. We use your PHI to improve our Services and train staff and for care coordination, business management, quality improvement, performance evaluation, marketing activities permitted under HIPAA, customer service activities, and other business purposes.

Consistent with HIPAA, we may also use or disclose your PHI to:

  • Comply with requirements of federal, state, or local laws
  • Assist in public health and safety activities, such as tracking diseases or medical devices
  • Inform authorities to protect victims of abuse, neglect, or domestic violence
  • Comply with federal and state health oversight activities, audits, inspections, and investigations
  • Respond to law enforcement officials, report crimes or emergencies, or under judicial or administrative orders, subpoenas, or another lawful process (such as lawsuits or legal actions)
  • Work with coroners, medical examiners, and funeral directors for them to fulfill their duties or as authorized by law.
  • Conduct research or research-related purposes (following internal review protocols to balance privacy and research needs)
  • Prevent or reduce a serious threat to anyone’s health or safety
  • Assist in specialized government functions, such as national security, intelligence, and protective services
  • Perform military and veteran activities, if you are an armed forces member or veteran
  • Inform a correctional institution or in custodial situations, such as if you are an inmate
  • Serve workers’ compensation purposes, such as to carriers or your employer if you are injured at work, as authorized by and as necessary to comply with relevant laws
  • Conduct case management, care coordination, or related functions
  • Communicate with individuals, such as friends and family, who are involved in your care or involved in the payment for that care
  • Communicate for notice or disaster relief purposes, including regarding decedents
  • Communicate within our organization for treatment, payment, or healthcare operations
  • Communicate with other providers, health plans, or their related entities for their treatment, payment, or healthcare operations activities
  • Provide information to other third parties with whom we do business to allow them to provide services to us or on our behalf (Don’t worry—in these situations, we require third parties to provide us with assurances that they will safeguard your PHI.)

Additionally, we may use or disclose your PHI without your authorization in the following various circumstances:

  • Contacting you directly – We may use your PHI, including your email address or phone number, to contact you. For example, we may also use this information to send you reminders and other communications about your care and treatment via email, phone, or text message.
  • Family and friends – To a member of your family, a relative, or a close friend – or any other person you identify who is directly involved in your healthcare – when you are either not present or unable to make a healthcare decision for yourself, and we determine that disclosure is in your best interest. We will also assume that we may disclose PHI to any person you permit to be physically present with you as we discuss your PHI with you. For example, we may disclose PHI to a friend sitting with you during an inservice appointment.
  • De-identified information – If your PII has been removed from your information and cannot be personally identified

Except in the situations listed in the sections above, we will use and disclose your PHI only with your written authorization. This means we will not use your PHI in the following cases unless you give us written permission:

  • Marketing purposes, except as allowed by HIPAA or applicable law (by way of example, marketing communications allowed by HIPAA without authorization include communications about care or treatment and our products or services).
  • Sale of your information.
  • You are sharing your PHI with your employer or school.
  • Most sharing of psychotherapy notes.

If we receive written permission, we will no longer use or disclose your PHI for the reasons outlined in your written statement. However, we cannot take back any disclosures made before receiving your written revocation. In some situations, federal and state laws provide special protections for specific kinds of PHI and require your authorization before we can disclose that specifically protected PHI. We will comply with the more stringent state laws about such use or disclosure in these situations. If you have any questions about these laws, please get in touch with the Privacy Officer at [email protected].

2. Our Responsibilities with Respect to your PHI

HIPAA requires us to:

  • Maintain the privacy and security of your PHI
  • Provide this Notice setting forth our legal duties and privacy practices regarding PHI
  • Abide by the terms of the version of this Notice currently in effect
  • Tell you if there has been a security breach that compromises the privacy or security of your PHI

In addition, ProMedTek will limit the collection and use of PHI to the minimum needed to deliver effective service, provide appropriate support to physicians and caregivers, and conduct our business. When disclosing your PHI is required for payment, treatment, or healthcare operations, we will attempt to disclose the minimum level of information possible to fulfill the request or need appropriately. ProMedTek will also restrict access to your PHI amongst our staff. Any individuals violating the company’s confidentiality will be subject to disciplinary action. When working with other entities who may come into contact with your PHI, ProMedTek requires these vendors to have a Business Associate Agreement to uphold the same level of confidentiality.

3. Your HIPAA Rights with Respect to your PHI

You have the following rights concerning your PHI maintained by ProMedTek.

  • Inspect and copy. You have the right to ask to inspect and receive a copy of your PHI, whether electronic or paper. In certain circumstances, we may deny your request, or part of your request, to inspect or copy your PHI. If we do so, we will inform you of the reason for the denial. We will provide a copy or a summary of your PHI, usually within 30 days of receiving your request.
  • Amend. You can ask us to amend your PHI if you feel it needs to be corrected or completed. In certain circumstances, we may deny your request to amend your PHI. If we do so, we will tell you why in writing within 60 days and about your right to submit a statement of disagreement for inclusion in your records.
  • Accounting of disclosures. You have the right to request a list of our disclosures of your PHI made over the past six years, whom we shared your PHI with, and why. This right does not apply to disclosures made for treatment, payment, or healthcare operations; disclosures made to you about your treatment; disclosures made under the authorization; and certain other disclosures.
  • Restrictions on disclosure. You can request restrictions on how we use or disclose your PHI for treatment, payment, or our operations. We’re not required to comply with such requests, and we may say “no” if it would affect your care. If you pay for a Service out of pocket in full, you can ask us not to share that information for payment or our operations. We will say “yes” unless a law requires us to share that information, such as in certain emergencies.
  • Confidential communication. You have the right to request that we communicate with you in a specific way, such as at a specific telephone number, or to send mail to a different address. We will say “yes” to all reasonable requests.
  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exe

4. Changes to this Notice

We occasionally review this Notice to ensure it complies with applicable laws and conforms to changes in our business. We may need to update this Notice and reserve the right to do so at any time. If we change the terms of this Notice, the new terms will apply to all PHI that we maintain about you, including PHI that was created or received before such changes were made. We will post the new Notice on our website and update the “Effective Date” at the bottom of this page so you can tell if it has changed since you last visited. We will make the Notice available upon request. Your continued use of the Services constitutes your acceptance of the terms of such revised Notice.

5. Complaints

If you believe that your privacy rights have been violated or that we have not followed our obligations under HIPAA, you may file a complaint with us and the Secretary of Health and Human Services. We will not retaliate against or penalize you for filing such a complaint.

To file a complaint with us, email [email protected] or write to 4110 N Scottsdale Rd Ste 270, Scottsdale, AZ 85251, Attn: HIPAA Compliance Officer, or call (866) 388-2410.

To file a complaint with the Secretary of Health and Human Services, call (877) 696-6775 or write to 200 Independence Avenue S.W., Washington, D.C. 20201, or visit www.hhs.gov/ocr/privacy/hipaa/complaints.

6. Contacting ProMedTek

To exercise any of your rights outlined in this Notice, or for more information about our privacy practices, email [email protected], write to 4110 N Scottsdale Rd Ste 270, Scottsdale, AZ 85251, Attn: HIPAA Compliance Officer, or call (866) 388-2410 and ask to speak with the HIPAA Compliance Officer.

Effective Date: 12/12/2024