Notice Of Health Information Privacy Practices

Last Updated: December 10, 2024

Notice Of Health Information Privacy Practices

Last Updated: December 10, 2024

PRIVACY

PRIVACY

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

HealthTrackRx is required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to maintain the privacy and security of your protected health information (“PHI”) and to provide you with a notice of HealthTrackRx’s legal duties and privacy practices concerning PHI that HealthTrackRx may collect and maintain about you. This protection extends to any PHI, whether oral, written, or electronic.  This Notice of Health Information Privacy Practices (“Notice”) describes how we may use and disclose your PHI to carry out treatment, payment, or healthcare operations and for other specified purposes that are permitted or required by law.

We are required by law to abide by the terms of this Notice.  We will not use or disclose your PHI without your prior written authorization except as permitted or required by law and described in this Notice.

HIPAA allows for the use and disclosure of PHI in certain instances. Below are areas where HealthTrackRx may use and disclose PHI. Please note that some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements.

  • Treatment — We may use or disclose PHI for treatment purposes, including disclosure to physicians, nurses, and other healthcare professionals who provide you with healthcare services or assist in coordinating your care.
  • Payment — We may use or disclose PHI to bill and collect payment for our services. For example, HealthTrackRx may provide PHI to your insurance to receive payment for the health care services provided to you.
  • Healthcare operations — We may use or disclose PHI for healthcare operations purposes such as evaluating the quality of testing and accuracy of results, accreditation, and other administrative and management functions.
  • Benefits and services — We may use and disclose PHI to inform or advise you of other health-related benefits and services.
  • Disclosure to you — We may disclose PHI to you or as directed by you to a third party.
  • Disclosure to those involved in your care — We may disclose PHI to a person who is involved in your care or helps pay for your care.
  • Personal Representative — We may disclose PHI to your personal representative, as established under applicable law, or to an administrator, executor, or other authorized individual on behalf of your estate.
  • Business associates — We may disclose PHI to our business associates who are contracted to perform or provide certain business services to us. Our business associates must maintain the privacy and confidentiality of your PHI as required by HIPAA and applicable statutes and regulations.
  • Judicial and administrative proceedings — We may disclose your PHI during a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process. We may disclose your PHI if required to do so by federal, state, or local law.
  • Law enforcement and governmental agencies — We may disclose PHI for law enforcement purposes, such as reporting wounds or physical injuries or responding to a court order, warrant, subpoena summons, or similar process authorized by law. We may also disclose PHI when necessary to (1) identify or locate a suspect, fugitive, material witness, missing person, or victim of a crime; (2) provide information regarding a deceased person; or (3) report criminal conduct. We may also disclose PHI about an individual to a government agency, including social services if we reasonably believe the individual is a victim of abuse, neglect, or domestic violence. We may disclose the PHI of an inmate when requested by a correctional institution or law enforcement official for health, safety, and security purposes.
  • Public Health — We may disclose PHI for public health activities or concerns, which may include: (1) public health authorities to report, prevent or control disease, injury, or disability; (2) the Food and Drug Administration (FDA) for quality, safety or effectiveness of an FDA-regulated product or activity; (3) a person who may have been exposed to a disease or at risk for contracting or spreading a disease; and (4) when necessary to prevent or lessen a serious or imminent threat to the health or safety of the patient or others.
  • Governance activities — We may disclose PHI to a healthcare oversight agency for authorized activities such as audits, civil, administrative, or criminal investigations and proceedings, inspections, licensure and/or disciplinary actions, and other activities necessary for appropriate oversight of government benefit programs and compliance with state, federal, and local statutes and regulations.
  • Research — We may use and disclose PHI for research purposes.  Under most circumstances, we will ask for your written authorization before using or sharing your PHI with others to conduct research.  However, under limited circumstances, we may use and disclose your PHI without your written authorization if:
    • An Institutional Review Board, applying specific criteria, determines that the particular research poses no more than minimal risk to your privacy; or
    • PHI is only being used to prepare a future research project, AND your PHI is not removed from HealthTrackRx premises
  • De-identified Information — We may use and disclose health information that has been “de-identified” by removing identifiers, which makes it unlikely to identify you.
  • Limited Data Sets — We may disclose limited health information contained in a “limited data set” if the recipient enters into a legal contract agreeing to protect the information from unauthorized access. The limited data set does not contain information that directly identifies you. For example, a limited data set may include your city and zip code but not your name or street address.

HealthTrackRx currently does not use PHI for fundraising purposes.  However, should HealthTrackRx perform fundraising activities in the future, we may contact you, at which time you may opt out of receiving future communications.

HealthTrackRx will seek patient authorization for uses or disclosure of PHI for other purposes not described above. You may revoke your authorization, in writing, at any time, unless action was already taken upon reliance of the authorization prior to revocation.

HealthTrackRx will further safeguard PHI relating to sensitive health information such as mental health, HIV/AIDS, and genetic testing, which is subject to protection under other state and federal laws. We will obtain your permission, when required, before disclosing this information to other healthcare providers who are not involved in your treatment or care.

Under HIPAA, we are required to notify patients if we discover a breach of unsecured PHI. In case of a breach in which your PHI may have been compromised, we will notify you no later than sixty (60) days after the breach is discovered. The notification will provide you with information about what happened and what can be done to mitigate any harm.

Subject to some exceptions, you have the following rights with respect to your PHI:

  • You have the right to request limits on the use or disclosure of your PHI. You may request that we limit how we use and disclose your PHI for treatment, payment, and healthcare operations. Although your request will be considered, we are not legally required to agree to the restriction. If we agree to a restriction, we will provide written notice of our agreement and abide by it, except in emergency situations where disclosure of PHI is necessary for treatment purposes.
  • You have the right to access copies of your PHI. You and your personal representative have the right to review and receive PHI, which consists of the laboratory test results ordered by your physician. Upon request, we will provide a copy of your laboratory report within thirty (30) days. You also have the right to direct us to transmit a copy of your PHI to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI.
  • To request a copy of your PHI, contact HealthTrackRx at [email protected]. A representative will ask you to complete a HIPAA Patient Request Form and provide identification in order to release your PHI records.
    Under certain circumstances we may deny your request to inspect and copy your PHI.  If you are denied access to your PHI, you will receive written denial and information regarding how your denial may be reviewed.  Circumstances under which HTRx may deny your request, include but are not limited to:

    1. The PHI being requested was compiled in reasonable anticipation of a civil, criminal or administrative action;
    2. The information was collected during the course of research and to which you previously consented to non-access during the term of the research;
    3. The information is contained in records that are subject to the provisions of the federal Privacy Act;
    4. The information was obtained from another person or entity (not a health care provider) under the promise of confidentiality, and allowing access would be reasonably likely to reveal the source of the information;   or
    5. The access requested is likely to endanger or cause harm to you or another person.
  • You have the right to receive an accounting of disclosures HealthTrackRx has made of your PHI for most purposes other than treatment, payment, healthcare operations, and other limited purposes. The right to receive an accounting of disclosures is subject to certain exceptions, restrictions, and limitations.
  • You have the right to correct or update your PHI if you believe your PHI contains a mistake or error. Your request must be in writing. If your request is denied, we will provide an explanation or basis for the denial.
  • You have the right to request communications about your PHI at an alternative address or by an alternative means, and we will accommodate reasonable requests.
  • You have a right to print or download this Notice at any time.  If you do not have the ability print or download a copy, you may request one by contacting us at [email protected].  This Notice can be downloaded here.

To exercise any of your rights described in this Notice, please send a written request to the Compliance Dept, HealthTrackRx: 1500 Interstate 35W, Denton, Texas 76207. You may also email your request to [email protected].

HealthTrackRx will not require you to waive your rights as a condition of the provision of treatment, or payment.

If you have any inquiries, comments, or complaints regarding our Notice or about our use or disclosure of your PHI, please contact us at:

Address: HealthTrackRx
Attention: Compliance Dept.
1500 Interstate 35W
Denton, Texas 76207

Phone: 866-287-3218
Email: [email protected]

You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services.

Address: Office for Civil Rights
The U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201

Phone: 1-202-619-0257 or toll free at: 1-877-696-6775

HealthTrackRx does not take retaliatory action against you for filing complaints about our privacy practices.

Changes to the HIPAA Statement

HealthTrackRx reserves the right to make changes to the terms of this Notice and to our practices, and to the extent permitted by law, to make the new Notice effective for all PHI we maintain without prior notice to you. We will update this Notice and post the information on our website when any changes are made. We encourage you to review this site periodically to ensure you are aware of any changes and updates.

Effective Date

This Notice was revised and became effective as of December 10, 2024.