Privacy Notice
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Premise Health Holding Corp. along with its subsidiaries (“Premise Health”) provide management services to a number of affiliated professional associations, corporations, or similarly structured professional organizations that provide health care services (“Facilities”). In certain instances, these Facilities are required by a federal law called HIPAA to maintain the privacy of your protected health information (“PHI”) and to provide you with notice of the legal duties and privacy practices with respect to your PHI. In other instances, where the Facilities provide occupational health care to you on behalf of your employer, the Facilities are not covered by HIPAA but are following the same privacy policies as a matter of good business practices. References to “Facilities”, “we”, “us”, and “our” include all of the Facilities’ workforce members involved in providing you care. All of the Facilities agree to follow the terms of this Notice of Privacy Practices (“Notice”).
This Notice is also posted on the Premise Health website and is available at the Facilities. You may ask for additional copies of this Notice. We reserve the right to change our practices and the terms of this Notice. Any such changes will be published in an updated Notice, which will apply to all PHI we maintain.
How We May Use and Disclose Your PHI
For purposes of this Notice, PHI means information we create or maintain in verbal, paper, or electronic format that identifies you and relates to your past, present or future physical or mental health or condition, the provision of health care services to you, or payment for such services.
Below we describe different ways that we use and disclose your PHI. Although we provide some specific examples, not every specific use or disclosure is listed in this Notice.
I. Uses and Disclosures of PHI That Do Not Require Your Authorization
We may use and disclose your PHI for purposes of treatment, payment and healthcare operations without your prior authorization:
Treatment. We may use and disclose your PHI to provide and coordinate the treatment, medications and services you receive. For example, we may use your PHI to diagnose your health condition and to provide you with health care services. We may disclose your PHI to pharmacists, doctors, nurses, technicians and other provider personnel involved in your health care. We may also disclose your PHI to hospitals, pharmacies and other health care facilities and other third parties to facilitate the provision of health care services, medications, equipment and supplies you may need. This helps to coordinate your care and make sure everyone who is involved in your care has the necessary information to meet your health care needs.
Payment. We may use and disclose your PHI to obtain payment for the health care services we provide to you and for other paymentrelated activities. For example, we may contact your insurer, pharmacy benefit manager or other third-party payor to determine payment for your care and the amount of your co-payment. We may disclose your PHI to a third-party payor to get paid for the health care services we provide to you. We may also disclose your PHI to other health care providers who provide care to you and may need it for their payment activities.
Health Care Operations. We may use and disclose your PHI for our health care operations, which are activities necessary for us to operate our business. For example, we may use your PHI to monitor the performance of the health care providers and staff providing treatment to you. We may use your PHI as part of our efforts to improve the quality and effectiveness of our services. We may disclose your PHI to other entities that have provided services to you so they can perform their own operations, such as to improve the quality and effectiveness of their health care services.
Organized Health Care Arrangement. Certain facilities may participate in an organized health care arrangement (OHCA), so that they can engage in certain joint activities to improve the quality, effectiveness and cost of care they deliver to patients. As members of the OHCA, the Facilities may share your health information with each other in furtherance of those activities and other operations, as permitted by law.
Health Information Exchange. We may share information that we obtain or create about you with other health care providers and other health care entities through Health Information Exchanges (HIEs) in which we participate, as permitted by law. For example, information about your past medical care and current medical conditions and medications may be available to us through the HIE, and we may share your PHI with other providers that participate in the HIE, such as emergency rooms. Exchange of health information through these systems can improve your care by getting your health information to providers who need it, when they need it. In most circumstances, you may have the right to opt-out of such information sharing through the HIE. If you wish to opt-out, please contact the Facility where you receive care. You have the right to change your mind and may opt-out (and opt-in again) at any time by contacting the Facility Manager.
We may also use and disclose your PHI without your prior authorization for the following purposes:
Business Associates. We may disclose your PHI to certain third parties that perform services for us, such as management, billing, legal, accounting, or consulting services. If these service providers need to access your PHI to perform services for us, they are required by contract and may be required by law to protect your PHI and only use and disclose your PHI as permitted by the contract they have with us or as required by law.
Employers. If you receive occupational health-related services from a Facility, we maintain PHI on behalf of your employer. That PHI is part of your employment record and is owned by your employer. In other cases, we may disclose your PHI to your employer if it concerns a work-related illness or injury, or workplace medical surveillance.
Where the provision of healthcare comes as result of employer sponsorship, such as pre-employment physicals, work-readiness determination, occupational health, biometric / wellness and/or similar assessments, we may disclose PHI, including record of your participation, to the employer-sponsor or their designee. If you do not want us to make such disclosures, you have the right to refuse. However, refusal may preclude you from the assessment itself, or related participation-dependent employer incentives.
Worker’s Compensation. We may disclose your PHI as authorized by laws relating to worker’s compensation or other similar programs.
To Communicate with Individuals Involced in Your Care or Payment for Your Care. We may disclose your PHI to a family member or friend who is involved in your care or payment for your care in certain circumstances. If you do not want us to disclose your health information to a family member or friend involved in your care, please contact the Privacy Officer. We may also use or disclose your PHI to notify a family member, personal representative, or another person responsible for your care, about your location and general condition.We may disclose your PHI to a family member or friend who is involved in your care or payment for your care in certain circumstances. If you do not want us to disclose your health information to a family member or friend involved in your care, please contact the Privacy Officer. We may also use or disclose your PHI to notify a family member, personal representative, or another person responsible for your care, about your location and general condition.
As Required by Law. We may disclose your PHI when required to do so by federal, state or local law.
Public Health. We may disclose your PHI to public health or other government authorities in connection with certain public health activities and purposes, such as preventing or controlling disease, injury, or disability.
Food and Drug Administration (“FDA”). We may disclose PHI related to adverse events with FDA-regulated products (drugs, devices, foods, and supplements) or to enable product recalls, repairs, or replacement.
Health Oversight. We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, licensure or disciplinary actions.
Judicial and Administrative Proceedings. We may disclose your PHI in the course of a judicial or administrative proceeding in certain circumstances. For example, we may disclose your PHI in response to a court order. We may also disclose your PHI in response to subpoena, discovery request, or other lawful process but only if efforts were made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.
Law Enforcement. We may disclose your PHI to a law enforcement official in certain situations. For example, we may disclose your PHI to law enforcement as required by law, in response to a court order or subpoena issued by a judicial officer, or to assist law enforcement in locating missing persons.
Disaster Relief. We may use and disclose your PHI to certain entities for purposes of disaster relief efforts. For example, we may share your PHI with the American Red Cross or another similar federal, state, or local disaster relief agency or authority, to help the agency locate persons affected by a disaster.
Correctional Institution. If you are or become an inmate of a correctional institution, we may disclose PHI to the institution, or its agents, as necessary for your health and the health and safety of other individuals.
Coroners, Medical Examiners and Funeral Directors. We may release your PHI to coroners or medical examiners so that they can carry out their duties, such as identifying a deceased person or determining the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Organ or Tissue Procurement Organizations. Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for tissue donation and transplant.
Research. We may use and disclose your PHI for research purposes but only if certain conditions are met, such as a formal review board has determined and documented that such use or disclosure of PHI involves no more than a minimal risk to your privacy.
Fundraising. While the Facilities do not currently engage in fundraising, if we decide to use or disclose your PHI to communicate with you about fundraising efforts, we will allow you to opt-out of such communications by contacting the Privacy Officer.
To Avert a Serious Threat to Health or Safety. As consistent with applicable law and standards of ethical conduct, we may use and disclose your PHI if we believe in good faith that the use or disclosure is necessary to prevent a serious threat to your health or safety or the health or safety of the public or another person.
Specialized Government Functions. If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI (i) about foreign military personnel to the appropriate foreign military authority; and (ii) to federal officials for intelligence, counterintelligence, protection of the President, and other national security activities authorized by law.
Victims of Abuse or Neglect. We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required or permitted by law, or if you agree to the disclosure.
II. Uses and Disclosures of PHI that Require Your Prior Authorization
If we wish to use or disclose your PHI for a purpose not described in this Notice, we will obtain your written authorization. For example, we will obtain your authorization for most uses and disclosures of your PHI for marketing efforts. You may revoke your authorization in writing at any time by contacting the Privacy Officer, unless we already disclosed your PHI based on your authorization.
III. State Law May Provide More Protections
Every state has its own set of privacy laws. If your state has a privacy law that provides greater limits on how we may use or disclose your PHI, we will abide by that state law. If you have any questions regarding such laws, you may contact the Privacy Officer.
Your Health Information Rights
Obtain a paper copy of the Notice upon request. You may request a paper copy of our current Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. You may obtain a paper copy at the Facility where you receive care or by contacting the Privacy Officer.
Request to inspect and obtain a copy of PHI. You may access and obtain a copy of the PHI we maintain about you by sending a written request to the Privacy Officer. If we maintain your PHI electronically, you can ask for a copy of the PHI in an electronic format. You may also ask us to send a copy of your PHI to other individuals or entities that you designate in writing. We may charge you a reasonable, cost-based fee for providing you copies of your records. In some cases, we maintain PHI on behalf of your employer. That PHI is part of the employment record owned by the employer, so we may direct you to your employer to access that PHI.
Request an amendment of PHI. If you feel that any PHI we maintain about you is incomplete or incorrect, you may ask that we amend it. To request an amendment, you must send a written request (including a reason that supports your request) to the Privacy Officer.
Request a restriction on certain uses and disclosures of PHI. You may request additional restrictions on our use or disclosure of your PHI by sending a written request to the Privacy Officer. We are not required to agree to a restriction, except if the disclosure is from a Facility subject to HIPAA to a health plan, the disclosure is not required by law, and the PHI pertains solely to a health care item or service for which you, or a person acting on your behalf, has paid in full out of pocket without a claim being submitted to the health plan.
Receive an accounting of disclosures of PHI. You may ask for a list of certain types of disclosures of your PHI by submitting a written request to the Privacy Officer. Your request must specify a time period. If you request such a list more than once a year, we may charge a fee.
Request communications of PHI by alternative means or at alternative locations. You may request that we communicate with you in a certain way or at a certain location. For instance, you may ask us to contact you at a different residence or post office box, or via email or other electronic means. Please note, if you choose to receive communications from us through e-mail or other electronic means, those communications may not be secure, and your PHI could be intercepted and read by unauthorized third parties. To request confidential communication of your PHI, you must submit a request in writing to the Privacy Officer. Your request must tell us how or where you would like to be contacted. We will accommodate all reasonable requests.
Notification of a Breach. We will notify you of a breach of your PHI in accordance with applicable law.
For More Information or to Report a Problem
If you have any questions or would like additional information about our privacy practices, you may contact the Premise Health Privacy Officer at 5500 Maryland Way, Brentwood, TN 37027 or 1-615-468-3362 or by email at privacy@premisehealth.com.
If you believe your privacy rights have been violated, you can also file a complaint with the Privacy Officer (contact information above) or with the Secretary of the U.S. Department of Health and Human Services, which may have enforcement authority depending on what services we provide to you. We will not retaliate in any way for filing a complaint.
Effective Date: February 4, 2021