Our Legal Duty

Concierge Med Partners and its affiliated licensed healthcare providers (collectively, "we," "us," or "our Practice") are required by law to:

• Maintain the privacy of your Protected Health Information (PHI);
• Provide you with this Notice describing our legal duties and privacy practices with respect to PHI;
• Notify you following a breach of your unsecured PHI; and
• Abide by the terms of the Notice currently in effect.

What Is Protected Health Information (PHI)?

PHI is individually identifiable health information, including demographic data, that relates to your past, present, or future physical or mental health condition; the provision of health care to you; or the payment for the provision of health care to you. PHI includes information such as your name, address, date of birth, Social Security number, medical record number, health plan number, and any other information that could reasonably be used to identify you.

How We May Use and Disclose Your PHI Without Your Authorization

Treatment: We use and disclose your PHI to provide, coordinate, and manage your healthcare and related services. For example, we share your PHI with licensed prescribers, compounding pharmacies, and laboratory services involved in your care.

Payment: We may use and disclose PHI to obtain reimbursement for the healthcare services provided to you, including billing, claims management, and collection activities.

Healthcare Operations: We may use and disclose PHI for healthcare operations, including quality assessment and improvement activities, compliance reviews, training, accreditation, and business management activities necessary to operate our practice.

As Required by Law: We will disclose PHI when required to do so by federal, state, or local law, including but not limited to mandatory reporting requirements, judicial and administrative proceedings, and law enforcement purposes.

Public Health Activities: We may disclose PHI to public health authorities authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability.

Health Oversight Activities: We may disclose PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure activities.

Serious Threats to Health or Safety: We may use or disclose PHI when necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

Business Associates: We may disclose PHI to our Business Associates, vendors and service providers who perform functions on our behalf, provided they have signed a Business Associate Agreement (BAA) requiring them to safeguard your PHI in accordance with HIPAA.

Uses and Disclosures Requiring Your Written Authorization

We will obtain your written authorization before using or disclosing PHI for the following purposes:

• Marketing purposes (including any communication where we receive remuneration in exchange for making the communication);
• Sale of PHI;
• Most uses and disclosures of psychotherapy notes;
• Any other use or disclosure not described in this Notice.

You may revoke any authorization you have given us in writing at any time, except to the extent we have already relied on that authorization. To revoke an authorization, contact us at [email protected].

Your Individual Rights Under HIPAA

You have the following rights with respect to your PHI:

• Right of Access: You have the right to inspect and obtain a copy of your PHI that we maintain in a designated record set. We will provide access within 30 days of your request. We may charge a reasonable, cost-based fee for providing a copy.
• Right to Amend: You have the right to request amendment of PHI that you believe is inaccurate or incomplete. We may deny your request if we determine the PHI is accurate and complete.
• Right to an Accounting of Disclosures: You have the right to receive a list of disclosures of your PHI made by us for purposes other than treatment, payment, and healthcare operations during the previous six years.
• Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request unless the restriction relates to disclosures to your health plan for services you paid for out-of-pocket in full.
• Right to Confidential Communications: You have the right to request that we communicate with you about your PHI by alternative means or at alternative locations.
• Right to Receive a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
• Right to Be Notified of a Breach: You have the right to receive notification in the event of a breach of your unsecured PHI.

To exercise any of the above rights, submit your request in writing to [email protected].

How to File a HIPAA Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Secretary of Health and Human Services. We will not retaliate against you for filing a complaint.

Effective Date and Changes to This Notice

This Notice is effective January 1, 2025. We reserve the right to change the terms of this Notice and to make new provisions effective for all PHI we maintain. Any revised Notice will be posted on our website with a new effective date. You may request a copy of the current Notice at any time by contacting [email protected].