HIPAA – Notice of Privacy Practices
HIPAA notification requirements for businesses, i.e. covered entities under HIPAA, that collects health information from individuals online, through websites.
HIPAA – Notice of Privacy Practices (“Notice”)
Appendix to Privacy Policy for Websites
A.1 Our Commitment to You
ePact Network is committed to maintaining the privacy of your health information. As part of our services, you, designated emergency contacts, business associates, physicians, nurses, and other personnel may collect information about you or your dependent’s health history and current health status. This Notice explains how that information, called “Protected Health Information” (PHI), may be used and disclosed to others. The terms of this Notice apply to health information produced or obtained by ePact Network.
A.2 Our Legal Duties
The HIPAA Privacy Law requires us to provide this Notice to you regarding our privacy practices, our legal duties to protect your health information and your rights concerning health information about you. We are required to follow the privacy practices described in this Notice whenever we use or disclose your protected health information (PHI). Other companies or persons that perform services on our behalf, called Business Associates, must also protect the privacy of your information. Business Associates are not allowed to release your information to anyone else unless specifically permitted by law.
A.3 Uses and Disclosures of Protected Health Information
A.3.1 What Health Information We Collect
As part of our services you may provide for yourself or on behalf of your dependents information about health history and current health status. ePact Network’s Customers, acting as Business Associates may also provide information about health history and current health status. The information collected may be personal information as defined under privacy statutory regulations and protected health information as defined under HIPAA. We collectively refer to this information as personal information in this Notice.
We may collect directly from you all or some of the following:
Personal Information you may provide
|
Name, email and contact details
Health Identifiers Medical History Medicine Administration History Physical well-being incident disclosures |
What do we do with the information? | To provide secure, online emergency contact networks that aid in the exchange of PII and PHI in support of communication used during an urgent time of need. |
Can you withdraw your consent?
|
Yes, at any time by:
Deleting your account directly – https://epactnetwork.freshdesk.com/support/solutions/articles/47000663909-how-do-i-delete-my-account- or Contacting the Business Associate(s) you are enrolled with and requesting they disable your membership with them or Contacting ePact Network support or via privacy@epactnetwork.com |
Information we collect automatically from you, or your device is covered through our main “Privacy Policy” located at https://www.epactnetwork.com/corp/about-us/privacy-policy/
A.3.2 How We Use and Disclose Your Health Information
The HIPAA Privacy Law permits ePact Network to make uses and disclosures of your health information for purposes of treatment and support during an urgent time of need. We may use or disclose your health information for the purposes outlined in this Notice.
- Treatment: We may make available health information about you or your dependent(s) for health care and treatments or coordinate/manage your treatment. For example, a covered entity may access directly or may need to provide a nurse or medical assistant with treatment information about you and record it in a medical record. Alternatively, a physician may use information about you for a consultation with or a referral to another physician to diagnose an illness and determine which treatment option, such as surgery or medication, will best address specific health needs.
- People Assisting in Care: Those identified as emergency contacts and covered entity staff, may access and disclose via ePact Network’s application essential health information to people such as family members, relatives, or close friends who are helping care for you or helping you pay your health care bills. We will disclose information only to those defined as having permission to access. For example, a covered entity may provide information to a family member so that they may pick up a prescription for you. Generally, we will ask the covered entity to make disclosures to you of these events occurring.
- Health Oversight Activities: We and Business Associates must disclose health information to a health oversight agency for activities that are required by federal, state or local law. Oversight activities include investigations, inspections, industry licensures, and government audits. These activities are necessary to enable government agencies to monitor various health care systems, government programs, and industry compliance with civil rights laws.
- Public Health Risks: As authorized by law, we and Business Associates may disclose health information about you to public health or legal authorities whose official responsibilities generally include the following:
– To prevent or control disease, injury or disability;
– To report births and deaths;
– To report child abuse or neglect;
– To report reactions to medications or problems with products;
– To notify people of recalls of products they may be using;
– To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and
– To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
- Serious Threat to Health or Safety: Consistent with applicable laws, we and Business Associates may disclose your health information if the disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We also may disclose your health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
- Specialized Government Functions: If you are a member of the military or a veteran, we and Business Associates will disclose health information about you as required by command authorities; or if you give us your written permission. We may also disclose your health information for other specialized government functions such as national security or intelligence activities.
- Lawsuits and Disputes: If you are involved in a lawsuit, dispute, or other judicial proceedings, we and Business Associates may disclose health information about you in response to a court order or subpoena, other lawful processes, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
- Coroners, Medical Examiners, and Funeral Directors: We and Business Associates may release your health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or to determine the cause of death. We may also release your health information to a funeral director, as necessary, to carry out his/her duties.
- Correctional Facilities: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we and Business Associates may disclose health information about you to the correctional institution or law enforcement official only as required by law or with your written permission. We may release your health information for your health and safety, for the health and safety of others, or for the safety and security of the correctional institution.
- Required by HIPAA Law: The Secretary of the Department of Health and Human Services (HHS) may investigate privacy violations. If your health information is requested as part of an investigation, we and Business Associates are required to share your information with HHS.
A.3.3 Circumstances Which Require Your Written Consent Prior to Disclosure
For any purpose other than the ones described above, we and Business Associates may only use or share your health information when you give us your written authorization to do so. For example, you will need to sign an authorization form before sending your health information to your life insurance company. You may revoke your authorization, at any time, in writing, except to the extent that we have taken action in reliance on the authorization. We may not use or disclose your health information without an authorization that is valid as per HIPAA Privacy Rule – “45 CFR § 164.508 – Uses and disclosures for which an authorization is required”. Link: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html
- Marketing: We must also obtain your written authorization before using your health information to send you any marketing materials. The only exceptions to this requirement are that:
– We can provide you with marketing materials in a face-to-face encounter or a promotional gift of minimal value if we so choose.
– We may communicate with you about products or services relating to your treatment, to coordinate or manage your care, or provide you with information about different treatments, providers or care settings. - Sale: For any disclosure of your health information, which constitutes a sale of health information.
- Highly Confidential Information: Federal and state law requires special privacy protections for certain “Highly Confidential Information” about you, including any part of your health information that is about:
– Child abuse and neglect
– Domestic abuse of an adult with a disability
– Mental illness or developmental disability treatment or services
– Alcohol or drug dependency diagnosis, treatment, or referral
– HIV/AIDS testing, diagnosis, or treatment
– Sexually transmitted disease
– Sexual assault
– Genetic testing
– In Vitro Fertilization (IVF)
– Information maintained in psychotherapy notes
Before we share your Highly Confidential Information for a purpose other than those permitted by law, we must obtain your written permission.
- Other Uses: Other uses and disclosures of your health information, not described above, will be made only with your written authorization.
A.3.4 Your Rights Regarding Your Health Information
You have certain rights regarding your health information, which are explained below. You may exercise these rights by submitting a request in writing to privacy@epactnetwork.com or the contact on record for the covered entity.
- Right to inspect and copy: If you would like to inspect or receive a copy of your PHI that is contained in a designated record set (e.g., health and billing records), we are required to provide you access to such information within 30 days after receipt of your request (with up to a 30-day extension if required with notice). We may charge you a reasonable fee to cover duplication, mailing and other costs incurred by us in complying with your request.
- We may deny your request for access to your personal information as permitted by HIPAA. For example, we may deny your request if we believe the disclosure will endanger your life or that of another person. Depending on the circumstances of the denial, you may have a right to have this decision reviewed.
- Right to Request Restrictions on Use and Disclosure: You have the right to request a restriction or limitation on certain uses and disclosures of your health information. To request restrictions, you must make your request in writing to privacy@epactnetwork.com or the contact on record for the covered entity. In your request, you must provide:
– What information you wish to limit;
– Whether you wish to limit our use, disclosure, or both; and
– To whom you want the limits to apply – for example, if you want to prohibit disclosures for insurance payment, health care operations, for disaster relief purposes, to persons involved in your care, or to your spouse.
You or your personal representative must sign it.
We are not required to agree to your request, but we will attempt to accommodate reasonable requests when appropriate. We retain the right to terminate an agreed-to restriction if we believe such termination is appropriate. In the event of a termination by us, we will notify you of such termination. You also have the right to terminate, in writing or orally, any agreed-to restriction. If we agree to the requested restriction, we may not use or disclose your personal information in violation of that restriction unless it is needed to provide emergency treatment.
- Right to Request Amendment: If you believe that any health information we have about you is incorrect or incomplete, you have the right to ask us or the covered entity to change the information for as long as ePact Network maintains the information. To request an amendment to your health information, your request must be in writing, signed, and submitted to ePact Network or covered entity.
- If we deny your request, we will provide you with a written explanation. You may respond with a statement of disagreement that will be maintained with your records. We will respond to your request within 60 days (with up to a 30-day extension if needed with notice).
- Right to Receive Confidential Communications: You have the right to request that we communicate with you about your health information in a confidential manner or at a specific location. For example, you may ask that we only contact you via mail to a post office box. You must submit your request in writing to ePact Network. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests.
- Right to Receive an Accounting of Certain Disclosures: With some exceptions, you have the right to receive an accounting of certain disclosures we have made, if any, of your health information. Your accounting request must be in writing and signed by you or your personal representative and submitted to ePact Network. Your request must specify the time in which the disclosures were made. You may receive one free accounting in any 12-month period. We may charge you for additional requests.
- This right only applies to disclosures for purposes other than treatment, payment or health care operations as described in this Notice. It also excludes disclosures we may have made to you, your family members or friends involved in your care. The right to receive this information is subject to certain exceptions, restrictions and limitations as allowed by HIPAA.
- Right to Obtain a Copy of this Notice: You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive the Notice electronically. You may ask us to give you a copy of this Notice at any time.
- Right to Cancel Authorization to Use or Disclose: Other uses and disclosures of your health information not covered by this Notice or the laws that govern us will be made only with your written authorization. You have the right to revoke your authorization in writing at any time, and we will discontinue future uses and disclosures of your health information for the reasons covered by your authorization. We are unable to take back any disclosures that were already made with your authorization, and we are required to retain the records of the care that we provided to you. In addition, you have the right to be notified if you are affected by a breach of unsecured personal information.
A.4 COMPLAINTS/CONTACT US
If you believe that we have violated your privacy rights, you may file a complaint with us by notifying us at privacy@epactnetwork.com or the contact on record for the covered entity. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services if you feel that your rights have been violated. There will be no retaliation from ePact Network for making a complaint.
Effective Date: This notice is effective on July 31, 2024
Privacy Officer Information {Name: “Jonathan Winer”, Phone: “877-883-8757”, Email: “privacy@epactnetwork.com“}