This Notice of Privacy Practices describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
UNDERSTANDING YOUR HEALTH RECORD AND INFORMATION
Each time you visit a hospital, doctor, dentist or other healthcare provider, a record of your visit is created. Typically, this record contains your symptoms, examination notes, laboratory tests ordered and the test results, diagnoses, treatment and a plan for future care or treatment. This information is often referred to as your health or medical record, serves as a basis for planning your care and treatment, and serves as a means of communication among the many health professionals who contribute to your care. We will refer to this medical record as your protected health information in this Notice. Understanding what your medical record is and how your health information is used helps you to ensure its accuracy, better understand who, when and why others may access your health information and helps you to make more informed decisions when giving permission for disclosure of your health information to others.
NephroSant, Inc. (or “we”) is required to maintain the privacy and security of your protected health information and to provide you with a notice of our legal duties and privacy practices with respect to protected health information that we may collect and maintain about you. We also must abide by the terms of this Notice. We reserve the right to change our practices and to make the new provisions effective for all protected health information we maintain. However, if our privacy practices change, we will post the revised Notice on our website (www.nephrosant.com) and we will mail the Notice to you at the address that you provide to us when you make a request for a paper copy of the Notice. Your health information will not be used or disclosed without your written authorization, except as described in this Notice.
HOW WE USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
With the exception of information that may qualify for special protection under state and/or federal law, the following categories describe different ways that we may use and disclose your protected health information. Not every possible use or disclosure in a category is listed; however, all of the ways in which we are permitted to use and disclose your protected health information will fall within one of the categories below.
We may use and disclose protected health information in the provision, coordination or management of your health care, including consultations between healthcare providers regarding your care and referrals from one healthcare provider to another. For example, we may use your protected health information to perform diagnostic tests, and provide your test results to your physician or other authorized healthcare provider.
We may use and disclose protected health information to bill and collect payment for the healthcare services we provide, including determinations of eligibility and coverage and other utilization review activities. For example, our billing department may use your protected health information to send an invoice to your insurance company to request payment for our laboratory testing services.
Regular Healthcare Operations.
We may use and disclose protected health information your to support business functions of our healthcare operations related to treatment and payment, such as quality assurance activities, receiving and responding to customer complaints, compliance programs, outcomes evaluations, audits, and business planning, management and administrative activities of our clinical laboratory.
Law Enforcement Activities.
We may disclose protected health information as required by law or in response to a valid judge-ordered subpoena. For example, in cases of abuse or domestic violence, requests from government regulatory agencies who oversee our business, requests to identify or locate a suspect, fugitive, material witness or missing person, requests related to judicial or administrative proceedings and other court-ordered requests, such as a discovery request or subpoena, for information related to lawsuits and disputes, and requests by authorized officials for the conduct of lawful intelligence, counterintelligence, protective services to the President, and other national security activities authorized by law.
Public Health Activities.
We may disclose protected health information for public health activities related to preventing or controlling disease, injury, or disability.
Threat of Serious and Imminent Harm.
As permitted by applicable law and standards of ethical conduct, we may use and disclose protected health information if we, in good faith, believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
Military and Veterans.
If you are a member of the armed forces or a veteran, we may disclose protected health information about you as required by military command authorities.
Workers’ Compensation Purposes.
We may disclose protected health information about you for programs that provide benefits for work-related injury and illness. Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose protected health information about you to the correctional institution or law enforcement official. An inmate does not have the right to receive the Notice of Privacy Practices.
Individuals Involved in Your Care or Payment for Your Care.
Unless you object, we may disclose your protected health information to your family or friends or any other individual identified by you when they are involved in your care or the payment for your care. We will only disclose the protected health information directly relevant to their involvement in your care or payment for your care. We may also disclose your protected health information to notify a person responsible for your care (or to identify such person) of your location, general condition or death.
Coroners, Medical Examiners and Funeral Directors.
We may disclose protected health information to a coroner or medical examiner. This disclosure may be necessary to identify a deceased person or determine the cause of death. We may also disclose protected health information about patients to funeral directors as necessary to carry out their duties.
We may need to disclose protected healthcare information to certain vendors who need such information in order to provide contracted services for our business. Examples include the provision of billing, accounting, legal, computer storage, and maintenance services. When these services are contracted, we require the business associate who may obtain protected health information to maintain the appropriate systems and policies to safeguard your information.
All other Uses and Disclosures Require Your Prior Written Authorization.
In situations that are not covered by applicable law or this Notice, we will ask for your written authorization before using or disclosing your protected health information. Examples include any uses and disclosures for marketing purposes and disclosures that constitute a sale of protected health information.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
Unless otherwise required by law, your health record is the physical property of the healthcare provider or facility that compiled it. However, you have certain rights with respect to your health information. You have the right to:
- Receive a copy of this Notice of Privacy Practices from us upon your request.
- Request Restrictions on Uses and Disclosures of Your Protected Health Information. You have the right to ask us to limit how we use and disclose your protected health information for treatment, payment or healthcare operations, including your right to request that we not disclose your health information to a health plan for payment or healthcare operations if you have paid in full and out of your pocket for the services we have provided. This request must be made in writing to the HIPAA Security and Privacy Officer. We are not required to agree to your restriction request. If we do agree, we will honor our agreement except in cases of an emergency or in cases where we are legally required or allowed to make a use or disclosure of your protected health information. You may request us to limit protected health information disclosures to family members, other relatives, or close friends involved in your care or payment for it.
- Request Confidential Communications Involving Your Protected Health Information. You can ask us in writing to send information to you in a certain way or to a certain location. For example, you can request we mail your protected health information to a Post Office Box rather than your home. We will agree to your request so long as we can easily provide the information in the format and to the location you requested.
- Inspect and Obtain a Copy Your Protected Health Information. In most cases you have the right to inspect and receive a copy of your protected health information, such as health or billing records that we maintain about you. You must make the request in writing to the HIPAA Security and Privacy Officer. We will respond within 30 days after receiving your written request, and we may charge a reasonable fee.
- Receive an Accounting of the Disclosures We Have Made. You have the right to receive a list of the instances in which we have disclosed your protected health information. This is called an Accounting of Disclosures. This right does not apply to certain disclosures such as those made for the purposes of treatment, payment or health care operations, disclosures for law enforcement and public safety purposes, disclosures authorized by you and disclosures made to you or your representatives. Your request for an Account of Disclosures must be made in writing to the HIPAA Security and Privacy Officer. Your request must specify the time period for which you would like an accounting, but this time period may not be longer than six years prior to your request. We will respond within 60 days of receiving your request. If you make more than one request in the same year, we may charge you a fee. Before providing you with the accounting, we will notify you of the costs involved, and you may choose to withdraw or modify your request at that time before any costs are incurred.
- Amend or Update Your Protected Health Information. If you believe your health information is incorrect or incomplete, you have the right to request that we amend the existing information or add information. Your request must be in writing to the HIPAA Security and Privacy Officer, and include the reason for your request. We will respond within 60 days of receiving your request. If your amendment request is approved, we will make the change to your health information and let you know that it has been completed. An amendment may take several forms, such as an explanatory statement added to your record.
We may deny your request, in writing, if the protected health information:
- is accurate and complete;
- was not created by us;
- is not available for inspection as set forth in section 5 above or
- is not part of your health records.
- Receive Notifications in the Event of a Breach (Unauthorized Disclosure of Protected Health Information). You have a right to receive notification if there is a breach of your unsecured protected health information, except in those instances where we determine that there is a low probability that your health information has been compromised. After determining that there was a breach, we will provide notice to you within sixty (60) calendar days after our discovery of the breach, unless a law enforcement official requires us to delay the breach notification.
- Revoke Your Authorization to Use or Disclose Protected Health Information. Except to the extent where we have already taken action in reliance on your written authorization for uses and disclosures of your protected health information, you may provide us written notice to revoke any authorizations you have signed allowing uses and disclosures of your protected health information.
If you have questions about this Notice or complaints about our privacy practices, you may contact our HIPAA Security and Privacy Officer. You may also file a complaint with the Office for Civil Rights of the U.S. Department of Health and Human Services at (800) 537-7697 or http://www.hhs.gov/ocr/privacy/. You will not be penalized for filing your complaint. Written complaints must be submitted to:
150 North Hill Drive, Ste 10
Brisbane, CA 94005
Policy last updated on: December 7, 2020