Privacy Policy

Notice of Privacy Practices

 

We at Bellevue Primary Healthcare, PC (aka Remedy Health) are committed to safeguarding your privacy. This privacy policy and agreement (this "Privacy Policy") covers how we collect and use information in our electronic medical records and practice management software system (our "EMR"). This information can be used to identify you, and it may be created, used, or disclosed in the course of providing a health care service. It includes your "Protected Information", which includes information that you provide or access via the patient portal at https://11675.portal.athenahealth.com/ (the "Patient Portal").

In this policy, "you" and "your" refer to a user of the Patient Portal, patient, or other person with Protected Information on file with Bellevue Primary Healthcare, PC. "We," "our," and "us" refer to Bellevue Primary Healthcare, PC and its subsidiaries and affiliates.

Please read this policy carefully. By checking the box, clicking on "I Agree", or otherwise signifying acceptance of this privacy policy, you are acknowledging that you have read it, understand it, and are agreeing to be legally bound by the terms provided here.

 

The Information We Collect

We collect Protected Information in the form of (1) registration information that you provide in order to enroll as a patient or use the Patient Portal (your "Personal Information"); (2) information that is created, used, or disclosed in the course of providing health care services to you, which we file in your medical record electronically and/or on paper (your "Protected Health Information"); and (3) financial records, such as billing or insurance information, records of payments, and balance statements, related to our provision of health care services to you (your "Billing Information"). We do not collect any more Protected Information than reasonably necessary to provide our services, operate our EMR and the Patient Portal, and respond to your requests.

By law, you have a right to access and amend your medical records. We own original or electronic copies of any records created by us or shared with us, which we maintain in accordance with federal and state law. We may provide you with access to your Protected Information via the Patient Portal at our discretion as a convenience to you. We reserve the right to suspend your Patient Portal account at any time. We may ask you for Protected Information concerning family members or others for whom you are authorized to act as a personal representative. We use this information to create and gather medical records for these people, and will use and disclose this information in the same manner as we use and disclose your Protected Information.


Our Use of Your Protected Information

We will not share your Protected Information with any third party, other than as expressly disclosed in this policy. In general, we will use your Protected Information as necessary to provide you with medical care, respond to your requests, and maintain our EMR and the Patient Portal.

We will use your Billing Information to obtain payment for medical services that we provide to you. We will use and disclose your Protected Information in accordance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations, including the Standards for Privacy of Individually identifiable Health Information (the "Privacy Rule"), the Security Standards for the Protection of Electronic Protected Health Information (the "Security Rule"), as well as the Health Information Technology for Economic and Clinical Health Act (the "HITECH Act"), and other applicable federal and state laws.

 

DISCLOSURE FOR PAYMENT

By signing this agreement, you agree that Bellevue Primary Healthcare, PC can and will disclose your health information for treatment, to obtain payment for services, and to perform healthcare operations. You may revoke this consent in writing at any time, unless we have already treated you, sought payment for our services, or performed health information exchange in accordance with this consent. We may decline to serve you if you elect not to sign this agreement. You have the right to ask that we abide by suggested restrictions. You are advised however, that certain restrictions required by law may be binding on Bellevue Primary HEalthcare, PC.

 

CONDITION-SPECIFIC CONTENT

Periodically, we may send you news, bulletins, educational materials, marketing materials, or other information based on your Protected Health Information, e.g. targeted to your specific health condition(s). If we choose to send such communications, you will have the ability to opt-out of receiving them, as further provided below. We may also use your Protected Information to make informational content available to you via the Patient Portal.

 

OPT-OUT

If we choose to send you bulletins, updates, or other unsolicited, marketing-related communications, we will provide you with the ability to opt-out of receiving such communications. However, you may not opt-out of formal notices concerning (i) operation of our EMR or the Patient Portal, or (ii) legal and other related notices concerning your relationship to us, nor may you opt-out of being provided with content passively via internet or Patient Portal pages that you choose to access. You may disable Patient Portal access to all or some of your Protected Information by sending us a written request to that effect. Doing so does not affect our records, but only determines whether those records are accessible via the Patient Portal.

 

ANONYMOUS, AGGREGATE INFORMATION

"Aggregate Information" is information that does not identify you, such as statistical information and analyses concerning the use of our services, the number of customers registered in our EMR, usage data for the Patient Portal, aggregated information about health statistics, treatments, conditions or similar aggregated healthcare information, or other aggregated information that is not personally-identifiable. We may use or disclose Aggregate Information in order to undertake or commission statistical and other summary analyses of (i) the general behavior and characteristics of users participating in our services or using the Patient Portal, (ii) the effect of our services on the behavior of our patients, and (iii) the general characteristics of visitors to our website or the Patient Portal and participants in our services. We may share these analyses and Aggregate Information with third parties. Aggregate Information provided to third parties will not allow anyone to identify you, or determine anything personal about you. We may collect Aggregate Information through features of the software that supports our services, through cookies, and through other means described below.

 

IP ADDRESSES

We may automatically receive and record information in our server logs from your browser, including your IP address, your computer's name, the type and version of your web browser, referrer addresses and other generally accepted log information. We may also record page views, and other general statistical and tracking information, which will be aggregated with that of other users and may be disclosed to third party consultants in order to understand how our website and the Patient Portal are being used. None of this data contains personal information.

 

COOKIES

A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a website's computers and is stored on your computer's hard drive. Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a website upon a future visit. We may include cookies on our website or the Patient Portal and use them to recognize you. You may set your browser so that it does not accept cookies. Cookies must be enabled on your web browser, however, if you wish to access certain personalized features of our services. In order to determine whether your computer is supported by our system, we may collect certain anonymous information. This information includes, but is not limited to, your operating system and browser, as well as the presence of any software that our website or the Patient Portal may require to operate with your computer, or other third party software on your computer. This information is kept strictly confidential and is not shared with third parties, except as provided in this Privacy Policy.

 

PRIVACY PROTECTION FOR CHILDREN

The Patient Portal is not directed at minors. We will not provide access to the Protected Information of anyone under the age of 18 (a "Minor Dependent") via the Patient Portal except:

• We may share Protected Information in communications between a parent or legal guardian and California Center for Functional Medicine regarding a Minor Dependent's medical care, to the extent permitted by HIPAA, the Privacy Rule, and other applicable laws protecting the privacy of the Minor Dependent;

• Personal Information of a Minor Dependent may be listed on a parent's or guardian's Patient Portal account;

• Where a third party is responsible for billing and payment, Billing Information BUT NOT related Protected Health Information of a Minor Dependent may be shared with the third party payor. In general, the Protected Information of a Minor Dependent will be disclosed to a parent or guardian in accordance with HIPAA, the Privacy Rule, and other applicable federal and state laws.

 

EHR MAINTENANCE

In the course of maintaining this EHR, our staff, employees and technical/maintenance contractors (the "Vendor") may have limited or full access to your protected information. Such individuals may include a technician or service provider that provides us with the technology, services, and/or content related to (i) enhancing operation and maintenance of the Patient Portal or our EHR, (ii) responding to and sending electronic mail in support of help requests or (iii) providing other functions necessary to our business. Access to your Protected Information by a Vendor is limited to the information reasonably necessary for that Vendor to perform his or her limited functions for us. We also contractually require each Vendor to protect the privacy of your information consistent with this Privacy Policy

 

IMMINENT HARM

We may, but are not obligated to, reveal certain Protected Information to attorneys, or law enforcement agencies if we believe that (a) you are at risk of harm, or (b) you are harming or interfering with (or will imminently harm or interfere with) others or violating (either intentionally or unintentionally) our Terms and Conditions of Use or otherwise violating legal rights.

 

LEGAL REQUIREMENT

We will reveal your Protected Information to the extent we reasonably believe we are required to do so by law. If we receive legal process calling for the disclosure of your Protected Information, we will notify you via the email address you supplied during registration within a reasonable amount of time before we respond to the request, unless such notification is not permitted.

 

DISCLOSURE

Except as specified in this Privacy Policy or required by law, we will not disclose your Protected Information without your permission. By submitting Protected Information to us that you received from hospitals, physicians, or other records owners, you are consenting the disclosure of this information to our staff for use in your treatment programs. Security Security measures are in place to protect the loss and misuse of your Protected Information.

 

SECURITY MEASURES

We use at least 128-bit Secure Socket Layer ("SSL") encryption technology (an industry-standard technology) to prevent phishing and to safeguard your Protected Information whenever it is transferred between servers. To prevent loss of your Protected Information, all data is backed up at least weekly. All of your Protected Information is hosted offsite in an internet data center, access which is controlled 24 hours a day. Our security systems are structured to prevent unauthorized third parties from accessing your Protected Information. We also monitor network traffic to identify unauthorized attempts to access kresserinstitute.com or alter your Protected Information. However, we do not warrant as fail-proof the security of your Protected Information. Due to the nature of internet communications and evolving technologies, we cannot provide, and we explicitly disclaim, assurance that your Protected Information will remain free from loss or misuse by third parties who, despite our efforts, obtain unauthorized access.

 

YOUR PASSWORD AND ACCOUNT INFORMATION

Regardless of the security we have in place to safeguard your Protected Information, anyone with your password and account information can access your Patient Portal account. You are solely responsible for maintaining the secrecy of your password and account information.

 

NOTICE OF SECURITY INCIDENT

If we detect or become aware of any unauthorized access to your Protected Information, we will notify you and/or the Secretary of Health and Human Services in accordance with HIPAA, the Privacy Rule, the Security Rule, the HITECH Act, and other applicable federal and state laws.

 

CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time. If we make any changes to this Privacy Policy, you will be prompted to accept the revised Privacy Policy in order to continue using the Patient Portal. If we make any changes regarding disclosure of your Protected Information to third parties, we will attempt to contact you prior to the date that the modified policy is scheduled to take effect via your current email address on file.

 

YOUR PRIVACY RIGHTS

You have the following rights regarding your health information;

  1. The right to inspect and copy your health information, such as medical and billing records, that we use to make decisions about your care. You must submit a written request to the privacy officer in order to inspect and/or copy your health information, if you request a copy, we may charge a fee for the cost of copying, mailing, or other associated supplies. We may deny your request to inspect and/or copy in certain circumstances. If you are denied access to your health information, you may ask that the denial be reviewed. if the review is required by law, we will select a licensed healthcare professional to review your request and our denial. The person reviewing your request will be someone other than the person who denied the request. We will act on your request within 30 days.

  2. You may ask us to amend your medical information if you believe the information that we have about you is incorrect or incomplete. You may request the amendment as long as the information is kept by this office. You may request an amendment for from the privacy officer. We may deny your request for an amendment to your health information if it is not in writing or if it does not state a reason to support the request.

  3. You may request that the clinic not use your medical information in certain ways or for certain purposes. You may also request that the clinic not provide your health information to certain people. The clinic has a right to refuse your request and may use or disclose your health information in situations requiring emergency treatment. The persons receiving this information will be asked not to further use or disclose the information. You must request restrictions in writing.

  4. You may request that the clinic provide you with your medical information in a confidential manner. You may request that we send your appointment reminders, bills, and other mailings to a different address or that we notify you with a phone call. You must make this request in writing and specify another address or means of communication.

  5. You may ask for an accounting of disclosures of your health information. You must submit your request in writing to the policy officer. WE may charge you for the cost of providing this list. We will notify you if there is a fee for this service and you may choose to withdraw your request at that time before any cost are incurred.

  6. You have the right to a paper copy of this notice. You may ask for a copy of this notice at any time. To obtain a copy, contact the privacy officer.

We reserve the right to change this notice and to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will post a summary of the current notice in the waiting room.

If you feel that your medical information policy rights have been violated, you may file a complaint with the Secretary of Health and Human Services or with the Privacy Officer. Filing a complaint will not affect the quality of the services you receive from our clinic and you will not be retaliated against for filing a complaint.


EFFECTIVE DATE

The effective date of this Privacy Policy is December 20, 2016.