CareTree Notice of Privacy Practices
Date of This Notice: November 11, 2015
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
CareTree is considered a Hybrid Entity, meaning not all data or relationships that CareTree enters into are affected by the Privacy Rule. More specifically, this is related to the marketing and referral activities of CareTree. CareTree may engage in relationships with companies (“Marketing Partners”) for the purpose of these companies selling products or services to the users of CareTree Services. If a user enters information into a CareTree assessment, then CareTree may use that for marketing purposes. By registering for the CareTree service, the user gives CareTree permission to pass along the assessment information, contact information of the user, and other information at CareTree’s sole discretion to marketing partners. The marketing partners may use this information to contact the user regarding various products and/or services that they offer. The marketing partner is solely responsible for their handling of the data given to them by CareTree and any relationship or transaction between the marketing partner and the user.
CareTree may also provide website links to outside marketing partners. These website links may vary based on PHI that CareTree has, but will not actually transmit PHI to the marketing partner. CareTree may do this as either a Covered Entity or a Hybrid Entity. Any information or transactions between the marketing partner and the user are solely the responsibility of the marketing partner and the user. CareTree has no obligation or liability under those arrangements.
This Notice describes the privacy practices of CareTree, Inc. (collectively, “CareTree”, or “we” or us”) as it relates to Covered Entity status and associated PHI.
When engaging in practices of a Covered Entity, specifically this relates to storing of PHI by another Covered Entity with which CareTree has a BAA, we are required by law to maintain the privacy of your health information and to provide you with this Notice of our legal duties and privacy practices with respect to your health information. We are committed to protecting your health information.
The HIPAA Privacy Rule protects only certain medical information known as “protected health information” (“PHI”). Generally, PHI is individually identifiable health information, including demographic information, collected from you or received by a health care provider, a health care clearinghouse, or a health plan that relates to:
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU
You decide whether you wish to provide us with PHI. We may collect information from you at different points (for example, when you register as a User of our Site or complete an Assessment), and use this information as follows:
Membership Registration. We collect Personal Information in connection with your registration to become a Site User. You cannot use our Services unless you register as a Site User. We use Personal Information in connection with processing your registration and creating your account profile.
Professional User Membership Fees. We collect Personal Information in connection with processing your payment of membership fees for Professional Users. Please note that CareTree does not directly collect or store your financial account information – instead, we use a reputable company (the "Payment Processing Company") to collect and process your payment information.
Verifying Your Identity. When you register as a Site User we may (but we are not obligated to) use your Personal Information for verifying your identity or status as a family member or a caregiver.
Patient Profiles. Site Users may provide us Personal Information to create a Patient Profile on the Site through our Services. We use such Personal Information to provide the Services, which may include, for example, sharing PHI with medical providers to whom you have granted access to your profile in order to coordinate treatment.
Communications to Us. If you send us an email with questions, comments or requests for additional information, or if you include your Personal Information when providing us with feedback about our Site or the Services, we may use your email address and other information included in your correspondence to respond to you.
Staying Updated; Alerts and Other Communications to You. You may provide us with your email address and other Personal Information so that we can send you information concerning our Site, and Services, and other information (collectively, the "Alerts"). In addition, we may use your Personal Information to provide you with other information that we believe may be of interest to you, such as health-related services and appointment reminders. You will have the ability to opt out of receiving some of these materials.
Informational Notices and Bulletins. We may periodically send news, bulletins or other information to you, and will use Personal Information to send such communications. If we choose to send such communications, you will have the ability to opt out of receiving some of them.
Promotions. We believe that your experiences can often act as the strongest promotion of our Services. Accordingly, we may wish to post on our Site or elsewhere, endorsements from you or descriptions you provide about your experiences. You agree that your Personal Information and experiences with us may be used and adapted for these purposes (without the need for compensation). If we use your Personal Information and experiences in this manner, and such use discloses other Personal Information, we will obtain your permission before using any other Personal Information.
Information You Wish to Have Posted on the Site. We collect Personal Information from you when you provide us with content for posting on our Site. We may use this Personal Information to respond to you.
Other Uses. In addition to the uses specifically identified in this Section 3 (Our Uses of Your Personal Information), we may use Personal Information you submit in any other manner we reasonably deem necessary in order to provide you with the information and Services you request from us via the Site.
To Business Associates. We may contract with individuals or entities known as Business Associates to perform various functions or to provide certain types of services on CareTree’s behalf. In order to perform these functions or provide these services, Business Associates may receive, create, maintain, use, and/or disclose your PHI, but only if they agree in writing with CareTree to implement appropriate safeguards regarding your PHI. For example, CareTree may disclose your PHI to a Business Associate to provide technological support services, but only after the Business Associate enters into a Business Associate Agreement with CareTree.
To Avert a Serious Threat to Health or Safety. We may use and disclose PHI about you to prevent or lessen a serious and imminent threat to the health or safety of a person or the general public.
Military and Veterans. If you are a member of the armed forces, we may release PHI about you if required by military command authorities.
Worker’s Compensation. We may release PHI about you as necessary to comply with worker’s compensation or similar programs.
Public Health Risks. We may release PHI about you for public health activities, such as to prevent or control disease, injury or disability, or to report child abuse, domestic violence, or disease or infection exposure.
Health Oversight Activities. We may release PHI to help health agencies during audits, investigations, or inspections.
Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose PHI about you in response to a court or administrative order. We also may disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement. We may release PHI if asked to do so by a law enforcement official:
National Security and Intelligence Activities. We may release PHI about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
To Company Sponsor. We may disclose your PHI to certain employees of CareTree for the purpose of administering CareTree’s operations. These employees will only use or disclose your PHI as necessary to perform CareTree’s administrative functions or as otherwise required by HIPAA.
Disclosure to Others. We may use or disclose your PHI to your family members and friends who are involved in your care or the payment for your care. We may also disclose PHI to an individual who has legal authority to make health care decisions on your behalf.
The following is a description of disclosures of your PHI CareTree is required to make:
As Required By Law. We will disclose PHI about you when required to do so by federal, state, or local law. For example, we may disclose PHI when required by a court order in a litigation proceeding, such as a malpractice action.
Government Audits. CareTree is required to disclose your PHI to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining CareTree’s compliance with HIPAA.
Disclosures to You. Upon your request, CareTree is required to disclose to you the portion of your PHI that contains medical records, billing records, and any other records used to make decisions regarding your health care benefits.
We will use or disclose your PHI only as described in this Notice. It is not necessary for you to do anything to allow us to disclose your PHI as described here. Any other use or disclosure will be made only with your written authorization. For example, we may use your PHI for other marketing purposes if you provide us with written authorization to do so. You may revoke your authorization in writing at any time. When we receive your revocation, it will be effective only for future uses and disclosures. It will not be effective for any PHI that we may have used or disclosed in reliance upon your written authorization.
YOUR RIGHTS REGARDING PHI THAT WE MAINTAIN
You have the following rights regarding PHI we maintain about you:
Your Right to Inspect and Copy Your PHI. You have the right to inspect and copy your PHI. You must submit your request in writing and if you request a copy of the information, we may charge you a reasonable fee to cover expenses associated with your request. CareTree may deny your request to inspect and copy PHI in certain limited circumstances. If you are denied access to PHI, you may request that the denial be reviewed by submitting a written request to the Contact Person listed below.
Your Right to Amend Incorrect or Incomplete Information. If you believe that the PHI CareTree has about you is incorrect or incomplete, you may request that we change your PHI by submitting a written request. You also must provide a reason for your request. We are not required to amend your PHI but if we deny your request, we will provide you with information about our denial and how you can disagree with the denial.
Your Right to Request Restrictions on Disclosures to Health Plans. Where applicable, you may request that restrictions be placed on disclosures of your PHI.
Your Right to an Accounting of Disclosures We Have Made. You may request an accounting of disclosures of your PHI that we have made, except for disclosures we made to you or pursuant to your written authorization, or that were made for treatment, payment, or other health care operations, national security, or incident to other permissible disclosures. You must submit your request in writing. Your request should specify a time period of up to six years but may not include dates before March 1st, 2015. We will provide one list of disclosures to you per 12-month period free of charge; we may charge you for additional lists.
Your Right to Request Restrictions on Uses and Disclosures. You have the right to request restrictions or limitations on the way that we use or disclose PHI. You must submit a request for such restrictions in writing, including the information you wish to limit, the scope of the limitation, and the persons to whom the limits apply. We may deny your request.
Your Right to Request Confidential Communications Through a Reasonable Alternative Means or at an Alternative Location. You may request that we direct confidential communications to you in an alternative manner. You must submit your request in writing. We are not required to agree to your request.
YOUR RIGHT TO A PAPER COPY OF THIS NOTICE
To obtain a paper copy of this Notice or a more detailed explanation of these rights, send us a written request at the address listed below. You may also obtain a copy of this Notice at our website: www.caretree.me.
CHANGES TO THIS NOTICE
We may amend this Notice of Privacy Practices at any time in the future and make the new Notice provisions effective for all PHI that we maintain. We will advise you of any significant changes to the Notice. We are required by law to comply with the current version of this Notice.
If you believe your privacy rights or rights to notification in the event of a breach of your PHI have been violated, you may file a complaint with us or with the Office of Civil Rights. Complaints about this Notice or about how we handle your PHI should be submitted in writing to the Contact Person listed below.
A complaint to the Office of Civil Rights should be sent to Office of Civil Rights, U.S. Department of Health & Human Services, 233 N. Michigan Ave., Suite 240, Chicago, IL 60601, (312) 886-2359; (312) 323-5693 (TDD), (312) 886-1807 (fax). You also may visit OCR’s website at http://www.hhs.gov/ocr/privacyhowtofile.htm for more information.
You will not be penalized, or in any other way retaliated against for filing a complaint with us or the Office of Civil Rights.
SEND ALL WRITTEN REQUESTS REGARDING THIS PRIVACY NOTICE TO:
C/O HIPAA Officer
2501 W Haddon Ave #102
Chicago, IL 60622