CareTree Notice of Privacy Practices
Date of This Notice: November 11, 2015
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT
YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
CareTree is
considered a Hybrid Entity, meaning not all data or relationships that CareTree
enters into are affected by the Privacy Rule.
More specifically, this is related to the marketing and referral activities
of CareTree. CareTree may engage in
relationships with companies (“Marketing Partners”) for the purpose of these
companies selling products or services to the users of CareTree Services. If a user enters information into a CareTree
assessment, then CareTree may use that for marketing purposes. By registering for the CareTree service, the
user gives CareTree permission to pass along the assessment information,
contact information of the user, and other information at CareTree’s sole
discretion to marketing partners. The
marketing partners may use this information to contact the user regarding
various products and/or services that they offer. The marketing partner is solely responsible
for their handling of the data given to them by CareTree and any relationship
or transaction between the marketing partner and the user.
CareTree may also
provide website links to outside marketing partners. These website links may vary based on PHI
that CareTree has, but will not actually transmit PHI to the marketing
partner. CareTree may do this as either a
Covered Entity or a Hybrid Entity. Any
information or transactions between the marketing partner and the user are
solely the responsibility of the marketing partner and the user. CareTree has no obligation or liability under
those arrangements.
This Notice
describes the privacy practices of CareTree, Inc. (collectively, “CareTree”, or
“we” or us”) as it relates to Covered Entity status and associated PHI.
When engaging in
practices of a Covered Entity, specifically this relates to storing of PHI by
another Covered Entity with which CareTree has a BAA, we are required by law to
maintain the privacy of your health information and to provide you with this
Notice of our legal duties and privacy practices with respect to your health
information. We are committed to protecting your health information.
The HIPAA
Privacy Rule protects only certain medical information known as “protected
health information” (“PHI”). Generally, PHI is individually identifiable health
information, including demographic information, collected from you or received
by a health care provider, a health care clearinghouse, or a health plan that
relates to:
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT
YOU
You decide
whether you wish to provide us with PHI. We may collect information from you at
different points (for example, when you register as a User of our Site or
complete an Assessment), and use this information as follows:
Membership Registration. We collect Personal Information in connection
with your registration to become a Site User. You cannot use our Services
unless you register as a Site User. We use Personal Information in connection
with processing your registration and creating your account profile.
Professional User Membership
Fees. We collect
Personal Information in connection with processing your payment of membership
fees for Professional Users. Please note that CareTree does not directly
collect or store your financial account information – instead, we use a
reputable company (the "Payment Processing Company") to collect and
process your payment information.
Verifying Your Identity. When you register as a Site User we may (but we
are not obligated to) use your Personal Information for verifying your identity
or status as a family member or a caregiver.
Patient Profiles. Site Users may provide us Personal Information to create a
Patient Profile on the Site through our Services. We use such Personal Information
to provide the Services, which may include, for example, sharing PHI with
medical providers to whom you have granted access to your profile in order to
coordinate treatment.
Communications to Us. If you send us
an email with questions, comments or requests for additional information, or if
you include your Personal Information when providing us with feedback about our
Site or the Services, we may use your email address and other information
included in your correspondence to respond to you.
Staying Updated; Alerts and Other Communications to
You. You may
provide us with your email address and other Personal Information so that we
can send you information concerning our Site, and Services, and other
information (collectively, the "Alerts"). In addition, we may use
your Personal Information to provide you with other information that we believe
may be of interest to you, such as health-related services and appointment
reminders. You will have the ability to opt out of receiving some of these
materials.
Informational Notices and Bulletins. We may periodically send news, bulletins or
other information to you, and will use Personal Information to send such
communications. If we choose to send such communications, you will have the
ability to opt out of receiving some of them.
Promotions. We believe that your experiences can often act as the
strongest promotion of our Services. Accordingly, we may wish to post on our
Site or elsewhere, endorsements from you or descriptions you provide about your
experiences. You agree that your Personal Information
and experiences with us may be used and adapted for these purposes (without the
need for compensation). If we use your Personal Information and experiences in
this manner, and such use discloses other Personal Information, we will obtain
your permission before using any other Personal Information.
Information You Wish to Have Posted on the Site. We collect Personal Information from you when
you provide us with content for posting on our Site. We may use this Personal
Information to respond to you.
Other Uses. In addition to the uses specifically identified in this
Section 3 (Our Uses of Your Personal Information), we may use Personal
Information you submit in any other manner we reasonably deem necessary in
order to provide you with the information and Services you request from us via
the Site.
To Business Associates. We may contract with individuals or entities
known as Business Associates to perform various functions or to provide certain
types of services on CareTree’s behalf. In order to perform these functions or
provide these services, Business Associates may receive, create, maintain, use,
and/or disclose your PHI, but only if they agree in writing with CareTree to
implement appropriate safeguards regarding your PHI. For example, CareTree may
disclose your PHI to a Business Associate to provide technological support
services, but only after the Business Associate enters into a Business
Associate Agreement with CareTree.
To Avert a Serious Threat to Health or Safety. We may use and disclose PHI about you to prevent
or lessen a serious and imminent threat to the health or safety of a person or
the general public.
Military and Veterans. If you are a member of the armed forces, we may
release PHI about you if required by military command authorities.
Worker’s Compensation. We may release PHI about you as necessary to comply with
worker’s compensation or similar programs.
Public Health Risks. We may release PHI about you for public health
activities, such as to prevent or control disease, injury or disability, or to
report child abuse, domestic violence, or disease or infection exposure.
Health Oversight Activities. We may release PHI to help health agencies
during audits, investigations, or inspections.
Lawsuits and Disputes. If you are involved in a lawsuit or a dispute,
we may disclose PHI about you in response to a court or administrative order.
We also may disclose PHI about you in response to a subpoena, discovery
request, or other lawful process by someone else involved in the dispute, but
only if efforts have been made to tell you about the request or to obtain an
order protecting the information requested.
Law Enforcement. We may release PHI if asked to do so by a law
enforcement official:
National Security and Intelligence Activities. We may release PHI about you to authorized
federal officials for intelligence, counterintelligence, and other national
security activities authorized by law.
To Company Sponsor. We may disclose your PHI to certain employees of
CareTree for the purpose of administering CareTree’s operations. These
employees will only use or disclose your PHI as necessary to perform CareTree’s
administrative functions or as otherwise required by HIPAA.
Disclosure to Others. We may use or disclose your PHI to your family
members and friends who are involved in your care or the payment for your care.
We may also disclose PHI to an individual who has legal authority to make
health care decisions on your behalf.
REQUIRED DISCLOSURES
The following
is a description of disclosures of your PHI CareTree is required to make:
As Required By Law. We will disclose PHI about you when required to do so by
federal, state, or local law. For example, we may disclose PHI when required by
a court order in a litigation proceeding, such as a malpractice action.
Government Audits. CareTree is required to disclose your PHI to the
Secretary of the United States Department of Health and Human Services when the
Secretary is investigating or determining CareTree’s compliance with HIPAA.
Disclosures to You. Upon your request, CareTree is required to
disclose to you the portion of your PHI that contains medical records, billing
records, and any other records used to make decisions regarding your health
care benefits.
WRITTEN AUTHORIZATION
We will use or
disclose your PHI only as described in this Notice. It is not necessary for you
to do anything to allow us to disclose your PHI as described here. Any other
use or disclosure will be made only with your written authorization. For
example, we may use your PHI for other marketing purposes if you provide us
with written authorization to do so. You may revoke your authorization in
writing at any time. When we receive your revocation, it will be effective only
for future uses and disclosures. It will not be effective for any PHI that we
may have used or disclosed in reliance upon your written authorization.
YOUR RIGHTS REGARDING PHI THAT WE MAINTAIN
You have the
following rights regarding PHI we maintain about you:
Your Right to Inspect and Copy Your PHI. You have the right to inspect and copy your PHI.
You must submit your request in writing and if you request a copy of the
information, we may charge you a reasonable fee to cover expenses associated
with your request. CareTree may deny your request to inspect and copy PHI in
certain limited circumstances. If you are denied access to PHI, you may request
that the denial be reviewed by submitting a written request to the Contact
Person listed below.
Your Right to Amend Incorrect or Incomplete Information. If you believe that the PHI CareTree has about
you is incorrect or incomplete, you may request that we change your PHI by
submitting a written request. You also must provide a reason for your request.
We are not required to amend your PHI but if we deny your request, we will
provide you with information about our denial and how you can disagree with the
denial.
Your Right to Request Restrictions on Disclosures to Health Plans. Where applicable, you may request that
restrictions be placed on disclosures of your PHI.
Your Right to an Accounting of Disclosures We Have Made. You may request an accounting of disclosures of
your PHI that we have made, except for disclosures we made to you or pursuant
to your written authorization, or that were made for treatment, payment, or
other health care operations, national security, or incident to other
permissible disclosures. You must submit your request in writing. Your request
should specify a time period of up to six years but may not include dates
before March 1st, 2015. We will provide one list of disclosures to
you per 12-month period free of charge; we may charge you for additional lists.
Your Right to Request Restrictions on Uses and Disclosures. You have the right to request restrictions or
limitations on the way that we use or disclose PHI. You must submit a request
for such restrictions in writing, including the information you wish to limit,
the scope of the limitation, and the persons to whom the limits apply. We may
deny your request.
Your Right to Request Confidential Communications Through a
Reasonable Alternative Means or at an Alternative Location. You may request that we direct confidential
communications to you in an alternative manner. You must submit your request in
writing. We are not required to agree to your request.
YOUR RIGHT TO A PAPER COPY OF THIS NOTICE
To obtain a
paper copy of this Notice or a more detailed explanation of these rights, send
us a written request at the address listed below. You may also obtain a copy of
this Notice at our website: www.caretree.me.
CHANGES TO THIS NOTICE
We may amend
this Notice of Privacy Practices at any time in the future and make the new
Notice provisions effective for all PHI that we
maintain. We will advise you of any significant changes to the Notice. We are
required by law to comply with the current version of this Notice.
COMPLAINTS
If you believe
your privacy rights or rights to notification in the event of a breach of your
PHI have been violated, you may file a complaint with us or with the Office of
Civil Rights. Complaints about this Notice or about how we handle your PHI
should be submitted in writing to the Contact Person listed below.
A complaint to
the Office of Civil Rights should be sent to Office of Civil Rights, U.S.
Department of Health & Human Services, 233 N. Michigan Ave., Suite 240,
Chicago, IL 60601, (312) 886-2359; (312) 323-5693 (TDD), (312) 886-1807 (fax).
You also may visit OCR’s website at http://www.hhs.gov/ocr/privacyhowtofile.htm
for more information.
You will not be
penalized, or in any other way retaliated against for filing a complaint with
us or the Office of Civil Rights.
SEND ALL
WRITTEN REQUESTS REGARDING THIS PRIVACY NOTICE TO:
CareTree, Inc
C/O HIPAA Officer
2501 W Haddon Ave #102
Chicago, IL 60622
info@caretree.me