Withings Medical Group
Notice of Privacy Practices
Withings Medical Group is committed to protecting the privacy of your health information. As used in this Notice of Privacy Practices (this "Notice"), "Withings Medical Group", "we", "us" or "our" means Withings Medical Group PA and, where appropriate, its affiliated professional entities organized to provide clinical services in the states in which we operate.
We are required by law to maintain the privacy of your protected health information ("PHI"), to provide you with this notice of our legal duties and privacy practices with respect to your PHI, to notify you following a breach of your unsecured PHI, and to abide by the terms of the notice currently in effect. This Notice applies to all records of your care generated by Withings Medical Group. "Protected health information" is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or mental health, the provision of health care to you, or payment for that care. In some cases, once your PHI is disclosed as permitted by this notice, HIPAA may no longer provide protection of that information from further disclosure.
1. How We May Use and Disclose Your Health Information Without Your Authorization
We may use and disclose your PHI, without your written authorization, for the following purposes:
Treatment. We may use and disclose your PHI to provide, coordinate, or manage your health care and related services. For example, we may share your information with physicians, nurses, technicians, or other personnel involved in your care, including providers outside our practice to whom we refer you.
Payment. We may use and disclose your PHI to obtain payment for the services we provide. For example, we may send claims and supporting information to your health plan or share information to determine eligibility or obtain prior authorization.
Health Care Operations. We may use and disclose your PHI for our health care operations, such as quality assessment and improvement, staff review and training, licensing, accreditation, and business management. For example, we may use your information to evaluate the performance of our staff or to plan our services.
Appointment Reminders and Health-Related Information. We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.
Individuals Involved in Your Care. Unless you object, we may share with a family member, relative, friend, or other person you identify the PHI directly relevant to that person's involvement in your care or payment for your care, and we may use or disclose your PHI to notify such a person of your location or general condition. If you are not present or able to agree or object, we will use our professional judgment to determine whether the disclosure is in your best interest.
Business Associates. We may disclose your PHI to third parties who perform services on our behalf ("Business Associates"). We require our Business Associates to protect your PHI through written agreements.
2. Other Uses and Disclosures Permitted or Required by Law
Subject to applicable legal requirements and limitations, we may use or disclose your PHI without your authorization in the following circumstances:
- As required by law.
- For public health activities, such as disease prevention or control, reporting to the U.S. Food and Drug Administration regarding regulated products, and notifying persons who may have been exposed to a communicable disease.
- To appropriate authorities regarding victims of abuse, neglect, or domestic violence.
- For health oversight activities, such as audits, investigations, inspections, and licensure.
- In judicial and administrative proceedings, in response to a court order, subpoena, or other lawful process.
- For law enforcement purposes, as permitted by law.
- To coroners, medical examiners, and funeral directors, as necessary to carry out their duties.
- To organizations that handle organ, eye, or tissue donation.
- For research, when approved by an institutional review board or privacy board that has reviewed the protocol and established protections for your information.
- To avert a serious and imminent threat to the health or safety of you or others.
- For specialized government functions, such as military and veterans' activities, national security and intelligence activities, and protective services.
- For workers' compensation, as authorized by and to the extent necessary to comply with workers' compensation laws.
- To a correctional institution or law enforcement official having lawful custody of you, if you are an inmate.
3. Uses and Disclosures That Require Your Written Authorization
Other than as described above, we will not use or disclose your PHI without your written authorization. In particular, the following require your authorization: most uses and disclosures of psychotherapy notes (if we maintain them); uses and disclosures for marketing purposes; and disclosures that constitute a sale of PHI. Any other use or disclosure not described in this notice will be made only with your written authorization. You may revoke an authorization at any time, in writing, except to the extent we have already acted in reliance on it.
4. Special Protections for Certain Information
Certain categories of information receive additional protection under federal and state law and may require your specific authorization before we use or disclose them. These may include information about HIV/AIDS status or testing, mental health, substance use disorder treatment, genetic information, and reproductive health care. Where state or other law provides greater privacy protection than HIPAA, we will follow the more protective law.
5. Your Rights Regarding Your Health Information
To exercise any of your rights, please submit your request in writing to our Privacy Officer at the contact information below.
Right to Access. You may inspect and obtain a copy of your PHI in a designated record set, including an electronic copy if we maintain it electronically. We may charge a reasonable, cost-based fee.
Right to Amend. You may request that we amend PHI you believe is incorrect or incomplete. We may deny your request in certain circumstances and will provide a written explanation.
Right to an Accounting of Disclosures. You may request a list of certain disclosures we made of your PHI, other than those for treatment, payment, health care operations, and certain other purposes.
Right to Request Restrictions. You may request restrictions on how we use or disclose your PHI. We are not required to agree, except that we must agree to a request to restrict disclosure to a health plan for a service you paid for in full, out of pocket, unless the disclosure is otherwise required by law.
Right to Confidential Communications. You may request that we communicate with you about your health matters by alternative means or at an alternative location.
Right to a Paper Copy. You may obtain a paper copy of this notice on request, even if you agreed to receive it electronically.
Right to Breach Notification. You have the right to be notified following a breach of your unsecured PHI.
6. Our Duties
We are required by law to maintain the privacy of your PHI, provide you with this Notice, abide by the terms of the notice currently in effect, and notify you following a breach of unsecured PHI. We reserve the right to change this Notice and to make the revised notice effective for PHI we already have as well as information we receive in the future. If we make a material change, we will make the revised notice available on our website and by mail on request and post its effective date.
7. Additional State and Federal Requirements
Some state and federal laws provide additional privacy protection of your health information. These include:
- Sensitive health information. Some types of health information are particularly sensitive, and the law, with limited exceptions, may require that we obtain your written permission or in some instances, a court order, to use or disclose that information. Sensitive health information includes information dealing with mental health and developmental disabilities, HIV/AIDS, alcohol and drug abuse treatment, genetic testing and genetic counseling. Prior to receiving care from Withings Medical Group, a patient signs, where required by law, a consent to allow Withings Medical Group to use and disclose sensitive health information in a similar way that the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") allows us to use and share non-sensitive health information for treatment, payment and healthcare operations as described in this Notice. For example, Withings Medical Group may use and share sensitive health information in order to better coordinate care for Withings Medical Group patients.
- Information used in certain disciplinary proceedings. State law may require your written permission if certain health information is to be used in various review and disciplinary proceedings by state health oversight boards (such as the Department of Professional Regulation).
- Information used in certain litigation proceedings. State law may require your written permission for certain providers to disclose information in certain legal proceedings.
- Disclosures to certain registries. Some laws require your written permission if we disclose your health information to certain state-sponsored registries.
Withings Medical Group is committed to following all state and federal legal requirements.
8. Complaints
Protecting your confidential information is important to us. If you feel we have violated your rights, please contact us using the information at the end of this Notice. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, SW, Washington, DC 20201, calling 800.368.1019 or visiting hhs.gov/ocr/about-us/contact-us/index. We will not retaliate against you for filing a complaint either to Withings Medical Group or to the Office for Civil Rights.
9. For More Information or to File a Complaint
Privacy Officer, Withings Medical Group
225 Franklin Street, Suite 1250
Boston, MA 02110
Privacy@withings.com
This Notice is not a form you sign. Its availability is acknowledged through the HIPAA Acknowledgment of Receipt during ACCESS enrollment. You may request a paper copy at any time.