HIPAA Notice of Privacy Jettison.md

THIS PRIVACY NOTICE DETAILS HOW MEDICAL INFORMATION ABOUT YOU MAY  BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS  INFORMATION 

_______________________  

Please Review It Carefully 

This revised Notice took effect on August 15, 2022, and will remain in effect until we  replace or modify it. 

Important: “Protected health information” or “PHI” is information about you, including  information that can reasonably be used to identify you and that, which relates to your past,  present, or future physical or mental health or condition, the provision of health care to  you or the payment for that care. 

We protect your privacy by: 

• limiting who may see your PHI; 

• limiting how we may use or disclose your PHI; 

• informing you of our legal duties with respect to your PHI; 

• explaining our privacy policies; and 

• adhering to the policies currently in effect. 

Copies of this Notice: 

You have the right to a paper copy of this notice or any revised notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. To obtain a paper copy of this notice, request a copy from Jettison, Inc. in writing at 45 Portland Road, Suite 7-226, Kennebunk, ME 04043, or by email at help@jettison.md. 

Changes to this notice: 

We reserve the right to change this notice at any time. We will post a copy of the current notice on the Jettison, Inc. website. The notice will contain the effective date on the first page. If you have a previous version, it is the client’s responsibility to obtain the most current copy. 

Potential Impact of State Law: 

The HIPAA Privacy Rule generally does not “preempt” (or take precedence over) state privacy or other applicable laws that provide individuals greater privacy protections. As a result, to the extent state law applies, the privacy laws of a particular state, or other federal laws, rather than the HIPAA Privacy Rule, might impose a privacy standard under which we will be required to operate. For example, where such laws have been enacted, we will follow more stringent state privacy laws that relate to the uses and disclosures of protected health information concerning HIV or AIDS, mental health, substance abuse/chemical dependency, genetic testing, reproductive rights, etc.

Website Security Rule Safeguards: 

• Jettison, Inc. performed a risk analysis prior to using the site in connection with any ePHI and reduce risks to a reasonable and acceptable level • Jettison, Inc. ensures that all access, audit, and integrity controls are in place and safeguards are implemented to secure data at rest and in transit • Jettison, Inc. performs a security scan of the site to check for vulnerabilities & periodic and routine security checks are implemented. 

• Jettison, Inc. only uses plugins from trustworthy sources 

• Jettison, Inc. ensures all plugins are updated and the latest version of the hosting site is installed 

• Jettison, Inc. uses security plugins on the website 

• Jettison, Inc. ensures ePHI is stored outside of hosting site • Jettison, Inc. sets strong passwords and admin account names to reduce the potential for brute force attacks. Use rate limiting to further enhance security  and use two-factor authentications for administrator accounts 

• Jettison, Inc. ensures that users cannot sign up for accounts directly  without first being vetted 

• Jettison, Inc. ensures any data collected via web forms is encrypted in  transit 

• Jettison, Inc. obtains business associate agreements with all service  providers/plugin developers who require access to ePHI or whose software  touches ePHI 

Services Provided: 

Jettison, Inc. provides medical treatments and therapies for its patients by licensed medical providers, laboratory testing services, as well as advice-only consultations. 

Collection of Personal Information: 

Jettison, Inc. collects and maintains personal information provided by the patient. 

Who Will Follow This Notice: 

This notice describes the practices of Jettison, Inc. Any health care professional authorized to enter information into your medical record maintained by Jettison, Inc.. Any persons or companies with whom Jettison, Inc. contracts for services to help operate the practice and who have access to your medical information. All these persons, entities, sites, and locations follow the terms of this notice. In addition, these persons, entities, sites, and locations may share medical information with each other for treatment, payment, or health care operations purposes and other purposes described in this notice. 

Our Pledge Regarding Medical Information: 

Jettison, Inc. believes that protecting your private information is one of our top priorities. From the moment you contact us, whether by phone, in person, or online, we do everything possible to guard your personal information. We abide by all state and federal laws regulating medical privacy including HIPAA and HITECH. We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive from Jettison, Inc.. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all the records of your care and billing for that care that are generated or maintained by Jettison, Inc., whether made by Jettison, Inc. personnel or other health care providers. Other health care providers may have different policies or notices about confidentiality and disclosure that apply to your medical information that is created in their offices or at locations other than Jettison, Inc.. This notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of your medical information. By using our services, you consent to the data practices described in this statement. 

We are required by law to: 

Make sure that medical information that identifies you is kept private; Give you this notice of our legal duties and privacy practices at Jettison, Inc., and your legal rights, with respect to medical information about you; and follow the terms of the notice that is currently in effect. 

1) How we may use and disclose medical information about you: The following categories describe different ways that we use and disclose medical information. For each category of uses or disclosures, we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of these categories. 

Abuse or Neglect: We may disclose your protected health information to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws. 

Active-Duty Military Personnel and Veterans. If you are an active-duty member of the armed forces or Coast Guard, we must give certain information about you to your commanding officer or other command authority so that your fitness for duty or for a particular mission may be determined. We may also release medical information about foreign military personnel to the appropriate foreign military authority. We may use and disclose to components of the Department of Veterans Affairs medical information about you to determine whether you are eligible for certain benefits. 

Appointment Reminders. We may use and disclose your medical information to notify you of upcoming appointments. Unless you object, these reminders may be communicated by phone, text, or email. 

Coroners and Medical Examiners. We may release without your consent medical information to a coroner or medical examiner. This may be done, for example, to identify a deceased person or determine the cause of death. We also may release medical information about deceased patients of Jettison, Inc. to funeral directors to carry out their duties. 

Criminal Activity: Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual. 

Food and Drug Administration: We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations; to track products; to enable product recalls; to make repairs or replacements; or to conduct post-marketing surveillance, as required. 

Health Care Operations. We and our business associates may use and disclose medical information about you for health care operations. These uses and disclosures are necessary to run Jettison, Inc. and make sure that all of our patients receive quality care. For example, we may use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine medical information about many patients to decide what additional services Jettison, Inc. should offer, and what services are not needed. We may also disclose information to doctors, nurses, technicians, and other personnel affiliated with Jettison, Inc. for review and learning purposes. We may also combine the medical information we have with medical information from other health care providers to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning the identities of specific patients. We also may disclose information about you to another health care provider for its health care operations purposes if you also have received care from that provider. After receiving your written consent for the release of records to the parties that you specify, or as required by law. 

Health Oversight Activities. We may disclose without your consent medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. The government uses these activities to monitor the health care system, government programs, and compliance with civil rights laws. 

Individuals Involved in Your Care or Payment for Your Care. We may release medical information about you to a friend or family member who is involved in your medical care. This would include persons named in any durable health care power of attorney or similar document provided to us. We may also give information to someone who helps pay for some or all of your care. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location. You can object to these releases by telling us that you do not wish any or all individuals involved in your care to receive this information. If you are not present or cannot agree or object, we will use our professional judgment to decide whether it is in your best interest to release relevant information to someone who is involved in your care or to an entity assisting in a disaster relief effort. 

Inmates. If you are an inmate of a correctional institution or in the custody of law enforcement, we may release medical information about you to the correctional institution or law enforcement official who has custody of you, if the correctional institution or law enforcement official represents Jettison, Inc. that such medical information is necessary: (1) to provide you with health care; (2) to protect your health and safety or the health and safety of others; (3) to protect the safety and security of officers, employees, or others at the correctional institution or involved in transporting you; (4) for law enforcement to maintain safety and good order at the correctional institution; or (5) to obtain payment for services provided to you. If you are in the custody of the Colorado Department of Corrections (“CDOC”) and the CDOC requests your medical records, we are required to provide the CDOC with access to your records. 

Law Enforcement. We may release without your consent medical information to a law enforcement official: 

• In response to a court order, warrant, summons, grand jury demand, or similar process; 

• To comply with mandatory reporting requirements for violent injuries, such as gunshot wounds, stab wounds, and poisonings; 

• In response to a request from law enforcement for certain information to help locate a fugitive, material witness, suspect, or missing person; • To report a death or injury we believe may be the result of criminal conduct, and To report suspected criminal conduct committed at Jettison, Inc. facilities. 

Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we must disclose medical information about you in response to a court or administrative order. We also may disclose medical information about you in response to a subpoena or other lawful process from someone involved in a civil dispute.

Marketing of Health-Related Products and Services. “Marketing” means a communication for which we receive any sort of payment from a third party that encourages you to use a service or buy a product. Marketing does not include prescription refill reminders or other information that describes a drug you currently are being prescribed or an appointment reminder or a direct solicitation from Jettison.md. Communications made about your treatment, such as when your physician refers you to another health care provider, generally are not marketing. 

National Security and Intelligence Activities. We may release without your consent medical information about you as required by the applicable law to authorized federal or state officials for intelligence, counterintelligence, or other governmental activities prescribed by law to protect our national security. 

Payment. We may use and disclose medical information about you so that the treatment and services you receive from Jettison, Inc. may be billed by Jettison, Inc. and payment may be collected from you, an insurance company, or a third party. For example, we may disclose information about you to another health care provider, such as a hospital or skilled nursing facility to which you are admitted, for their payment activities concerning you. After receiving your written consent for the release of records to the parties that you specify, or as required by law. Currently, Jettison, Inc. does not accept insurance of any kind. 

Protective Services for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state, or to conduct special investigations. 

Psychotherapy Notes. Regardless of the other parts of this Notice, psychotherapy notes will not be disclosed outside the Jettison, Inc. except as authorized by you in writing or pursuant to a court order, or as required by law. Psychotherapy notes about you will not be disclosed to personnel working within Jettison, Inc., except for training purposes or to defend a legal action brought against Jettison, Inc., unless you have properly authorized such disclosure in writing. 

Public Health Risks. We may disclose without your consent medical information about you for public health activities. These activities generally include but are not limited to the following: To report, prevent or control disease, injury, or disability; To report births and deaths; To report reactions to medications or problems with products; To notify people of recalls of products they may be using; To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and To report suspected abuse or neglect as required by law. 

Research. Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another for the same condition. Medical information about you that has had identifying information removed may be used for research without your consent. We also may disclose medical information about you to people preparing to conduct a research project (for example, to help them look for patients with specific medical needs), so long as the medical information they review does not leave Jettison, Inc.. If the researcher will have information about your mental health treatment that reveals who you are, we will seek your consent before disclosing that information to the researcher. Unless we notify you in advance and you give us written permission, we will not receive any money or other thing of value in connection with using or disclosing your medical information for research purposes except for money to cover the costs of preparing and sending the medical information to the researcher. 

Required by Law: We may use or disclose your protected health information when we are required to do so by law. For example, we must disclose your protected health information to the U.S. Department of Health and Human Services upon request for purposes of determining whether we are in compliance with federal privacy laws. We may disclose your protected health information when authorized by workers’ compensation or similar laws. 

Sale of Medical Information. We cannot and do not sell your medical information. If Jettison, Inc. makes that decision Jettison, Inc. will only do so by first receiving your authorization in writing. Any authorization form you sign agreeing to the sale of your medical information must state that we will receive payment of some kind disclosing your information. However, because a “sale” has a specific definition under the law, it does not include all situations in which payment of some kind is received for the disclosure. For example, a disclosure for which we charge a fee to cover the cost to prepare and transmit the information does not qualify as a “sale” of your information. 

Special Situations Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation, or to an organ donation bank as necessary to facilitate organ or tissue donation and transplantation. 

Treatment. We may use medical information about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, medical students, volunteers, or other personnel who are involved in taking care of you at Jettison, Inc.. For example, a practitioner treating you for a testosterone deficiency may need to know if you have diabetes because diabetes may affect the treatment plan. We also may disclose medical information about you to people outside Jettison, Inc. who may be involved in your medical care after you have been treated by Jettison, Inc., such as friends, family members, or employees or medical staff members of any hospital or skilled nursing facility to which you are transferred or subsequently admitted. After receiving your written consent for the release of records to the parties that you specify, or as required by law. 

Treatment Alternatives. We may use and disclose medical information to tell you about or recommend different ways to treat you. 

Worker’s Compensation. In accordance with state law, we may release without your consent medical information about your treatment for a work-related injury or illness or for which you claim worker’s compensation to your employer, insurer, or care manager paying for that treatment under a worker’s compensation program that provides benefits for work-related injuries or illness. 

2) Your rights regarding medical information about you: 

You have the following rights regarding medical information we maintain about you: 

Right to Amend. If you feel that the medical information we have about you in your record is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for Jettison, Inc.. To request an amendment, make your request in 

writing to Jettison, Inc.’s Management. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: Was not created by us, unless the person or entity that created the information is no longer available to make the amendment; Is not part of the medical information kept by or for Jettison, Inc.; Is not part of the information that you would be permitted to inspect and copy; or Has been determined to be accurate and complete. If we deny your request for an amendment, you may submit a written statement of disagreement and ask that it be included in your medical record. 

Right to Inspect and Copy. You have the right to inspect and receive a copy of your medical record unless your attending physician determines that information in that record, if disclosed to you, would be harmful to your mental or physical health. If we deny your request to inspect and receive a copy of your medical information on this basis, you may request that the denial be reviewed. Another licensed health care professional is chosen by Jettison, Inc. will review your request and the denial. The person conducting the review will not be the person who denied your request. We will do what this reviewer decides. If we have all or any portion of your medical information in an electronic format, you may request an electronic copy of those records or request that we send an electronic copy to any person or entity you designate in writing. Your medical information is contained in records that are the property of Jettison.md. To inspect or receive a copy of medical information that may be used to make decisions about you, you must submit your request in writing to Jettison, Inc. Management. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request, and we may collect the fee before providing the copy to you. If you agree, we may provide you with a summary of the information instead of providing you with access to it, or with an explanation of the information instead of a copy. Before providing you with such a summary or explanation, we first will obtain your agreement to pay and will collect the fees, if any, for preparing the summary or explanation. 

Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail, or at another mailing address other than your home address. We will accommodate all reasonable requests. We will not ask you the reason for your request. To request confidential communications, make your request in writing to Management and specify how or where you wish to be contacted. 

Right to Request Restrictions. Except where we are required to disclose the information by law, you have the right to request a restriction or limitation on the medical information we use or disclose about you. For example, you could revoke any and all authorizations you previously gave us relating to disclosure of your medical information. We are not required to agree to your request, with the exception of restrictions on disclosures to your health plan, as described below. If we do agree, we will comply with your request unless the information is needed to provide you with emergency treatment. To request restrictions, make your request in writing to Jettison, Inc.’s Management. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse. You may request that we not disclose your medical information to your health insurance plan for some or all of the services you receive during a visit to any Jettison, Inc. location. If you pay the charges for those services you do not want disclosed in full at the time of such service, we are required to agree to your request. “In full” means the amount we charge for the service, not your co-pay, coinsurance, or deductible responsibility when your insurer pays for your care. Please note that once information about a service has been submitted to your health plan, we cannot agree to your request. If you think you may wish to restrict the disclosure of your medical information for a certain service, please let us know as early in your visit as possible. 

Investigations of breaches of privacy We will investigate any discovered unauthorized use or disclosure of your medical information to determine if it constitutes a breach of the federal privacy or security regulations addressing such information. If we determine that such a breach has occurred, we will provide you with notice of the breach and advise you on what we intend to do to mitigate the damage (if any) caused by the breach, and about the steps you should take to protect yourself from potential harm resulting from the breach. 

Complaints If you believe your privacy rights have been violated, you may file a complaint with Jettison, Inc. or with the Secretary of the United States Department of Health and Human Services. To file a complaint with Jettison, Inc., contact Jettison, Inc. Management by mail at 45 Portland Road, Suite 7-226, Kennebunk, ME 04043. All complaints must be submitted in writing. 

You will not be penalized for filing a complaint. Other uses of medical Information Other uses and disclosures of medical information not covered by this notice may be made only with your written authorization or as required by law. If you authorize us to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. Your revocation will be effective as of the end of the day on which you provide it in writing to Jettison, Inc. Management. If you revoke your permission, we will no longer use or disclose medical information about you for the purposes that you previously had authorized in writing. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.