The Health Insurance Portability and Accountability Act (“HIPAA”)
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (the “Notice”) describes the privacy practices of Apothecary NYC. Apothecary NYC is required by law to maintain the privacy of Protected Health Information (“PHI”) and to provide you with notice of our legal duties and privacy practices with respect to PHI. Apothecary NYC, its employees, and workforce members who are involved in providing and coordinating health care are all bound to follow the terms of this Notice. The members of Apothecary NYC will share PHI with each other for the treatment, payment and health care operations as permitted by HIPAA and this Notice.
PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care products and services to you or payment for such services. This Notice describes how we may use and disclose PHI about you, as well as how you obtain access to such PHI. This Notice also describes your rights with respect to your PHI. We are required by HIPAA to provide this Notice to you. Apothecary NYC is required to follow the terms of this Notice or any change to it that is in effect. We reserve the right to change our practices and this Notice and to make the new Notice effective for all PHI we maintain. If we do so, the updated Notice will be posted on our website and will be available at our facilities and locations where you receive health care products and services from us. Upon request, we will provide any revised Notice to you.
This Notice of Privacy Practices (“Notice”) describes:
- How we may use and disclose your protected health information (“PHI”)
- Your rights to access and amend your PHI
We are required by law to:
- Maintain the privacy of your PHI
- Provide you with notice of our legal duties and privacy practices with respect to PHI
- Abide by the terms of the Notice currently in effect for Apothecary NYC
PERMITTED USES AND DISCLOSURES OF YOUR PHI
We may use and disclose your PHI for the following purposes.
Treatment: We may use and disclose your PHI to healthcare professionals or other third parties to provide, coordinate and manage the delivery of healthcare. For example, your pharmacist may disclose PHI about you to your doctor in order to coordinate the prescribing and delivery of your drugs. We also may provide you with treatment reminders and information about potential side effects, drug interactions and other treatment-related issues involving your medicine.
Payment: We may use and disclose PHI about you to receive payment for our services, manage your account, fulfill our responsibilities under your benefit plan, and process your claims for drugs you have received. For example, we may give PHI to your health plan (or its designee) so we can confirm your eligibility for pharmacy benefits, or we may submit claims to your health plan, employer or other third party for payment.
Healthcare Operations: We may use and disclose your PHI to carry on our own business planning and administrative operations. We need to do this so we can provide you with high-quality services. For example, we may use and disclose PHI about you to assess the use or effectiveness of certain drugs, develop and monitor medical protocols, and to provide information regarding helpful health-management services.
Information That May Be of Interest to You: We may use or disclose your PHI to contact you about treatment options or alternatives that may be of interest to you. For example, we may call you to remind you of expired prescriptions, the availability of alternative drugs, or to inform you of other products that may benefit your health.
Individuals Involved in Your Care or Payment for Your Care: We may disclose PHI about you to someone who assists in or pays for your care. Unless you write to us and specifically tell us not to, we may disclose your PHI to someone who has your permission to act on your behalf. We will require this person to provide adequate proof that he or she has your permission.
Parents or Legal Guardians: If you are a minor or under a legal guardianship, we may release your PHI to your parents or legal guardians when we are permitted or required to do so under federal and applicable state law.
Business Associates: We arrange to provide some services through contracts with business associates so that they may help us operate more efficiently. We may disclose your PHI to business associates acting on our behalf. If any PHI is disclosed, we will protect your information from unauthorized use and disclosure using confidentiality agreements. Our business associates may, in turn, use vendors to assist them in providing services to us. If so, the business associates must enter into a confidentiality agreement with the vendor, which protects your information from unauthorized use and disclosure.
Research: Under certain circumstances, we may use and disclose PHI about you for research purposes. Before we use or disclose PHI about you, we will either remove information that personally identifies you, obtain your written authorization or gain approval through a special approval process designed to protect the privacy of your PHI. In some circumstances, we may use your PHI to generate aggregate data (summarized data that does not identify you) to study outcomes, costs and provider profiles, and to suggest benefit designs for your employer or health plan. These studies generate aggregate data that we may sell or disclose to other companies or organizations. Aggregate data does not personally identify you.
Abuse, Neglect or Domestic Violence: We may disclose your PHI to a social service, protective agency or other government authority if we believe you are a victim of abuse, neglect or domestic violence. We will inform you of our disclosure unless informing you would place you at risk of serious harm.
Public Health: We may disclose your PHI for public health activities and purposes, such as reporting adverse events, post-marketing surveillance in connection with FDA-regulated entities’ legal obligations (for example, pharmaceutical manufacturer reporting or connections with an FDA-mandated Risk Evaluation and Mitigation Strategies (REMS) program) and product recalls. We may also disclose your PHI to a person or company that is regulated by the U.S. Food and Drug Administration, such as a pharmaceutical manufacturer, for the purpose of: 1. reporting or tracking product defects or problems; 2. repairing, replacing, or recalling defective or dangerous products; or 3. monitoring the performance of a product after it has been approved for use by the general public. We may receive payment from a third party for making disclosures for public health activities and purposes.
Health Oversight: We may disclose PHI to a health oversight agency performing activities authorized by law, such as investigations and audits. These agencies include governmental agencies that oversee the healthcare system, government benefit programs, and organizations subject to government regulation and civil rights laws.