Notice of Privacy Practices
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) requires healthcare providers such as HealthTrackRx to maintain the privacy of health information that identifies you and further provide notice of our legal duties and privacy practices regarding you protected health information (“PHI”). We will always strive to ensure the confidentiality of your PHI, pursuant to HIPAA and any applicable statute and regulation.
Use and Disclosure of PHI
HIPAA allows for the use and disclosure of PHI in certain instances. Below are areas that HealthTrackRx may use and disclose PHI. Please note, some uses and disclosures described may be limited or restricted by state laws or other legal requirements.
- Treatment — We may use or disclose PHI for treatment purposes, including disclosure to physicians, nurses, medical students, pharmacies, and other healthcare professionals who provide you with healthcare services or assist in coordination of you care.
- Payment — We may use or disclose PHI to bill and collect payment for services we provide. For example, HealthTrackRx may provide PHI to your insurance to receive payment for the health care services provided to you.
- Healthcare operations — We may use or disclose PHI for healthcare operations purposes such as evaluating quality of testing and accuracy of results, accreditation, and other administrative and management functions.
- Benefits and services — We may use and disclose PHI to inform or advise you of other health-related benefits and services.
- Disclosure to you — We may disclose PHI to you or as directed by you to a third party.
- Disclosure to those involved in your care — We may disclose PHI to a person who is involved in your care or helps pay for your care.
- Personal Representative — We may disclose PHI to your personal representative, as established under applicable law, or to an administrator, executor, or other authorized individual on behalf of your estate.
- Business associates — We may disclose PHI to our business associates that are contracted to perform or provide certain business services to us. Our business associates are required to maintain the privacy and confidentiality of your PHI as required by HIPAA and applicable statute and regulations.
- Judicial and administrative proceedings — We may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process. We may disclose your PHI if required to do so by federal, state, or local law.
- Law enforcement and governmental agencies — We may disclose PHI for law enforcement purposes, such as reporting wounds or physical injuries or in response to a court order, warrant, subpoena or summons, or similar process authorized by law. We may also disclose PHI when necessary to (1) identify or locate a suspect, fugitive, material witness, missing person, or victim of a crime; (2) provide information regarding a deceased person; or (3) report criminal conduct. We may also disclose PHI about an individual to a government agency, including social services, if we reasonably believe the individual is a victim of abuse, neglect, or domestic violence. We may disclose PHI of an inmate when requested by a correctional institution or law enforcement official for health, safety, and security purposes.
- Public Health — We may disclose PHI for public health activities or concerns, which may include: (1) public health authorities to report, prevent or control disease, injury, or disability; (2) the Food and Drug Administration (FDA) for quality, safety or effectiveness of an FDA-regulated product or activity; (3) a person who may have been exposed to a disease or at risk for contracting or spreading a disease; and (4) when necessary to prevent or lessen a serious or imminent threat to the health or safety of the patient or others.
- Governance activities — We may disclose PHI to a healthcare oversight agency for authorized activities such as audits, civil, administrative, or criminal investigations and proceedings, inspections, licensure and/or disciplinary actions, and other activities necessary for appropriate oversight of government benefit programs and compliance with state, federal, and local statutes and regulations.
- Research — We may use and disclose PHI for research purposes. In this respect, limited data or records may be viewed by researchers to identify patients who may qualify for a research project or other similar purpose, so long as the researchers do not remove or copy any of the PHI. Prior to the use or disclosure of PHI for research purposes, we will determine whether the research activity poses minimal risk to privacy and whether PHI will be adequately safeguarded.
- De-identified Information and Limited Data Sets — We may use and disclose health information that has been “de-identified” by removing identifiers, which makes it unlikely to identify you. We may also disclose limited health information, contained in a “limited data set”. The limited data set does not contain information that directly identifies you. For example, a limited data set may include your city and zip code, but not your name or street address.
Other Uses and Disclosures of PHI
HealthTrackRx will seek patient authorization for uses or disclosure of PHI for other purposes not described above. You may revoke your authorization, in writing, at any time, unless action was already taken upon reliance of the authorization prior to revocation.
Sensitive Health Information
HealthTrackRx will further safeguard PHI relating to sensitive health information such as mental health, HIV/AIDS, and genetic testing, which is subject to protection under other state and federal law. We will obtain your permission, when required, before disclosing this information to other healthcare providers who are not involved in your treatment or care.
HIPAA Breach Notification
Under HIPAA, we are required to provide patient notification if we discover a breach of unsecured PHI. In the event of a breach where your PHI may have been compromised, we will notify you no later than sixty (60) days after discovery of the breach. The notification will provide you information about what happened and what can be done to mitigate any harm.
Subject to some exceptions, you have the following rights with respect to your PHI:
- You have the right to request limits on the use or disclosure of your PHI. You may request that we limit how we use and disclose your PHI for treatment, payment, and healthcare operation activities. Although your request will be considered, we are not required by law to agree to the restriction. If we agree to a restriction, we will provide written notice of our agreement and abide by them, with the exception of emergency situations where disclosure of PHI is necessary for purposes of treatment.
- You have the right to access copies of your PHI. You and your personal representative have the right to review and receive PHI consisting of your laboratory test results or reports ordered by your physician. Upon request, we will provide a copy of your laboratory report within thirty (30) days. You also have the right to direct us to transmit a copy of your PHI to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI.
To request a copy of your PHI, contact HealthTrackRx at at email@example.com. A representative will ask you to complete a HIPAA Patient Request Form and provide identification in order to release your PHI records.
- You have a right to receive an accounting of disclosures, which includes a list of certain instances in which HealthTrackRx disclosed your PHI. This list will not include certain disclosures of PHI that was made pursuant to your written authorization or those made prior to the date on which we were required to comply. If you request an accounting of disclosures of PHI that were made for purposes of treatment, payment, or healthcare operations, the list will include only those disclosures made in the past three (3) years as required by law, unless your requests seeks a shorter timeframe. If you request an accounting of disclosures of PHI that were made for purposes other than treatment, payment, or healthcare operations, the list will include disclosures made in the past six (6) years, unless your requests seeks a shorter timeframe.
- You have the right to correct or update your PHI if you believe your PHI contains a mistake or error. Your request must be in writing. If your request is denied, we will provide an explanation or basis for the denial.
- You have the right to request communications about your PHI at an alternative address or by an alternative means, and we will accommodate reasonable requests.
- You have a right to receive a copy of our Notice of Privacy Practices at any time by contacting us at firstname.lastname@example.org. This Notice can be downloaded here.
Exercising Your Rights
To exercise any of your rights described in this notice, please send a written request to: Compliance Dept, HealthTrackRx: 1500 Interstate 35W, Denton, Texas 76207. With respect to insurance and/or billing information, you may update such information through our website or by contacting the Billing Department using the phone number indicated on the billing invoice.
Inquiries and Complaints
If you have any inquiries, comments, or complaints regarding our Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact us at:
Attention: Compliance Dept.
1500 Interstate 35W
Denton, Texas 76207
You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services.
Office for Civil Rights
The U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-202-619-0257 or toll free at: 1-877-696-6775
HealthTrackRx does not take retaliatory action against you for filing complaints about our privacy practices.
Changes to the HIPAA Statement
HealthTrackRx reserves the right to make changes to this notice and to our privacy policies from time to time. We will update this notice and post the information on our Website when any changes are made. We encourage you to review this site periodically to ensure you are aware of any changes and updates.
Effective Date of Notice: August 7, 2023