This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review carefully.
Healics, Inc. shares your concern in keeping your “Protected Health Information” (PHI) private and secure. We have established policies and procedures that guide the collection, use and security of your PHI. We have developed this Privacy Statement to help you understand our privacy and security standards. This Privacy Statement may be revised at any time. You can find a copy of our most current Privacy Statement on our web site at www.healics.com or by calling us at (800) 432-5427 and requesting a copy. We recommend that you periodically visit our web site to review the most current version of our Privacy Statement as well as other useful wellness tools.
How does Healics, Inc. collect my PHI?
Healics, Inc. employs and contracts with third parties that draw blood samples and collect PHI from you. Information is collected during personal appointments, at worksite screenings, over the phone, or over the web. Your PHI is processed and stored in Healics, Inc. computer systems.
How does Healics, Inc. secure my PHI?
Healics Inc. uses established and commercially reasonable hardware, software, and other procedures to secure your PHI. We assess new technology for protecting your PHI on an ongoing basis.
With whom do we share your PHI?
In some limited situations it is necessary to share your PHI with third parties. For example, we may need to send blood samples to a third party to have them analyzed. We may provide your PHI to authorized professionals to provide personal report delivery and wellness coaching. Also, legal requirements (such as a court order) may require us to share your PHI with a third party.
Will my PHI be shared with my employer?
Employers often hire us to provide wellness services to you. However, we do not voluntarily provide those employers with copies of your PHI. In fact, we take steps to ensure that no individually-identified health information is shared with your employer. We do share aggregate, non-identified information about employees with an employer who is our client. For example, we may send an employer a report about the overall health of employees at a particular facility. If that facility has less than twenty-five employees we aggregate the information with other facilities in order to help de-identify the information.
Are there any additional situations where my PHI could be disclosed?
The following situations are rare but may occur.
As required by law: We will disclose PHI when required to do so by federal, state or local law.
To avert a threat to health or safety: We may use and disclose PHI when necessary to prevent a threat to your health and safety or the health and safety of the public or another person.
Lawsuits and Disputes: If you are involved in a lawsuit or dispute, we may disclose PHI in response to a court or administrative order. We may also disclose PHI in response to subpoena, discovery request, or other lawful process by another party involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement: We may release PHI if asked to do so by law enforcement:
- In response to a court order, subpoena, warrant, summons or similar process;
- To identify or locate a suspect, fugitive, material witness or missing person;
- About the victim of a crime if, under certain limited circumstances, we are unable to obtain your agreement;
- About a death we may believe may be the result of criminal conduct;
- About criminal conduct at Healics, Inc.
What are my rights regarding my PHI?
HIPAA is a federal law which governs medical information collected by “covered entities”, such as many hospitals and doctor offices. HIPAA usually, but not always, applies to your employer’s wellness program in which you participate. You should check with your employer about the exact legal rights you have with respect to your wellness program and HIPAA and the exact uses and disclosures of PHI which are possible.
Healics is not a “covered entity” under HIPAA. Rather, Healics is often, but not always, a “business associate” — that is, a vendor to a “covered entity” (such as an employer’s wellness program). Therefore, HIPAA generally does not apply as directly to Healics as it does to your employer’s wellness program. Generally, if the employer’s wellness program provides you with certain rights, and if that program requires Healics to follow those rights, we will do so. If that wellness program requires us to take other actions, such as particular disclosures, we generally follow those requirements also.
If HIPAA applies, HIPAA provides you with the right to:
Inspect and copy: You have the right to request a copy of all PHI a covered entity or a business associate holds about you.
Amend: If you feel PHI is incorrect or incomplete, you may ask to amend the information.
Accounting of disclosures: You have the right to request an “accounting of disclosures.” This is a list of the disclosures a covered entity or business associate has made involving your PHI. However, not all disclosures are tracked — many are excepted from this rule.
Revoke authorization: You have the right to revoke authorization to disclose your PHI to wellness coaches, disease management vendors, or counselors. All revocation requests must be submitted in writing to Healics, Inc., 8919 W. Heather Avenue, Milwaukee, WI 53224. Any revocation requests will not affect action taken by parties in reliance on authorizations prior to the revocation request is received. Healics, Inc. will report the fact, to your employer or to the wellness programs that the information was released to, that we were asked by you not to release any further PHI.
Asserting Your Rights. If you wish to assert any of these rights, please contact your employer to verify if HIPAA applies. Even if HIPAA does not apply, Healics voluntarily tries to follow these HIPAA rules. So, we will make a good faith effort to provide you with these rights, even if we are not legally required to do so. After contacting your employer, you can also contact us at Healics, Inc., 8919 W. Heather Avenue, Milwaukee, WI 53224.
Complaints and Suggestions
Privacy and security are serious matters and it is important to us that you understand and are comfortable with our privacy standards. Healics Inc. is always looking for ways to improve services and protect your information. You can contact Healics, Inc. by calling (800) 432-5427, email to firstname.lastname@example.org, or in writing to Healics, Inc., 8919 W. Heather Avenue, Milwaukee, WI 53224.