Privacy Policy
Notice of Privacy Practice
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. During your treatment at Haines Health-Hub, our caregivers may gather information about your medical history and current health to provide services to you. This information is called “Protected Health Information” or “PHI” and includes personal identifying information such as your name, birthdate, and contact information, as well as information about your health, medical conditions, treatment, and prescriptions. Your PHI also includes payment, billing, and insurance information. This Notice explains how that information may be used and shared with others. It also explains your privacy rights regarding this information. Haines Health-Hub is required by law to abide by the terms of this Notice, to make sure that information that identifies you is kept private, and to give you this Notice of our legal duties and practices with respect to your PHI. We are also required to notify you in the event that there is a breach of your PHI.
Uses and Disclosures of Your PHI for Treatment, Payment and Health Care Operations
MinuteClinic may use your PHI to carry out treatment, payment and health care operations without your written authorization. The following categories describe and provide some examples of the different waysthat we may use and disclose your PHI for these purposes. Treatment: Treatment isthe provision, coordination or management of health care. We may use and disclose your PHI to provide you with medical treatment and services. For example, we may: Use and disclosure your PHI to provide and coordinate the treatment, medication and services you receive from MinuteClinic; Disclose your PHI to third parties, such as pharmacies, doctors, hospitals, or other health care providers or plans to assist them in providing care to you or for care coordination. In some instances, uses and disclosure of your PHI for these purposes may be made through a Health Information Exchange or similar shared electronic medical record or system. Contact you to provide treatment‐related servicessuch as appointment reminders, test results, adherence communications, or treatment alternatives. Payment: Payment includes the activities necessary to obtain reimbursement for the provision of health care. We may use and disclose your PHI to obtain payment for the services we provide to you or for other payment activities related to the services we provide. For example, we may: Share your PHI with your insurer, health plan, or other third‐party payor to determine whether it will pay us or reimburse you for the treatment you received at MinuteClinic and to determine the payment amount you may owe. Contact you about a payment or balance due forservices you received at MinuteClinic. Disclose your PHI to other health care providers, health plans or other HIPAA Covered Entities who may need it for their payment activities.
Health Care Operations: Health care operations include the activities necessary for MinuteClinic to run its business operations. We may use and disclose your PHI to operate our business. For example, we may: Use and disclose your PHI to review treatment, perform quality assessment activities, monitor the quality of our health care services, evaluate the performance of our staff, provide customer services to you, resolve complaints, and coordinate your care. Use and disclosure your PHI to contact you about health‐related products,services or opportunities that we provide that may be of interest to you, such as programs for our patients. Disclose your PHI to other HIPAA Covered Entities, or their Business Associates, that have provided servicesto you so that they can improve the quality and efficacy of the health care services they provide or for their health care operations. Use your PHI to create de‐identified data, which no longer identifies you, and which may be used or disclosed for analytics, business planning or other purposes.
Other Uses and Disclosures of Your PHI that Do Not Require Authorization
We are also allowed or required to share your PHI, without your authorization, in certain situations or when certain conditions have been met. Business Associates: When we contract with third parties to perform certain services for us, such as billing or consulting, these third‐party service providers, known as “Business Associates” may need access to your PHI to perform these services. They are required by law and their agreements with us to protect your PHI in the same way we do. Individuals Involved in Your Care or Payment for Your Care: We may disclose your PHI to a friend, personal representative, or family member involved in your medical care or who helps pay for your medical care. We may also make these disclosures after your death as authorized by applicable law, unless doing so is inconsistent with any prior expressed preference. We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or any other person responsible for your care regarding your location, status, or general condition. We may also use or disclose your PHI to disaster relief organizations so that your family or other persons responsible for your care can be notified of your location, general condition, or death. If you are unable to agree or object to the use or disclosure, we may disclose such information as necessary if we determine that it is in your best interest. Disclosures to Parents or Legal Guardians: If you are a minor, we may release your PHI to your parents or legal guardians when we are permitted or required under federal and state law. Required By Law: We may disclose your PHI, including to the Department of Health and Human Services, when required by law to do so. Workers' Compensation: We may disclose your PHI as necessary to comply with lawsrelated to workers' compensation or similar programs. Law Enforcement: We may disclose your PHI to a law enforcement official for certain law enforcement purposes as permitted or required by law. For example, we may use or disclose your PHI to report certain injuries, or where we believe the information constitutes evidence of criminal conduct that occurred on our premises. We may also disclose your PHI to a law enforcement official in response to an administrative request, court order,subpoena, warrant, or similar process. Judicial and Administrative Proceedings: We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process. Public Health Reporting: We may disclose your PHI to public health agencies as authorized by law. For example, we may report reactions to medications or other products to the U.S. Food and Drug Administration or other authorized entity, and we may use or disclose your PHI in order to help with product recalls or notify individuals of potential exposure to a communicable disease or risk of spreading a disease or condition
Reporting Victims of Abuse or Neglect: We may disclose your PHI to the appropriate government authority if we believe you have been the victim of abuse, neglect, or domestic violence. We only make this disclosure if you agree or when we are required or authorized by law to make the disclosure. Health Oversight Activities: We may disclose your PHI to an oversight agency for oversight activities authorized by law. Oversight activities include audits, investigations, inspections, licensure or disciplinary actions, or civil, administrative, and criminal proceedings, as necessary for oversight of the health care system, government programs, and civil rights laws. Research: Under certain circumstances, we may use or disclose your PHI for research purposes. For example, we may use or disclose your PHI as part of a research study when the research has been approved by an institutional review board and there is an established protocol to ensure the privacy of your information. Decedents: We may disclose PHI to coroners, medical directors, or funeral directors so that they can carry out their duties. Organ or Tissue Donation: Consistent with applicable law, we may disclose your PHI to organizations engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant. Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose your PHI to the institution or its agents to assist them in providing you with health care, protecting your health and safety or the health and safety of others, or providing for the safety of the correctional institution. To Avert a Serious Threat to Health or Safety: If there is a serious threat to your health and safety or the health and safety of the public or another person, we may use and disclose your PHI in a limited manner to someone able to help prevent or lessen the threat. Specialized Government Functions: In certain circumstances, we may use or disclose your PHI to authorized federal officials for the conduct of national security activities and other specialized government functions. For example, if you are a member of the U.S. Armed Forces or a foreign military, we may disclose your PHI as required by military command authorities if certain conditions are met. Affiliated Covered Entity: Some of the MinuteClinic entities are part of an affiliated group of entities, including pharmacies, which are owned by CVS Health. This affiliated group of entities treats itself as a single entity under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder (collectively, "HIPAA"), also referred to as an Affiliated Covered Entity, for purposes of using and disclosing your health information. When permitted by HIPAA, we may disclose your PHI to other CVS Health entities that are part of this Affiliated Covered Entity.