Effective date: October 28, 2020
Welcome to the Aria HIPAA Privacy Notice. This HIPAA Privacy Notice applies to “Protected Health Information” or “PHI”. PHI is a subset of the personal information that we may collect from you when we submit a claim to your insurance provider so that they can reimburse us for the products or services that you are purchasing. Because PHI is regulated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we are required to provide you with this notice.
Inova Labs, Inc. (d/b/a Aria Health) (“we”, “us” or “our”) may use and disclose your PHI for many different reasons. PHI includes information that can be used to identify you that we have created or received about your past, present, or future health condition, such as a prescription. We must provide you with this notice about our privacy practices regarding use and disclosure of your PHI. With some exceptions, we may not use or disclose any more of your PHI than is necessary to accomplish the purpose of the use or disclosure. Below, we describe the different categories of uses and disclosure.
We may use and disclose your PHI without your authorization for the following reasons:
- For your treatment and payment for that treatment.
- When required by federal, state or local law, judicial or administrative proceedings, or law enforcement. We may disclose PHI of military personnel and veterans in certain situations.
- For health oversight activities. For example, we will provide information to assist the government when it conducts an investigation.
- To avoid harm. In order to avoid a serious threat to the health or safety of a person or the public, we may provide PHI to law enforcement personnel, departments of health or persons able to prevent or lessen such harm.
- For workers compensation purposes. We may provide PHI in order to comply with workers compensation laws.
- To make specific merchandising offers or send pertinent information about our services directly to you.
- To run our company, including by sharing PHI with our third-party service providers in order to help us offer, support, or provide our products and services. If we do share PHI with our service providers, we are required to enter a written “Business Associate Agreement” with that service provider, requiring that the service provider complies with HIPAA in the same manner that we are required to.
Opportunities to Object. We may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part.
When We Require Written Authorization. In any other situation not described above, we will ask for your written authorization before using or disclosing any of your PHI. If you choose to sign an authorization to disclose your PHI, you can later revoke that authorization in writing to stop any future uses and disclosures (to the extent that we have not taken any action relying on the authorization).
Incidental Uses and Disclosures. Incidental uses and disclosures of information may occur. An incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a by-product of an otherwise permitted use or disclosure. However, such incidental uses or disclosure are permitted only to the extent that we have applied reasonable safeguards and do not disclose any more of your PHI than is necessary to accomplish the permitted use or disclosure.
Your Rights: HIPAA gives you certain rights related to your PHI. You may exercise any of these rights at any time by contacting us at firstname.lastname@example.org:
Requesting Limits on Uses and Disclosure of Your PHI. You have the right to ask that we limit how we use and disclose your PHI. If we accept your request, we will put any limits in writing and abide by them except in emergency situations. You may not limit the uses and disclosures that we are legally required or allowed to make.
Choices on How We Send Your PHI to You. You have the right to ask that we send information to you to an alternate address or by alternate means (for example, e-mail instead of regular mail). We must agree to your request so long as we can easily provide it in the format you requested.
To Receive and View Copies of Your PHI. In most cases, you have the right to look at or receive copies of your PHI. If we do not have your PHI but we know who does, we will tell you how to reach the entity that does have it. We will respond to you within 30 days after receiving your request, which must be in writing. In certain situations, we may deny your request with an explanation of our reasons for such denial and your rights to have the denial reviewed. Instead of providing the PHI you requested, we may provide you with a summary or explanation of the PHI as long as you agree to that and to the cost in advance.
List of the Disclosures We Have Made. You have the right to get a list of instances in which we have disclosed your PHI. The list will not include uses or disclosures made: (a) for treatment, payment, or health care operations; or (b) directly to you, to your family or pursuant to a valid authorization. We will respond within 60 days of receiving your request. The list provided will include disclosures made in the last six years unless you request a shorter time. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. We will provide the list to you at no charge, but if you make more than one request in the same year, we may charge you a reasonable cost base charge for each additional request and advise you in advance of that charge.
Correcting or Updating Your PHI. If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that we correct the existing information or add the missing information. We will respond within 60 days of receiving your request which you must provide in writing along with the reason for your request. We may deny your request in writing if the PHI is (a) correct and complete, (b) not created by us, (c) not allowed to be disclosed, or (d) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you do not file a written statement of disagreement, you have the right to ask that your request and our denial be attached to all future disclosures of your PHI. If we approve your request, we will make the change to your PHI and inform you, or others, if required, about the changes.
A copy of this Privacy Notice. You can request a copy of this privacy notice be provided to you in paper form. We will send you a paper copy promptly.
Complaints Regarding Your PHI
If you have any questions or any complaints about our privacy practices regarding your PHI, or would like to know how to file a complaint with the Secretary of the Department of Health and Human Services, you may contact us at email@example.com. You can request a copy of this notice from the contact person listed above at any time.
You also may send a written complaint to the Secretary of the Department of Health and Human Services at 200 Independence Ave., S.W.; Room 615F; Washington, DC 20201. We will take no retaliatory action against you if you file a complaint about our privacy practices.
We reserve the right to modify this HIPAA Privacy Notice at any time by posting the changes on www.aria-therapy.com. In the event that we make any significant material change to this HIPAA Privacy Notice, we may attempt to notify you by email, but are not required to do so.