Last updated: 07-10-2020
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Laws govern how VirtuCare, PLLC, a Tennessee professional limited liability company (“we”, “us”, “our”, or VirtuCare”), can use and disclose health information that “individually identifies” you. We call this information “protected health information” or “PHI”. Through the website https://www.myvirtucare.com/, we offer online telehealth services in the field of urology. In order to provide you medical care, it is necessary for us to collect PHI about you. We are required by law to maintain the privacy and security of your PHI.
We understand the importance of privacy and are committed to maintaining the confidentiality of your PHI. We make a record of the medical care we provide and may receive such records from others. We use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and to enable us to meet our professional and legal obligations to operate this medical practice properly. We are required by law to maintain the privacy of PHI, to provide individuals with notice of our legal duties and privacy practices with respect to PHI, and to notify affected individuals following a breach of unsecured protected health information.
This Notice of Privacy Practices (the “Notice”) describes a) how we’ll use and share your PHI, b) how we won’t use and share your PHI, c) what rights you have over your PHI and how to exercise those rights, d) what to do if you think we’re not complying with our legal obligations, and e) what other information we collect and share when you use our Website. We must abide by the terms of this Notice while it is in effect. The date indicated at the top of the Notice indicates the last time this Notice was modified.
If you have any questions, please send us a message through the Website.
Your access and use of the Website are subject to your agreement with this Notice and the Terms and Conditions. By using the Website, you expressly agree to the terms of this Notice and consent to both the collection and use of information as explained in this Notice. By agreeing to the Terms and Conditions, you are authorizing the use and disclosure of your PHI as disclosed in this Notice, including disclosure to third parties. Please print a copy of this Notice for your records.
IF YOU DO NOT AGREE WITH THIS NOTICE, PLEASE DO NOT ACCESS THE WEBSITE FOR ANY PURPOSE
HOW WE USE AND DISCLOSE YOUR PHI
We use and disclose your PHI to provide you with care, to run the business operations of VirtuCare, to process payment and as required by law. We implement a range of technical, administrative, and physical safeguards to protect your PHI.
For your Medical Care
We use PHI about you to provide your medical care. We disclose PHI to our employees and others who are involved in providing the care you need. For example, we may share your PHI with other physicians or other health care providers who will provide services that we do not provide. We may share your PHI with other healthcare providers involved with your care. These providers are required by law to maintain your PHI in a private and secure manner. For example, we share your PHI with the pharmacy if we give you a prescription and with intermediaries who enable us to send prescriptions electronically. If we order laboratory tests for you, then we share your PHI with the lab company that runs the tests. In certain circumstances, we may also disclose PHI to members of your family or others who can help you when you are sick or injured, or in the event of your death.
We use your email address to send you a range of different types of emails, including but not limited to emails that update you as to the status of your request for a prescription or laboratory test, to send you emails that alert you that there is a message waiting for you on the Website, to send you emails asking for feedback on your experience of using the service, to send you emails to notify you that you may be due for a refill, and to send you emails if you create an account but fail to complete a visit. We will send you emails to notify you of the services we provide. We will share your email and first name with third party email platforms to enable us to send you emails.
We use your telephone number to call you if we have any questions, to leave you voice messages if you don’t answer the telephone when we call you, and to call you to ask for feedback on your experience of using the service. We also use your telephone number to send you SMS/text message notifications. We may send you SMS notifications to update you on the progress of your visit or lab order. If you ask us to organize for a partner pharmacy to mail your medicines, we may telephone you to take payment on behalf of the pharmacy and we may SMS you to let you know that you have refills available.
As examples, we share your PHI with organizations that help us run and maintain the technology and security infrastructure that support the Website and the care we provide. We will require that any third party be bound by a contract called a business associate agreement, which requires the third party to use and maintain your PHI confidential in accordance with the law. We will limit their access to your PHI to the minimum amount necessary to perform their services for VirtuCare. We share your telephone number with the company that helps us send SMS/text messages. If we need to telephone you, then we share your telephone number with our telecommunication provider.
Required by Law
We will use and disclose your PHI as we are required by law, but we will limit our use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will further comply with the requirement set forth below concerning those activities. We may, and are sometimes required by law, to disclose your PHI to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child, elder or dependent adult abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure. For example, if a laboratory test we order for you finds a ‘reportable’ infection we may be required by law to share your PHI with your county health department. We may, and are sometimes required by law, to disclose your PHI to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by law. We may, and are sometimes required by law, to disclose your PHI in the course of any administrative or judicial proceeding to the extent expressly authorized by a court or administrative order or to a law enforcement agency.
In addition, we can use or share health information about you for workers’ compensation claims, for law enforcement purposes or with a law enforcement official, with health oversight agencies for activities authorized by law, or for special government functions such as military, national security, and presidential protective services
We share information about you, some of which is considered PHI, such as your name and address with our trusted online payment processors that is necessary to process your payments. If you choose to save your payment details to make future payments easier, our trusted payment provider will store them on our behalf. Furthermore, if you request delivery of your medications by mail from a third-party pharmacy, then our trusted payment processor will always store your card details to make future payments more convenient.
WAYS WE WILL NOT USE YOUR PHI
Except as described in this Notice, we will, consistent with our legal obligations, not use or disclose PHI which identifies you without your written authorization. If you do authorize us to use or disclose your PHI for another purpose, you may revoke your authorization in writing at any time. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
We are generally unable to delete information from your medical record. By agreeing to the Notice, you are specifically authorizing us to use your PHI to tell you about health-related products and services.
We will never use your information for marketing purposes or sell your information without your express consent.
YOUR HEALTH INFORMATION RIGHTS
Right to Obtain a Copy of Your Medical Record.
You have the right to inspect and copy your PHI and any other health information we may have about you, with limited exceptions. We will provide a copy or a summary of your health information, usually within 30 days of your request. To access your PHI, you must submit a written request detailing what information you want access to, whether you want to inspect it or get a copy of it, and if you want a copy, your preferred form and format. We will provide copies in your requested form and format if it is readily producible, or we will provide you with an alternative format you find acceptable, or if we can’t agree and we maintain the record in an electronic format, your choice of a readable electronic or hardcopy format. We will also send a copy to any other person you designate in writing. We will charge a reasonable fee which covers our costs for labor, supplies, postage, and if requested and agreed to in advance, the cost of preparing an explanation or summary. We may deny your request under limited circumstances.
Right to an Accounting of Disclosures.
You have a right to receive an accounting of the disclosures of your PHI.
Right to Request that We Limit How We Use and Share your PHI.
You have the right to request restrictions on certain uses and disclosures of your PHI by a written request specifying what PHI you want to limit, and what limitations on our use or disclosure of that PHI you wish to have imposed. We are not obligated to accept any request, except those specifically enumerated by law, so there may be times where we do not accept your request.
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information, including but not limited to sharing your information with family, close friends, or others involved with your care or in a disaster relief situation, talk to us. Tell us what you want us to do, and we will follow your instruction.
Right to Request That We Change or Update Information Held in Your Medical Record.
You have a right to request that we amend your PHI that you believe is incorrect or incomplete. You must make a request to amend in writing and include the reasons you believe the information is inaccurate or incomplete. We are not required to change your PHI and will provide you with information about this medical practice’s denial and how you can disagree with the denial. We may deny your request if we do not have the information, if we did not create the information (unless the person or entity that created the information is no longer available to make the amendment), if you would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. If we deny your request, you may submit a written statement of your disagreement with that decision, and we may, in turn, prepare a written rebuttal. All information related to any request to amend will be maintained and disclosed in conjunction with any subsequent disclosure of the disputed information.
Right to Request Confidential Communications.
You have the right to request that you receive your PHI in a specific way or at a specific location to promote your confidentiality. The electronic nature of our service limits our ability to agree to such requests. If we are unable to comply with your request, then your only remedy is to terminate any and all use the Website. You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
Right to a Paper Copy of this Notice.
You have a right to notice of our legal duties and privacy practices with respect to your health information, including a right to a paper or electronic copy of this Notice.
HOW TO USE YOUR RIGHTS
Please write Dr. Joseph Pazona, Privacy Officer, at: firstname.lastname@example.org
OTHER INFORMATION WE COLLECT
Separate from the health information we collect; we collect technical information about how you use our Website. We use this information to help us improve the overall quality of the Website, improve the services we provide, and to improve our advertising and marketing campaigns.
I understand that my information can be used by VirtuCare in order for them to invite me to participate in other VirtuCare services and I specifically authorize VirtuCare to use my information in this way.
We do not respond to ‘do not track’ signals in your browser.
SECURITY OF INFORMATION
We use account information in a password-protected environment as a security measure to protect your data. We use administrative, physical, and technical safeguards to protect your PHI. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and data encryption. Additionally, we use industry standard SSL/TLS encryption to enhance security of electronic data transmissions. We will maintain all applicable HIPAA and other regulatory requirements to the extent that it has access to, or otherwise stores, processes or transmits PHI.
In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible for making sure no one can see or access your account and log-in/password information. We store information you provide us with whether you complete a visit or whether you do not complete a visit. We take the same precautions over your PHI and other information shared with us regardless of whether you complete a visit.
We do not record video visits between our patients and our doctors.
If you use our services through a potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand on your employer’s or such other site’s privacy and security policy with respect to internet use.
We are not responsible for your handling, sharing, re-sharing and/or distribution of your PHI. Moreover, if you forward PHI electronically to another person, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.
RISK OF OUR SYSTEMS BEING HACKED OR COMPROMISED
We adhere to administrative, technical and physical safeguards to protect the PHI that we hold electronically on our servers. But despite these safeguards, no system is full-proof and we cannot guarantee that our systems and your PHI will not be hacked or otherwise compromised by unauthorized third parties. We will promptly notify you if we become aware of a potential unauthorized disclosure of your PHI.
EU GENERAL DATA REGULATION
VirtuCare complies with the EU General Data Regulation framework as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. VirtuCare self-certifies that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.
LINKS TO OTHER WEBSITES
We are not responsible for the practices employed by websites linked to or from our Website, including the information or content contained therein. Please remember that when you use a link to go from our Website to another website, our Notice does not apply to third-party websites. Your browsing and interaction on any third-party website, including those that have a link or advertisement on our Website, are subject to that third-party’s own rules and policies.
HOW TO COMPLAIN
To submit a complaint to VirtuCare you need to submit your complaint in writing to:
In addition, you can complain to:
Secretary of the U.S. Department of Health and Human Services
Office of Civil Rights
Attention: Regional Manager
50 United Nations Plaza, Room 322
San Francisco, California 94102
For additional information, call (800) 368-1019 or U.S Office of Civil Rights (866) 627-7748 (Voice) or (866) 788-4989 (TTY) or visit www.hhs.gov/ocr/privacy/hipaa/complaints/.
We will not retaliate against you for filing a complaint.
This Notice is effective August 1, 2020
CHANGES TO THIS NOTICE
VirtuCare is legally obligated to abide by the current version of this Notice and reserves the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the Website and update the Notice’s effective date. You will receive a notification via email when changes are made to this Notice. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.