Oula HealthTM – Patient Notice of HIPAA Privacy Practices
This Notice describes how medical information about you may be used and disclosed and how you get access to this information. Please review it carefully.
Oula Health’s Commitment to Your Privacy
Oula Health, Inc. (“Oula Health”) is dedicated to protecting the privacy of your protected health information (“PHI”). PHI is information about you that may be used to identify you (such as your name, social security number, email address, mobile telephone number, address, or date of birth), and that relates (a) to your past, present, or future physical or mental health or condition; (b) to the provision of healthcare to you; or (c) to your past, present, or future payment for the provision of healthcare. In conducting its business, Oula Health will receive and create records containing your PHI. Oula Health is required by law to maintain the privacy of your PHI and provide you with notice of its legal duties and privacy practices with respect to your PHI. Other health care providers involved in your care may have different policies or notices regarding their use and disclosure of your PHI.
Oula Health must maintain the privacy of your PHI, give you this Notice of its legal duties and privacy practices, notify you if you are affected by a breach of unsecured PHI, and abide by the terms of this Notice while it is in effect. Oula Health and its employees, volunteers, and other personnel must also abide by this Notice.
This current Notice takes effect on October 19th, 2020 and will remain in effect until Oula Health replaces it. Oula Health reserves the right to change the terms of this Notice at any time, as long as the changes are in compliance with applicable law. If Oula Health changes the terms of this Notice, the new terms will apply to all PHI that it maintains, including PHI that was created or received before such changes were made. If Oula Health changes this Notice, it will post the new Notice on its website, https://www.oulahealth.com (the “Site”), and will make the new Notice available upon request. Your continued use of the Site after changes to this Notice shall constitute your consent to the new Notice.
Uses and Disclosures of PHI
Oula Health may use and disclose your Phi for the following purposes:
- Treatment, Payment, and Healthcare Operations. Oula Health is permitted to use and disclose your PHI for purposes of (a) treatment; (b) payment; and (c) healthcare operations. For example:
- Treatment: Oula Health may disclose your PHI to a physician or healthcare provider for purposes of a visit or in connection with the provision of follow up treatment.
- Payment: Oula Health may use and disclose your PHI to your health insurer or health plan in connection with the processing and payment of a claim and other charges.
- Healthcare operations: Oula Health may use and disclose your PHI in connection with its healthcare operations, such as providing customer services and conducting quality review assessments. Oula Health may engage third parties to provide various services for Oula Health. If any such third party must have access to your PHI in order to perform its services, Oula Health may require that third party to enter an agreement that binds the third party to the use and disclosure restrictions provided in this Notice.
- Authorization. Oula Health is permitted to use and disclose your PHI upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke such authorization at any time. To authorize Oula Health to disclose your PHI to a third party, email email@example.com to request a HIPAA Authorization to Disclose Protected Information and mail it to the address listed on the form.
- As Required by Law. Oula Health may use and disclose your PHI to the extent required by law.
- Special Circumstances. The following categories describe unique circumstances in which Oula Health may use or disclose your PHI:
- Public Health Authorities: Oula Health may disclose your PHI to public health authorities or other governmental authorities for purposes including preventing and controlling disease, reporting child abuse or neglect, reporting domestic violence, and reporting to the Food and Drug Administration regarding the quality, safety, and effectiveness of a regulated product or activity. Oula Health may, in certain circumstances disclose PHI to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.
- Workers’ Compensation: Oula Health may disclose your PHI as authorized by, and to the extent necessary to comply with, workers’ compensation programs and other similar programs relating to work-related illnesses or injuries.
- Health Oversight Activities. Oula Health may disclose your PHI to a health oversight agency for authorized activities such as audits, investigations, inspections, licensing, and disciplinary actions relating to the healthcare system or government benefits programs.
- Judicial and Administrative Proceedings: Oula Health may disclose your PHI in certain circumstances, as permitted by applicable law, in response to an order from a court or administrative agency, or in response to subpoena or discovery request.
- Law Enforcement: Oula Health may disclose your PHI to a law enforcement official, such as for purposes of identifying or locating a suspect, fugitive, material witness, or missing person.
- Decedents: Oula Health may, under certain circumstances, disclose PHI to coroners, medical examiners, and funeral directors for purposes such as identification, determining the cause of death, and fulfilling duties relating to decedents.
- Organ Procurement: Oula Health may, under certain circumstances, use or disclose PHI for the purposes of organ donation and transplantation.
- Research: Oula Health may, under certain circumstances, use or disclose PHI in a limited data set that does not include direct identifiers such as your name, address, social security number, phone number, and email address, for research purposes. Such uses may include activities that are preparatory to research or informing you of research studies that may be of interest to you. You will not be enrolled in a research study without your prior voluntary informed consent, unless an institutional review board has waived the need to obtain informed consent.
- Threat to Health or Safety: Oula Health may, in certain circumstances, use or disclose PHI, if necessary, to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
- Specialized Government Functions: Oula Health may, in certain situations, use and disclose PHI of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits. Oula Health may also disclose PHI to federal officers for intelligence and national security purposes.
- Marketing and Sale. Most uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of medical information, require your prior express authorization. We will obtain your written permission for (1) most uses and disclosures of PHI for marketing purposes, as defined by HIPAA; and (2) disclosures that constitute a sale of PHI, as defined by HIPAA. If you provide us permission to use or disclose your PHI, you may revoke that permission in writing at any time. If you revoke your permission, your revocation will be effective upon receipt, but will not be effective to the extent that we or others have acted in reliance upon such permission.
Your Rights Regarding Your PHI
You have the following rights regarding the PHI maintained by Oula Health:
- Confidential Communication. You have the right to receive confidential communications of your PHI. You may request that Oula Health communicate with you through alternate means or at an alternate location, and Oula Health will accommodate your reasonable requests. You must submit your request in writing to Oula Health. To submit such a request, download the Request for Restriction Request Form (insert link here) and mail it to the address listed on the form.
- Restrictions. You have the right to request restrictions on certain uses and disclosures of PHI for treatment, payment or healthcare operations. You also have the right to request that Oula Health restrict its disclosures of PHI to only certain individuals involved in your care or the payment of your care. You must submit your request in writing to Oula Health. Oula Health is not required to comply with your request. However, if Oula Health agrees to comply with your request, it will be bound by such agreement, except when otherwise required by law or in the event of an emergency. To submit such a request, download the Request for Restriction Request Form here (insert link here) and mail it to the address listed on the form.
- Inspection and Copies. You have the right to inspect and copy your PHI. You must submit your request in writing to Oula Health. Oula Health may impose a fee for the costs of copying, mailing, labor, and supplies associated with your request. Oula Health may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, Oula Health will inform you of the reason for the denial, and you may request a review of the denial. To request access to your PHI that is not readily accessible to you, download the Request to Access PHI form (insert link here) and mail it to the address listed on the form.
- Amendment. You have the right to request that Oula Health amend your PHI if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is maintained by Oula Health. You must submit your request in writing to Oula Health and provide a reason to support the requested amendment. Oula Health may, under certain circumstances, deny your request by sending you a written notice of denial. If Oula Health denies your request, you will be permitted to submit a statement of disagreement for inclusion in your records. To make a request to amend your PHI that you cannot otherwise change yourself, download the Request to Amend PHI form (insert link here) and mail it to the address listed on the form.
- Accounting of Disclosures. You have a right to receive an accounting of all disclosures Oula Health has made of your PHI. However, that right does not include (1) disclosures made for treatment, payment, or healthcare operations; (2) disclosures made pursuant to an authorization; and (3) certain other disclosures. You must submit your request in writing to Oula Health and you must specify the time period involved (which must be for a period of less than six years from the date of the disclosure). Your first accounting will be free of charge. However, Oula Health may charge you for the costs involved in fulfilling any additional request made within a period of 12 months. Oula Health will inform you of such costs in advance, so you may withdraw or modify your request to save costs. To make a request for an accounting of disclosures, download the Request for an Account of Disclosures (insert link here) and mail it to the address listed on the form.
- Breach Notification. You have the right to be notified in the event that Oula Health discovers a breach of unsecured PHI.
- Paper Copy. You have the right to obtain a paper copy of this Notice from Oula Health at any time upon request. To obtain a paper copy of this notice, please send an email to firstname.lastname@example.org.
- Complaint. You may complain to Oula Health and the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated. To file a complaint with Oula Health, you must submit a statement in writing to (insert appropriate contact here). Oula Health will not retaliate against you for filing a compliant.
- Further Information. If you would like more information about your privacy rights, please send an email to (insert appropriate contact here).
Effective date of this Notice: October 19, 2020.