Notice of Privacy Practices

NOMI HEALTH ACE NOTICE OF PRIVACY PRACTICES

Last Updated: June 26, 2023

THIS NOTICE OF PRIVACY PRACTICES (the “NPP”) DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

You are receiving this NPP because you are receiving, or intend to receive, health care services from the “Nomi Health Affiliated Covered Entity” or the “Nomi Health ACE”. An “affiliated covered entity” or “ACE” is a group of organizations under common ownership or control who designate themselves as a single ACE for the purposes of compliance with HIPAA. Each covered entity participating in the Nomi Health ACE, and their related sites, locations and health care providers, to the extent acting as a covered entity pursuant to HIPAA, will follow the terms of this NPP. In addition, each covered entity and their sites, locations and health care providers may share medical information with each other for treatment, payment, or health care operations related to the ACE. This designation may be amended periodically to add new covered entities that are part of the ACE under HIPAA. For a list of the covered entities participating in the Nomi Health ACE, please contact us using the contact information at the end of this NPP. For terms that are capitalized in this NPP but undefined, they shall have the meanings provided for in the Terms of Service and/or the Privacy Policy.

The Nomi Health ACE (“we” or “us” or “our”) provides you with health care through its nurses, health coaches, physicians, pharmacy, laboratory, and other health care providers. By law, the Nomi Health ACE is required to maintain the privacy of your health information and to give you this NPP explaining our legal duties and privacy practices with respect to your health information. We are also required to follow the terms of this NPP. This NPP applies to all of the health information generated and maintained by any health care provider who provides services to you at or on behalf of the Nomi Health ACE, our organization, and our employees, contractors, and volunteers, all of whom may need to share your health information as necessary in order to carry out your treatment, obtain payment for the services provided to you, or operate our business.

We are committed to maintaining your privacy. If you have any questions about this NPP, please see our contact information at the end of this NPP.

GENERAL INFORMATION

GENERAL INFORMATION: Your health information is protected by two federal laws: the Health Insurance Portability and Accountability Act of 1996 (HIPAA); and, if applicable, the Confidentiality of Substance Use Disorder Patient Records (42 CFR Part 2); and may also be protected by applicable state law. Certain covered entities participating in the Nomi Health ACE may be a substance use disorder treatment program under 42 CFR Part 2 (these covered entities are referred to herein individually as a “SUD Clinic” and collectively as the “SUD Clinics”), which protects the confidentiality of substance use disorder patient records. Under these regulations, a SUD Clinic may not acknowledge to anyone outside of the SUD Clinic that you are a patient or disclose any information identifying you as a substance use disorder patient unless:

  1. The SUD Clinic has obtained your written consent to the disclosure;
  2. The disclosure is allowed by court order;
  3. The disclosure is made to medical personnel in a medical emergency;
  4. The disclosure is made to qualified personnel for research, audit, or program evaluation; or
  5. The disclosure is pursuant to our agreement with a “qualified services organization” that is assisting the SUD Clinic.

For example, a SUD Clinic can disclose information without your consent to obtain legal or financial services as long as there is an agreement to protect the confidentiality of your information in place. Federal law and regulations do not protect any information about a crime committed either at the SUD Clinic or against any person who works for the SUD Clinic, or information about any threat to commit such a crime. Federal law and regulations also do not protect any information about suspected child abuse or neglect, or suspected elder abuse or neglect, from being reported under state law and other appropriate state and local authorities.

Before we can use or disclose your health information in a manner that is not described in this NPP, the SUD Clinic must first obtain your specific written consent allowing the disclosure. You may revoke any such written consent by sending written notice to the SUD Clinic using the contact channels provided to you in our App, on the Site, or using the contact information at the end of this NPP.

HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION

HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION: Except where 42 CFR Part 2 governs (e.g., health care services provided by a SUD Clinic), we may use and disclose your health information in the following ways under HIPAA.

Disclosure at Your Request. We may disclose information when requested by you. We may ask you to complete a written authorization for certain disclosures you ask us to make.

Treatment. We may use and disclose your health information to a physician or other health care provider to provide treatment and other health care services to you. For example, we may disclose your health information to doctors, nurses, health coaches, technicians, or other personnel who are involved in your care or in providing health care services to you. With respect to substance use disorder records, we will obtain your consent prior to sharing your health information with providers outside of your SUD Clinic.

Payment. We may use and disclose your health information to obtain payment for services that we provide to you. For example, we may need to give your health insurance company or plan information about services you received so it will pay us or reimburse you for the services. We may also tell your health insurance company or plan about a treatment that you are going to receive in order to obtain prior approval or to determine whether it will cover the treatment. We may also disclose your health information to other health care providers so that they can bill and collect payment for health care services that they provided to you.

Health Care Operations. We may use and disclose your health information for our health care operations, which include internal administration, planning, and various activities that improve the quality and cost-effectiveness of the care that we deliver to you. For example, we may use your health information for disease management programs, to conduct patient satisfaction surveys, to de-identify health information, and to perform benchmarking.

Business Associates and Qualified Service Organizations. We may disclose your health information to our “business associates” and/or “qualified service organizations”. These are companies or individuals who need that information in order to provide a service to us. Examples of business associates and qualified service organizations include accreditation agencies, management consultants, quality assurance reviewers, and billing and collection services. Our business associates and qualified service organizations are required to appropriately protect and safeguard your health information.

Appointment Reminders. We may use and disclose your health information to contact you as a reminder that you have an appointment for a consultation or other service.

Treatment Alternatives. We may use and disclose your health information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.

Health-Related Products and Services. We may use and disclose your health information to tell you about our health-related products or services that may be of interest to you.

Persons Involved In Your Care. You have both the right and choice to tell us whether or not to: (1) share information with your family, close friends, or others involved in your care; and (2) share information in a disaster relief situation. If you are not able to tell us your preference, for example, if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety. If you are a minor, we may release your health information to your parents or legal guardians when permitted or required by law.

Employers or Potential Employers. If authorized by you, we may disclose your health information to your employer or potential employer. For example, if we perform a “return to work” test for you, we may release the results of the test to your employer only with your prior written authorization. Please note that it is the policy of the Nomi Health ACE to not perform any test, medical examination, or services without first obtaining your written authorization if the sole purpose of the test, medical examination, or services is to create information for disclosure to your employer or potential employer.

Research. Under certain circumstances, we may use and disclose your health information for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another medication to treat the same condition. We may use and disclose your health information for research without your authorization if an institutional review board or privacy board has determined the research meets certain criteria or if we are otherwise permitted by law to do so.

To Avert a Serious Threat to Health or Safety. We may use and disclose your health information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.

As Required by Law. We will disclose your health information when required to do so by applicable law.

Workers’ Compensation. We may release your health information for workers’ compensation or similar programs that provide benefits for work-related injuries or illness and as necessary to comply with worker’s compensation laws.

Public Health Activities. We may disclose your health information for public health activities, such as preventing or controlling disease, injury, or disability, reporting to and cooperating with public health authorities, and reporting reactions to medications or problems with products to entities regulated by the U.S. Food and Drug Administration.

Health Oversight Activities. We may disclose your health information to a health oversight agency for activities allowed by law, such as audits, investigations, inspections, and licensure or disciplinary actions.

Lawsuits and Disputes. We may disclose your health information in response to a court order that meets certain legal requirements.

Law Enforcement. We may disclose your health information to a law enforcement official about a crime committed on-premises, or if the official has obtained a warrant with a special court order designed to preserve the confidentiality of individuals seeking substance use disorder treatment.

Military and Veterans. If you are a member of the armed forces, we may disclose your health information as required by military command authorities. We may also disclose health information about foreign military personnel to the appropriate foreign military authority.

National Security and Intelligence Activities. We may disclose your health information to authorized federal officials for intelligence and other national security activities authorized by law.

Protective Services for the President and Others. We may disclose your health information to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state or conduct special investigations.

Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or the law enforcement official.

OTHER USES OF YOUR HEALTH INFORMATION

OTHER USES OF YOUR HEALTH INFORMATION: Other uses and disclosures of your health information that are not covered by this NPP will be made only with your written authorization. For example, with limited exceptions, an authorization would be required if we use or disclose your health information for marketing purposes, for the sale of health information, or the use or disclosure of psychotherapy notes. If you provide your authorization to use or disclose your health information, you may revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose your health information for the reasons indicated in your written authorization. You understand that we are unable to take back any disclosures that we made before we received your written notice revoking your authorization.

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION: You have the following rights with respect to your health information:

  • Right to request additional restrictions. You may request restrictions on our use and disclosure of your health information (1) for treatment, payment, and health care operations, (2) to individuals (such as a family member, other relatives, close personal friend, or any other person identified by you) involved with your care or with payment related to your care, or (3) to notify or assist in the notification of such individuals regarding your location and general condition. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction, unless the request is regarding a disclosure to a health plan for a payment or health care operations purpose and the health information relates solely to a health care item or service for which we have been paid out-of-pocket in full. Your request for a restriction must be in writing. If we agree with the request, we will comply with your request except to the extent that disclosure has already occurred or if you are in need of emergency treatment and the information is needed to provide the emergency treatment.
  • Right to receive confidential communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
  • Inspection and copies. You may request access to certain medical records and billing records maintained by us. You may inspect and request copies of the records. We may charge you for the costs of copying, mailing, labor, and supplies associated with fulfilling your request. Under limited circumstances, we may deny your request access to your records. In some cases, you may have the right to request that the denial be reviewed. Another licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
  • Right to amend your records. If you feel that the health information we have about you is incorrect or incomplete, you may ask us to amend the information. If you desire to amend your records, your request must be in writing. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: (1) was not created by us, unless the person or entity that created the information is no longer available to make the amendment; (2) is not part of the medical information kept by or for us; (3) is not part of the information that you would be permitted to inspect and copy; or (4) is accurate and complete.
  • Right to receive an accounting of disclosures. Upon written request, you may obtain an accounting of certain disclosures of your health information made by us during any period of time six years prior to the date of your request. Your written request should indicate in what form you want the list (for example, on paper or electronically). If you request an accounting more than once during a twelve (12) month period, we may charge you for the costs involved in fulfilling your additional request. We will inform you of such costs in advance, so that you may modify or withdraw your request to save costs.
  • Breach notification. You have a right to be notified of a breach of your unsecured health information.

PAPER COPY

PAPER COPY. Upon request, you may obtain a paper copy of this NPP. Even if you have agreed to receive such notice electronically, you are still entitled to a paper copy of this NPP.

CHANGES TO THIS NOTICE

CHANGES TO THIS NOTICE. We may change our privacy practices from time to time. We reserve the right to make the revised or changed notice effective for health information we already have about you as well as any information we receive in the future. If we make an important change to our privacy practices, we will change our NPP and post the revised NPP on our Site and/or App.

COMPLAINTS

COMPLAINTS. If you desire further information about your privacy rights, believe your privacy rights have been violated, or disagree with a decision that we made about access to your medical information, you may file a complaint with us, or you may send a written complaint to the U.S. Department of Health and Human Services, Office for Civil Rights. To file a complaint with us, you must submit your written complaint to the attention of our Privacy Officer (see contact information below). You will not be penalized for filing a complaint. In addition, suspected violations of the laws protecting the confidentiality of substance use disorder patient records may be reported to the United States Attorney in the district where the violation is believed to have occurred.

FOR FURTHER INFORMATION

FOR FURTHER INFORMATION. If you would like more information about your privacy rights, please contact the Nomi Health ACE and ask to speak with the Privacy Officer. To the extent you are required to send a written request to the Nomi Health ACE to exercise any right described in this NPP, you must submit your request to the Nomi Health ACE by email to legalservices@nomihealth.com or by mail at:

Nomi Health
Attn: Privacy Officer
898 N. 1200 W., Suite 200
Orem, Utah 84057
United States