PRIVACY POLICY

INFORMATION ABOUT YOUR PERSONAL HEALTH INFORMATION

Each time you visit a physician, clinic, or hospital that is associated with HealthCapable software and services, these individuals and/or facilities will document information about you and your visit. This record is considered part of your medical record and the information contained within it is your personal health information (PHI). This medical record is used to plan your care and be a source of your health information.

Services provided by HealthCapable are designed specifically to provide you with the ability to electronically access and disclose the information collected during your health visits to provide an accurate and comprehensive view of your health history. The data is collected by the associated individuals and/or facilities and stored in a secure database created by HealthCapable. You are provided with a device that facilitates access to your personal health information. Possession of this device, or your user ID and password and / or personal identification number (PIN), conveys the ability to retrieve your personal health information.

In order to protect you privacy and enhance your care, you need to carefully control access to this device, and / or your User ID and Password or PIN. Access to the information may also be limited to the duration of your care with the individuals and/or facilities. All information obtained using only the device is considered ‘view only’ and data cannot be entered or altered by the person using the device. Only authorized users with approved access to the database can add data. These users are determined by the existing permission structure of the affiliated health centers and not by HealthCapable.

YOUR HEALTH INFORMATION RIGHTS

The information contained within your medical record belongs to you. Federal and Illinois laws provide you with the following rights regarding your health information.

Right to obtain a copy of the Privacy Practice of HealthCapable.

Right to request certain restrictions on the uses and disclosure of your health information from the associated individuals and/or facilities. HealthCapable requires that you choose a level of disclosure in case of a need for Emergency Access to the information contained within the database. This level of disclosure can only be changed by you. For restrictions on your medical record, not contained in the database, please refer to the affiliate’s privacy policy for further details.

Right to inspect or receive a copy of your health record from the affiliated facility. Information provided within the database created by HealthCapable per the affiliates’ specifications for patient access can be printed and/or reviewed immediately by the patient using the device. Upon receipt of this device the patient assumes the responsibility for the disclosure of the information contained within.

Right to request an amendment to your health record from the affiliated facilities if you believe it contains an error. Please refer to the affiliate’s privacy policy for further details.

Right to obtain a log of the times and dates that your information was accessed in addition to the names of the people at the affiliated facilities that accessed your information without your consent to provide you care. You, the patient and consumer, are responsible for who accesses your personal health information using your device. You must verify the identity of any person who requests access utilizing your device and assume the risk therein.

Right to request the use of a confidential phone number or address by the affiliated facilities to discuss health information. Please refer to the affiliate’s privacy policy for further information.

Right to revoke your consent/authorization to use or disclose your health information except when the disclosure has already occurred.

Federal and Illinois law also provide you with the right to be informed about and give your written authorization before any health information, including highly confidential information, is disclosed, unless such disclosure is allowed or required by law. Examples of highly confidential information that is stored in the database include but are not limited to, mental health treatment, substance abuse, HIV/AIDS testing and treatment, and sexually transmitted diseases. YOU EXPRESSLY ASSUME ALL RISK ASSOCIATED WITH UNAUTHORIZED USE OF YOUR USER ID, PASSWORD, OR ANY DEVICE WHICH HEALTHCAPABLE SUPPLIES TO YOU WHICH MAY FACILITATE THE RETRIEVAL OF YOUR PERSONAL HEALTH INFORMATION, SPECIFICALLY INCLUDING HIGHLY CONFIDENTIAL INFORMATION.

USE AND DISCLOSURE OF YOUR OF YOUR HEALTH INFORMATION

The data contained within the database supplied by HealthCapable belongs to you and individuals and/or facilities associated with HealthCapable and its services. It is your right and responsibility to safeguard the information conveyed with the device and to limit disclosure to people directly involved in your care. Authorized users of the database, determined by the existing permission structure, have the right to access the database to give you treatment, obtain payment for your care, and operate their health care business.

EXAMPLES OF HOW YOUR HEALTH INFORMATION WILL BE USED OR DISCLOSED FOR TREATMENT, PAYMENT, OR OPERATIONS.

You or your health care team will use your health information for treatment.

For example: Your health care team will collect and document information about you with each appointment. This information is stored in the database. When you arrive at a hospital and provide the doctor or nurse attending to you with the device, you convey to them the treatment that you have received. This information will be used to determine what treatment is best for you.

Your doctors, hospitals, or clinics will use your health information for payment.

For example: The affiliated individuals and/or facilities will use the information collected in the database to generate a bill for services rendered. Please refer to the privacy policies of these facilities for further details. HealthCapable will not disclose your personal health information to any third parties without your authorization unless mandated by federal or Illinois law. However, it is the responsibility of the consumer or patient to assure the security of their personal computer. Spy ware, cookies, and pop up advertisements can inadvertently channel personal health information to third parties.

Your doctor or health facility may use your health information for routine operations.

For example: Your health team and quality improvement professionals will use the information contained within the database to review the treatment you received and its outcomes. They may also compare your treatment and outcomes to those of other patients like you to learn how to improve the quality and effectiveness of their health care services. HealthCapable may use the results of some of the studies to support the use of the product. All identifying information will be removed and the information will be presented statistically.

OTHER USES AND DISCLOSURES OF YOUR HEALTH INFORMATION

Upon receipt of your electronic authorization to disclose your health information.

You have the right and responsibility to choose the amount of health information that will be disclosed in an emergency. Your authorization for Emergency Access can be changed at any time when logged on to the system using your correct username and password. Unless a disclosure is allowed or required by federal or state law, you must give us electronic authorization to permit the disclosure of your highly confidential information. If you are a minor or have disabilities (mental or physical) that require the care of a legal representative that can verify your identity, username, and password, this person may provide the authorization for Emergency Access.

HealthCapable and it’s associates may, without your permission, release information from the database for purposes described below.

Notification and Other Communication with your Relatives or Caregivers. If an emergency contact name is listed, and after learning who these people are, associated individuals and/or facilities may use their best judgment in releasing confidential information pertaining to you and contained in the database in the case of an emergency where you are incapacitated with pain or injury and cannot provide the information on your own. HealthCapable reserves the right to allow the release of your name, date of birth, and age in the occurrence of a mass casualty event or biological attack. This is for the purpose of identification only and will only be used to assist in a disaster relief effort.

Other Communications with You. HealthCapable may contact you electronically to remind you of changes and/or updates to your subscription or company policies that directly affect you the patient, and consumer. We may also contact you prior to your subscription’s expiration date to inquire about renewal.

Business Associates. HealthCapable may allow other persons or companies that are contracted with the associated facilities access to the database. The law refers to these persons as Business Associates. The associated individuals and/or facilities may disclose, as allowed by law, your health information to their Business Associates so they can do the job they have been contracted to do. Appropriate safeguards to your information must be maintained by the affiliated individuals or health facilities and their Business Associates. HealthCapable will be responsible for maintaining a log of the time and date when your information was accessed by the associated individuals and facilities.

Health Oversight Activities and Specialized Government Functions. HealthCapable, in conjunction with their associated individuals or facilities, may disclose your health information to an agency that oversees health care systems and ensures compliance with the rules of government health programs such as Medicare or Medicaid.

Law Enforcement Officials, Medical Examiners and Coroners, or under Court or Administrative Orders. HealthCapable may disclose your health information to the police, other law enforcement officials, medical examiners and coroners, and to the courts for administrative proceedings as allowed or required by law, court order, or other legal processes.

Public Health Activities. Facilities and individuals associated with authorized use of the database provided by HealthCapable may report your identity or other health information to public health authorities for the purpose of controlling disease, injury, or disability; to the Food and Drug Administration for regulating certain products or activities; and governmental authorities about suspected or known child abuse or domestic violence, contracting or spreading a contagious disease, and to a public or private entity that is authorized to assist in disaster relief efforts.

Research. HealthCapable will not disclose your health information to identify quality improvements, without your authorization.

Marketing. HealthCapable will not disclose your health information for marketing purposes, without your authorization

RIGHT TO FILE A COMPLAINT

If you would like to report a privacy problem or want further information regarding our services, please contact us electronically via the web at www.support@healthcapable.com or by mail attn: Customer Support, 233 E. Erie Ste. 2406, Chicago, IL 60611.

If you believe your privacy rights have been violated, you may file a complaint with HealthCapable, the Director of the Office of Civil Rights (OCR), or the U.S. Secretary of Health and Human Services (HHS).

DISCLAIMER:

We reserve the right to change our privacy practices and to use a new notice of privacy practices. If our privacy practices change the new privacy practice will be made available for immediate review electronically on our website. Any changes to the notice of privacy practice by individuals or entities other than HealthCapable will be considered unauthorized and invalid.

References:

1. Managing HIPAA Compliance: Standards for Electronic Transmission, Privacy, and Security of Health Information. S. C. Withrow (2001) 2. Privacy Online: A Report to Congress. Federal trade Commission June, 1998 Fair Information Practice Principles