Notice of Privacy Practices

Allergychoices Inc. (ACI) is committed to protecting your privacy.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

In regulatory compliance relative to the Health Information Portability and Accountability Act (HIPAA) and The Health Information Technology for Economic and Clinical Health Act (HITECH).

Your (Patient) Health Care Information – Protecting Your Privacy
It is your right as a patient to be informed of ACI’s privacy practices as well as to be informed of your privacy rights with respect to your protected health information (PHI). This Notice of Privacy Practices is intended to provide you with this information.

ACI’s Responsibilities
It is your right as a patient to be informed of ACI’s legal duties with respect to protection of the privacy of your PHI as it pertains to the electronic medical records systems we use.
ACI is required to:
– Maintain the privacy of your health information;
– Provide you with a notice of the legal duties and privacy practices regarding PHI collected and maintained about you; and
– Abide by the terms of this notice.

ACI reserves the right to change the terms of the notice and make new notice provisions effective for all PHI that it maintains. ACI also reserves the right change the terms of its notice with respect to any applicable more limited uses and disclosures.
– ACI will promptly revise and distribute its notice whenever ACI makes a substantial change to any of its privacy practices.
– ACI will not use or disclose your PHI without your authorization, except as described in this notice.

Your Health Information Rights
You have the right to:
Inspect and obtain a copy of your health record.
You have the right to inspect and obtain a copy of your health care record. This request for access to your health care record must be submitted in writing to the ACI Privacy Officer. ACI may charge you a reasonable fee for a copy of your health care record. For example, you may request a copy of your health care record for your family physician.
Receive Confidential Communications.
You have the right to request that ACI communicate your health information to you by alternative means or at alternative locations. ACI shall accommodate reasonable requests. For example, you may request to be contacted at a phone number that is different from the phone number listed in your health care record. This policy also covers electronic correspondence.
Obtain an accounting of disclosures of your health information.
You have the right to an accounting of disclosures of your health information that ACI has made in compliance with state and federal law after April 14, 2003. The accounting will describe the dates of each disclosure, a brief description of information disclosed and the reason for disclosure. You will receive one accounting per year at no charge and ACI may charge you a reasonable fee for each subsequent request. For example, you may request an accounting of disclosures made from your health record in the last year to the State for disease reporting.
Be alerted in a timely fashion of any breach of information that may occur.
Request a restriction on certain uses and disclosures of your health information.
You have the right to request restrictions on certain uses and disclosures of PHI, even if restrictions affect your treatment or ACI’s payment or health care operation activities. However, ACI is not required to agree to your requested restriction. The following require your authorization for release: most uses and disclosures of psychotherapy notes, uses and disclosures of PHI for marketing purposes, and disclosures that constitute the sale of PHI. Other uses and disclosures not described in this notice will be made only with the individual’s authorization.
Amend your health record.
You have the right to request an amendment to your health care record if you believe your health information is incorrect or incomplete. You may be asked to make this request in writing and state the reason why your health record should be changed. If ACI did not create the health information you believe is incorrect or if ACI disagrees with you, ACI may deny your request. For example, if you believe that information in your medical history is incorrect, you may request that this information be amended.
Opt out of receiving fundraising communications.

Uses and Disclosures for Treatment, Payment and Health Care Operations
Allergychoices protects the privacy of your health information. For some activities, we must have your written authorization to use or disclose your health information. However, the law permits Allergychoices to use or disclose your health information for the following purposes without your authorization:
For Treatment —
We may use your PHI to dispense prescriptions to you. We may disclose your PHI to treating physicians, pharmacists and other persons who are involved in dispensing your prescription.
For Payment — We may use and disclose your PHI so that your pharmacy services may be billed to, and payment collected from you, your insurance company or a third party.
For Healthcare Operations —We may use and disclose your PHI for pharmacy operations, which include activities necessary to run the pharmacy, and to ensure you receive quality customer service.
For Prescription Refill Reminders and Health-Related Products and Services — We may use or disclose your PHI for prescription refill reminders, to tell you about health-related products or services, or to recommend possible treatment alternatives that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care — We may disclose your PHI to a family member or friend who is involved in your medical care or payment for your care, provided you agree to this disclosure. If you are unavailable or unable to provide permission, we will use our best judgment to determine whether disclosure is in your best interests.
As Required by Law — We will disclose your PHI when required to do so by federal, state or local law.
To Avert a Serious Threat to Health or Safety — We may use and disclose your PHI when necessary to prevent a serious threat to your or others’ health and safety, to public health or legal authorities charged with preventing or controlling the threat.
Public Health Risks —We may disclose your PHI for public health activities, such as those aimed at preventing or controlling disease, preventing injury, reporting reactions to medications or problems with products, and reporting the abuse or neglect of children, elders and dependent adults.
For Health Oversight Activities — We may disclose PHI to a health oversight agency for activities authorized by law. These oversight activities, which are necessary for the government to monitor the health care system, include audits, investigations, inspections and licensure.
Lawsuits and Disputes — If you are involved in a lawsuit or dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request (which may include written notice), or to obtain an order protecting the information requested.
Specialized Government Functions — We may disclose your PHI (1) if you are a member of the armed forces, as required by military command authorities; (2) if you are an inmate, or in custody, to a correctional institution or law enforcement official; (3) in response to a request from law enforcement, under certain conditions; (4) for national security reasons authorized by law; and (5) to authorized federal officials to protect the President, authorized persons, or foreign heads of state.
Workers’ Compensation — We may disclose your health information for workers’ compensation or similar programs.
Organ and Tissue Donation — We may also disclose your PHI to organ-procurement or similar organizations for purposes of donation or transplant.
Coroners and Funeral Directors — We may release your PHI to a coroner or medical examiner, for example, to determine a person’s cause of death. We may also disclose your PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Personal Representatives — We may disclose your PHI to a person legally authorized to act on your behalf, such as a parent, legal guardian, administrator or executor of your estate, or other individual authorized under applicable law.

ACI has attempted to explain with this notice the circumstances where state law may be more protective than the federal privacy rule and provides greater privacy protection. Except for the situations listed above and treatment, payment or health care operation purposes, the use or disclosure of your health information requires ACI to obtain your written authorization. You may withdraw your authorization in writing by submitting your written withdrawal to ACI’s Privacy Officer.

Electronic correspondence (online payment, email) policy
For all patients who now or may desire to communicate with ACI via email, whether initiated by the patient or through the ACI website, the patient must read, understand and agree to the following;

RISK ASSOCIATED WITH COMMUNICATING VIA THIS MEDIUM
ACI offers patients the opportunity to communicate by email. Transmitting patient information by email, however, has a number of risks that patients should consider before using email. These include, but are not limited to, the following risks:
– Email can be circulated, forwarded, and stored in numerous paper and electronic files.
– Email can be immediately broadcast worldwide and be received by many intended and unintended recipients.
– Email senders can easily misaddress an email.
– Email is easier to falsify than handwritten or signed documents.
– Back-up copies of email may exist even after the sender or the recipient has deleted their copy.
– Employers and online services have a right to archive and inspect emails transmitted through their systems.
– Email can be intercepted, altered, forwarded, or used without authorization or detection.
– Email can be used to introduce viruses into computer systems
– Email can be used as evidence in court.

CONDITIONS FOR THE USE OF EMAIL
ACI will use reasonable means to protect the security and confidentiality of email information sent and received. However, because of the risks outlined above, ACI cannot guarantee the security and confidentiality of email communication, and will not be liable for improper disclosure of confidential information that is not caused by ACI’s intentional misconduct.
1. If the patient’s email requires or invites a response from ACI, and the patient has not received a response within a reasonable time period, it is the patient’s responsibility to follow up to determine whether the intended recipient received the email and when the recipient will respond.
2. The patient should not use email for communication regarding sensitive medical information.

Patient Complaint Process

If you believe your privacy rights have been violated, you may file a complaint with ACI or with the Secretary of the Department of Health and Human Services. There will be no retaliation against you for filing a complaint. To file a complaint with ACI please contact the ACI’s Privacy Officer who will provide you with the necessary assistance.

Questions or Concerns
If you have any questions or concerns regarding your privacy rights or the information in this notice, please contact:

Privacy Officer, Allergychoices, Inc., 2800 National Drive, Ste. 100, Onalaska, WI 54650
Phone: 608-793-1580
Fax: 608-788-1780
Email: hipaa@allergychoices.com

Changes to this Notice of Privacy Practices
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for PHI we already have about you and any information we receive in the future. We will post a copy of the current Notice on this site. If we change our Notice, you may obtain a copy of the revised Notice upon request.

Effective Date: This Notice of Privacy Practice is effective as of April 14, 2006, and revised 7/2015.

Last updated July 2015