Effective Date 7/1/2021
This Notice describes how Nest Collaborative, Inc. d/b/a Nest Collaborative (“Nest” “we” “our”) can use and disclose medical and health information about you or your child and how you can get access to this information. Please review it carefully. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires us to provide this Notice of Privacy Practices (NPP) to our patients and request acknowledgment of receipt. This Notice also applies to minors. They enjoy the same privacy protections for their medical information. However, because they usually cannot make health care decisions for themselves, a parent or a guardian can make decisions on their behalf. Similarly, parents or guardians may also hold all rights listed in this Notice including the right to inspect and copy and the right to amend.
Nest Collaborative Responsibilities
Under federal law, it is our responsibility at Nest to protect the privacy of your “Protected Health Information” (PHI). PHI includes information created in and received for your medical and payment records, and personal information such as your name, social security number, address, and phone number. All employees at Nest with access to PHI are required to maintain its confidentiality and undergo annual training on the best practices involved.
HOW WE CAN USE YOUR INFORMATION - WITHOUT YOUR AUTHORIZATION
Nest may use your PHI for the following purposes. Some examples are included.
- Treatment – We may use or disclose your PHI for treatment purposes. For example, we may disclose the PHI to other healthcare providers involved in your care, including physicians, nurses, pharmacies, and ancillary service providers such as laboratories and radiology providers. This includes both providers within our staff or others outside our company that are presently treating you, such as dentists, emergency department staff and specialists.
- Payment – We may use or disclose your PHI so that the services you receive from us or other healthcare providers can be billed and paid for. For example, we can share your PHI in order to bill you or your insurance company for payment and to pay others who provided care for you.
- Healthcare Operations – We may use or disclose your PHI to administer and support our business activities or those of other health care organizations. This includes activities that improve the quality of our services and the training of our staff. Any PHI that is shared with other non-healthcare individuals in support of our business activities requires their explicit agreement to our privacy policies.
- Other – We may also use or disclose your PHI in the following additional ways and/or for the following purposes:
- As required by law.
- For public health purposes such as protecting the health and safety of others by preventing or controlling disease, injury or disability, reporting vital birth/death statistics, reporting pharmaceutical or medical device problems and complying with recalls, notifying a person who may have been exposed to or at risk for contracting a spreading disease or condition or other serious threats to public health and safety.
- To report abuse or neglect to a public health or government authority that is authorized to receive such a report.
- To health oversight agencies which lawfully oversee activities such as audits, investigations, inspections or licensure that are necessary for the government to monitor health care delivery, government-run programs, and civil rights compliance.
- To organ donor organizations to facilitate donation and transplantation, if you or your child is an organ donor.
- To workers’ compensation or similar programs when applicable.
- To correctional institutions or law enforcement officials if you are an inmate or under custody of law enforcement to provide you or your child with health care, to protect the safety of others or for the safety of the institution.
- In relation or response to legal proceedings and/or court orders, subpoenas, discovery requests or other lawful processes.
- To law enforcement, as authorized by law. For example, we may share PHI to law enforcement who may be trying to locate or identify a criminal suspect, fugitive, witness or missing person, or investigate a crime or death under suspicious circumstances; additionally to report a crime, its location, the victim’s identity and/or the location of the person who committed the crime. This also includes government law enforcement who may need the information to protect elected constitutional officers, heads of state or to conduct investigations.
- In relation to special government functions, such as military or national security activities.
- To coroners, medical examiners, and funeral home directors if necessary for the identification of a deceased person or cause of death, or to carry out funeral director duties.
- Unless you say no, to family and friends whom you identify are directly involved in your or your child’s care when you are either not present or unable to make a health care decision for yourself or your child. We reserve the right to determine the most appropriate circumstances for such a disclosure that is in your or your child’s best interest (e.g. emergency care).
WHEN WE NEED YOUR AUTHORIZATION TO USE. AND DISCLOSURE YOUR PROTECTED HEALTH INFORMATION
Other uses and disclosures not addressed above require your authorization. Some of the more common uses and disclosures requiring your authorization relate to the following:
- Marketing Purposes
- Sale of Information
- Sharing of Psychotherapy or Substance Abuse Notes
You have the right to revoke your authorization at any time. However, your revocation does not apply to actions we have taken in reliance of your authorization prior to a properly submitted revocation. Please refer to the instructions on how to revoke your authorization which can be obtained directly from us at email@example.com.
While your health records are Nest’s property, the information is yours and you have certain rights to it. If you have given someone the legal authority to exercise your rights and choices about your health information, we will honor such requests once we verify their authority. This Notice also applies to your child who enjoys the same privacy protections for their medical information. However, because they usually cannot make health care decisions for themselves, a parent or a guardian can make decisions on their behalf. Parents or guardians may also hold all rights listed in this Notice including the right to inspect and copy and the right to amend.
- You have the right to access your records or other health information by electronic or paper copy for which we may assess a reasonable fee. In rare circumstances where such a request is denied, you may request a review of such decision by an unaffiliated healthcare professional chosen by Nest whose decision with which we will comply.
- You have the right to request restrictions on how we share your PHI for the purposes of treatment, payment or healthcare administration. While we are not required to agree to such requests, we will do our best to comply with your request outside of certain circumstances such as emergency care. However, with regard to services you pay for out-of-pocket and in-full, and to the extent legally possible, we will honor requests to limit sharing of information related to such services that is related to payment and operations.
- You have the right to request the manner in which we communicate regarding your and your child’s medical care (e.g., postal mail, email or specific phones). We will comply as much as reasonably possible.
- You have the right to request amendments and updates to health information you believe we have is incomplete or incorrect. Such requests should be provided in writing by mail or email to firstname.lastname@example.org. Your requests will be promptly reviewed and we will send you a response as to the approval or denial of your request. Denials will include the related reasoning. We will do our best to reasonably notify people to whom the information was released of any updates or changes.
- You have the right to be notified of a breach of your or your child’s PHI.
- You have the right to request a report identifying all people and entities (other than you) to whom we have shared your PHI for purposes other than treatment, payment or service operations.
- You have the right to voice your concern to us if you believe your privacy rights have been violated by Nest by submitting the complaint here: email@example.com. You may also submit a compliant to the US Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints.
- You have a right to a copy of this notice. Please be advised that the most updated version is available directly from our website at www.nestcollaborative.com/notice-of-privacy-practices
While we have taken precautions to secure our email communications with various forms of two-way encryptions, you acknowledge that email is not always a secure method of communication and that security risks do exist. While we limit the frequency or necessity to exchange PHI by email, we ask you to please notify us at firstname.lastname@example.org if you prefer an alternate means of exchanging PHI other than email.
Changes to this Notice of Privacy Practices
Nest Collaborative may change the terms of its NPP; such changes will be made available on our website. The most current revisions will apply to all PHI that we hold on record.
For more information you can visit this website www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.