This Notice Regarding HIPAA and our Privacy Policies (“Notice”) describes how Digital Wellness and its affiliates (collectively “we,” “us,” or “our”) use your health information (“Health Information”), and what rights you have to access and control your Health Information. In this Notice, we tell you how your Health Information may be accessed, exchanged, or used by other persons or entities.

Health Information is any information that relates to your past, present, or future physical or mental health or condition and related health care services. Health Information that identifies you may be considered Protected Health Information (“PHI”) under HIPAA if we create, receive, maintain, or transmit it on behalf of an entity regulated by the Health Insurance Portability and Accountability (“HIPAA”) Act. Not all of your Health Information is PHI, even if it identifies you.

If we collect Health Information directly from you and outside of a relationship with your healthcare provider or health plan, your Health Information is generally not PHI. In addition, when you give your health care provider permission to send Health Information to us, the information is generally no longer protected by HIPAA. Ask your health care provider for more information when you authorize the disclosure of information to us.

With respect to your Health Information (including PHI), we will take all reasonable efforts to abide by, and meet, the conditions and obligations set out in this Notice in addition to our Privacy Policy.  If there is a conflict among the documents, we will follow this Notice.

Uses and disclosures of your health information

If we create, receive, maintain, or transmit PHI on behalf of an entity regulated by HIPAA (such as most healthcare providers and health plans (each, a “Covered Entity”)), we are serving as a Business Associate under HIPAA. As a Business Associate, we can only use and disclose your PHI in accordance with our contractual relationship with the Covered Entity. The Covered Entity, on whose behalf we use or disclose your PHI, determines our uses and disclosures of your PHI.

In general, PHI may be used and disclosed in accordance with your Covered Entity’s Notice of Privacy Practices. Your healthcare provider or health plan is required to provide that document to you. As a Business Associate, we do not maintain the Notice of Privacy Practices on behalf of your healthcare provider or health plan. HIPAA requires that your healthcare provider or health plan enter into a written agreement with us before we are allowed to access, use, or disclose your PHI.

This Notice and our Privacy Policies describe whether and how your Health Information that is not PHI is accessed, exchanged, or used. When you sign up for our Services and when you provide your Health Information, you expressly consent to the ways we use or share your Health Information. We will not sell your Health Information or use or disclose your Health Information in other ways, except in connection with the sale of us or our Services (or similar transactions) or as required by law.

Some of the other ways your Health Information and PHI are used and disclosed are as follows:

• Treatment or Our Services. Your healthcare provider provides treatment for you, and it uses PHI in connection with their treatment activities. Sometimes, a healthcare provider will ask us to provide our Services to you on their behalf as part of their treatment activities. In that case, the Health Information we collect is likely PHI, and if instructed by your healthcare provider, we will provide it to your healthcare provider so they can use it for treatment and as permitted by law. If we are providing our Services to you directly, and not through a Covered Entity, your Health Information is likely not PHI, and we will not provide it to your healthcare provider unless you give us permission to do so. We do not provide treatment; only a healthcare provider provides treatment.
• Payment. Covered Entities use PHI to obtain payment from insurance for health care services, such as when they submit claims or check for eligibility. We do not accept insurance claims for our Services, so we do not share your Health Information in that way. As described in our Privacy Policies, we use your Personal Information (as defined in the Privacy Policies) to collect payment for our Services.
• Service Provision. We may use and disclose your Health Information to manage, operate, and support the business activities of our company and to provide our Services to you. Our Privacy Policies have more information on these activities. If your Health Information is PHI, we have very limited rights to use your PHI for our own purposes other than for our internal management or to fulfill our legal responsibilities.

If we have PHI, HIPAA and our Covered Entity clients require us to follow certain protocols to comply with law, before we can use or disclose PHI in connection with judicial, administrative, or other legal proceedings; law enforcement requests; public health purposes; health oversight activities; and other purposes. Our Privacy Policies describe our policies and procedures with Health Information that is not PHI.

If we have PHI and experience a breach of unsecured PHI, HIPAA requires us to notify our Covered Entity client. If we experience a breach of your Health Information that is not PHI, we will follow the requirements of other applicable law which may require us to contact your directly. In that case, we will use the contact information you have provided us to notify you of the breach.