CareCognitics, LLC (“CareCognitics”) offers a technology platform to Covered Entities to better connect Individuals with their treating physicians and aid ease of sharing health related data across practitioners and Personal Representatives.
CareCognitics has entered into business associate agreements with the Covered Entities prior to the disclosure of any PHI, as set forth in, but not limited to, 45 CFR Parts 164.314 (a), 164.502 (e) and 164.504 (e).
CareCognitics documents an Individual’s acknowledgement of receipt of this Notice upon the Individual’s acceptance of its terms upon clicking on the “I Accept” button below.
Accounting of Disclosures. A written statement documenting disclosures of an Individual’s PHI, which may include the date of disclosure, the name and address of the entity or person to whom the PHI was disclosed, a brief description of the PHI disclosed, and the purpose for the disclosure.
HITECH Standards. The privacy, security and security Breach notification provisions applicable to a business associate under Subtitle D of the Health Information Technology for Economic and Clinical Health Act (“HITECH”), which is Title XIII of the American Recovery and Reinvestment Act of 2009 (Public Law 111-5), and any regulations promulgated thereunder.
Permitted Disclosures of PHI
Except as otherwise limited in this Notice and provided that such use or disclosure would not violate the HIPAA Regulations or HITECH Standards if done by the Covered Entity, CareCognitics may use or disclose PHI to perform functions, activities, or services for, or on behalf of, the Covered Entities. CareCognitics may use PHI received in its capacity as a business associate of the Covered Entity for the proper management and administration of the performance of services for the Covered Entities.
If requested in writing by the Covered Entities, CareCognitics may use PHI to provide data aggregation services i.e. data analyses that relate to the health care operations of the respective covered entities.CareCognitics may disclose an Individual’s PHI if such Individual requires emergency treatment or is unable to communicate during an emergency.
CareCognitics may disclose PHI for certain research purposes, but only if it has protections and protocols in place to ensure the privacy of such PHI.
CareCognitics may use PHI to report violations of law to appropriate federal and state authorities, consistent with 45 C.F.R. Part l 64.502(i)(l).
CareCognitics will provide PHI to comply with an order in a legal or administrative proceeding.
CareCognitics may disclose an Individual’s PHI if it believes it is necessary to avoid a serious threat to the health and safety of the Individual or the public.
CareCognitics may disclose PHI to public health or other authorities charged with preventing or controlling disease, injury or disability, or charged with collecting public health data.
CareCognitics may disclose your PHI to a health oversight agency for activities authorized by law. These activities include audits; civil, administrative, or criminal investigations or proceedings; inspections; licensure or disciplinary actions; or other activities necessary for oversight of the health care system, government programs and compliance with civil rights laws.
If an Individual is an organ donor, or has not indicated that he or she does not wish to be a donor, CareCognitics may disclose such Individual’s PHI to organ procurement organizations to facilitate organ, eye, or tissue donation and transplantation.
CareCognitics may disclose PHI to coroners or medical examiners for the purposes of identifying a deceased person or determining the cause of death, and to funeral directors as necessary to carry out their duties.
Unless objected by the Individual, CareCognitics may disclose PHI to a governmental agency or private entity (such as FEMA or Red Cross) assisting with disaster relief efforts.
Permitted Data Collection
CareCognitics may ask you to provide information about yourself, in order to better serve you. Examples of information requested from you may include a birth date, name, address, phone number, email address, health insurance id, and other relevant data. Information requested from you may also include more specific details about your health conditions such as any hospitalization, any emergency room visits or issue concerning which you contacted CareCognitics for assistance. If you decide to provide personal and contact information to CareCognitics through the Platform, in no case will CareCognitics sell or license that information to third parties, except as required or permitted by law (i.e. responding to a subpoena or other legal obligation) or as authorized by you. Data and information gathered is used only to deliver requested information and respond to your questions. Contact information may also be used to contact customers or prospective customers about new products and services. Any such information that you voluntarily share with CareCognitics is kept strictly confidential and secure. CareCognitics may compile statistical information concerning the general usage of the Platform. This information allows CareCognitics to monitor its utilization and continuously improve its quality. Examples of this information would include, but not be limited to, location from where the Platform is being accessed, the number of visitors to the Platform, or to sections or pages within the Platform, patterns of traffic flowing through the Platform, length of time spent on the Platform, or in sections or pages of the Platform, the sections or the pages of the Platform that visitors frequently use as entry and exit points, utilization of the devices, browser and operating systems and versions used by visitors to the Platform.
Designated Record Set
CareCognitics allows Individuals and Personal Representatives access to PHI in a Designated Record Set. The Platform permits an individual and an individual’s Personal Representative to access an individual’s PHI at any time. An Individual or the individual’s Personal Representative may submit a request for a copy of the Individual’s PHI to CareCognitics.
Request to Amend PHI
CareCognitics allows Individuals to request that their PHI be amended. CareCognitics reviews and responds to each request by an Individual to amend their PHI in the time prescribed by the Privacy Rule. An individual’s request to amend their PHI must be in writing and must state the reason supporting the request.
CareCognitics processes and maintains amendment requests (an amendments, if approved) as required by the Privacy Rule. CareCognitics may deny an amendment request if the information that the Individual requests to amend either: (i) Is not accurate and complete; (ii) Is not part of a Designated Record Set; (iii) Is not available to the individual for inspection; or (iv) was not created by CareCognitics’ applicable client, unless the originator of the information is no longer available to act on the request.
CareCognitics shall make reasonable efforts to notify persons, organizations, or other entities, including other business associates, known by it to have received the erroneous or incomplete information and who may have relied, or could foreseeably rely, on such information to the detriment of the Individual.
Request to Restrict Use and Disclosure of PHI
CareCognitics considers each Individual’s written request to restrict the use or disclosure of the Individual’s PHI for the following purposes:
To prevent the use or disclosure of an Individual’s PHI to carry out treatment, payment, or health care operations; or
o To prevent the use and disclosure of the Individual’s PHI to the individual’s health plan if the disclosure is for the purpose of carrying out payment or health care operation and is not otherwise required by law; or the PHI pertains solely to a health care item or service for which the Individual, or the Individual’s Personal Representative has paid in full for the health care item or service; or to prevent the use and disclosure of an Individual’s PHI to a relative or any other person identified by the Individual who is involved in the treatment or payment of the Individual’s health care, or who would normally be notified in the case of an emergency.
Disclosures Requiring Written Authorization.
CareCognitics must receive an Individual’s written authorization to disclose psychotherapy notes, except for certain treatment, payment, or health care operations activities.
CareCognitics must receive an Individual’s written authorization for any disclosure of PHI for marketing purposes or for any disclosure which is a sale of PHI.
Accounting of Disclosures
Upon request, CareCognitics provides Individuals with an Accounting of Disclosures as required by the Privacy Rule and in accordance with any subsequent amendments of the Privacy Rule i.e. an Individual has the right to request an Accounting of Disclosures of PHI made by CareCognitics (other than those made for treatment, payment or health care operations purposes) during the 6 years prior to the date of the Individual’s request. The Individual must make a written request for an accounting, specifying the time period for the accounting, to the CareCognitics Privacy and Security Officer.
In any other situation not described herein, CareCognitics may not disclose an Individual’s PHI without such Individual’s written authorization.
An Individual has the right to be notified if CareCognitics or one of its Covered Entities or business associates becomes aware of a breach of such Individual’s unsecured PHI.
CareCognitics will treat Personal Representatives in accordance with the authority granted to them by applicable laws, regulations, and rules.
Any exceptions to this Notice will be documented after being reviewed and approved by CareCognitics Privacy and Security Officer.
CareCognitics reserves the right to change this Notice at any time in accordance with applicable law. Prior to a substantial change to this Notice related to the uses or disclosures of an Individual’s PHI, the Individual’s right or CareCognitics’ duties, CareCognitics will revise and distribute this Notice.