Published: October 2020
If you have any questions about this notice or if you need more information, please contact our compliance specialist:
- Compliance Specialist
- 23215 Commerce Park Suite 318
- Beachwood, OH 44122
- Telephone: (216) 755-4044
- Fax: (330) 967-0571
We reserve the right to change the provisions of this Policy at any time for medical information we already have about you as well as any information we receive in the future. We will alert you that changes have been made by indicating on the Policy the date it was updated. We encourage you to review this Policy from time to time to make sure that you understand how any Personal Information you provide will be used. Your continued use of the Site following the posting of changes to these terms will mean you accept those changes.
This Policy applies any workforce member authorized to create medical information referred to as Protected Health Information (PHI) which may be used for purposes such as Treatment, Payment and Healthcare Operations and information collected by the Site. It will notify you of the following:
- What Information Do We Collect?
- What Steps Do We Take To Protect Your Information?
- How Do We Use Your Information?
- Do We Share Your Information?
- Your Privacy Rights -- Access to and Control Over Information
- How to Opt-Out of Targeted Advertising
- Does This Policy Apply to Other Websites Linked To Or From the Site?
- Do We Collect Information From Children Under the Age of 13?
Like many websites, we gather information about how visitors use our website. In general, you can visit many of our web pages without telling us who you are or revealing any personal information about yourself. We may track your visit for trends and statistics, but you will remain anonymous unless you actively submit your personal data to us through the website. Once you choose to give us your personal information, you are not anonymous to us.
- Personal Information You Provide to Us - We only have access to and collect personal information (such as your name, date of birth, social security number, credit card number, mailing or billing address, telephone number, or email address, and email preferences (collectively, "Personal Information")) that you voluntarily give us via email or other direct contact from you. We will not sell or rent your Personal Information to anyone. We are the sole owners of the Personal Information collected on this Site.
- Medical Records - We create a record of the care and services you receive at the Provider. We need this record to provide you with quality care and to comply with certain legal requirements. This Notice applies to all of the records of your care generated or maintained by the Provider, whether made by Provider personnel or your personal doctor.
- Information Collected by Automated Means - Whenever you use the Site, we, as well as any of our third-party advertisers and/or service providers, may use a variety of technologies that automatically collect information about how the Site is accessed and used ("Usage Information"). Usage Information may include, in part, browser type, operating system, the page served, the time, how many users visited the Site, and the website you visited immediately before the Site. This statistical data provides us with information about the use of the Site, such as how many visitors visit a specific page on the Site, how long they stay on that page, and which hyperlinks, if any, they "click" on. Usage Information helps us to keep the Site fresh and interesting to our visitors and to tailor content to a visitor's interests. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we treat it as Personal Information.
- Device Identifiers - In the course of collecting Usage Information we may also collect your IP address, MAC Address or other unique identifier (each a "Device Identifier") for the computer, mobile device, Wi-Fi card, or other technology (collectively, "Device") you use to access the Site. A Device Identifier is a number that is automatically assigned to your Device when you access a web site or its servers. Our computers identify your Device by its Device Identifier. When you visit the Sites, we may view your Device Identifier. We use this information to identify repeat visitors to our Site. We also may use this information to send you targeted advertisements and to enhance the Site.
The technologies used on the Site, including Device Identifiers, to collect Usage Information may include, without limitation:
- Pixel tags – tiny graphic images – to help us analyze your online behavior. Pixel tags also allow us to send you email in a format you can read and let us know when you have opened an email message from us. We may use pixel tags to collect information about your visit, including the pages you view, the links you click and other actions taken in connection with our sites and services. We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times, and referring Web site addresses.
We use Google Analytics to understand how users use our site so as to enhance the user experience on our Site. If you wish to opt-out of Google Analytics, go to https://tools.google.com/dlpage/gaoptout?hl=en.
We take measures designed to protect your Personal Information, including sophisticated encryption and authentication tools to maintain the safety of your personal information, in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Additionally, we provide physical, electronic, and procedural safeguards to protect Personal Information we process and maintain. Your personal information is only accessible to a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. Regardless of these efforts, no data transmission over the Internet can be guaranteed to be 100% secure. To protect the confidentiality of Personal Information maintained in your account, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the Site by any person using your password. Please advise us immediately if you believe your password has been misused.
We will use your information to respond to you regarding the reason you contacted us. We will also use your information as follows:
- Registration - A user may need to first complete a registration form in order to use the Site. During registration, a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our Site in which you have expressed interest. We may contact you to provide appointment reminders or to give you information about other treatments or health-related benefits and services that may be of interest to you.
- Treatment - We may use medical information about you to provide you with medical treatment or services. We typically use your health information to communicate with your doctor and other healthcare professionals involved in your treatment. We will be contacting you and designated family members to make, or send deliveries; to find out how your treatment is going; and/or about supplies or services you may require for your care. We also may share medical information about you in order to coordinate different items, such as prescriptions, lab work and x-rays. We also may disclose medical information about you to people outside the Provider who may be involved in your medical care. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
- Orders/Services - We bills insurance companies or other payer sources on your behalf. When we submit these bills, we must disclose health related information about your treatment. This information might include diagnosis, services and products provided to you, provider/nursing notes, or other progress notes about your disease or illness. Use of this information is considered to be for purposes of payment. We may request information from you on our order form. To serve you, you must provide contact information (like name and shipping address) and financial information (like credit card number, expiration date). This information is used for insurance and billing purposes. If we have trouble processing an order, we will use this contact information to contact you.
- Business Associates - We may contract with one or more third parties (our business associates) in the course of our business operations. We may disclose your medical information to our business associates so that they can perform the job that we have asked them to do. We require that our business associates sign a business associate agreement.
- Payment - We may use and disclose medical information about you so that the treatment and services you receive at the Provider may be billed and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about service you received at the Provider so your health plan will pay us or reimburse you for the service. We may also tell your health plan about a prescribed treatment to obtain prior approval or to determine whether your plan will cover the treatment.
- Healthcare Operations- We may use and disclose medical information about you for Provider operations. These uses and disclosures are necessary to run the Provider and make sure that all of our patients receive quality care. For example, we may use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine medical information about many Provider patients to decide what additional services the Provider should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, health care students, and other Provider personnel for review and learning purposes. We may also combine the medical information we have with medical information from other Providers to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning a patient’s identity.
- Appointment Reminders- We may use and disclose medical information to contact you as a reminder that you have an appointment for treatment or medical care at the Provider.
- Public health - As required by law, we may disclose your health information to public health authorities for purposes related to the following: preventing or controlling disease; injury or disability; reporting child abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure.
- Lawsuits and Disputes- If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
- Health oversight activities - We may disclose your health information to regulatory health agencies during the course of audits, investigations, inspections, licensure and other proceedings.
- Communication Barriers- We may use and disclose your health information if we are unable to obtain your consent because of substantial communication barriers, and we believe you would want us to treat you if we could communicate with you.
- Emergencies- We may use or disclose your medical information if you need emergency treatment or if we are required by law to treat you but are unable to obtain your consent. If this happens, we will try to obtain your consent as soon as we reasonably can after we treat you.
- Individuals Involved in Your Care or Payment for Your Care- We may release medical information about you to a friend or family member who is involved in your medical care and we may also give information to someone who helps pay for your care, unless you object in writing and ask us not to provide this information to specific individuals. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
- Military and Veterans- If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
- Research- Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients’ need for privacy of their medical information. Before we use or disclose medical information for research, the project will have been approved through this research approval process, but we may, however, disclose medical information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the medical information they review does not leave the Provider. We will almost always generally ask for your specific permission if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care at the Provider.
- Deceased person information - We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients of the Provider to funeral directors as necessary to carry out their duties.
- Organ donation - We may disclose your health information to organizations involved in procuring, banking or transplanting organs and tissues.
- Surveys and contests - From time-to-time, our Site may request information via surveys or contests. Participation in these surveys or contests is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this Site.
- Customer Service - Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this Policy.
We will not trade, rent, share or sell your Personal Information to third parties, unless you ask or authorize us to do so.
On rare occasions, we may disclose specific information upon governmental request, in response to a court order, when required by law, to enforce our website policies, or to protect our or others’ rights, property, or safety. We may also share information with companies assisting in fraud protection or investigation. We do not provide information to these agencies or companies for marketing or commercial purposes. Our email lists are not up for sale no matter the offer.
Unless you ask or provide your consent to do so, we will not share your Personal Information with any third party outside of our organization, other than with our service providers, including as necessary to fulfill your request. Only employees who need the Personal Information to perform a specific job (for example, billing or customer service) are granted access to Personal Information. The computers/servers in which we store Personal Information are kept in a secure environment.
We may share aggregated, unidentifiable, demographic information with our partners and advertisers. This is not linked to any Personal Information that can identify any individual person.
In addition, if EL-HALLAK RHEUMATOLOGY AND SPECIALTY INFUSION SERVICES LLC or all of its assets are acquired, all of the data collected by us through the Site and through other means and services provided by us would be among the transferred assets.
You have the right to receive your health information through reasonable alternative means (email, cell phone, etc.). Your request, and the specific method, should be made in writing, if possible. Furthermore, you have the right to request the modification or deletion of your personal data in the event it is incorrect or processed without your consent. You will also have the opportunity to "opt-out" by following the unsubscribe instructions provided in the promotional email you receive or by contacting us directly at the email address or phone number given on our Site. We do not charge for this service, and your opt-out request will be processed within 30 days of the date on which we receive it.
You can do the following at any time by contacting us via the email address or phone number given on our Site:
- You have the right to inspect and receive a copy of your health information - You have the right to access, inspect and copy the medical information that may be used to make decisions about your care, with a few exceptions. Usually, this includes medical and billing records, but may not include psychotherapy notes. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.
- Delete/change/correct any data we have about you - If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Provider. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the medical information kept by or for the Provider;
- Is not part of the information which you would be permitted to inspect and copy; or
- Is accurate and complete.
- Right to Request Restrictions- You have the right to request a restriction or limitation on the medical information we use or disclose about you for payment or healthcare operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. In your request, you must tell us (in written) what information you want to limit, whether you want to limit our use, disclosure or both, and to whom you want the limits to apply (for example, disclosures to your spouse).
You also have the right to restrict use and disclosure of your medical information about a service or item for which you have paid out of pocket, for payment (i.e. health plans) and operational (but not treatment) purposes, if you have completely paid your bill for this item or service. We will not accept your request for this type of restriction until you have completely paid your bill (zero balance) for this item or service. We are not required to notify other healthcare providers of these restrictions, that is your responsibility.
While we will try to accommodate your request for restrictions, we are not required to do so if it is not feasible for us to ensure our compliance with law or we believe it will negatively impact the care we may provide you. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment. To request a restriction, you must make your request on a form that we will provide you. In your request, you must tell us what information you want to limit and to whom you want the limits to apply. However, we are required to agree to any request by you to restrict disclosures of protected health information to health insurers if you have fully paid for your health services pertaining to such disclosures using your own money.
- Right to Receive Notice of a Breach - We are required to notify you by first class mail or by email (if you have indicated a preference to receive information by email), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of the breach. “Unsecured Protected Health Information” is information that is not secured through the use of a technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the Protected Health Information unusable, unreadable, and undecipherable to unauthorized users. The notice is required to include the following information:
- a brief description of the breach, including the date of the breach and the date of its discovery, if known;
- a description of the type of Unsecured Protected Health Information involved in the breach;
- steps you should take to protect yourself from potential harm resulting from the breach;
- a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches;
- contact information, including a toll-free telephone number, e-mail address, Web site or postal address to permit you to ask questions or obtain additional Information.
- Right to Request Confidential Communications - You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or hard copy or e-mail. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- Right to a Paper Copy of This Notice - You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice. You may obtain a copy of this Notice at our website.
- Notify us if you do not want us to share your Personal Information for promotional purposes.
You can set most web browsers to notify you if you receive a cookie, or you may choose to block cookies, though either of those actions may affect the use of our Site. If you prefer to not receive targeted advertising, you can opt out of some network advertising programs that use your information. To do so please visit the Digital Advertising Alliance (DAA) Opt-Out Page: http://www.aboutads.info/choices/. Please note that even if you choose to remove your information (via opting out), you will still see advertisements while you are browsing online. However the advertisements you see may be less relevant to you and your interests. Additionally, many network advertising programs allow you to view and manage the interest categories they have compiled from your online browsing activities. These interest categories help determine the types of targeted advertisements you may receive. The DAA Opt-Out Page provides a tool that identifies its member companies that have cookies on your browser and provides links to those companies' pages where you can opt-out of receiving targeted advertisements from companies.
While the Site does not currently respond to ‘Do Not Track’ signals submitted by your browser, you can find out more about your ‘Do Not Track’ options by visiting http://www.allaboutDNT.com.
The Site is not intended for use by children under the age of 13, and EL-HALLAK RHEUMATOLOGY AND SPECIALTY INFUSION SERVICES LLC does not knowingly collect or use any Personal Information from such children. If we become aware that we have unknowingly collected Personal Information from a child under the age of 13, we will make commercially reasonable efforts to delete such Personal Information from our database.
This Policy and the privacy practices of EL-HALLAK RHEUMATOLOGY AND SPECIALTY INFUSION SERVICES LLC will be subject exclusively to the laws of the United States. EL-HALLAK RHEUMATOLOGY AND SPECIALTY INFUSION SERVICES LLC makes no representation that this Policy and our practices comply with the laws of any other country or jurisdiction. Users of the Site who reside outside the United States do so on their own initiative and are responsible for compliance with local laws, if and to the extent local laws are applicable. If you reside outside of the United States, by using the Site, you consent to the transfer, processing and use of your information outside your country.
If you believe your privacy rights have been violated, you may file a complaint with the Provider or with the Secretary of the Department of Health and Human Services;http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html
To file a complaint with our office, please contact us at 216-755-4044 and ask to speak to our Compliance and Privacy Officer. All complaints must be made in writing and should be submitted within 180 days of when you knew or should have known of the suspected violation. You will not be penalized for filing a complaint.
Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.
To file a complaint with the Secretary, mail it to:
Secretary of the U.S. Dept. of Health and Human Services
200 Independence Ave. S.W. Washington, D.C. 20201.
(202) 619-0257 or (877) 696-6775 (toll free)
Or, go to the website of the Office for Civil Rights at www.hhs.gov/ocr/hipaa/ for more information.
You may file a complaint with the Accreditation Commission for Health Care (ACHC):
139 Weston Oaks Court Cary, NC 27513
Phone: (919) 785-1214 Fax: (919) 785-3011
The Provider, the independent contractor members of its Medical Staff (including your physician), and other healthcare providers affiliated with the Provider have agreed, as permitted by law, to share your health information among themselves for purposes of treatment, payment or health care operations. This enables us to better address your healthcare needs.