Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Alto Pharmacy is committed to protecting your privacy and protected health information (“PHI”). PHI is information about you, including basic demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services. This Notice of Privacy Practices (“Notice”) describes how we may use and disclose PHI about you to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights under federal and state law relating to your PHI.
Alto Pharmacy is required by law to abide to the terms of this Notice, which explains our legal duties and privacy practices with respect to PHI that we collect and maintain. We are required by law to provide you with a copy of this Notice and to notify you following a breach of your unsecured health information. Alto Pharmacy will not use or disclose PHI about you without your written authorization, except as described in this Notice. We reserve the right to change the privacy practices outlined in this Notice, and make the new notice effective for PHI we maintain and for any PHI we receive in the future. Should we make such a change, we will display the revised notice to you online, and make it available to you upon request.
Your Health Information Rights
You have the following rights with respect to PHI about you as a patient. These rights include:
- Obtain a paper copy of the Notice upon request. You may request a copy of the Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. To obtain a paper copy, contact firstname.lastname@example.org or call 1 (800) 874-5881.
- Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use or disclosure of PHI about you by sending a written request to email@example.com. We are not required to agree to those restrictions, unless that restriction is regarding disclosure of health information to your health insurance company and: (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (2) the health information pertains solely to a health care item or service for which you or another person (other than your health insurance company) paid for in full. If we agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment.
- Inspect and obtain a copy of PHI. You have the right to access and copy PHI about you contained in a designated record set for as long as the Pharmacy maintains the PHI. The designated record set usually will include prescription and billing records. To inspect or copy PHI about you, you must send a written request to firstname.lastname@example.org or speak to Alto Pharmacy’s Privacy Officer by calling 1 (800) 874-5881. We may charge you a fee as authorized by law to fulfill your request. Upon receiving your request to access your PHI, we are required to respond to you no later than 30 days after the receipt of your request. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to PHI about you, you may request that the denial be reviewed. You may request access to your health information in a certain electronic form and format, if readily producible, or, if not readily producible, in a mutually agreeable electronic form and format. Further, you may request in writing that we transmit such a copy to any person or entity you designate. Your written, signed request must clearly identify such designated person or entity and where you would like us to send the copy.
- Request an amendment of PHI. If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. You may request an amendment for as long as we maintain the PHI (or someone maintains the PHI for us). To request an amendment, you must send a request to email@example.com or call 1 (800) 874-5881 and speak to the Privacy Officer. You must include a reason that supports your request. We will respond to your request within 60 days with up to 30-day extension, if needed. In certain cases, we may deny your request for amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with the decision and we give a rebuttal to your statement.
- Receive an accounting of disclosures of PHI. You have the right to receive an accounting of the disclosures we have made of PHI about you after April 14, 2003 for most purposes other than treatment, payment, or health care operations. The accounting will exclude certain disclosures, such as disclosures made directly to you, disclosures you authorize, disclosures to friends or family members involved in your care, and disclosures for notification purposes. The right to receive an accounting is subject to certain other exemptions, restrictions, and limitations. To request an accounting, you must submit a request send a request to firstname.lastname@example.org or call 1 (800) 874-5881 and speak to the Privacy Officer. Your request must specify the time period, but may not be longer than six years. We are required to provide you the accounting within 60 days and with one 30-day extension, if needed. The first accounting you request within a 12 month period will be provided free of charge, but you may be charged a reasonable fee for the cost of providing additional accountings. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs have been incurred.
- Request communications of PHI by alternative means or at alternative locations. You have the right to request that we communicate your health information to you in a certain manner or at a certain location. For instance, you may request that we contact you about medical matters only in writing, or at a different residence or post office box. To request confidential communication of PHI about you, you must send a request to email@example.com or call 1 (800) 874-5881 and speak to the Privacy Officer. Your request must state how or where you would like to be contacted. We will attempt to accommodate all reasonable requests, and will not request an explanation from you to the basis for your request.
Examples of how we may use and disclose PHI
The following categories below describe how Alto Pharmacy may use and disclose your PHI. We have provided you with examples, but not every permissible use or disclosure may be listed.
- We will use PHI for treatment. For example, information obtained by the pharmacist will be used to dispense prescription medications and counsel you about the appropriate usage of your medications. We will document in your record information related to the medications dispensed to you and services provided to you.
- We will use PHI for payment. For example, we will contact your health care payor, insurer or pharmacy benefit manager to determine whether it will pay for your prescription and the amount of your co-payments. We will bill you or a third-party payer for the cost of prescription medications dispensed to you. The information on or accompanying the bill may include information that identifies you, as well as the prescriptions you are taking. We may also disclose your PHI to other HIPAA covered entities or business associates who may need it for their processing of your healthcare payment activities.
- We will use PHI for health care operations. For example, the Pharmacy may use information in your health record to monitor the performance of the pharmacists providing treatment to you. This information will be used in an effort to continually improve the quality and effectiveness of the health care and service we provide. We may also use your PHI to create de-identified data, which removes identifiable data elements in a way that no longer identifies you.
We are likely to use or disclose PHI for the following purposes:
- Business associates: There are some services provided by us through contracts with HIPAA business associates. When these services are contracted for, we may disclose PHI about you to our business associates so that they can perform the job we have asked them to do and bill you or your third-party payor for services rendered. To protect PHI about you, we require the business associate to appropriately safeguard the PHI.
- Communication with individuals involved in your care or payment for your care: If you do not object to the disclosure, health professionals such as pharmacists, using their professional judgment, may disclose to a family member, other relative, close personal friend or any person you identify, PHI relevant to that person's involvement in your care or payment related to your care. We may also make these disclosures after your death unless doing so is inconsistent with any prior expressed preference. We may disclose PHI to your designated personal representative to make healthcare decisions for you, as we would treat him or her the same way we would treat you with respect to your PHI.
- Health-related communications: We may contact you to provide refill reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you as permitted by law.
- Food and Drug Administration (FDA): We may disclose to the FDA, or persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
- Worker's compensation: We may disclose PHI about you as authorized by and as necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
- Public health: As required by law, we may disclose PHI about you to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
- Law enforcement: We may disclose PHI about you for law enforcement purposes as required by law or in response to a valid subpoena or other legal process.
- As required by law: We must disclose PHI about you when required to do so by law.
- Health oversight activities: We may disclose PHI about you to an oversight agency for activities authorized by law. These oversight activities include pharmacy and other audits, investigations, credentialing and inspections, as necessary for our licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Judicial and administrative proceedings: If you are involved in a lawsuit or a dispute, we may disclose PHI about you in response to a court or administrative order. We may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the requested PHI as required by law.
Please be aware that state and other federal laws may have additional requirements that we must follow or may be more restrictive than HIPAA on how we use and disclose your health information. If there are specific more restrictive requirements, even for some of the purposes listed above, we may not disclose your health information without your written permission as required by such laws. For example, we will not disclose your HIV test results without obtaining your written permission, except as permitted by state law. We may also be required by law to obtain your written permission to use and disclose your information related to treatment for a mental illness, developmental disability, or alcohol or drug abuse.
We are also permitted to use or disclose PHI about you for the following purposes:
- Research: Under certain circumstances, we may disclose PHI about you to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
- Coroners, medical examiners, and funeral directors: We may release PHI about you to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to carry out their duties.
- Organ or tissue procurement organizations: Consistent with applicable law, we may disclose PHI about you to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
- Notification: We may use or disclose PHI about you to notify or assist in notifying a family member, personal representative, or another person responsible for your care, your location, and general condition. We may also use or disclose your health information to disaster-relief organizations so that your family or other persons responsible for your care can be notified about your condition, status, and location.
- Correctional institution: If you are or become an inmate of a correctional institution, we may disclose PHI to the institution or its agents when necessary for your health or the health and safety of others.
- To avert a serious threat to health or safety: When necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person, we may use and disclose your health information in a very limited manner to someone able to help lessen the threat.
- Military and veterans: If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate military authority.
- National security and intelligence activities: We may release PHI about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
- Protective services for the President and others: We may disclose PHI about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
- Victims of abuse, neglect, or domestic violence: We may disclose PHI about you to a government authority, such as a social service or protective services agency, if we reasonably believe you are a victim of abuse, neglect, or domestic violence. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else or the law enforcement or public official that is to receive the report represents that it is necessary and will not be used against you.
Other Uses and Disclosures of PHI
The Pharmacy will obtain your written authorization before using or disclosing PHI about you for purposes other than those provided above or as otherwise permitted or required by law. If you change your mind after authorizing a use or disclosure of your health information, you may withdraw your permission by revoking this authorization in writing at any time by sending a written request to Alto Pharmacy, 1400 Tennessee St, Unit 2, San Francisco, California 94107, Attn: Privacy Officer. Upon receipt of the written revocation we will stop using or disclosing PHI about you. However, your decision to revoke the authorization will not affect or undo any use or disclosure of your health information that occurred before you notified us of your decision, or any actions that we have taken based upon your authorization.
For more information or to Report a Problem
If you have questions or would like additional information about the Pharmacy's privacy practices, you may send a request to firstname.lastname@example.org or call 1 (800) 874-5881 and speak to the Privacy Officer.
If you believe your privacy rights have been violated, please let us know as soon as possible by contacting email@example.com, or by calling 1 (800) 874-5881, so that we can try to remedy the situation as quickly as possible. You also have the right to report a complaint to the Secretary of Health and Human Services. Rest assured, there will be no retaliation or penalization for filing a complaint regarding our privacy practices.