Your Information. Your Rights. Our Responsibilities.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice refers to (i) Blink Health Pharmacy, LLC (ii) Blink Health Pharmacy, LLC d/b/a BlinkRx, (iii) Broadway Provider Group, P.A., a Florida corporation; (iv) Broadway Provider Group of CA, P.C., a California corporation; (vi) Broadway Health Provider Group of DE, P.A., a Delaware corporation; and (vii) Broadway Provider Group of NJ, P.C., a New Jersey corporation (collectively referred to herein as “Healthcare Provider”). Healthcare Provider is a covered entity under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder (collectively, "HIPAA"). This Notice of Privacy Practices ("Notice") describes:
- How Healthcare Provider may use and disclose your protected health information ("PHI")
- Your rights to access and amend your PHI
Healthcare Provider is required by law to:
- Maintain the privacy of your PHI
- Provide you with notice of our legal duties and privacy practices with respect to PHI
- Abide by the terms of the Notice currently in effect for Healthcare Provider
PERMITTED USES AND DISCLOSURES OF YOUR PHI
Healthcare Provider may use and disclose your PHI for the following purposes.
- Treatment: Healthcare Provider may use and disclose your PHI to healthcare professionals or other third parties to provide, coordinate and manage the delivery of healthcare. For example, your provider may disclose PHI about you to your doctor in order to coordinate the prescribing and delivery of your drugs. Healthcare Provider also may provide you with treatment reminders and information about potential side effects, drug interactions and other treatment-related issues involving your medicine.
- Payment: Healthcare Provider may use and disclose PHI about you to receive payment for our services, manage your account, fulfill our responsibilities under your benefit plan, and process your claims for drugs you have received. For example, if applicable, Healthcare Provider may give PHI to a third party payor so Healthcare Provider may submit claims to your health plan, employer or other third party for payment.
- Healthcare Operations: Healthcare Provider may use and disclose your PHI to carry on our own business planning and administrative operations. Healthcare Provider needs to do this so Healthcare Provider can provide you with high-quality services. For example, Healthcare Provider may use and disclose PHI about you to assess the use or effectiveness of certain drugs, develop and monitor medical protocols, and to provide information regarding helpful health-management services.
- Information That May Be of Interest to You: Healthcare Provider may use or disclose your PHI to contact you about treatment options or alternatives that may be of interest to you. For example, Healthcare Provider may call you to remind you of expired prescriptions, the availability of alternative drugs, or to inform you of other products that may benefit your health.
- Individuals Involved in Your Care or Payment for Your Care: Healthcare Provider may disclose PHI about you to someone who assists in or pays for your care. Unless you write to us and specifically tell us not to, Healthcare Provider may disclose your PHI to someone who has your permission to act on your behalf. Healthcare Provider will require this person to provide adequate proof that he or she has your permission.
- Parents or Legal Guardians: If you are a minor or under a legal guardianship, Healthcare Provider may release your PHI to your parents or legal guardians when Healthcare Provider is permitted or required to do so under federal and applicable state law.
- Business Associates: Healthcare Provider arranges to provide some services through contracts with business associates so that they may help us operate more efficiently. Healthcare Provider may disclose your PHI to business associates acting on our behalf. If any PHI is disclosed, Healthcare Provider will protect your information from unauthorized use and disclosure using confidentiality agreements. Our business associates may, in turn, use vendors to assist them in providing services to us. If so, the business associates must enter into a confidentiality agreement with the vendor, which protects your information from unauthorized use and disclosure.
- Research: Under certain circumstances, Healthcare Provider may use and disclose PHI about you for research purposes. Before Healthcare Provider uses or discloses PHI about you, Healthcare Provider will either remove information that personally identifies you, obtain your written authorization or gain approval through a special approval process designed to protect the privacy of your PHI. In some circumstances, Healthcare Provider may use your PHI to generate aggregate data (summarized data that does not identify you) to study outcomes, costs and provider profiles, and to suggest benefit designs for your employer or health plan. These studies generate aggregate data that Healthcare Provider may sell or disclose to other companies or organizations. Aggregate data does not personally identify you.
- Abuse, Neglect or Domestic Violence: Healthcare Provider may disclose your PHI to a social service, protective agency or other government authority if Healthcare Provider believes you are a victim of abuse, neglect or domestic violence. Healthcare Provider will inform you of our disclosure unless informing you would place you at risk of serious harm.
- Public Health: Healthcare Provider may disclose your PHI for public health activities and purposes, such as reporting adverse events, post-marketing surveillance in connection with FDA-regulated entities' legal obligations (for example, pharmaceutical manufacturer reporting or connections with an FDA-mandated Risk Evaluation and Mitigation Strategies (REMS) program) and product recalls. Healthcare Provider may also disclose your PHI to a person or company that is regulated by the U.S. Food and Drug Administration, such as a pharmaceutical manufacturer, for the purpose of: (i) reporting or tracking product defects or problems; (ii) repairing, replacing, or recalling defective or dangerous products; or (iii) monitoring the performance of a product after it has been approved for use by the general public. Healthcare Provider may receive payment from a third party for making disclosures for public health activities and purposes.
- Health Oversight: Healthcare Provider may disclose PHI to a health oversight agency performing activities authorized by law, such as investigations and audits. These agencies include governmental agencies that oversee the healthcare system, government benefit programs, and organizations subject to government regulation and civil rights laws.
- Creation of De-Identified Health Information: Healthcare Provider may use your PHI to create data that cannot be linked to you by removing certain elements from your PHI, such as your name, address, telephone number, and member identification number. Healthcare Provider may use this de-identified information to conduct certain business activities; for example, to create summary reports and to analyze and monitor industry trends.
- To Avert Serious Threat to Health or Safety: Healthcare Provider may disclose your PHI to prevent or lessen an imminent threat to the health or safety of another person or the public. Such disclosure will only be made to someone in a position to prevent or lessen the threat.
- Judicial Proceedings: Healthcare Provider may disclose your PHI in the course of any judicial proceeding in response to a court order, subpoena or other lawful process, but only after Healthcare Provider has been assured that efforts have been made to notify you of the request.
- Law Enforcement: Healthcare Provider may disclose your PHI, as required by law, in response to a subpoena, warrant, summons, or, in some circumstances, to report a crime.
- Coroners and Medical Examiners: Healthcare Provider may disclose your PHI to a coroner or a medical examiner for the purpose of determining cause of death or other duties authorized by law.
- Organ, Eye and Tissue Donation: Healthcare Provider may disclose your PHI to organizations involved in organ transplantation to facilitate donation and transplantation.
- Workers' Compensation: Healthcare Provider may disclose your PHI to comply with workers' compensation laws and other similar programs.
- Fund Raising: Healthcare Provider may use your PHI to send you fundraising communications, but you have the right to opt out of receiving such communications.
- Specialized Government Functions, Military and Veterans: Healthcare Provider may disclose your PHI to authorized federal officials to perform intelligence, counterintelligence, medical suitability determinations, Presidential protection activities, and other national security activities authorized by law. If you are a member of the U.S. armed forces or of a foreign military, Healthcare Provider may disclose your PHI as required by military command authorities or law. If you are an inmate in a correctional institution or under the custody of a law enforcement official, Healthcare Provider may disclose your PHI to those parties if disclosure is necessary for: (i) the provision of your healthcare; (ii) maintaining the health or safety of yourself or other inmates; or (iii) ensuring the safety and security of the correctional institution or its agents.
- As Otherwise Required By Law: Healthcare Provider will disclose PHI about you when required to do so by law. If federal, state or local law within your jurisdiction offers you additional protections against improper use or disclosure of PHI, Healthcare Provider will follow such laws to the extent they apply.
- Other Uses and Disclosures: Most uses and disclosures of psychotherapy notes (where appropriate), uses and disclosures for marketing purposes and disclosures that constitute a sale of PHI require an authorization. Any of these activities and any other uses and disclosures of your PHI not listed in this Notice will be made only with your authorization unless Healthcare Provider are permitted by applicable law to make such other use and disclosure in which case Healthcare Provider shall comply with applicable law. You may revoke your authorization, in writing, at any time unless Healthcare Provider has taken action in reliance upon it. Written revocation of authorization must be sent to the address listed below.
YOUR RIGHTS WITH RESPECT TO YOUR PHI
You have the following rights regarding PHI Healthcare Provider maintain about you:
- Right to Inspect and Copy: Subject to some restrictions, you may inspect and copy PHI that may be used to make decisions about you. If Healthcare Provider maintains an electronic health record containing your PHI, you have the right to request that Healthcare Provider send a copy of your PHI in an electronic format to you or to a third party that you identify.
- Right to Amend: If you believe PHI about you is incorrect or incomplete, you may ask us to amend the information. You must provide a reason supporting your request to amend.
- Right to an Accounting of Disclosures: You have the right to request an accounting of disclosures of your PHI. This accounting identifies the disclosures Healthcare Provider has made of your PHI other than for treatment, payment or healthcare operations. The provision of an accounting of disclosures is subject to certain restrictions.
- Right to Request Restrictions: You have the right to request a restriction or limitation on the PHI Healthcare Provider use and disclose about you for treatment, payment or healthcare operations. You may also request your PHI not be disclosed to family members or friends who may be involved in your care or paying for your care. Your request must: (i) be in writing; (ii) state the restrictions you are requesting; and (iii) state to whom the restriction applies. Healthcare Provider is not required to agree to your request. If Healthcare Provider does agree, Healthcare Provider will comply with your request unless the restricted information is needed to provide you with emergency treatment.
- Confidential Communications: You may ask that Healthcare Provider communicate with you in an alternate way or at an alternate location to protect the confidentiality of your PHI. Your request must state an alternate method or location you would like us to use to communicate your PHI to you.
- Right to be Notified: You have the right to be notified following a breach of unsecured PHI if your PHI is affected.
- Right to a Paper Copy of This Notice: You have the right to request a paper copy of this Notice at any time. For pre-recorded information about how to obtain a copy of this Notice and answer to frequently asked questions, please call toll-free (866) 725-4654. Even if Healthcare Provider has agreed to provide this Notice electronically, you are still entitled to a paper copy. You may obtain a copy of this Notice from our website at www.blinkhealth.com
- Right to File a Complaint: If you believe Healthcare Provider has violated your privacy rights, you may file a written complaint to Express Scripts at the address listed below. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. You will not face retaliation for filing a complaint.
Written complaints, written revocation of authorization to use or disclose PHI, written requests for a copy of your PHI, amendment to your PHI, an accounting of disclosures, restrictions on your PHI or confidential communications may be mailed to:
Blink Health Pharmacy, LLC and Broadway Provider Group, c/o Blink Health
Attn: Privacy Officer
1407 Broadway, Suite 2100
New York, New York 10018
Phone: (866) 725-4654
Effective Date: August 10, 2021. Healthcare Provider reserves the right to revise this Notice. A revised Notice will be effective for PHI that the Healthcare Provider already has about you, as well as any PHI Healthcare Provider may receive in the future. Healthcare Provider will communicate revisions to this Notice through our website, www.blinkhealth.com