CDR Health Care Inc. and Affiliates

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

 

Contact Person: If you have any questions about this Notice of Privacy Practices (Notice), please call us at (904) 539-3277 or e-mail us at privacyofficer@cdrmhealth.com.

Effective Date of this Notice: The original effective date of this Notice was July 14, 2023. The most recent revision date is at the end.

Notice Of Privacy Practices: CDR Health Care Inc., and its affiliated (collectively “CDR,” “we,” “our” and “us”) are committed to protecting the privacy of your identifiable health information. This information is known as “protected health information” or “PHI.” PHI includes, without limitation, information that CDR has created or received about your past, present or future health or condition, the provision of healthcare to you or the payment of this healthcare.

Our Responsibilities: CDR is required by law to maintain the privacy and security of your PHI. We are also required to provide you with this Notice of our legal duties and privacy practices upon request. This Notice describes our legal duties, privacy practices and your patient rights as determined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). We are required to follow the terms of this Notice currently in effect. We are required to notify affected individuals in the event of a breach involving unsecured PHI. PHI is stored electronically and is subject to electronic disclosure.

How We May Use or Disclose Your PHI: We use and/or disclose your PHI for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed in this Notice, but all of our uses and disclosures of your PHI will fall into one of the categories listed below. We will obtain your written authorization to use or disclose your PHI for any purpose not covered by one of the categories listed below. Subject to applicable law, we will not use or disclose your PHI for marketing purposes, clinical or sell your PHI, unless you have agreed in an authorization. If you wish to revoke any authorization you have signed at any time, you may do so in writing. If you revoke your authorization, we will no longer use or disclose your PHI for the reasons stated in your authorization except to the extent we have already acted based on your authorization. Your health information may also be disclosed to the Secretary of the Department of Health and Human Services for the purpose of investigating or determining CDR|Health’s compliance with HIPAA.

Research: Under certain circumstances, we may use and disclose PHI about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another for the same condition. All research projects are subject to a special approval process which requires an evaluation of the proposed research project and its use of PHI, and balances these research needs with our patients’ need for privacy. Before we use or disclose PHI for research, the project generally will have been approved through this special approval process. However, this approval process is not required when we allow PHI about you to be reviewed by people who are preparing a research project and who want to look at information about patients with specific medical needs, so long as the PHI does not leave our facility.

The law permits us to use and disclose your PHI for the following purposes:

Treatment: CDR discloses your PHI, including, without limitation, your COVID-19 test results, to authorized healthcare professionals who need access to your test results and/or PHI for treatment purposes, including but not limited to, the provision, coordination, or management of your health care.

Payment: CDR will use and disclose your PHI for purposes of billing and payment. For example, we may disclose your PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to obtain payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner, or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.

Healthcare Operations: CDR may use and disclose your PHI for activities necessary to support our healthcare operations, such as performing quality checks on our testing, internal audits or arranging for legal services.

Other Uses and Disclosures of Your PHI that Do Not Require Authorization: We are also allowed or required to share your PHI, without your authorization, in certain situations or when certain conditions have been met.

Individuals Involved in Your Care or Payment for Your Care: We may release PHI about you to a family member, other relative, or close friend who is directly involved in your medical care if the PHI released is relevant to such person’s involvement with your care. We also may release information to someone who helps pay for your care. In addition, we may disclose PHI about you to an entity assisting in a disaster relief effort so that your family can be notified about your location and general condition.

We may release health or health-related information about you to your employer if we provide services at their request. If services are provided at your employer’s location, please be aware that due to the nature of shared facilities and services, your employer may have access to your records. For example, this may occur with shared staff, storage, or technology.

Appointment Reminders: We may use and disclose PHI to contact you as a reminder that you have an appointment for treatment or health care.

Business Associates: CDR may provide your PHI to other companies or individuals that need the information to provide services to us. These other entities, known as “business associates,” are required to maintain the privacy and security of PHI. For example, we may provide information to companies that assist us with billing for our services. We may also use an outside collection agency to obtain payment when necessary.

As Required by Law: CDR may use and disclose PHI as required by state or federal law.

We will disclose PHI about you when required to do so by federal, state, or local law, such as the Occupational Safety and Health Act (OSHA), Federal Drug Administration (FDA), or Department

of Transportation (DOT).

Law Enforcement Activities and Legal Proceedings: CDR may use and disclose your PHI if necessary, to prevent or lessen a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials as may be required by law. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect, or domestic violence. We may disclose your PHI as required to comply with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process during a judicial or administrative proceeding, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information.

Disaster Relief Efforts: CDR may disclose PHI to those assisting in disaster relief efforts so that others can be notified about your condition, status, and location.

Other Uses and Disclosures: As permitted by HIPAA, CDR may also disclose your PHI to:

  • Public Health Authorities;
  • The Food and Drug Administration;
  • Health Oversight Agencies;
  • Military Command Authorities;
  • National Security and Intelligence Organizations;
  • Correctional Institutions;
  • Organ and Tissue Donation Organizations;
  • Coroners, Medical Examiners and Funeral Directors; and
  • Workers Compensations Agents.

State Law: For all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.

Right To Inspect and Copy: You have the right to inspect and obtain a copy of your PHI that we maintain about you. If you request a copy of your PHI, we respond within 30 days, or ask for an extension to 60 days. We may charge a fee for the costs of copying, mailing or other supplies associated with your request. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to inspect and copy, then you may request that the denial be reviewed.

Amending Your PHI: You may request amendments to your PHI by submitting a written request. However, we may deny the request in some cases (such as if we determine the PHI is accurate). If we deny your request to change your PHI, we will provide you within 60 days with a written explanation of the reason(s) for the denial and additional information regarding further actions that you may take.

Accounting of Disclosures: You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Request Restrictions: You may request that we agree to restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, if it would affect your care. If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Request Confidential Communications: You have the right to request that we send your PHI by alternative means or to an alternative address, and we will accommodate your reasonable requests.

Request Someone to Act for You: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.

The Right to Get This Notice: You have the right to get a copy of this Notice in paper and by e-mail.

How to Request your Privacy Rights: If you believe your privacy has been violated in any way, you may file a complaint by contacting us as described below. We are committed to responding to your rights request in a timely manner. To request any of your privacy rights, please contact by:

  • Call (904) 539-3277
  • e-mailing Legal@cdrmaguire.com
  • Mail completed request form to:
    • CDR Health Care Inc.
      Attention: Legal Department 11740 SW 80th Street Miami, Florida 33183

You may also submit a written complaint to the U.S. Department of Health and Human Services, Office for Civil Rights located at 200 Independence Avenue, S.W., Washington, D.C. 20201, by calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We support your right to protect the privacy of your personal and health information. We will not retaliate in any way if you elect to file a complaint with us or with the U.S. Department of Health and Human Services

Changes To This Notice: We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including, without limitation, PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.

 

 Date

Print Name

Sign Name

Briefly Describe Action