Privacy Policy & Practices
Hamilton Health & Wellness, LLC Privacy Policy
Last Updated: October 2023
I. Introduction
We are committed to protecting the privacy of our visitors and users and providing them with detailed information as to how their information is used and protected.
This Privacy Policy describes how Hamilton Health & Wellness, LLC and its affiliates (collectively “The Practice” “we” or “us”) collect and process your personal information through our websites and services (together “Services”). This Privacy Policy is incorporated into our Terms of Use. By using our Services, you are consenting to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, do not access, or use the Services.
II. Protected Health Information
This Privacy Policy does not apply to information collected from you if you register and log-in to the password-protected and secure portions of our Services, which are intended to be used by potential patients of independent licensed clinicians for the provision of their respective professional services (the “Platform”). The Platform allows eligible patients to use certain Services related to the provision of the practice of medicine and other licensed medical professions. All information collected and stored by us or disclosed by you within the Platform is considered Protected Health Information (“PHI”) and/or medical information and shall be governed by applicable state and federal laws that apply to such information, including the Health Insurance Portability and Accountability Act (“HIPAA”). Privacy practices with respect to PHI and/or medical information are set forth in the Notice of Privacy Practices, which is available to users of the Platform within the Platform.
III. Information Collected by Us
We collect the following types of information:
Information You Disclose.
We receive information about you when you provide it through forms or surveys, and when you sign up for a user account and use our Services. In addition, we receive information about you when you use, edit, or access your account. As a result of those actions, you may supply us with certain information, including, but not limited to, your name, e-mail address, phone number, gender, date of birth, address, payment or financial information, and other information.
Information Automatically Collected.
We may automatically collect certain information resulting from your use of our Services. This information may include your IP address, login details, password, and the location of your device. We may also use device identifiers, cookies, web beacons, tokens, scripts, and other technologies on devices, applications, e-mails, and our web pages to collect information about your browsing actions and patterns, information about your devices (such as information related to your computer or device, internet connection, operating system, and internet browser type), or other technical information.
IV. Information Collected by Third Parties
When you use the Services, certain third parties may use automatic information collection technologies to collect information about you or your device. This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices, including data privacy and security process and standards of any third parties, including physicians and other health care providers using the Services. These third parties may include: advertisers, ad
networks, and ad servers; analytics companies; your mobile device manufacturer; and your mobile service provider. The information they collect may be personally identifiable and may include information about your online activities over time and across different websites, apps, and other online services websites. These third parties may use this information to provide you with interest-based advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
V. How We Use Your Information
We collect your information to provide and improve our Services. In addition, we may disclose your deidentified and anonymized information for research or commercial purposes, except for your payment and financial information, and information prohibited from disclosure pursuant to federal and state law.
Information you disclose is used to provide, improve, and develop our Services. We, our partners, contractors, or agents, may use personal information about you for various purposes, including, but not limited to:
• Conducting internal research and development and making business decisions about current and future product and Service offerings;
• Responding to your comments, questions and requests and providing customer service;
• Communicating with you about products, services, offers, promotions, rewards and events and providing news and information we think will be of interest to you;
• Managing your online account(s) and sending you technical notices, updates, security alerts and support and administrative messages;
• Personalizing your online experience and providing advertisements, content or features that match your profile and interests;
• Monitoring and analyzing trends, usage and activities;
• Complying with any court order, law, or legal process, and responding to any government or regulatory request;
• Enforcing or applying our Terms of Use; and/or
• Fulfilling any other purpose for which you provided the information.
Information automatically collected is used generally to improve our Services. In addition to the uses related to information you disclose, as outlined above, we may use information automatically collected in a similar manner. We may also combine this information with other information we collect about you and use it for various purposes, such as improving our websites and your online experience, understanding which areas and features of our sites are popular, counting visits, tailoring our communications with you, determining whether an email has been opened and links within the email have been clicked and for other internal business purposes.
VI. How Collected Information Is Shared by Us
We may share your personal information with our affiliates, partners and other third parties, including subcontractors, to:
• assist us with the maintenance and operation of the Services;
• market and promote the Services, including the measurement of the success of such efforts;
• comply with any court order, law, or legal process, including to respond to any government or regulatory request; to enforce or apply our Terms of Use;
• protect our, our customers’, or others rights, property, or safety; or
• to disclose to a buyer or other successor entity in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
In addition, we may disclose your deidentified and anonymized information for commercial purposes, except for payment and financial information, and information prohibited from disclosure pursuant to federal and state law.
VII. Privacy and Security
We design our systems with your security and privacy in mind, and we maintain administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, or disclosure. These safeguards vary based on the sensitivity of the information that is
collected.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. Do not share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website.
VIII. Notification of Changes
We reserve the right to change this Privacy Policy from time to time in our sole discretion. Your continued use of our Services indicates your consent to the Privacy Policy as posted. The date the Privacy Policy was last revised is identified at the top or bottom of this page. If we make material changes to how we treat our users’ personal information, we will notify you by email or through a notice on our website. You are responsible for ensuring we have an up-to-date active and
deliverable email address for you, and for periodically visiting our website and this Privacy Policy to check for any changes.
IX. Accessing/Deleting your Personal Information
You may be able to update, correct, or delete your personal information by contacting us. We may not be able to delete your information, personal or otherwise, without also deleting your account, and we may not accommodate a request to change or delete information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
X. Retention of Your Information
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
XI. California Residents
Consumers residing in California are afforded certain additional rights with respect to their personal information under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section may apply to you at such time that we become subject to CCPA. At this time, we are not subject to the CCPA.
If you are a California resident, and if the CCPA applies to us, you can make certain requests regarding your personal information. We will fulfill each of these requests to the extent required and permitted by law.
You can ask us what personal information we have about you, including a list of categories of your personal information that we have sold and a list of categories of your personal information that we have shared with another company for business purposes. If you make this request, and to the
extent required by law, we will return to you any of the following, as applicable: the categories of personal information we have collected about you; the categories of sources from which we collect your personal information; the business or commercial purpose for collecting or selling your personal information; the categories of third parties with whom we share personal information; the specific pieces of personal information we have collected about you; a list of categories of personal information that we have sold, along with the category of any other company we sold it to; and, a list of categories of personal information that we have disclosed for a business purpose.
You can ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to personal information we collected about you in the previous 12 months.
In addition, you have the right to ask us to delete your personal information. Once we receive a request, we will delete the personal information (to the extent required by law) we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. Choosing to delete your personal information may impact your ability to use our websites and online features.
Finally, you can ask that we stop selling your personal information or disclosing it for a business purpose. We share or sell your personal information as described in the “How Collected Information is Shared by Us” section of this policy.
We will not discriminate against any consumer for exercising their rights under the California Consumer Privacy Act. This generally means we will not deny you goods or services, charge different prices or rates, provide a different level of service or quality of goods, or suggest that you might receive a different price or level of quality for goods.
You can make these requests by calling 407-205-2770or emailing your request to contact@myhamiltonhealth.com.
XII. Your State Privacy Rights
Certain states afford their residents additional rights with respect to their personal information. Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
• Confirm whether we process their personal information.
• Access and delete certain personal information.
• Data portability.
• Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
• Correct inaccuracies in their personal information, considering the information’s nature processing purpose.
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights please contact us at: 407-205-2770.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address contact us at: 407-205-2770.
XIII. Children Under 13
We do not knowingly collect personally identifiable information from children under the age of 13 without parental consent. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.
XIV. Contact Information
If you have any questions about this Privacy Policy, please contact us at: 407-205-2770. You may also request that we help you access, modify, or delete your data, or ask that we not sell or share your data, by contacting us using the information provided above.
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
*****This notice is for reference only and supplements the Practice’s existing Notice of Privacy Practices.*****
*****In the event of a conflict, the Practice’s existing Notice shall govern.*****
WHO WILL FOLLOW THIS NOTICE:
This notice addresses the use of your medical information by your physician (the “Practice,” “we” or “us”) and its business associates.
We may use your medical information, also known as protected health information (“PHI”), for treatment, payment, operations, or research purposes as described in this notice. All employees of the Practice follow these privacy practices. The practitioners on our staff will also follow this notice when they work at the Practice.
ABOUT THIS NOTICE
This notice will tell you about the ways we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.
We are required by law to:
• make sure that medical information that identifies you is kept private;
• give you this notice of our legal duties and privacy practices with respect to your medical information;
• follow the terms of the notice that is currently in effect; and
• notify individuals, either known or reasonably believed to be affected, following a breach of unsecured protected health information.
HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU
The following categories describe different ways that we use and disclose medical information. For each category of uses or disclosures, we will explain what we mean and give examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one or more of the categories.
• For Treatment. We may use medical information about you to provide you with medical treatment or services. We may disclose medical information about you to physicians, nurses, technicians, medical students, or other Practice personnel who are involved in your care. Different departments and personnel of the Practice also may share medical information about you to coordinate the different services you may need, such as prescriptions, lab work and imaging services. We also may disclose medical information about you to people outside the Practice who may be involved in your medical care.
• For Payment. We may use and disclose medical information about you so that we may bill for treatment and services you receive at the Practice and collect payment from you, an insurance company or another party. For example, we may need to give information about the medical care you received at the Practice to your health plan so that the plan will pay us or reimburse you for the applicable treatment. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment. We may also disclose information about you to other healthcare facilities for purposes of payment as permitted by law.
• For Healthcare Operations. We may use and disclose medical information about you for operations of the Practice. These uses and disclosures are necessary to run the Practice and make sure that all of our patients receive quality care. For example, we may use medical information to evaluate the performance of our staff in caring for you or the outcome of your treatment. We may also combine medical information about many patients to decide what additional services the Practice should offer, what services are not needed and whether certain new treatments are effective. We may also combine medical information we have with medical information from other practices to compare our performance and to make improvements in the care and services we offer. We may also disclose information to doctors, nurses, technicians, medical students, and other Practice personnel for educational purposes. We may also disclose information about you to other healthcare facilities as permitted by law.
• Appointment Reminders. We may use and disclose medical information to contact you to remind you that you have an appointment for treatment or medical care.
• Treatment Alternatives. We may use and disclose medical information to tell you about possible treatment options that may be of interest to you.
• Health-Related Benefits and Services. We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.
• Individuals Involved in Your Care or Payment for Your Care. We may release medical information about you to a friend or family member who is involved in your medical care. We may also give information to someone who helps pay for your care. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
• Research. In certain circumstances, we may use and disclose PHI about a patient for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another for the same condition. All research projects, however, are subject to an approval process. This process evaluates a proposed research project and its use of PHI to balance research needs with patients’ needs for privacy. Before we use or disclose PHI for research, the project will be approved through this process. However, we may disclose medical information a patient to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the PHI they review does not leave the Practice premises. When required by law, we will ask for specific written authorization if the researcher will: (i) have access to a patient’s name, address or other information that reveals who the patient is, or (ii) be involved in patient care at the Practice.
• As Required by Law. We will disclose medical information about you when required to do so by federal, state, or local law.
• To Avert a Serious Threat to Health or Safety. We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
SPECIAL SITUATIONS
• State Law. In certain states, special privacy protections apply to certain information, including genetic, sexually transmitted disease, or mental health information. Some parts of this general Notice of Privacy Practices may not apply to these types of information. If your treatment involves this information, and if applicable state laws govern, such information will be further protected pursuant to applicable state law. For further information, please contact us using the contact information listed on the last page of this Notice.
• Drug and Alcohol Abuse Information. The confidentiality of alcohol and drug abuse patient records is protected by Federal law and regulations. Generally, a health care provider may not say to a person outside a treatment program that a patient attends a program, or disclose any information identifying a patient as an alcohol or drug abuser unless:
• The patient consents in writing:
• The disclosure is allowed by a court order; or
• The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
• Organ and Tissue Donation. If you are an organ or tissue donor, we may release medical information about you to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank.
• Military and Veterans. If you are a member of the armed forces of the United States or another country, we may release medical information about you as required by military command authorities.
• Workers’ Compensation. We may release medical information about you for workers’ compensation or similar programs.
• Public Health Risks. We may disclose medical information about you to authorized public health or government officials for public health activities. These activities generally include the following:
• to a person subject to the jurisdiction of the Food and Drug Administration (FDA) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or service;
• to prevent or control disease, injury or disability;
• to report disease or injury;
• to report births and deaths;
• to report child abuse or neglect;
• to report reactions to medications and food or problems with products;
• to notify people of recalls or replacements of products they may be using;
• to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
• to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
• Health Oversight Activities. We may disclose medical information about you to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure.
• Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request or other legal demand by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
• Law Enforcement. We may release medical information about you if asked to do so by a law enforcement official:
o in response to a court order, subpoena, warrant, summons or similar process;
o to identify or locate a suspect, fugitive, material witness or missing person;
o about the victim of a crime if, under certain circumstances, we are unable to obtain
the person’s agreement;
o about a death we believe may be the result of criminal conduct;
o about criminal conduct at the Practice or by healthcare providers affiliated with the Practice;
o in emergency circumstances to report a crime, the location of the crime or victims, or the
identity, description or location of the person who committed the crime; and
o to authorized federal officials so they may provide protection for the President and other
authorized persons or conduct special investigations.
• Coroners, Medical Examiners and Funeral Directors. We may release medical information about you to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information to funeral directors so they can carry out their duties.
• National Security and Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.
• To a School. We may disclose information to a school, about an individual who is a student or prospective student of the school, if:
o The protected health information that is disclosed is limited to proof of immunization;
o The school is required by State or other law to have such proof of immunization prior to
admitting the individual; and
o The covered entity obtains and documents the agreement to the disclosure from either:
▪ A parent, guardian, or other person acting in loco parentis of the individual, if the individual is an un-emancipated minor; or
▪ The individual, if the individual is an adult or emancipated minor.
• Other Uses and Disclosures. Other uses and disclosures not described in this Notice will be made only with your written authorization, and you may revoke such authorization provided under this section at any time, provided that the revocation is in writing, except to the extent that we have taken action(s) in reliance upon your authorization; or if the authorization was obtained as a condition of obtaining insurance coverage.
YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU
You have the following rights regarding medical information we maintain about you:
• Right to Inspect and Copy. You have the right to inspect and copy medical information that may be used to make decisions about your care. Usually, this includes medical and billing records. This right does not include psychotherapy notes, information compiled for use in a legal proceeding or certain information maintained by laboratories. In order to inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to the Privacy Officer listed at the end of this Notice. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to medical information, you may request in writing that the denial be reviewed. To request a review, contact the Privacy Officer. A licensed healthcare professional will conduct the review. We will comply with the outcome of the review.
• Right to Amend. If you think that the medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Practice. To request an amendment, your request must be made in writing and submitted to the Privacy Officer, listed on the last page of this Notice, for the location at which you were treated. In addition, you must give a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
o was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
o is not part of the medical information kept by or for the Practice;
o is not part of the information that you would be permitted to inspect and copy; or
o is accurate and complete.
We will provide you with written notice of action we take in response to your request for an amendment.
• Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of certain disclosures we made of medical information about you. We are not required to account for any disclosures you specifically requested or for disclosures related to treatment, payment or healthcare operations or made pursuant to an authorization signed by you. To request an accounting of disclosures, you must submit your request in writing to the Privacy Officer. This contact information is listed at the last page of this Notice. Your request must state a time period, which may not be longer than six years. We will attempt to honor your request. If you request more than one accounting in any 12-month period, we may charge you for our reasonable retrieval, list preparation and mailing costs for the second and subsequent requests. We will notify you of the costs involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
• Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or healthcare operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, such as a family member or friend. Additionally, you can request restrictions on medical information disclosed to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the information pertains solely to a health care item or service for which you, or person other than the health plan on your behalf, has paid us in full. To request a restriction, you must contact the Privacy Officer. This contact information is listed on the last page of this Notice.
• We are not required to agree to your request. If we agree to your request, we will comply with your request unless the information is needed to provide you emergency treatment. You may terminate the restriction at any time. If we terminate the restriction, we will notify you of the termination. We are not able to terminate or refuse your request for restrictions to disclosures to health plans if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the information pertains solely to a health care item or
service for which you, or person other than the health plan on your behalf, has paid us in full.
• Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must submit a written request to the Privacy Officer. This contact information is listed at the end of this Notice. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will attempt to accommodate reasonable requests.
• Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice upon written request from the Practice or at your first treatment encounter with the Practice. You may get an additional copy of this Notice at any time by contacting us. This contact information is listed at the end of this Notice.
CHANGES TO THIS NOTICE
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for medical information about you we already have as well as any information we receive in the future. We will post copies of the current Notice at the Practice. The Notice will contain the effective date. In addition, each time you register with the Practice for treatment or healthcare services, we will make available copies of the current Notice. Any revisions to our Notice will also be posted on our website.
COMPLAINTS
If you believe your privacy rights have been violated, you may file a complaint with the Practice or with the Secretary of the Department of Health and Human Services, Office of Civil Rights. To file a complaint with the Practice, please call or write to the Privacy Office. This contact information is listed at the end of this Notice. You will not be penalized for filing a complaint.
OTHER USES OF MEDICAL INFORMATION
Other uses and disclosures of medical information not described in this Notice or the laws that apply to us will be made only with your written authorization on a Practice authorization form. If you provide us authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. However, we may continue to use or disclose that information to the extent we have relied on your authorization. You also understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of the care that we provided to you.
HIPAA Notice of Privacy Practices
***************************
Acknowledgement of Notice of Privacy Practices
Patient Name:
Electronic Acknowledgement accepted in lieu of wet signature.
Date / /
The Notice of Privacy Practices describes how Protected Health Information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
We are required by law to protect the privacy of health information that may reveal your identity, and to provide you with a copy of this notice, which describes the health information privacy practices of our practice, its medical staff, and affiliated health care providers that jointly perform payment activities and business operations with our Practice. “Protected Health Information” is information about you, including demographic information that may identify you and genetic information, and that relates to your past, present or future physical or mental health or
condition and related health care services.
Electronic Acknowledgement accepted in lieu of wet signature.
Signature of Patient/Health Care Agent/Guardian/Relative
(This signature indicates having received a copy of the Notice of Privacy Practices.)
_ Patient is unable to sign due to medical reasons
_ Patient refuses to sign
_ Other (Please Explain)
This Acknowledgement Form will become part of your permanent medical record.
FOR MORE INFORMATION OR FURTHER QUESTIONS PLEASE CONTACT:
Practice Name:
Hamilton Health & Wellness, LLC
Address: 1317 Edgewater Drive, Suite 3483
Orlando, Florida 32804
Privacy Officer Contact Information: Virginia Hatcher