This Notice applies to protected health information maintained by Pinnie Medical Group, P.C. and any Pinnie-branded professional corporation or professional medical entity that later adopts this Notice after being formed, licensed or registered where required, and authorized to furnish services (collectively, the "Pinnie Clinical Practices"). A current list of participating Pinnie Clinical Practices will be available on Pinnie.com or upon request. Recora, Inc. is not a medical practice; it provides MSO and business associate services to the Pinnie Clinical Practices.
The Pinnie Clinical Practices are required by law to maintain the privacy and security of your protected health information ("PHI"), give you this Notice, follow the terms of the Notice currently in effect, and notify you following a breach of unsecured PHI. We will not retaliate against you for filing a privacy complaint.
This Notice describes common ways we may use and disclose PHI. Some state laws or federal programs may provide additional protections for certain information, such as substance use disorder treatment records, behavioral health information, HIV/AIDS information, genetic information, or other sensitive records. When stricter laws apply, we follow those laws.
Recora, Inc. provides non-clinical management, administrative, technology, billing-support, care-coordination support, and related MSO services to the Pinnie Clinical Practices. The MSO may receive, create, maintain, or transmit PHI on behalf of a Pinnie Clinical Practice as a HIPAA business associate. The MSO is required to safeguard PHI and use or disclose it only as permitted by HIPAA, its agreements with the Pinnie Clinical Practices, and applicable law.
Treatment
We may use and disclose PHI to provide, coordinate, or manage your care. This may include sharing PHI with clinicians, Advocates, auxiliary personnel, care coordinators, caregivers, other health care providers, health plans, pharmacies, labs, hospitals, community resources, and others involved in your care. Examples include scheduling a telehealth visit, coordinating Community Health Integration (CHI) or Principal Illness Navigation (PIN) services, supporting cardiac rehabilitation or pulmonary rehabilitation services delivered through telehealth, hybrid, or other permitted care models, helping you access community resources, or communicating with your other providers.
Payment
We may use and disclose PHI to bill and collect payment from Medicare, Medicaid, health plans, other payers, or you. Examples include eligibility checks, claims submissions, prior authorization, documentation of services, audits, appeals, and collection of applicable copayments, coinsurance, or deductibles, including for telehealth, CHI, PIN, care management, cardiac rehabilitation, or pulmonary rehabilitation services where permitted.
Health Care Operations
We may use and disclose PHI for health care operations, such as quality review, training, care management, cardiac rehabilitation or pulmonary rehabilitation program operations, credentialing, compliance, auditing, risk management, business planning, security, patient support, and evaluating and improving our services.
Business Associates
We may disclose PHI to business associates, including the MSO and other vendors that perform services for us. Business associates must safeguard PHI and use or disclose it only as permitted by law and their agreements with us.
We may use or disclose PHI without your written authorization in the following situations, as permitted or required by law:
- Appointment reminders, telehealth instructions, remote-care logistics, care-related communications, treatment alternatives, and health-related benefits or services.
- To family members, caregivers, personal representatives, or others involved in your care or payment for care, consistent with your preferences and applicable law.
- As required by law, including reporting to government agencies or responding to legally valid requests.
- Public health activities, such as disease reporting, adverse event reporting, product recalls, and prevention or control of disease, injury, or disability.
- Health oversight activities, such as audits, investigations, inspections, licensure, certification, and Medicare or Medicaid program oversight.
- Reports of abuse, neglect, domestic violence, or similar concerns when required or permitted by law.
- Judicial and administrative proceedings, such as in response to a court order, subpoena, discovery request, or other lawful process.
- Law enforcement purposes, subject to applicable legal limits.
- Coroners, medical examiners, funeral directors, and organ or tissue donation organizations, where applicable.
- Research that is approved by an institutional review board or privacy board, or otherwise permitted by HIPAA.
- Workers' compensation or similar programs.
- To prevent or lessen a serious and imminent threat to health or safety.
- Special government functions, such as certain military, national security, protective services, or correctional institution purposes, if applicable.
Some records, such as substance use disorder treatment records, behavioral health information, HIV/AIDS information, genetic information, or other sensitive records, may receive additional protections under federal or state law. When stricter laws apply, we follow those laws.
Get an electronic or paper copy of your medical record
You may ask to inspect or receive a copy of PHI in a designated record set. We will respond as required by law and may charge a reasonable, cost-based fee where permitted.
Ask us to correct your medical record
You may ask us to amend PHI you believe is incorrect or incomplete. We may deny the request in certain circumstances, and we will explain the reason in writing.
Request confidential communications
You may ask us to contact you in a specific way or at a specific address. We will accommodate reasonable requests.
Ask us to limit what we use or share
You may ask us not to use or disclose certain PHI for treatment, payment, or operations. We are not required to agree except where HIPAA requires. If you pay for a service out of pocket in full and ask us not to disclose information about that service to your health plan for payment or operations, we will agree unless disclosure is required by law.
Get a list of certain disclosures
You may ask for an accounting of certain disclosures of PHI made during the six years before your request. The accounting will not include all disclosures, such as disclosures for treatment, payment, health care operations, or disclosures you authorized, unless required by law.
Get a paper copy of this Notice
You may request a paper copy of this Notice at any time, even if you agreed to receive it electronically.
Choose someone to act for you
If you have given someone medical power of attorney or if someone is your legal guardian, that person may exercise your rights and make choices about your PHI to the extent permitted by law.
File a complaint
You may complain if you believe your privacy rights have been violated. You may file a complaint with us using the contact information below or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.
In some situations, you may tell us your preferences about sharing PHI, such as sharing with family, close friends, caregivers, or others involved in your care or payment for care. If you are unable to tell us your preference, we may share information if we believe it is in your best interest or needed to lessen a serious and imminent threat to health or safety.
We will not use PHI for targeted advertising, custom audiences, or sale of PHI. We do not use or disclose PHI for fundraising communications unless permitted by law and any required opt-out or consent is provided.
We may change the terms of this Notice. The new Notice may apply to PHI we already have and PHI we receive in the future. The current Notice will be posted on Pinnie.com and will be available upon request.