THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Effective Date: April 15, 2024

Last Updated: July 10, 2024

This Notice of Privacy Practices (the “Notice”) describes how RTHM Medical Group (FL), P.A., RTHM Medical Group of CA, P.C., and all members of its Affiliated Covered Entity (collectively, “RTHM,” “we” or “our”) may use and disclose your protected health information to carry out treatment, payment, or business operations and for other purposes that are permitted or required by law. An Affiliated Covered Entity is a group of health care providers under common ownership or control that designates itself as a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). Although we are not technically a “Covered Entity” under HIPAA, we have elected to voluntarily substantially comply with the standards set forth in HIPAA. The members of the RTHM Medical Group Affiliated Covered Entity will share protected health information with each other for the treatment, payment, and health care operations of the RTHM Affiliated Covered Entity and as permitted by HIPAA and this Notice of Privacy Practices. For a complete list of the members of the RTHM Affiliated Covered Entity, please contact the RTHM Privacy Officer at support@rthm.com.

“Protected health information” or “PHI” is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical health or condition, treatment, or payment for health care services. This Notice also describes your rights to access and control your protected health information and outlines our legal duties and privacy practices with respect to PHI. We are required by law to provide you with a copy of this Notice and to notify you following a breach of your unsecured protected health information. We will abide by the terms of the Notice.

We will obtain your written authorization to use and disclose your health information unless we are permitted to use or disclose your information without your authorization under applicable law. The following categories describe the ways that we may use and disclose your health information without your written authorization under HIPAA. To the extent applicable state law is even more restrictive than HIPAA on how we use and disclose any of your health information, we comply with more restrictive state law.

We will use and disclose your protected health information to treat you. Your protected health information may be shared with other professionals who are treating you. For example, your protected health information may be provided to a health care provider to whom you have been referred to ensure the necessary information is accessible to diagnose or treat you, or a treatment summary may be sent to your primary care provider following a visit with a RTHM provider.

Your protected health information may be used to bill or obtain payment for your health care services. For example, obtaining approval from your health insurance plan for a particular treatment may require that your relevant protected health information be disclosed to your health insurance plan to obtain approval for the treatment.

We may use or disclose, as needed, your protected health information in order to support the normal business activities of RTHM. Examples of these activities include, but are not limited to, quality assessment activities, employee review activities, training, licensing, and conducting or arranging for other business activities. We may use advanced technology, including artificial intelligence (AI), to improve the quality and efficiency of the health care we provide. This technology may analyze your health information to support health care operations, such as quality assessment activities and developing clinical guidelines. We maintain strict security measures designed to safeguard your information when used in these technologies.

We also may need to share your protected health information with certain of our “business associates” or other third parties that perform various activities (e.g., billing, coordinating care, transcribing records) for RTHM. Whenever an arrangement between RTHM and a business associate involves the use or disclosure of your protected health information, we will have in place the legally required safeguards to protect the privacy of your health information.

Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described below. You may revoke your authorization, at any time, in writing, except to the extent that RTHM has taken an action in reliance on the use or disclosure indicated in the authorization.

In the circumstances listed below, you may agree or object to the use or disclosure of the protected health information in the manner described. In the absence of agreement or objection, RTHM may, using professional judgment, determine whether the disclosure of health information is in your best interest. If such a determination is made, only the protected health information that is relevant to your health care will be disclosed.

Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interests, based on our professional judgment. We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, general condition, or death. Finally, we may use or disclose your protected health information to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.

In an emergency treatment situation, we may have to use or disclose your protected health information in a context in which consent for the release of information has not already been given. If this happens, RTHM will try to obtain your consent to the release of information as soon as reasonably practicable after the delivery of the treatment. If RTHM is required to treat you and has attempted to obtain your consent but is unable to obtain your consent, it may still use or disclose your protected health information to treat you.

There are other circumstances in which we may have to use or disclose your protected health information, even without your consent or authorization. These situations include:

We may use or disclose your protected health information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.

We may disclose your protected health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability. We may also disclose your protected health information, if directed by the public health authority, to a government agency that is collaborating with the public health authority.

We may disclose your protected health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.

We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.

We may disclose your protected health information to a government authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.

We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products; to enable product recalls; to make repairs or replacements; or to conduct post marketing surveillance, as required.

We may disclose protected health information in the course of any judicial or administrative proceeding or investigation, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in certain conditions in response to a subpoena, discovery request or other lawful process or request.

We may disclose protected health information, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include requests: (1) pursuant to legal processes or as otherwise required by law; (2) for limited information for identification and location purposes; (3) pertaining to potential victims of a crime; (4) relating to suspicion that a death has occurred as a result of criminal conduct; (5) in the event that a crime occurs at RTHM; or (6) relating to a medical emergency (not at RTHM ) and it is necessary to alert law enforcement regarding a potential crime.

We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out his/her duties. We may disclose such information in reasonable anticipation of death. protected health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes.

Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.

We may use or disclose your protected health information without your consent or authorization if an Institutional Review Board or Privacy Board approves a waiver of authorization for such disclosure.

We may use or disclose your protected health information in ways that do not personally reveal your identity. We may de-identify your health information as permitted by law. We may use or disclose to others the de-identified information for any purpose, without your further authorization or consent, including but not limited to research studies, development of artificial intelligence tools, and health care/health operations improvement activities.

This section describes your rights regarding the health information we maintain about you and a brief description of how you may exercise these rights.

You have the right to inspect and receive a copy of your health information. We may charge you a fee as authorized by law to meet your request. You may request access to your health information in a certain electronic form and format, if readily producible, or, if not readily producible, in a mutually agreeable electronic form and format. Further, you may request in writing that we transmit such a copy to any person or entity you designate. Your written, signed request must clearly identify such designated person or entity and where you would like us to send the copy. We may deny your request to inspect and copy in limited circumstances. If you are denied access to your health information, you may request that the denial be reviewed by a licensed health care professional chosen by us. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

You have the right to request that we communicate your health information to you in a certain manner or at a certain location. For example, you may wish to receive information through a written letter sent to a private address. We will grant reasonable requests. We will not ask you the reason for your request.

You have a right to request that we amend or correct your health information that you believe is incorrect or incomplete. For example, if your date of birth is incorrect, you may request that the information be corrected. To request a correction or amendment to your health information, you must make your request in writing and provide a reason for your request. You have the right to request an amendment for as long as the information is kept by or for us. Under certain circumstances we may deny your request. If your request is denied, we will provide you with information about our denial and how you can file a written statement of disagreement with us that will become part of your medical record.

You have the right to request an accounting of disclosures we make of your health information. Please note that certain disclosures need not be included in the accounting we provide to you, including most disclosures we make pursuant to your authorization. Your request must state a time period which may not go back further than six years. You will not be charged for this accounting, unless you request more than one accounting per year, in which case we may charge you a reasonable cost-based fee for providing the additional accounting(s). We will notify you of the costs involved and give you an opportunity to withdraw or modify your request before any costs have been incurred.

HIPAA provides that you have the right to request restrictions on how your health information is used or disclosed for treatment, payment, or health care operations activities but that we are not required to agree to your requested restriction, unless that restriction is regarding disclosure of health information to your health insurance company and: (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (2) the health information pertains solely to a health care item or service for which you or another person (other than your health insurance company) paid for in full.

You have the right to receive a paper copy of this Notice at any time, even if you previously agreed to receive this Notice electronically. A copy of this Notice can be obtained at any time from our website at https://www.app.direct.rthm.com/legal/notice-of-privacy-practices.

We reserve the right to revise this Notice as permitted by law and to make the revised Notice effective for protected health information we already have about you as well as any information we receive in the future. You are entitled to a copy of the Notice currently in effect. Each version of the Notice will have an effective date listed on the first page. Any significant changes to this Notice will be posted on our websitehttps://www.app.direct.rthm.com/legal/notice-of-privacy-practices

We will notify you if a breach of your unsecured protected health information is discovered. Notification will be made to you no later than 60 days from the breach discovery and will include a brief description of how the breach occurred, the protected health information involved, and contact information for you to ask questions.

You have the right to file a complaint if you believe your privacy rights have been violated. If you would like to file a complaint about our privacy practices, you can do so by sending a letter outlining your concerns to:

    RTHM Medical Group (FL), P.A.
    Attention: HIPAA Privacy Officer
    2261 Market Street #10535
    San Fransisco, CA, 94114

You may also submit a formal complaint to the Secretary of the Department of Health and Human Services or the United States Attorney for the judicial district in which the violation occurs. You will not be penalized or otherwise retaliated against for filing a complaint.

We must follow the duties and privacy practices described in this Notice. If you have any questions about your privacy rights, or the information contained in this Notice, please contact us by mail at RTHM Medical Group (FL), P.A., Attn: HIPAA Privacy Officer, 2261 Market Street #10535, San Francisco, CA 94114, telephone at (408) 508-4163, or by email at support@rthm.com and ask to speak with our HIPAA Privacy Officer.