HIPAA Notice of Privacy Practices
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
THIS NOTICE TELLS YOU ABOUT YOUR RIGHTS AND OUR LEGAL OBLIGATIONS REGARDING YOUR PROTECTED HEALTH INFORMATION. Bold You Wellness LLC is required by law to maintain the privacy of your Protected Health Information, to provide you with notice of our legal duties and privacy practices, and to notify you following a breach of your unsecured Protected Health Information.
What Is Protected Health Information?
Protected Health Information (โPHIโ) is health information that identifies you or could be used to identify you. PHI includes information about your physical or mental health condition, the health care you receive, and payment for that health care, when it can be linked to you as an individual.
In the context of Bold You Wellness, PHI includes your medical intake forms, symptom questionnaires, provider notes, prescription records, laboratory results, medication delivery records, and any other health information you share with your provider or through our platform.
Our Duties
Bold You Wellness LLC is required by law to:
- Maintain the privacy of your PHI
- Provide you with this Notice of our legal duties and privacy practices with respect to your PHI
- Notify you following a breach of your unsecured PHI
- Follow the terms of this Notice currently in effect
- Not use or disclose your PHI except as described in this Notice or as otherwise permitted by law
How We May Use and Disclose PHI
We are permitted to use and disclose your PHI for the following purposes without your specific authorization:
Treatment
We may use and disclose your PHI to provide you with clinical care. This includes sharing your health information with the independent licensed physicians in our network, our pharmacy partners, laboratory partners, and care coaches involved in your treatment. For example, your intake health history will be shared with your assigned physician to enable them to evaluate you and prescribe treatment.
Payment
We may use and disclose your PHI to process payments for services. For example, we may share information necessary to process your subscription payment or verify insurance (though we do not bill insurance for our primary services).
Health Care Operations
We may use and disclose your PHI for our healthcare operations, including quality assurance, training, auditing, and administrative functions. For example, we may review clinical records to evaluate program effectiveness or train our care coaches using de-identified or aggregated information.
Required by Law
We may disclose your PHI when required by federal, state, or local law, including in response to court orders, subpoenas, or valid requests from public health authorities.
Public Health Activities
We may disclose your PHI to authorized public health authorities for activities such as disease reporting, adverse drug event reporting, or other legally required public health functions.
Health Oversight
We may disclose your PHI to government health oversight agencies (such as state medical boards) as authorized by law, including for audits, investigations, and inspections.
Serious Threats to Health or Safety
We may disclose your PHI to prevent or lessen a serious and imminent threat to the health or safety of you or another person, to law enforcement or other appropriate persons, as permitted by law.
Business Associates
We may share your PHI with our Business Associates โ entities that perform services on our behalf (such as our pharmacy partners, lab partners, and technology vendors). All Business Associates are contractually required to safeguard your PHI under Business Associate Agreements that meet HIPAA requirements.
Uses and Disclosures Requiring Your Written Authorization
For uses and disclosures not described above, we will ask for your written authorization before using or sharing your PHI. This includes:
- Most marketing communications
- Sale of your PHI (we do not sell PHI)
- Psychotherapy notes (if applicable)
- Sharing PHI with employers
- Any other use or disclosure not permitted without authorization under HIPAA
You may revoke a written authorization at any time by submitting a written revocation to our Privacy Officer. Revocation will not affect uses or disclosures already made in reliance on your authorization.
Your Rights Regarding PHI
Right to Access
You have the right to inspect and obtain copies of your PHI that we maintain in a designated record set. We will provide access within 30 days of your request. We may charge a reasonable, cost-based fee for copying. To request access, contact our Privacy Officer (see Section 8).
Right to Amend
You have the right to request that we amend PHI that you believe is incorrect or incomplete. We will respond within 60 days. We may deny your request if the information was not created by us, is not part of our records, or is accurate and complete as recorded.
Right to an Accounting of Disclosures
You have the right to receive an accounting of disclosures of your PHI made in the six years prior to your request, except for disclosures for treatment, payment, or healthcare operations, and certain other exceptions. We will provide this accounting within 60 days.
Right to Request Restrictions
You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your requested restriction unless it concerns disclosure to a health plan for payment or operations purposes regarding a service you paid for out-of-pocket in full.
Right to Request Confidential Communications
You have the right to request that we communicate with you about your health information in a specific way or at a specific location. For example, you may request that we contact you only via email, or only at a specific address. We will accommodate reasonable requests.
Right to a Paper Copy of This Notice
You have the right to receive a paper copy of this Notice at any time, even if you have agreed to receive it electronically. Contact us to request a paper copy.
Right to Notification of Breach
If a breach of your unsecured PHI occurs, we will notify you as required by the HIPAA Breach Notification Rule, typically within 60 days of discovering the breach.
How to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with:
Bold You Wellness Privacy Officer
Email: privacy@boldyouwellness.com
Mailing Address: Bold You Wellness LLC, Privacy Officer, [Address]
U.S. Department of Health & Human Services, Office for Civil Rights
Online: hhs.gov/ocr
Phone: 1-800-368-1019 (TTY: 1-800-537-7697)
You will not be retaliated against for filing a complaint. Bold You Wellness does not and will not retaliate against you in any way for exercising your rights or filing a complaint with the Office for Civil Rights.
Changes to This Notice
We reserve the right to change the terms of this Notice and to make new provisions effective for all PHI we maintain, including PHI we created or received before the effective date of the change. When we make a material change to this Notice, we will post the new Notice prominently on our website and provide it to you upon request.
Contact Information
For questions about this Notice or to exercise your rights, contact our Privacy Officer:
Email: privacy@boldyouwellness.com
Patient Portal: boldyouwellness.com/portal
Mailing Address: Bold You Wellness LLC, Attn: Privacy Officer, [Address], United States
We will acknowledge your request within 5 business days and respond fully within the timeframe required by applicable law (typically 30โ60 days).