HIPAA Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Sword Health’s Commitment to Your Privacy
Sword Health, Inc. (“Sword”) makes certain wellness and telehealth services available to you as more specifically defined in Sword’s Terms and Conditions (“Services”) through a group of independently owned professional practices, including, but not limited to, Sword Health Care Providers, P.A., Sword Health Care Providers of NJ, P.C., and Sword Health Care Physical Therapy Providers of CA, P.C. (“Sword Professionals”). Sword and Sword Professionals are committed to protecting the privacy of your medical information. This HIPAA Notice of Privacy Practices (“Notice”) describes how Sword and Sword Professionals use and disclose your medical information and your rights related to your medical information. This Notice is incorporated into the Terms and Conditions you agreed to when you enrolled in the Services. Words not defined within this Notice have the same meaning as they do in the Terms and Conditions.
In this Notice, we will discuss:
- Our Responsibilities
- Our Uses and Disclosures
- Other Uses and Disclosures
- Your Choices About Uses and Disclosures
- Your Rights
- Contact Information and Complaints
As part of your use of the Services, we will receive, create, use, and disclose certain medical information about you, which is designated as “Protected Health Information” or “PHI” and is subject to the privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, (“HITECH”), more commonly known as “HIPAA.” For a description of how we collect, use, and disclose your personal information that is not PHI, please refer to our Privacy Statement.
We are required by law to maintain the privacy and security of your PHI, which we do through reasonable administrative, physical, and technical means. Additionally, we:
- Are required to provide you with this Notice and must give you a copy of it.
- May only use and disclose your PHI as described in this Notice, unless you tell us in writing.
- Will let you know promptly if a breach occurs that may have compromised your PHI.
Our Uses and Disclosures
As part of the Services that we provide to you, we may need to use and disclose your PHI for the reasons listed below, which may be done without your explicit authorization as permitted by law. While each use and disclosure listed below includes examples, the uses and disclosures listed are not exhaustive.
Payment We may use or disclose your PHI for our payment activities or the payment activities of your health plan. For example, we might submit a claim to your health plan or other third party that is responsible for paying for the Services on your behalf.
Treatment As part of the Services, we may receive lab results, clinician notes, sensor readings, and other information related to your health condition. We will use this information to provide Services to you and we may disclose this PHI to your care team for their treatment of your condition.
Healthcare Operations Your PHI may be used to run our business. This includes improving the Services, training staff, quality assessment and improvement, contacting you about the Services, and customer service. We may disclose your PHI to a third party for their healthcare operations only if they have or had an existing relationship with you. We may de-identify or aggregate your PHI as part of these operations, at which point this Notice will no longer apply.
If you agree to our Care Coordination Consent, we may also share your PHI as part of a Health Information Exchange (HIE) so that we can receive additional PHI about you from other healthcare organizations.
We may engage third parties to assist with our activities described above. If this is the case, then we will require an agreement with the third party that protects the privacy and security of your PHI.
Other Uses and Disclosures
Under certain circumstances, we are required or permitted by law to disclose your PHI without your authorization. These include:
- For public health activities such as reporting certain diseases
- To protect victims of abuse or neglect, such as child abuse and elder neglect
- For judicial and administrative proceedings such as responding to subpoenas
- For workers compensation claims
- To prevent or lessen a serious and imminent threat of harm to a person or the public
- When required by law or for law enforcement purposes
- For state and federal health oversight activities such as physician licensing and disciplinary action
- To coroners, medical examiners, and funeral directors in limited circumstances
- For organ donation and transplantation
- For research approved by an institutional review board
- For specialized government functions such as national security
For other uses and disclosures, we may need your written authorization.
Notice Regarding Technology We may use electronic software, services, and equipment, including without limitation email, video conferencing technology, cloud storage and servers, internet communication, cellular network, voicemail, facsimile, electronic health record, and related technology to share your PHI as described herein. Certain aspects of those transfers may not be encrypted or confidential. We take measures to safeguard the data transmitted, as well as ensure its integrity against intentional or unintentional breach or corruption. However, occasionally security protocols could fail. In the event that happens, we will take immediate steps to prevent further breach of information and promptly notify you if your information is impacted.
Your Choices About Uses and Disclosures
You have both the right and the choice to tell us to:
- Disclose your PHI to your family, close friends, or others involved in your care.
- Disclose PHI in a disaster relief situation.
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your PHI if we believe it is in your best interest. We may also share your PHI when needed to lessen a serious and imminent threat to health or safety.
Unless you give us written authorization, we will never:
- Use your PHI for marketing purposes, although we may use your PHI to keep you informed of other services and products that are relevant to your condition.
- Sell your PHI.
- Share your psychotherapy notes under most circumstances.
Any other uses and disclosures that are not described in this Notice require your written authorization. When you give us written authorization to use or disclose your PHI, you can revoke that authorization at any time. However, prior uses and disclosures will not be affected.
When it comes to your PHI, you have certain rights. This section explains your rights and some of our responsibilities to help you. Your authorized representative, such as a medical power of attorney or legal guardian, may also be able to exercise these rights for you. To exercise any of these rights, please contact us using the available methods described in the Contact Information and Complaints section below.
Right to Access PHI You may inspect and copy certain portions of your PHI. You may request that we provide your health records to you in an electronic format. Under certain circumstances, we may deny your request for your PHI. If we deny your request, we will provide you with a written explanation regarding the denial.
Right to Amend Your PHI You have the right to request we amend your PHI if you feel it is incorrect or incomplete. However, under certain circumstances we may deny your request. If we deny your request, we will provide you with a written explanation regarding the denial.
Right to An Accounting of Disclosures You have the right to receive an accounting of certain disclosures of your PHI made for the prior six (6) years, although this excludes disclosures for treatment, payment, and health care operations, disclosures made that were authorized by you, and certain other disclosures. If you request an accounting more than once during a twelve (12) month period, we may charge you a reasonable fee for the accounting statement.
Right to Request Additional Restrictions You have the right to request that we restrict how we use or disclose your PHI. However, we are not required to agree with your requests, unless you request that we restrict information provided to your health plan, the disclosure would be for the health plan’s payment or healthcare operations, and you have paid for the health care services completely by yourself.
Right to Receive Alternative Communications You have the right to request that we communicate with you at a specific telephone number, postal, or email address. We are not required to agree to your request, but we will reasonably accommodate any such request.
Right to Receive a Paper Copy of this Privacy Notice Upon request, you have the right to obtain a paper copy of this notice even if you have elected to receive it electronically.
To exercise any of these rights, please contact us using the available methods described in the Contact Information and Complaints section below.
Contact Information and Complaints
If you have any questions about this Notice, to receive a copy of this Notice, to exercise your rights under this Notice, or to file a complaint about Sword’s handling of your PHI, you can contact Sword’s Privacy Office using the information below.
By writing to:
Sword Health, Inc. ATTN: Privacy Office 13937 Sprague Lane, Suite 100 Draper, UT 84020
Or by sending an email to: firstname.lastname@example.org
Additionally, you may also file a complaint with the Secretary of Health and Human Services by visiting https://www.hhs.gov/hipaa/filing-a-complaint/index.html or by sending a letter to:
U.S. Department of Health and Human Services Office for Civil Rights 200 Independence Ave. S.W. Washington D.C., 20201
Changes and Effective Date
We reserve the right to change this Notice and our privacy practices with respect to your PHI at any time. If we make changes, we may make the new terms effective for all PHI that we maintain, including any PHI created or received prior to issuing the new notice. If we change this Notice, we will post our revised Notice of Privacy Practices on our website, within our app, or we may mail or email it to you.
This Notice is effective as of July 1, 2022.