The Hill Medical Corporation Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.

The Hill Medical Corporation’s goal is to take appropriate steps to safeguard any medical or other personal information that is provided to us. We are required to: (i) maintain the privacy of protected health information provided to us; (ii) provide notice of our legal duties and privacy practices; and (iii) abide by the terms of our Notice of Privacy Practices currently in effect.

WHO WILL FOLLOW THIS NOTICE

This notice describes the practices of our employees and staff. All of these individuals, entities, sites, and locations will follow the terms of this notice. In addition, these individuals, entities, sites, and locations may share medical information with each other for the treatment, payment, or health care operations purposes described in this notice.

INFORMATION COLLECTED ABOUT YOU

In the ordinary course of receiving treatment and health care services from us, you will be providing us with personal information such as:

Your name, address, and phone number.

Information relating to your medical history.

Your insurance information and coverage.

Information concerning your doctor, nurse or other medical providers.

Other information that may be deemed necessary to provide your care. In addition, we will gather certain medical information about you and will create a record of the care provided to you. Other individuals or organizations that are part of your “circle of care”- such as the referring physician, your other doctors, your health plan, and close friends or family members also may provide some information to us.

HOW WE MAY USE AND DISCLOSE INFORMATION ABOUT YOU

We may use and disclose personal and identifiable health information about you in different ways. All of the ways in which we may use and disclose information will fall within one of the following categories, but not every use or disclosure in a category will be listed.

For Treatment. We will use health information about you to furnish services and supplies to you, in accordance with our policies and procedures. For example, we will use your medical history, such as any presence or absence of heart disease, to assess your health and perform requested x-rays or other diagnostic services.

For Payment. We will use and disclose health information about you to bill for our services and to collect payment from you or your insurance company. For example, we may need to give a payer information about your current medical condition so that it will pay us for the x-ray examinations or other services that we have furnished you. We may also need to inform your payer of the tests that you are going to receive in order to obtain prior approval or to determine whether the service is covered.

For Health Care Operations. We may use and disclose information about you for the general operation of our business. For example, we sometimes arrange for accreditation organizations, auditors or other consultants to review our practice, evaluate our operations, and tell us how to improve our services.

Public Policy Uses and Disclosures. There are a number of public policy reasons why we may disclose information about you. We may disclose health information about you when we are required to do so by federal, state, or local law.

We may disclose protected health information about you in connection with certain public health reporting activities. For instance, we may disclose such information to a public health authority authorized to collect or receive protected health information for the purpose of preventing or controlling disease, injury or disability, or at the direction of a public health authority, to an official of a foreign government agency that is acting in collaboration with a public health authority. Public health authorities include state health departments, the Center for Disease Control, the Food and Drug Administration, the Occupational Safety and Health Administration and the Environmental Protection Agency, to name a few.

We are also permitted to disclose protected health information to a public health authority or other government authority authorized by law to receive reports of child abuse or neglect. Additionally we may disclose protected health information to a person subject to the Food and Drug Administration’s power for the following activities: to report adverse events, product defects or problems, or biological product deviations, to track products, to enable product recalls, repairs or replacements, or to conduct post marketing surveillance.

We may disclose your protected health information in situations of domestic abuse or elder abuse.

We may disclose protected health information in connection with certain health oversight activities of licensing and other agencies. Health oversight activities include audit, investigation, inspection, licensure or disciplinary actions, and civil, criminal, or administrative proceedings or actions or any other activity necessary for the oversight of 1) the health care system, 2) governmental benefit programs for which health information is relevant to determining beneficiary eligibility, 3) entities subject to governmental regulatory programs for which health information is necessary for determining compliance with program standards, or 4) entities subject to civil rights laws for which health information is necessary for determining compliance.

We may disclose information in response to a warrant, subpoena, or other order of a court or administrative hearing body, and in connection with certain government investigations and law enforcement activities. We may release personal health information to a coroner or medical examiner to identify a deceased person or determine the cause of death. We also may release personal health information to organ procurement organizations, transplant centers, and eye or tissue banks.

We may release your personal health information to workers’ compensation or similar programs.

Information about you also will be disclosed when necessary to prevent a serious threat to your health and safety or the health and safety of others.

We may use or disclose certain personal health information about your condition and treatment for research purposes where an Institutional Review Board or a similar body referred to as a Privacy Board determines that your privacy interests will be adequately protected in the study. We may also use and disclose your protected health information to prepare or analyze a research protocol and for other research purposes. De-identified patient information as described in 5 CFR 164.512 may be transferred or sold to third parties for research and other purposes.

If you are a member of the Armed Forces, we may release personal health information about you as required by military command authorities. We also may release personal health information about foreign military personnel to the appropriate foreign military authority.

We may disclose your protected health information for legal or administrative proceedings that involve you. We may release such information upon order of a court or administrative tribunal. We may also release protected health information in the absence of such an order and in response to a discovery or other lawful request, if efforts have been made to notify you or secure a protective order.

If you are an inmate, we may release protected health information about you to a correctional institution where you are incarcerated or to law enforcement officials.

Finally, we may disclose protected health information for national security and intelligence activities and for the provision of protective services to the President of the United States and other officials or foreign heads of state.

Our Business Associates. We sometimes work with outside individuals and businesses that help us operate our business successfully. We may disclose your health information to these business associates so that they can perform the tasks that we hire them to do. Our business associates must guarantee to us that they will respect the confidentiality of your personal and identifiable health information.

Individuals Involved in Your Care or Payment for Your Care. We may disclose information to individuals involved in your care or in the payment for your care, but we will obtain your agreement before doing so. This includes people and organizations that are part of your “circle of care” — such as your spouse, your other doctors, or an aide who may be providing services to you. Although we must be able to speak with your other physicians or health care providers, you can let us know if we should not speak with other individuals, such as your spouse or family. Appointment Reminders. We may use and disclose medical information to contact you as a reminder that you have an appointment or that you should schedule an appointment.

Treatment Alternatives. We may use and disclose your personal health information in order to tell you about or recommend possible treatment options, alternatives or health-related services that may be of interest to you.

Fundraising. We may use your protected health information to contact you in an effort to raise funds for our operations. You have the right to opt out of receiving fundraising communications if you notify us in writing.

OTHER USES AND DISCLOSURES OF PERSONAL INFORMATION

We are required to obtain written authorization from you for any uses and disclosures of medical information other than those described in the previous section. If you provide us with such permission, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose personal information about you for the reasons covered by your written authorization. We will be unable to take back any disclosures already made based upon your original permission.

INDIVIDUAL RIGHTS

You have the right to ask for restrictions on the ways in which we use and disclose your medical information beyond those imposed by law. We will consider your request, but we are not required, to accept it.

You have the right to restrict disclosure of your medical information to a health plan if the disclosure is for payment or healthcare operations for a service for which you have paid out of pocket in full.

You have the right to request that you receive communications containing your protected health information from us by alternative means or at alternative locations. For example, you may ask that we only contact you at home or by mail.

Except under certain circumstances, you have the right to inspect and copy medical and billing records about you. If you ask for copies of this information, we may charge you a fee for copying and mailing.

You have the right to access your electronic protected health information in an electronic format.

You have the right to request that we send a copy of your protected health information directly to a third party. This request must be in writing, signed by you, and clearly identify the person and where we should send your protected health information.

If you believe information in your records is incorrect or incomplete, you have the right to ask us to correct the existing information or correct the missing information. Under certain circumstances, we may deny your request.

You have a right to ask for a list of instances when we have used or disclosed your medical information for reasons other than your treatment, payment for services furnished to you, our health care operations, or disclosures you give us authorization to make. If you ask for this information from us more than once every twelve months, we may charge you a fee.

You have the right to and will receive notification of any breach of your unsecured protected health information.

You have the right to a copy of this notice in paper form. You may ask us for a copy at any time. You may also obtain a copy of this form at our web site www.HillMedical.com

To exercise any of your rights, please contact us in writing at The Hill Medical Corporation, attn: Privacy Officer, 223 N. First Ave, Suite 201, Arcadia, CA, 91006

CHANGES TO THIS NOTICE

We reserve the right to make changes to this notice at any time. We reserve the right to make the revised notice effective for personal health information we have about you as well as any information we receive in the future. In the event there is a material change to this notice, the revised notice will be posted. In addition, you may request a copy of the revised notice at any time.

INFORMATION / COMMENTS / COMPLAINTS

To obtain more information concerning this Notice of Privacy Practices, or if you have comments or complaints about our Privacy Policy, you may contact The Hill Medical Corporation’s Privacy Officer at The Hill Medical Corporation, attn: Privacy Officer, 223 N. First Ave, Suite 201, Arcadia, CA 91106. Tel. (626) 821-8104

You may also submit a complaint to the Secretary of the Department of Health and Human Services at 200 Independence Avenue, S.W., Room 509F, HHH Building, Washington, DC 20201 (email: ocrmail@hhs.gov) The Hill Medical Corporation will not retaliate against you in any way if you choose to file a complaint with us or with the Secretary of the Department of Health and Human Services.

This Privacy Policy is effective December 2018.