This Notice under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) describes how medical information about you may be disclosed and how you can get access to this information. By submitting personal health information (“PHI”) that identifies you to Cooler Heads Care, Inc. (“Cooler Heads”) through our website and data systems, you implicitly accept the terms of this Policy.
Cooler Heads’ Protection of PHI
Under HIPAA, Cooler Heads is required by law to maintain the privacy of your PHI, and to provide you with notice of our legal duties and privacy practices regarding PHI. Cooler Heads is committed to the protection of your PHI and will make reasonable efforts to ensure confidentiality of your PHI.
Use and Disclosure of PHI
As permitted under HIPAA, the following categories explain the types of uses and disclosures of PHI Cooler Heads may make:
- For Treatment and Potential Insurance Coverage – Cooler Heads may request, use, or disclose PHI for purposes of treatment and determining whether you are eligible to use Cooler Heads’ products and services pursuant to a valid medical prescription, including disclosure to physicians, nurses, pharmacies, and other healthcare professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your healthcare provider with troubleshooting assistance and answers to questions regarding your use of our products and/or services. We may also reach out to your health insurance companies to determine whether our products or services are eligible for coverage under your health care plan. Cooler Heads may require you to sign a release for your PHI and health records from the above individuals or entities to obtain the necessary documents (including but not limited to prescription(s)) and information needed to provide our equipment, products, and services.
- For Payment – Cooler Heads may use or disclose PHI to bill and collect payment for the equipment, products, and services we provide, including disclosure to any renter or purchaser of products and services being used by you or your health care plan.
- For Health Care Operations – Cooler Heads may use or disclose PHI for health care operations purposes. These uses and disclosures are necessary, for example, to evaluate the quality of our products and/or services, sales functions, and for Cooler Heads’ operations and management functions. Cooler Heads may also disclose PHI to other health care providers or health plans involved in your care for their health care operations. For example, Cooler Heads may provide PHI to coordinate your use of our products and/or services with your health care or benefits.
- Reminders and Health-Related Benefits – Cooler Heads may use and disclose PHI to contact you and/or other individuals (such as renters of equipment used by you, health care providers, or plans) to remind you regarding deadlines pertaining to products and/or services, or about new products or services available through Cooler Heads based on PHI disclosed by you and/or your healthcare providers and plans.
- Individuals involved in your care or payment for your care — Cooler Heads may disclose PHI to a person who is involved in your care or helps pay for your care, such as a family member or friend.
- Business Associates — Cooler Heads may disclose PHI to its business associates to perform certain business functions or provide certain services to Cooler Heads. For example, we use Shopify to perform billing services on our behalf, and we use Zendesk to maintain the privacy and security of PHI. All entities that qualify and “Business Associates” under HIPAA are required to maintain the privacy and confidentiality of your PHI. In addition, at the request of your health care providers or health care plan, Cooler Heads may disclose PHI to their business associates for purposes of performing certain functions or health care services on their behalf. For example, we may disclose PHI to a business associate of Medicare for purposes of medical necessity review and audit. The above-mentioned examples are intended to be illustrative and are not exhaustive of the entities that may perform services on our behalf.
- Disclosure for Judicial and Administrative Proceedings — Under certain circumstances, Cooler Heads may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process.
- As Required by Law — Cooler Heads must disclose your PHI if required to do so by federal, state, or local law (including but not limited to disclosures that would be required under our Quality Management System under the Food, Drug, and Cosmetic Act).
- De-Identified Information and Limited Data Sets — Cooler Heads may use and disclose health information that has been “de-identified” by removing certain identifiers making it unlikely that you could be identified. Cooler Heads also may disclose limited health information, contained in a “limited data set.” The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county and zip code, but not your name or street address. Such information may no longer constitute PHI and be covered under HIPAA.
Cooler Heads uses Zendesk, a third-party, to store and maintain all prescription-related PHI on behalf of its customers. Zendesk is a business associate of Cooler Heads and utilizes an Advanced Compliance feature to comply with HIPAA and other patient privacy statutes. For more information regarding Zendesk’s compliance obligations, visit www.zendesk.com.
Other Uses and Disclosures of PHI
For purposes not described above (including uses and disclosures of PHI for marketing purposes and disclosures that would constitute a sale of PHI), Cooler Heads will ask for your patient authorization before using or disclosing PHI. If you agree to the “Patient Authorization” below, you may revoke it, in writing, at any time, except to the extent action has been taken in reliance on the authorization.
Cooler Heads is required to provide patient notification if it discovers a breach of unsecured PHI unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised. You will be notified without unreasonable delay and no later than 60 days after discovery of the breach. Such notification will include information about what happened and what can be done to mitigate any harm.
Patient Rights Regarding PHI
Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:
- Right to Receive a Copy of the Cooler Heads Notice of Privacy Practices — You have a right to receive a copy of this HIPAA Policy at any time by visiting our website at coolerheads.com.
- Right to Request Limits on Uses and Disclosures of your PHI — You have the right to request that we limit: 1) how we use and disclose your PHI for treatment, payment, and health care operations activities; or 2) our disclosure of PHI to individuals involved in your care or payment for your care. Cooler Heads will consider your request but is not required to agree to it.
- Right to Request Confidential Communications — You have the right to request that Cooler Heads communicate with you about your PHI at an alternative address or by an alternative means. Cooler Heads will work to accommodate reasonable requests.
- Right to See and Receive Copies of Your PHI — You and your personal representative have the right to access PHI consisting of your PHI or prescriptions submitted by your physician. Within 30 days after our receipt of your request, you will receive a copy of the requested PHI unless an exception applies.
- Right to Receive an Accounting of Disclosures — You have a right to receive a list of certain instances in which Cooler Heads disclosed your PHI. This list will not include certain disclosures of PHI, such as (but not limited to) those made based on your written authorization or those made prior to the date on which Cooler Heads was required to comply. If you request an accounting of disclosures of PHI that were made for purposes other than treatment, payment, or health care operations, the list will include disclosures made in the past six years, unless you request a shorter period of disclosures. If you request an accounting of disclosures of PHI that were made for purposes of treatment, payment, or health care operations, the list will include only those disclosures made in the past three years for which an accounting is required by law, unless you request a shorter period of disclosures.
- Right to Correct or Update your PHI — If you believe your PHI contains a mistake, you may request, in writing, that Cooler Heads correct the information. If your request is denied, we will provide an explanation of the reasoning for our denial.
How to Exercise Your Rights or Contact Us
To exercise any of your rights described in this notice, or if you have any questions or complaints regarding this Policy, please direct inquiries to: email@example.com. Cooler Heads will not take retaliatory action against you for filing a complaint about our privacy practices.
Cooler Heads reserves the right to make changes to this notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. Cooler Heads is required to abide by the terms of our notice currently in effect. When changes are made, we will promptly update this notice and post the information on the Cooler Heads website at www.coolerheads.com.
By clicking “Accept” I agree that Cooler Heads may use PHI that includes my name, age, physical and e-mail address, biographical information, diagnosis, prognosis, clinical and healthcare provider name(s), dates of treatment, the locations where healthcare was provided to me for the marketing, advertisement, and promotion of Cooler Heads’ current and future products and related services. This authorization shall expire five (5) years following the date of Authorization.
I hereby acknowledge that I have read and understand the terms of this Authorization, and voluntarily authorize Cooler Heads to use my PHI set forth above in accordance herewith.