HIPAA Consent Agreement

Effective Date: 3/1/2025

‍

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. By clicking “I Agree” in our form, you acknowledge that you have received and read (or had read to you) this Notice and understand how we handle your Protected Health Information (PHI).

‍

1. Our Commitment to Your Privacy

‍

Rebecca Martel APRN, FNP-BC (d/b/a “Certicare,” “we,” “our,” or “us”) respects your privacy and is committed to maintaining the confidentiality of your Protected Health Information (“PHI”). PHI is information about you, including demographic data, that can reasonably be used to identify you and that relates to your physical or mental health condition, the provision of healthcare services to you, or payment for such healthcare services.

‍

We are required by law to maintain the privacy of your PHI and to provide you with this Notice of our legal duties and privacy practices concerning your PHI under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

‍

2. How We May Use and Disclose Your PHI

1. Treatment
   • We may use and disclose your PHI to healthcare providers (e.g., physicians, nurse practitioners) involved in your care. For example, our Providers may review your health history to diagnose and treat you via our telehealth platform.
2. Payment
   • We may use and disclose your PHI for billing purposes, to obtain payment for services we provide, or to assist you in obtaining reimbursement from your insurance carrier (if applicable). However, please note that we do not currently work with patients that are covered by Medicaid or Medicare.
3. Healthcare Operations
   • We may use and disclose your PHI for healthcare operations, such as quality assessment, staff performance reviews, compliance audits, or other operational purposes that help us improve the quality and efficiency of the care we provide.
4. Business Associates
   • We may share your PHI with third-party “business associates” who perform certain functions on our behalf (e.g., payment processors like Stripe or Square, or data collection services like Typeform). Each business associate is required by law to protect your PHI and use it only for the intended purpose.
5. As Required by Law
   • We will disclose your PHI when required by federal, state, or local law, or by a court order, subpoena, warrant, or other lawful process.
6. Public Health and Safety
   • We may disclose your PHI to public health authorities for reasons such as controlling disease, reporting adverse events, or notifying authorities if we believe a patient is a victim of abuse or neglect (in accordance with applicable law).
7. Law Enforcement or Legal Proceedings
   • We may disclose PHI if asked to do so by a law enforcement official or if required by a court or administrative order, or in response to a subpoena, discovery request, or other lawful process.
8. Other Uses with Your Authorization
   • Uses and disclosures of your PHI for purposes not described in this Notice require your written authorization. You may revoke your authorization in writing at any time, except to the extent that we have already taken action in reliance on your authorization.

3. Your Rights Regarding Your PHI

1. Right to Inspect and Copy
   • You have the right to inspect and obtain a copy of your PHI, subject to certain limitations. You must submit a written request to obtain access to your records. We may charge a reasonable fee for copying, mailing, or other costs associated with your request.
2. Right to Request Amendments
   • If you believe that your PHI is incorrect or incomplete, you may request an amendment. You must submit a written request, including the reason for the amendment. We may deny your request if we did not create the information or if we determine that it is accurate and complete.
3. Right to an Accounting of Disclosures
   • You have the right to request a list (an “accounting”) of certain disclosures of your PHI made by us. The accounting does not include disclosures for treatment, payment, or healthcare operations, among other exceptions.
4. Right to Request Restrictions
   • You may request additional restrictions on our use or disclosure of your PHI. While we will consider your request, we are not required to agree to a restriction unless required by law.
5. Right to Request Confidential Communications
   • You have the right to request that we communicate with you about medical matters in a certain way or at a certain location (e.g., only at a specific phone number or address). We will accommodate reasonable requests.
6. Right to a Paper Copy of this Notice
   • You have the right to receive a paper copy of this Notice, even if you have agreed to receive it electronically. You may also view or print a copy from our website at https://certicare.org

4. Our Responsibilities

• We are required by law to maintain the privacy of your PHI and to provide you with this Notice of our legal duties and privacy practices.
• We will notify you if a breach occurs that compromises the privacy or security of your PHI.
• We will abide by the terms of this Notice currently in effect.

5. Changes to This Notice

‍

We reserve the right to change this Notice and make the revised Notice effective for PHI we already have about you as well as any information we receive in the future. If we make a material change to our privacy practices, we will provide an updated Notice on our website, https://certicare.org, or by other means as required by law.

‍

6. Questions and Complaints

‍

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

• To request your medical records, or to file a complaint with us:
  • Mail: Certicare, 418 Broadway #4220; Albany, NY 12207
• File a complaint with the Department of Health and Human Services:
  Visit https://www.hhs.gov/hipaa/filing-a-complaint/index.html for more information.

7. HIPAA Consent and Agreement

‍

By clicking “I Agree” in our form:

1. You acknowledge that you have received and reviewed this HIPAA Notice of Privacy Practices.
2. You consent to our use and disclosure of your PHI for treatment, payment, and healthcare operations as described in this Notice.
3. You understand that you may request additional restrictions or revoke your consent in writing at any time, except where uses or disclosures have already been made based upon your prior consent.

‍

‍

‍

‍

‍