Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

SUMMARY OF PRIVACY PRACTICES

We are required by law to maintain the privacy of your personal and medical information and to follow the duties described in this notice. Our company is HIPAA-compliant and maintaining the privacy and security of your medical and personal information is important to us. We are also required by law to give you this notice about our privacy practices, our duties required by law, and your rights concerning your medical information. We are required by law to notify you if there is ever a breach of your medical or personal information. We are required by law to abide by the terms of this notice that is currently in effect.

HIPAA permits us to use and disclose your health information for the following purposes more fully described below without your permission. We will obtain your express written authorization before using or disclosing your health information for any other purpose. For example, we will not use your information for marketing or promotional purposes without your written consent. You may revoke this authorization, in writing, at any time. We will never sell your information to a third party.

Treatment. When and as appropriate, we may use and disclose health information about you to facilitate medical treatment or services by providers (e.g. doctors, pharmacist, or other personnel involved in your medical care).

Payment. When and as appropriate, we may use and disclose your health information as necessary to determine eligibility for your Plans’ benefits, to facilitate payment for the treatment and services you receive from healthcare providers, or to coordinate your coverage. We may disclose information to your family members and friends involved in payment for such services. We also may provide information to other healthcare providers to assist them in obtaining payment for services they provided to you.

Healthcare Operations. When and as appropriate, we may use and disclose your health information for our internal operations, as needed. For example, we may disclose health information about you to another healthcare provider or health plan you also have/had a relationship for purposes of that provider’s or plan’s internal operations of managing and providing your healthcare coverage. We will not use or disclose your genetic information for underwriting purposes.

Research. When and as appropriate, we may use and disclose health information about you for research purposes only (e.g. to help them look for clients with specific medical needs) so long as the health information does not leave our facilities. In accordance with the HIPAA Privacy Rule, we may use and disclose your de-identified health information for data analytics purposes. Prior to data transfer, protocols will be followed to certify the information has been properly de-identified so that a third-party recipient will not have any means of re-identifying you or linking your PHI.

Health Oversight Activities. When and as appropriate, we may disclose health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure.

Business Associates. We may disclose your health information to our business associates. We may from time to time contract with entities (defined as “business associates” under HIPAA) to help us administer our benefit to you. We require these entities to safeguard the privacy of your information and to only use and disclose your health information as we are permitted to do so under HIPAA.

Uses and Disclosures Required By Law. We will disclose your health information when required by law to do so.

Disclosures for Public Health Activities. When and if appropriate, we may disclose your health information to a government agency authorized (a) to collect data for the purpose of preventing or controlling disease, injury, or disability; (b) to receive reports of abuse, neglect or domestic violence; (c) reporting adverse reactions to medications; (d) assisting with medical product recalls; and/or (e) preventing or reducing any serious threat to any person’s safety or health.

Disclosures for Judicial and Administrative Proceedings. Your health information may be disclosed in response to a court order or in response to a subpoena, search warrant, discovery request, or other lawful process when certain legal requirements are satisfied.

Disclosures for Law Enforcement Purposes. We may disclose your health information to a law enforcement official as required by law or in compliance with a court order, court-ordered warrant, a subpoena, or summons issued by a judicial officer; a grand jury subpoena; or an administrative request related to a legitimate law enforcement inquiry. We may also disclose information to identify or locate a victim, suspect, fugitive, material witness, or missing person.

Health Plan Sponsor. We may release certain health information about you to your health plan sponsor if needed to facilitate claims payments or to administer your health plan.

Worker’s Compensation. We may release health information about you for worker’s compensation or similar programs as permitted by law.

Coroners, Medical Examiners, and Funeral Directors We may release health information to a coroner or medical examiner if an individual die and we hold needed information.

Organ and Tissue Donation. If you are an organ donor, we may release health information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.

Military and Veterans If you are a member of the armed forces, we may release health information about you as required by military command authorities. We may also release health information about foreign military personnel to the appropriate foreign military authority.

Disclosures for Specialized Government Functions. We may disclose your health information as required to comply with governmental requirements for national security reasons or for protection of certain government personnel or foreign dignitaries.

We will always try to ensure the medical information used or disclosed is limited to a “Designated Record Set” and to the “Minimum Necessary” standard, including a “limited data set,” as defined in HIPAA and American Recovery and Reinvestment Act of 2009 (ARRA) for these purposes.

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION.

Please contact the Privacy Officer identified on the last page of this Notice if you have any questions concerning the manner in which you may exercise any of these rights or to obtain any document or form referenced below.

Right to Inspect and Copy. You have the right to inspect and obtain a copy of your health information maintained by us in a designated record set. To do so, you must complete a specific form, which will be provided to you upon request, providing information needed to process your request. If you request copies, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request. We may deny your request to inspect and copy in certain very limited circumstances. If we deny access to your health information, you may request that the denial be reviewed. If we do not maintain the health information, but know where it is maintained, you will be informed of where to direct your request.

Right to Request Amendment. If you feel your records contain inaccurate or incomplete information, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Company. To request an amendment, you must complete a specific form providing information we need to process your request, including the reason that supports your request.

Right to an Accounting of Disclosures. You have the right to request a list of disclosures of your health information we have made, with certain exceptions defined by law. The list of disclosures will not include disclosures of information made: (1) for treatment, payment, and healthcare operations purposes; (2) to correctional institutions or law enforcement officials; and (3) other disclosures for which federal law does not require the Company to provide an accounting. To request this list, you must complete a specific form providing information we need to process your request.

Right to Request Restrictions. You have the right to request a restriction on our uses and disclosures of your health information for treatment, payment, or healthcare operations. You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. You must complete a specific form providing information we need to process your request. We are not required to agree to your request and only our Privacy Officer has the authority to agree to such a request.

Right to Request Alternative Methods of Communication. You have the right to request that we communicate with you in a certain way or at a certain location. You must complete a specific form providing information needed to process your request. The Privacy Officer is the only person who has the authority to act on such a request. We will not ask you the reason for your request, and we will accommodate all reasonable requests in a reasonable manner.

Right to Receive This Notice. You have the right to receive a paper copy of this Notice upon request. Also, this Notice is posted on our website, www.rxsavingssolutions.com. We reserve the right to change this Notice at any time, and such changes may be effective for information we already have about you as well as any information we receive in the future.

Right to Appoint an Agent. If you have a legal guardian or have exercised a power of attorney document for someone to act on your behalf, that person may take action and exert your rights to your health information on your behalf. We will confirm that any third party has the right to act on your behalf before providing any information to any third party.

Breach Notification. We understand your health information and your health is personal and we are committed to protecting your information. Furthermore, we will notify you following the discovery of any breach of your unsecured protected health information as defined in the HITECH Act. You will receive such notice in writing via first-class mail, unless you previously agreed to an alternative form of notice or if we do not have a current address for you, we will provide substitute notice of breach in compliance with applicable law. Your notice of breach shall be provided without unreasonable delay and in no case later than sixty (60) days following the discovery of a breach. If you have any concerns regarding any possible unauthorized use or disclosure of your health information and/or any breach notification made by us, you should contact the Privacy Officer.

Right to File Complaint. If you believe your privacy rights have been violated by us, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, please contact the Privacy Officer at the contact information listed below. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

Effective date: February 1, 2020

If you have any questions about this Notice, please contact:

Attn: Privacy Officer
Rx Savings, LLC
5440 W. 110th Street, Suite 200
Overland Park, KS 66211
Toll Free: 1-800-268-4476
privacyofficer@rxsavingssolutions.com