HIPAA Notice of Privacy Practices

Our Commitment to Your Privacy

RootHealthMD is required by law to maintain the privacy and security of your protected health information (PHI). We are obligated to provide you with this notice of our legal duties and privacy practices with respect to your PHI, and to follow the terms of this notice currently in effect.

We reserve the right to change the terms of this notice and to make the new notice provisions effective for all PHI that we maintain. We will make the revised notice available at our office and on our website at www.roothealthmd.com.

How We Use and Disclose Your Medical Information

We may use and disclose your protected health information for the following purposes:

Treatment

We may use your health information to provide, coordinate, or manage your healthcare and any related services. This includes sharing information with other healthcare providers involved in your care, such as specialists, laboratories, pharmacies, and other treatment facilities.

Payment

We may use and disclose your health information to bill and collect payment for the services we provide. This may include sharing information with insurance companies, health plans, or other third parties responsible for payment of your healthcare services, including verification of coverage, billing, claims management, and utilization review activities.

Healthcare Operations

We may use and disclose your health information for operational purposes, including quality assessment and improvement, reviewing the competence or qualifications of healthcare professionals, training programs, accreditation, licensing, credentialing, business planning, and general administrative activities.

Other Permitted and Required Uses and Disclosures

We may also use or disclose your health information without your authorization in the following situations:

• As required by law: We will disclose your health information when required to do so by federal, state, or local law.
• Public health activities: We may disclose your health information to public health authorities for the purpose of preventing or controlling disease, injury, or disability, and for public health surveillance.
• Health oversight activities: We may disclose your health information to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.
• Judicial and administrative proceedings: We may disclose your health information in response to a court order, subpoena, or other lawful process.
• Law enforcement: We may disclose your health information to law enforcement officials for law enforcement purposes as required by law or in response to a valid legal process.
• Coroners, medical examiners, and funeral directors: We may release health information to a coroner, medical examiner, or funeral director as necessary to carry out their duties.
• Workers' compensation: We may disclose your health information as authorized by and to the extent necessary to comply with workers' compensation laws.
• Serious threats to health or safety: We may use and disclose your health information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
• Individuals involved in your care: Unless you object, we may disclose limited health information to a family member, close personal friend, or any other person you identify who is involved in your care.

Uses and Disclosures That Require Your Written Authorization

We will obtain your written authorization before using or disclosing your health information for purposes not covered by this notice, including:

• Marketing: We will not use or disclose your health information for marketing purposes without your written authorization.
• Sale of PHI: We will not sell your health information without your written authorization.
• Psychotherapy notes: We will not disclose psychotherapy notes without your written authorization, except as permitted or required by law.
• Other uses: Any other uses and disclosures not described in this notice will be made only with your written authorization. You may revoke your authorization at any time in writing, except to the extent that we have already taken action in reliance on your authorization.

Your Rights Regarding Your Health Information

You have the following rights regarding the health information we maintain about you:

• Right to access your records: You have the right to inspect and obtain a copy of your health information, including medical and billing records. To request access, submit a written request to our Privacy Officer. We may charge a reasonable, cost-based fee for copies.
• Right to request corrections: If you believe that health information we have about you is incorrect or incomplete, you may ask us to amend the information. Your request must be made in writing and must provide a reason for the amendment. We may deny your request under certain circumstances.
• Right to request restrictions: You have the right to request restrictions on certain uses and disclosures of your health information. We are not required to agree to your request, except if you request a restriction on disclosures to a health plan for services you paid for in full out of pocket.
• Right to confidential communications: You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may ask that we contact you only at work or only by mail.
• Right to an accounting of disclosures: You have the right to request a list of certain disclosures we have made of your health information. To request an accounting, submit your request in writing to our Privacy Officer.
• Right to a paper copy of this notice: You have the right to obtain a paper copy of this notice at any time, even if you have previously agreed to receive the notice electronically. You may request a copy by contacting our Privacy Officer.
• Right to file a complaint: If you believe your privacy rights have been violated, you may file a complaint with our office or with the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

Breach Notification

In the event of a breach of your unsecured protected health information, we are required by law to notify you. We will provide notification without unreasonable delay and no later than 60 days from the discovery of the breach. The notification will include a description of the breach, the types of information involved, steps you should take to protect yourself, what we are doing to investigate and mitigate the breach, and contact information for you to ask questions or obtain additional information.

Telemedicine & Electronic Communications

RootHealthMD offers telemedicine services and may communicate with patients through secure electronic means, including patient portals, encrypted email, and telehealth platforms. While we use commercially reasonable safeguards to protect the privacy and security of your health information transmitted electronically, no method of electronic transmission or storage is completely secure.

By participating in telemedicine visits or communicating with us electronically, you acknowledge the inherent risks associated with electronic communication and consent to the use of these technologies for your care. We will never send unencrypted PHI via standard email or text message without your explicit consent.

Changes to This Notice

We reserve the right to change this notice at any time. Any changes will apply to all information we already have about you as well as any information we receive in the future. The revised notice will be available at our office, on our website, and we will provide a copy to you upon request.