HIPAA Notice of Privacy Practices

Mederva Medical Corporation, a California PC - Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

MEDERVA MEDICAL CORPORATION, a California professional corporation
248 3rd Street, #1279
Oakland, CA 94607
https://medervahealth.com
Mohammed Kaleel, President
(510) 833-6425
privacy@medervahealth.com

Effective date: December 27, 2024

SUMMARY: The bullets below summarize how Mederva Medical Corporation, a California professional corporation (“Mederva Medical,” “we,” “our,” “us”) may use and disclose your protected health information (“PHI”) and your rights and choices when it comes to such PHI. We provide additional details on the following pages.

Your Rights

You have the right to:

  • Get a copy of your paper or electronic PHI.
  • Correct your PHI.
  • Ask us to limit the information we share, in some cases.
  • Get a list of those with whom we’ve shared your information.
  • Request confidential communication.
  • Get a copy of this privacy notice.
  • Choose someone to act for you.
  • File a complaint if you believe we have violated your privacy rights.

Your Choices

You have some choices about how we use and share PHI as we:

  • Communicate with you.
  • Tell family and friends about your condition.
  • Provide disaster relief.
  • Market our services.
  • Raise funds.

Our Uses and Disclosures

We may use and disclose your PHI as we:

  • Treat you.
  • Bill for services.
  • Run our organization.
  • Do research.
  • Comply with the law.
  • Respond to organ and tissue donation requests.
  • Work with a medical examiner or funeral director.
  • Address workers’ compensation, law enforcement, and other government requests.
  • Respond to lawsuits and legal actions.

Purpose

Mederva Medical respects your privacy. We are also legally required to maintain the privacy of your PHI under the Health Insurance Portability and Accountability Act (“HIPAA”). As part of our commitment and legal compliance, we are providing you with this Notice of Privacy Practices (“NPP”). This NPP describes:

  1. Our legal duties and privacy practices regarding your PHI, including our duty to notify you following a data breach of your unsecured PHI.
  2. Our permitted uses and disclosures of your PHI.
  3. Your rights regarding your PHI.

Contact

If you have any questions about this NPP, please privacy@medervahealth.com.

PHI Defined

Your PHI:

Is health information about you which:

  1. someone may use to identify you; and
  2. we keep or transmit in electronic, oral, or written form.

Includes information such as your:

  1. name;
  2. contact information;
  3. past, present, or future physical or mental health or medical conditions;
  4. payment for health care products or services; or
  5. prescriptions.

Scope

This NPP applies to the PHI we generate by creating, maintaining, using, and sharing records of care and health services you receive to provide your care and to comply with certain legal requirements.

Mederva Medical and its employees and other workforce members follow the duties and privacy practices this NPP describes and any changes once they take effect.

Changes to this NPP

We can change the terms of this NPP and the changes will apply to all PHI we have about you. The new notice will be available on request and on our website. When legally required, we will also send you a copy of the revised notice.

Data Breach Notification

We will promptly notify you if a data breach compromising the privacy or security of your PHI has occurred. We will notify you within the legally required time frame (i.e., without undue delay and in case no later than 60 days) after confirming the breach occurred. In limited circumstances when we have insufficient or out-of-date contact information, we may provide notice in a legally acceptable alternative form.

Your Rights

When it comes to your PHI, you have certain rights. This section explains your rights and some of our responsibilities to help you. You have the right to:

Get a copy of your PHI. You can ask to see or obtain an electronic or paper copy of the PHI we maintain about you (right to request access).

  • We may require you to make access requests in writing or by submitting an electronically signed form;
  • We may charge a reasonable, cost-based fee for the costs of copying, mailing, or other supplies associated with your request;
  • You may request we provide a copy of your PHI to a family member, another person, or a designated entity. We require you submit these requests in writing with your signature (or, submit an electronically signed form) clearly identifying the designated recipient and where to send the PHI;
  • We may deny your request for access in certain limited circumstances; however, if we deny your access request, we will provide a written denial with the basis for our decision and explain your rights to appeal or file a complaint.

Ask us to correct your health record. You may ask us to correct or amend your PHI we maintain that you think is incorrect or inaccurate. For these requests:

  • You must submit requests in writing, specifying the inaccurate or incorrect PHI and providing a reason supporting your request;
  • We will generally decide to grant or deny your request within 60 days. If we cannot act within 60 days, we will give you a reason for the delay in writing including when you can expect us to complete our decision, which will be no longer than an additional 30 days;
  • We may deny your amendment request if you ask us to amend PHI that is not part of our record, that we did not create, that is not part of a designated record set, or that is accurate and complete;
    • If we deny your request, we will tell you why in writing; and
    • You will have the right to submit a written statement disagreeing with the denial and, if you opt not to submit this statement, you may request we provide your original amendment request and the denial with any future disclosures of PHI subject to the amendment. However, we may prepare a written rebuttal to any individual’s statement of disagreement;
  • We will append the material created or submitted in accordance with this paragraph to your designated record.

Ask us to limit what we use or share. You have the right to ask us to limit what we use or share about your PHI (right to request restrictions). You can contact us and request us not to use or share certain PHI for treatment, payment, or operations or with certain persons involved in your care. We may require you to submit this request in writing. For these requests, we:

  • Are not required to agree;
  • May say “no” if it would affect your care; however, we will agree not to disclose your PHI to a health plan for purposes of payment or health care operations if the requested restriction concerns a health care item or service for which you or another person, other than the health plan, paid in full out-of-pocket, unless it is otherwise required by law.

Get a list of those with whom we’ve shared your PHI. You have the right to request an accounting of certain PHI disclosures we have made. For these requests, we will:

  • Include all the disclosures except for those about treatment, payment, health care operations, and certain other disclosures, such as any you asked us to make; and
  • Provide one (1) accounting per year for free, but will charge a reasonable, cost-based fee if you ask for another accounting within 12 months. We will notify you about the costs in advance and you may choose to withdraw or modify your request at that time.

Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI.

Request confidential communications. You have the right to request we communicate with you about health matters in a certain way or at a certain location. For example, you can ask we only contact you at work or at a specific address. For these requests:

  • You must specify how or where you wish to be contacted; and
  • We will accommodate reasonable requests.

Make a complaint. You have the right to complain if you feel we have violated your rights. We will not retaliate against you for filing a complaint. You may either file a complaint:

  1. directly with us by contacting Mederva Medical in writing at:
    1. Email: privacy@medervahealth.com; or
    2. Address: Mederva Medical Corporation, 248 3rd Street #1279,  Oakland, CA 9460
  2. with the Office for Civil Rights at the US Department of Health and Human Services by:
    1. Submitting all necessary materials at www.hhs.gov/ocr/privacy/hipaa/complaints/;
    2. Opening and filling out the Health Information Privacy Complaint Form Package - PDF in PDF format. You may either:
      1. Print and mail the completed complaint and consent forms to:
        Centralized Case Management Operations
        U.S. Department of Health and Human Services
        200 Independence Avenue, S.W.
        Room 509F HHH Bldg.
        Washington, D.C. 20201
      2. Email the completed complaint and consent forms to: OCRComplaint@hhs.gov (Please note communication by unencrypted email presents a risk that personally identifiable information, including PHI) contained in such an email, may be intercepted by unauthorized third parties.)
    3. Filing a complaint without using the Health Information Privacy Complaint Package. You may either:
      1. Print and mail the completed complaint and consent forms to:
        Centralized Case Management Operations
        U.S. Department of Health and Human Services
        200 Independence Avenue, S.W.
        Room 509F HHH Bldg.
        Washington, D.C. 20201
      2. Email to: OCRComplaint@hhs.gov; Be sure to include:
        • Your name;
        • Full address;
        • Telephone numbers (include area code);
        • E-mail address (if available);
        • Name, full address and telephone number of the person, agency, or organization you believe violated your (or someone else’s) HIPAA privacy rights or committed another violation of the HIPAA Privacy or Security Rule;
        • Brief description of what happened. How, why, and when do you believe your (or someone else’s) HIPAA privacy rights were violated, or how the HIPAA Privacy or Security Rule was otherwise violated;
        • Any other relevant information; and
        • Your signature and date of complaint.

If you are filing a complaint on someone’s behalf, provide the name of the person on whose behalf you are filing.

Your Choices

For certain PHI, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, please contact us and we will make reasonable efforts to follow your instructions.

In these cases, you have both the right and choice to tell us whether to:

  1. Share your PHI, general condition, or location, with your family, close friends, or others involved in your care.
  2. Share your PHI in a disaster relief situation, such as to a relief organization to assist with locating or notifying your family, close friends, or others involved in your care.
  3. If you are not able to tell us your preference (for example if you are unconscious), we may share your PHI if we believe it is in your best interest, according to our best judgment. We may also share your PHI when needed to lessen a serious and imminent threat to health or safety.

In these cases, we will not share your information unless you give us your written permission:

  1. Marketing purposes.
  2. Selling or otherwise receiving compensation for disclosing your PHI.
  3. Other uses and disclosures not described in this NPP.

You may revoke your authorization at any time, but it will not affect information we already used and disclosed.

Uses and Disclosures of Your PHI

The law permits or requires us to use or disclose your PHI for various reasons, which we explain in this NPP. We have included some examples, but we have not listed every permissible use or disclosure. When using or disclosing PHI or requesting your PHI from another source, we will make reasonable efforts to limit our use, disclosure, or request about your PHI to the minimum we need to accomplish our intended purpose.

Uses and Disclosures for Treatment, Payment, or Health Care Operations

  1. Treatment. We may use or disclose your PHI and share it with other professionals who are treating you, including doctors, nurses, technicians, medical students, or hospital personnel involved in your care. For example, we might disclose information about your overall health condition to physicians who are treating you for a specific injury or condition.
  2. Billing and payment. We may use and disclose your PHI to bill and get payment from health plans or others. For example, we share your PHI with your health insurance plan so it will pay for the services you receive.
  3. Running our organization. We may use and disclose your PHI to run our practice, improve your care, and contact you when necessary. For example, we may use your PHI to manage the services and treatment you receive or to monitor the quality of our health care services.

Other Uses and Disclosures

We may share your information in other ways, usually for public health or research purposes, or to contribute to the public good. For information on permitted uses and disclosures, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. For example, these other uses and disclosures may involve:

  1. Our business associates. We may use and disclose your PHI to outside persons or entities performing services on our behalf, such as auditing, legal, or transcription (“Business Associates”). The law requires our Business Associates and their subcontractors to protect your PHI in the same way we do. We also contractually require these parties to use and disclose your PHI only as permitted and to appropriately safeguard your PHI.
  2. Health information exchanges. We may participate in health information exchanges (“HIEs”), which support electronic information sharing among members for treatment, payment, and health care operations purposes. Individuals may opt-out of HIEs. We will use reasonable efforts to limit the sharing of PHI in these electronic sharing activities for individuals who have opted out. If you would like to opt out, please email privacy@medervahealth.com.
  3. Complying with the law. For example, we will share your PHI if the Department of Health and Human Services requires it when investigating our compliance with privacy or other laws.
  1. Helping with public health and safety issues. For example, we may share your PHI to:
    1. report injuries, births, and deaths;
    2. prevent disease;
    3. report adverse reactions to medications or medical device product defects;
    4. report suspected child neglect or abuse, or domestic violence; or
    5. avert a serious threat to public health or safety.
  1. Responding to legal actions. For example, we may share your PHI to respond to:
    1. a court or administrative order or subpoena;
    2. discovery request; or
    3. another lawful process.
  1. Research. For example, we may share your PHI for some types of health research not requiring your authorization, such as if an institutional review board (“IRB”) has waived the written authorization requirement.

Get In Touch

Supercharge your care, today

Contact Us
For DoctorsFor Patients
About UsContact UsCareers
Terms of ServicePrivacy Notice
Consumer Health Data Privacy