Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice sets forth how we may use and disclose your protected health information to carry out treatment, payment or business operations and for other purposes that are permitted or required by law. The Onsera Medical Group, P.A. (the “MedicalGroup”) provides medical services to customers of Onsera Health Inc. (“OnseraHealth”). Onsera Health provides management services to the Medical Group and will follow this notice for all of your PHI. References to “we” “our” and “us”in this Notice includes all the above entities.

Protected Health Information

"Protected health information" or "PHI" is information about you, including demographic information, that may identify you and that relates to your past,present or future physical health or condition, treatment or payment for healthcare services. Under federal law, your patient health information is protected and confidential.

Your rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

• Get an electronic or paper copy of your medical record
  
  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
  • Wewill provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
• Ask us to correct your medical record
  
  • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
  • We may say “no” to your request, but we’ll tell you why in writing within 60 days.
• Request confidential communications
  
  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
  • We will say “yes” to all reasonable requests.
• Ask us to limit what we use or share
  
  • You can ask us not to share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
• If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
• Get a list of those with whom we’ve shared information
  
  • You can ask us for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked usto make). We’ll provide one accounting a year for free but will charge a reasonable cost-based fee if you ask for another one within 12 months.
• Geta copy of this privacy notice
  
  • You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
• Choose someone to act for you
  
  • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action.
• File a complaint if you feel your rights are violated
  
  • You can complain if you feel we have violated your rights by contacting usat privacy@onserahealth.com or one of the other methods of contacting us, listed at the end of this notice.
• You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W.,Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/, or your state board governing your treating provider (for example, the Board of Physical Therapy or Medical Board).
  
  • We will not retaliate against you for filing a complaint.

Your choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

• Share information with your family, close friends, or others involved in your care
• Share information in a disaster relief situationInclude your information in a hospital directory
  • We do not currently maintain a directory
  If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent  threat to health or safety.

In these cases, you have both the right and choice to tell us to

In these cases we never share your information unless you give us written permission:

• Marketing purposes
• Sale of your information
• Most sharing of psychotherapy notes
  
  • We do not maintain or create psychotherapy notes at this practice

In the case of fundraising

• We may contact you for fundraising efforts, but you can tell us not to contact you again.

What information do we collect from or about you?

As you use our services, we may collect information from you as you:

• Go through registration: If you choose to go through our screening process and/or register for our services we ask you to provide personal information, including but not limited to: your name, address, telephone number and/or email address, height, weight, and health information in connection with the use of our products or services. By providing us with your email address, you consent to receiving information from us through the email address you provide, including protected health information which is private to you and protected by HIPAA.

• Request care: We may collect or access medical records from your past, current, and future health care providers. This may include information about your existing or past diagnoses, previous treatments, general health, laboratory or pathology test results and reports, social histories, family medical history, and records about phone calls or emails related to your health or test results.

Use of Artificial Intelligence (AI):

• Share feedback, outcomes, and other content: We may collect information from you when you provide feedback or reviews about yourexperience with us or our products, or otherwise communicate with or contact us. We may collect content that you create and then share with us on our website or its various webpages (“Sites”) or mobile applications (“Apps”). Examples include photos, videos, personal stories, or other similar media or content. Where permitted, we collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, site community features, consumer engagement, and third party social networking. We may periodically send you surveys to collect your feedback on the services we provide to you.

We sometimes use computer-based tools, including Artificial Intelligence("AI"), to help our healthcare team work more efficiently and provide you with the best possible care. For example, these tools may help organize medical information, prepare summaries for your provider, or assist with certain administrative tasks.

• Use our services: We may collect information aboutyour use of our services, including technical information about your device, browser or mobile carrier; usage information such as when you access the services, for how long; and device identifiers and IP address. We may also capture information concerning your interaction with the services, including when you use computer vision features, blood pressure cuffs, body scales, or other hardware provided through the services.

When AI tools are used with your health information:

• Communicate with us by phone, video visit, or other correspondence: If you contact our care team, our member support team, or other Onsera Health employee by video conference, phone, or by email, we may record and retain copies of the interaction for, among other things, quality assurance and training purposes. If you access any Apps or other services we offer, we may record your interactions with our software or our providers. We will inform you if we are recording your interactions with our care team or providers and, if you do not wish to be recorded, you can let the care team or provider know at that time.

• They are always used in compliance with HIPAA and other applicable privacy and security laws.
• Your information is kept private and secure using safeguards like encryption, access controls, and secure storage.
• You will be informed whenever you are directly interacting with an AI tool.
• AI is not used to make autonomous clinical decisions, diagnoses, or treatment recommendations. Any AI-generated information is reviewed by a qualified healthcare     professional before it is used in the context of clinical decisions.
• We only share your health information with trusted partners who are legally required to protect it and follow HIPAA's rules.

AI is used to support—not replace—the judgment of our licensed healthcare providers. All medical decisions about your care are made by qualified individuals in accordance with professional standards and applicable law.

Our Uses and Disclosures

How do we typically collect, use or share your health information? We typically use or share your health information in the following ways.

Treat you

• We can use your health information and share it with other professionals who are treating you.
• This may include coordination or management of your health care with a third party.

Examples

• We may disclose your health information as necessary, to our schedulers, your Onsera Health health coach, or to your physician to whom you have been referred.
• We may contact you to provide you with information about alternative treatments or other health care services you may benefit from.
• If you choose to go through our screening process and/or register for and/or use the services, we will ask you to provide certain personal information and collect information as     you use our products or services.
• If you request that Onsera Health not make such contact with you, we will observe your wishes but may be unable to provide the requested services.

Run our organization

• We can use and share your health information to run our business, improve your care, and contact you when necessary.

Example

Use of Artificial Intelligence (AI):

• We may use your information to facilitate a telemedicine connection, coordinate virtual visits, or coordinate your care.
• We may use your information for our compliance, audit, business planning and development, legal, quality assessment, employee review and training, and other administrative and business activities.
• We may use information to make our services better, such as by responding to your inquiries and sending you administrative communications; obtaining your feedback on our Sites and our offerings; statistically analyzing user behavior and activity; training and using machine learning, artificial intelligence, or other similar technology to analyze and process your content and information as part of providing our services; providing our users with more relevant content; and conducting research and measurement activities.

Bill for your services

• We can use and share your health information to bill and get payment from health plans or other entities.

Example

• We may obtain information as to your current employer and your group health plan coverage, and give information about you to your health insurance plan to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our services.

Appointment reminders

• We may contact you to remind you of your appointment.

Example

• If you request that Onsera Health not make such contact with you, we will observe your wishes but may be unable to provide the requested services.

Health Information Exchanges (HIEs)

• Onsera Health may participate in health information exchanges (“HIEs”) and may electronically retrieve your medical information from, and share your medical information with, other participants in the HIEs for treatment, payment and/or healthcare     operations purposes.
• We will only ever access and use your health information as permitted by HIPAA and other applicable privacy laws.
• If you choose not to opt out, we may provide your medical information to the HIEs in which we participate in accordance with applicable law.

Opting out:

• You can opt out of participating in an HIE at any time by contacting us at help@onserahealth.com and informing us that you opt out of including your medical information in an HIE.
• Your opt-out will be effective as soon as we are able to process your request.
• Information shared or retrieved prior to receipt of your opt-out will not be affected.

De-identified and aggregated data

• We may use or disclose your health information in a de-identified and/or aggregated manner to analyze our patients’ experiences and help improve our services.

Example

• We may combine information about many patients to make clinical qualitative review decisions or decide whether to offer additional services, and whether certain treatments are effective.
• We may remove or de-identify information that identifies you so that others can use the de-identified information to study healthcare, conduct research, collect population health data, and determine methods for improved health care delivery without learning who you are.
• We use aggregated, de-identified outcomes data to provide our customers with insight into the outcomes of their employees following their use of our services.

Business associates

• From time to time, we work with other companies and individuals who help us deliver our services, known as “business associates.” We require business associates to     appropriately protect the privacy of your information.

Example

• We use business associates to help store the data that we collect, and to bill your health plan for the services rendered.

We sometimes use computer-based tools, including Artificial Intelligence("AI"), to help our healthcare team work more efficiently and provideyou with the best possible care. For example, these tools may help organize medical information, prepare summaries for your provider, or assist with certain administrative tasks.

When AI tools are used with your health information:

• They are always used in compliance with HIPAA and other applicable privacy and security laws.
• Your information is kept private and secure using safeguards like encryption, access controls, and secure storage.
• You will be informed whenever you are directly interacting with an AI tool.
• AI is not used to make autonomous clinical decisions, diagnoses, or treatment recommendations. Any AI-generated information is reviewed by a qualified healthcare     professional before it is used in the context of clinical decisions.
• We only share your health information with trusted partners who are legally required to protect it and follow HIPAA's rules.

AI is used to support—not replace—the judgment of our licensed healthcare providers. All medical decisions about your care are made by qualified individuals in accordance with professional standards and applicable law.

How else can we use or share your health information? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

Help with public health and safety issues

We canshare health information about you for certain situations such as:

• Preventing disease
• Helping with product recalls
• Reporting adverse reactions to medications
• Reporting suspected abuse, neglect, or domestic violence
• Preventing or reducing a serious threat to anyone’s health or safety

Do research

• We can use or share your information for health research.

Comply with the law

• We will share information about you if state or federal laws require it, including with the     Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Respond to organ and tissue donation requests

• We can share health information about you with organ procurement organizations.

Work witha medical examiner or funeral director

• We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Address workers' compensation, law enforcement, and other government requests

We can use or share health information about you:

• For workers’ compensation claims
• For law enforcement purposes or with a law enforcement official
• With health oversight agencies for activities authorized by law
• For special government functions such as military, national security, and presidential protective services

Respond to lawsuits and legal actions

• We can share health information about you in response to a court or administrative order, or in response to a subpoena

Note Regarding State Law 

Where state law is more restrictive of disclosure than federal law, we are required to follow the more restrictive state law.

Notice Regarding Technology

We may use electronic software, services, and equipment, including without limitation email, video conferencing technology, cloud storage and servers, internet communication, cellular network, voicemail, facsimile, electronic health record, and related technology to share your protected health information(“PHI”) with you or third-parties subject to the rights and restriction scontained herein. In any event, certain unencrypted storage, forwarding,communications and transfers may not be confidential. We will take measures tosafeguard the data transmitted, as well as ensure its integrity againstintentional or unintentional breach or corruption. However, in very rarecircumstances security protocols could fail, causing a breach of privacy or PHI. In the unlikely event that happens, we will take immediate steps to stopfurther breach of information and promptly notify you if your information isimpacted. 

While Onsera Health encrypts all email communications, your email server may not guarantee encryption. If your email provider does not encrypt email, some PHI could be acquired by someone else.

You may receive short message service (“SMS”) text messages as part of using theservices, such as a reminder about an upcoming appointment, reminder to complete your enrollment questionnaire, or reminder to participate in Onsera Health services. By providing Onsera Health with your telephone number, this gives Onsera Health consent to send you text messages regarding your use of our services, or for other non-telemarketing purposes, made by an automatic telephone dialing system. SMS messages are encrypted by Onsera Health intransit to your cell phone provider, but cell providers do not guarantee encryption of SMS messages that are stored on your behalf, in which case some PHI could be intercepted by someone else targeting your SMS communications.

Our responsibilities

• We are required by law to maintain the privacy and security of your PHI.
• We will not use or disclose your PHI for marketing purposes or to sell your PHI, unless you have agreed to this use or disclosure, although we may use your PHI to keep you informed of services we offer.
• We must follow the duties and privacy practices described in this notice and provide you with a copy of it.
• We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
• We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

For more information see: www.hhs.gov/hipaa/for-individuals/notice-privacy-practices/index.html.

Changes to the Terms of this Notice

From time to time, we may change this privacy statement, which is applicable to all PHI we maintain about you. For example, as we update and improve our services, new features may require modifications to the privacy statement. The new notice will be available on our website. Accordingly, please check back periodically.

Referencesto “we” “our” and “us” in this Notice includes all the above entities.

Privacy Contact: privacy@onserahealth.com