Notice of Body & Mind Medical Center Privacy Practices

 

Effective Date: January 1, 2001

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

The Health Insurance Portability and Accountability Act of 1996
(HIPAA) requires us to ask each of our patients to
acknowledge receipt of our Notice of Privacy Practices. The Notice
is published on this page. You acknowledge receipt of this notice
by accepting terms and conditions for joining
Body & Mind Medical Center.

1Life Healthcare, Inc. and each of the following Body & Mind Medical Center affiliates, together, designate themselves as a single Affiliated Covered Entity (“ACE”) for purposes of compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including without limitation: One Medical of Arizona, P.C. (an Arizona professional corporation); Body & Mind Medical Center, Inc. (a California professional corporation); Body & Mind Medical Center of LA, Inc. (a California professional corporation); One Medical Labs, Inc. (a California professional corporation); Body & Mind Medical Center, P.C. (a District of Columbia professional corporation); Body & Mind Medical Center, P.C. (an Illinois professional corporation); Body & Mind Medical Center, P.C. (a Massachusetts professional corporation); Body & Mind Medical Center, P.C. (a New York professional corporation); and One Medical of NY, P.C. (a New York professional corporation). Each of the entities, sites, locations and care providers will follow the terms of this joint notice. In addition, the entities, sites, locations and care providers may share medical information with each other for treatment, payment, or health care operations related to the ACE. This designation may be amended from time-to-time to add new covered entities that are under common control with 1Life Healthcare.

Body & Mind Medical Center Responsibilities

 

Under the Health Insurance Portability and Accountability Act
of 1996 (HIPAA), Body & Mind Medical Center must
take steps to protect the privacy of your “Protected Health
Information” (PHI). PHI includes information that we have created
or received regarding your health or payment for your health. It
includes both your medical records and personal information such
as your name, social security number, address, and phone
number.

Under federal law, we are required to:

  • Protect the privacy of your PHI. All of our employees and physicians are
    required to maintain the confidentiality of PHI and receive
    appropriate privacy training
  • Provide you with this Notice of Privacy Practices explaining
    our duties and practices regarding your PHI
  • Follow the practices and procedures set forth in the Notice

Uses and Disclosures of Your Protected Health Information That
Do Not Require Your Authorization

 

Body & Mind Medical Center uses and discloses PHI in a number of
ways connected to your treatment, payment for your care, and our
health care operations. Some examples of how we may use or
disclose your PHI without your authorization are listed
below.

Treatment

  • To our physicians, nurses, and others involved in your
    health care or preventive health care.
  • To our different departments to coordinate such activities
    as prescriptions, lab work, and X-rays.
  • To other health care providers treating you who are not on
    our staff such as dentists, emergency room staff, and
    specialists. For example, if you are being treated for an
    injured knee we may share your PHI among your primary physician, the knee
    specialist, and your physical therapist so they can provide
    proper care.

Payment

  • To administer your health benefits policy or contract.
  • To bill you for health care we provide.
  • To pay others who provided care to you.
  • To other organizations and providers for payment activities
    unless disclosure is prohibited by law.

Healthcare Operations

  • To administer and support our business activities or those
    of other health care organizations (as allowed by law) including
    providers and plans. For example, we may use your PHI to review and
    improve the care you receive and to provide training.
  • To other individuals (such as consultants and attorneys) and
    organizations that help us with our business activities. (Note:
    If we share your PHI with other organizations for this
    purpose, they must agree to protect your privacy.)

Other

We may use or disclose your Protected Health Information
without your authorization for legal and/or governmental purposes
in the following circumstances:

  • Required by law – When we are required to do so by state and
    federal law, including workers’ compensation laws.
  • Public health and safety – To an authorized public health
    authority or individual to: 

    • Protect public health and safety.
    • Prevent or control disease, injury, or disability.
    • Report vital statistics such as births or deaths.
    • Investigate or track problems with prescription drugs
      and medical devices. (Food and Drug Administration.)
  • Abuse or neglect – To government entities authorized to
    receive reports regarding abuse, neglect, or domestic
    violence.
  • Oversight agencies – To health oversight agencies for
    certain activities such as audits, examinations, investigations,
    inspections, and licensures.
  • Legal proceedings – In the course of any legal proceeding in
    response to an order of a court or administrative agency and, in
    certain cases, in response to a subpoena, discovery request, or
    other lawful process.
  • Law enforcement – To law enforcement officials in limited
    circumstances for law enforcement purposes. For example
    disclosures may be made to identify or locate a suspect,
    witness, or missing person; to report a crime; or to provide
    information concerning victims of crimes.
  • Military activity and national security – To the military
    and to authorized federal officials for national security and
    intelligence purposes or in connection with providing protective
    services to the President of the United States.

We may also use or disclose your Protected Health Information
without your authorization in the following miscellaneous
circumstances:

  • Family and friends—To a member of your family, a
    relative, a close friend—or any other person you identify
    who is directly involved in your health care—when you are
    either not present or unable to make a health care decision for
    yourself and we determine that disclosure is in your best
    interest. For example, we may disclose PHI to a friend who brings you into
    an emergency room.
  • All of this information except religious affiliation will be disclosed to
    people who ask for you by name. Members of the clergy will be
    told your religious affiliation if they ask. This is to help
    your family, friends, and clergy visit you in the facility and
    generally know how you are doing.
  • Treatment alternatives and plan description—To
    communicate with you about treatment services, options, or
    alternatives, as well as health-related benefits or services
    that may be of interest to you, or to describe our health plan
    and providers to you.
  • De-identify information—If information is removed from your PHI so that you can’t be identified, as authorized by law.
  • Coroners, funeral directors, and organ donation—To
    coroners, funeral directors, and organ donation organizations as
    authorized by law.
  • Disaster relief—To an authorized public or private
    entity for disaster relief purposes. For example, we might
    disclose your PHI to help notify family members of your
    location or general condition.
  • Threat to health or safety—To avoid a serious threat
    to the health or safety of yourself and others.
  • Correctional facilities—If you are an inmate in a
    correctional facility we may disclose your PHI to the
    correctional facility for certain purposes, such as providing
    health care to you or protecting your health and safety or that
    of others.

Uses and Disclosures of Your Protected Health Information That
Require Us to Obtain Your Authorization

Except in the situations listed in the sections above, we will
use and disclose your PHI only with your written authorization. This means we will not use your Protected Health Information in the following cases, unless you give us written permission:

  • Marketing Purposes
  • Sale of your information
  • Most sharing of psychotherapy notes

In some situations, federal and state laws provide special
protections for specific kinds of PHI and require authorization from you before
we can disclose that specially protected PHI. In these situations, we will
contact you for the necessary authorization. In some situations, you may revoke your authorization; instructions regarding how to do so are contained in the form authorization you obtain from us. If you have questions
about these laws, please contact the Privacy Officer at
773-252-4848.

Your Rights Regarding Your Protected Health Information

 

You have the right to:

  • Request restrictions by asking that we limit the way we use or
    disclose your PHI for treatment, payment, or health care
    operations. You may also ask that we limit the information we give
    to someone who is involved in your care, such as a family or
    friend. Please note that we are not required to agree to your
    request except when a restriction has been requested regarding a disclosure to a health plan in situations where the patient has paid for services in full and where the purpose of the disclosure is for payment or healthcare operations. If we do agree, we will honor your limits unless it is an
    emergency situation.
  • Ask that we communicate with you by another means. For
    example, if you want us to communicate with you at a different
    address we can usually accommodate that request. We may ask that
    you make your request to us in writing. We will agree to
    reasonable requests.
  • Request an electronic or paper copy of your PHI. We may ask you to make this request in
    writing and we may charge a reasonable fee for the cost of
    producing and mailing the copies, which you will receive usually within 30 days. In certain situations we may
    deny your request and will tell you why we are denying it. In
    some cases you may have the right to ask for a review of our
    denial.
  • Ask usually to amend PHI about you that we use to make decisions
    about you. Your request for an amendment must be in writing and
    provide the reason for your request. In certain cases we may
    deny your request, in writing. You may respond by filing a
    written statement of disagreement with us and ask that the
    statement be included with your PHI.
  • Seek an accounting of certain disclosures by asking us for a
    list of the times we have disclosed your PHI. Your request must be in writing
    and give us the specific information we need in order to respond
    to your request. You may request disclosures made up to six
    years before your request. You may receive one list per year at
    no charge. If you request another list during the same year, we
    may charge you a reasonable fee. These lists will not include
    disclosures to other organizations that might pay for your care
    provided by Body & Mind Medical Center.
  • Request a paper copy of this Notice.
  • Receive written notification of any breach of your unsecured PHI.
  • File a complaint if you believe your privacy rights have been violated. You can file a written complaint with us at the address below, or with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints.

Email

 

By utilizing our services or replying to our emails, you acknowledge that you are aware that email is not a secure method of communication, and that you agree to the risks. If you would prefer not to exchange personal health information via email, please notify us at admin@bodyandmindmedicalcenter.com.

Changes to Privacy Practices

 

Body & Mind Medical Center may change the terms of this Notice at
any time. The revised Notice would apply to all PHI that we
maintain. We will make any such changes to our website.

Questions and Complaints

 

If you have any questions about this Notice or would like an
additional copy, please contact the Privacy Officer at 773-252-4848 or admin@bodyandmindmedicalcenter.com.

If you think that we may have violated your privacy rights or
you disagree with a decision we made about access to your PHI, you may send a
written complaint to the Privacy Officer at 2222 W. Division Street, Suite 130, Chicago, IL.