Effective Date: January 1, 2025 | Last Updated: January 1, 2025
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. Who Must Follow This Notice
This Notice of Privacy Practices ("Notice") applies to My Wound Solution and describes the privacy practices we follow when handling your Protected Health Information (PHI) in connection with our wound care referral services.
This Notice also applies to:
All employees, staff, and workforce members of My Wound Solution
Business associates and contractors who have access to your PHI
Healthcare providers in our network who receive referrals from us
Important: Healthcare providers who treat you maintain their own Notice of Privacy Practices. Please request a copy from your treating provider for information about how they handle your medical information.
2. Our Commitment to Your Privacy
We understand that your health information is personal and private. We are committed to protecting your health information and complying with all applicable federal and state laws, including:
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Health Information Technology for Economic and Clinical Health Act (HITECH)
California Confidentiality of Medical Information Act (CMIA)
Other applicable state privacy laws
We are required by law to:
Maintain the privacy of your PHI
Provide you with this Notice of our legal duties and privacy practices
Follow the terms of this Notice currently in effect
Notify you if a breach of your unsecured PHI occurs
3. What is Protected Health Information (PHI)
Protected Health Information (PHI) is individually identifiable health information that relates to:
Your past, present, or future physical or mental health condition
The provision of healthcare to you
Payment for your healthcare
PHI includes information that can identify you, such as:
Name, address, phone number, email address
Date of birth, Social Security number
Medical record numbers, health plan ID numbers
Photographs, biometric identifiers
Any other unique identifying number or code
Examples of PHI We May Collect
In connection with our wound care referral services, we may collect PHI including:
Your contact information and demographics
Information about your wound or medical condition
Your insurance and Medicare information
Medical history relevant to wound care treatment
Referral and treatment status information
4. How We May Use and Disclose Your PHI
Under HIPAA, we may use and disclose your PHI without your written authorization for certain purposes. The following describes these permitted uses and disclosures:
4.1 For Treatment
We may use and disclose your PHI to coordinate and manage your healthcare and related services. This includes sharing information with healthcare providers who may treat you.
Example: We may share your wound information with a licensed wound care provider in our network so they can evaluate your condition and provide treatment.
4.2 For Payment
We may use and disclose your PHI to obtain payment for services provided to you or to assist healthcare providers with their billing activities.
Example: We may verify your insurance coverage or Medicare eligibility to determine if you qualify for wound care treatment at no cost to you.
4.3 For Healthcare Operations
We may use and disclose your PHI for our healthcare operations, which include quality assessment, training, and other administrative activities.
Example: We may review PHI to evaluate the quality of referral services we provide and to train staff on proper procedures.
4.4 As Required by Law
We may use and disclose your PHI when required to do so by federal, state, or local law.
Example: We may disclose PHI to comply with a court order or as required by regulatory agencies.
4.5 Public Health Activities
We may disclose your PHI for public health activities, including:
Preventing or controlling disease, injury, or disability
Reporting births, deaths, and disease as required by law
Reporting adverse events related to medical devices
Notifying individuals exposed to communicable diseases
4.6 Abuse, Neglect, or Domestic Violence
We may disclose your PHI to appropriate government authorities if we reasonably believe you are a victim of abuse, neglect, or domestic violence.
4.7 Health Oversight Activities
We may disclose your PHI to health oversight agencies for activities authorized by law, including audits, investigations, inspections, and licensure.
4.8 Judicial and Administrative Proceedings
We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
4.9 Law Enforcement
We may disclose your PHI to law enforcement officials for limited law enforcement purposes, such as:
In response to a court order, warrant, or subpoena
To identify or locate a suspect or missing person
About a crime victim with the victim's consent
About a death that may have resulted from criminal conduct
About criminal conduct at our premises
In emergencies to report a crime or its location
4.10 Coroners, Medical Examiners, and Funeral Directors
We may disclose PHI to coroners, medical examiners, and funeral directors to enable them to carry out their duties.
4.11 Organ and Tissue Donation
We may disclose PHI to organizations that handle organ procurement or organ, eye, or tissue transplantation.
4.12 Research
Under certain circumstances, we may use and disclose your PHI for research purposes, subject to approval by an Institutional Review Board or privacy board.
4.13 To Avert a Serious Threat
We may use and disclose your PHI when necessary to prevent a serious and imminent threat to your health or safety or the health or safety of the public or another person.
4.14 Specialized Government Functions
We may disclose PHI of military personnel and veterans under certain circumstances, for national security and intelligence activities, for protective services for the President, and for medical suitability determinations.
4.15 Workers' Compensation
We may disclose your PHI as authorized by and necessary to comply with workers' compensation laws.
4.16 Inmates
If you are an inmate of a correctional institution, we may disclose your PHI to the institution or its agents when necessary for your health, the health and safety of others, or the safety and security of the institution.
4.17 Business Associates
We may disclose your PHI to our business associates who perform services on our behalf, such as billing, IT support, or administrative services. These business associates are required to protect your PHI.
4.18 Individuals Involved in Your Care
Unless you object, we may disclose PHI to a family member, friend, or other person you identify who is involved in your care or payment for your care.
4.19 Disaster Relief
We may disclose your PHI to disaster relief organizations to assist in notification of family members about your location and condition.
4.20 Facility Directory
We do not maintain a facility directory.
Prohibited Uses and Disclosures
We will NOT use or disclose your PHI for the following purposes without your written authorization:
Marketing communications (except for face-to-face communications and promotional gifts of nominal value)
Sale of your PHI
Most uses of psychotherapy notes
5. Uses and Disclosures Requiring Your Authorization
For uses and disclosures not described above, we will ask for your written authorization before using or disclosing your PHI. If you provide us with an authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect.
Examples of uses and disclosures that require your authorization include:
Most uses and disclosures of psychotherapy notes
Uses and disclosures for marketing purposes
Disclosures that constitute a sale of PHI
Other uses and disclosures not described in this Notice
6. Your Rights Regarding Your PHI
You have the following rights regarding the PHI we maintain about you:
6.1 Right to Access
You have the right to inspect and obtain a copy of your PHI that we maintain, with limited exceptions. To request access, submit a written request to us at the contact information below. We may charge a reasonable fee for copies.
We will respond to your request within 30 days. If we need additional time, we will notify you in writing within 30 days and may extend the response time by up to 30 additional days.
6.2 Right to Amend
If you believe that PHI we maintain about you is incorrect or incomplete, you may request that we amend the information. Your request must be in writing and must include a reason for the amendment.
We may deny your request if we did not create the information, if the information is not part of the records used to make decisions about you, if the information is not available for inspection, or if the information is accurate and complete.
6.3 Right to an Accounting of Disclosures
You have the right to receive a list of certain disclosures we have made of your PHI. The accounting will not include disclosures made for treatment, payment, or healthcare operations, disclosures made with your authorization, and certain other disclosures.
To request an accounting, submit a written request stating the time period you want covered (up to 6 years before the date of your request). The first accounting in any 12-month period is free; we may charge a reasonable fee for additional requests.
6.4 Right to Request Restrictions
You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations, or to persons involved in your care. We are not required to agree to your request, except:
We must agree to restrict disclosures to a health plan if the disclosure is for payment or healthcare operations and the PHI pertains solely to a healthcare item or service for which you have paid out of pocket in full.
To request a restriction, submit a written request specifying what information you want restricted, whether you want to limit our use, disclosure, or both, and to whom the restrictions apply.
6.5 Right to Request Confidential Communications
You have the right to request that we communicate with you about your health information in a certain way or at a certain location. For example, you may ask that we contact you only at work or by mail.
We will accommodate reasonable requests. Your request must specify how or where you wish to be contacted.
6.6 Right to a Paper Copy of This Notice
You have the right to obtain a paper copy of this Notice upon request, even if you have agreed to receive this Notice electronically.
6.7 Right to Revoke Authorization
If you have provided us with written authorization to use or disclose your PHI, you may revoke that authorization in writing at any time. Your revocation will not affect any actions we have already taken in reliance on your authorization.
How to Exercise Your Rights
To exercise any of these rights, please contact us in writing at:
Maintain the privacy of your PHI and provide you with notice of our legal duties and privacy practices
Abide by the terms of this Notice currently in effect
Notify you if we are unable to agree to a requested restriction on how your PHI is used or disclosed
Accommodate reasonable requests to communicate with you by alternative means or at alternative locations
Obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice
Minimum Necessary Standard
When using or disclosing PHI or when requesting PHI from another entity, we will make reasonable efforts to limit the PHI to the minimum necessary to accomplish the intended purpose, except for uses or disclosures made for treatment purposes, made to you, made with your authorization, required by law, or required for HIPAA compliance.
8. Breach Notification
We are required by law to notify you if there is a breach of your unsecured PHI. A breach is the acquisition, access, use, or disclosure of PHI in a manner not permitted by HIPAA that compromises the security or privacy of the PHI.
If a breach occurs, we will notify you:
Without unreasonable delay, but no later than 60 days after discovery of the breach
By first-class mail to your last known address (or by email if you have agreed to electronic notice)
With a description of what happened, the types of information involved, steps you should take to protect yourself, what we are doing to investigate and mitigate the breach, and contact information for further questions
9. Complaints
If you believe your privacy rights have been violated, you have the right to file a complaint.
No Retaliation: We will not retaliate against you for filing a complaint. You will not be penalized for exercising your rights under this Notice.
10. Changes to This Notice
We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI we maintain. If we make a material change to this Notice, we will:
Post the revised Notice on our website
Make the revised Notice available upon request
Provide you with a copy of the revised Notice upon your next interaction with us
The effective date of this Notice is listed at the top of this page.
11. Contact Information
If you have any questions about this Notice or would like more information about our privacy practices, please contact us:
You may be asked to sign an acknowledgment that you have received this Notice. Your signature acknowledges only that you have received a copy of our Notice of Privacy Practices. It does not constitute an authorization to use or disclose your PHI.
If you refuse to sign the acknowledgment, we may still use and disclose your PHI as described in this Notice, but we will document that the Notice was provided to you.
