HIPAA Notice of Privacy Practices
At Embla, we care about your privacy. If you have any questions, you are always welcome to ask.
Effective from: 01.20.2025
This Notice Describes How Medical Information About You May Be Used and Disclosed and How You Can Access This Information. Please Review It Carefully.
Embla Health U.S. Inc. ("Embla") and its Partner Healthcare Providers ("Providers") are committed to protecting the privacy and security of your Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state laws, including the Texas Medical Records Privacy Act (TMRPA). This Notice explains how your PHI may be used or disclosed and describes your rights concerning your health information.
We reserve the right to revise this Notice at any time. Updates will apply to all PHI we maintain, including PHI collected before the changes. The current Notice will be posted on our website, and significant changes will be communicated to you directly.
PHI refers to information that identifies you and relates to your past, present, or future physical or mental health, healthcare services provided to you, or payment for healthcare services. Examples of PHI include:
- Your name, address, phone number, and email.
- Medical diagnoses, treatments, medications, and test results.
- Health logs, including weight, exercise, dietary intake, and symptoms.
1. How We May Use and Disclose Your PHI
We may use and disclose your PHI for the following purposes without your authorization:
a. Treatment
To provide, coordinate, or manage your healthcare, including sharing information with Partner Providers, licensed clinicians, or pharmacies involved in your care.
b. Payment
To bill and collect payment from you, your insurance, or a third party for services rendered.
c. Healthcare Operations
To support administrative, financial, and clinical functions necessary for delivering high-quality care. Examples include quality improvement, staff training, and customer support.
d. Appointment Reminders and Health Management
To remind you about scheduled appointments or provide information about treatment options and health-related benefits.
e. Compliance with Laws
To comply with federal, state, or local laws, such as reporting infectious diseases or responding to a court order.
f. Public Health and Safety
To report public health risks, such as disease outbreaks, and to prevent or reduce a serious threat to anyone’s health or safety.
g. Research
To use de-identified or aggregated data for research purposes, in compliance with applicable laws and ethical standards.
h. Disclosures to Business Associates
Embla may share your PHI with select service providers who comply with our privacy and security standards. For instance, If Embla partners with an IT vendor, they may acquire your PHI but will protect its confidentiality.
Uses and Disclosures Requiring Your Authorization
We will obtain your written authorization before using or disclosing your PHI for purposes not described in this. You may revoke your authorization in writing at any time. Revocation will not affect prior uses or disclosures made with your permission.
2. Your Rights Regarding Your PHI
Under HIPAA, you have the following rights:
a. Right to Access
You may request copies of your PHI in paper or electronic format. Fees may apply for reproduction or mailing.
b. Right to Amend
If you believe your PHI is incorrect or incomplete, you may request an amendment. We may deny your request if the information is accurate or not created by us.
c. Right to an Accounting of Disclosures
You may request a list of certain disclosures of your PHI made in the past six years, excluding disclosures for treatment, payment, or healthcare operations.
d. Right to Request Restrictions
You may request limitations on how your PHI is used or disclosed for treatment, payment, or operations. While we will consider your request, we are not required to agree, except in cases where you paid for services out-of-pocket and request that information not be shared with your insurer.
e. Right to Request Confidential Communications
You may request that we communicate with you through specific methods (e.g., email or phone) or at a specific location.
f. Right to a Copy of This Notice
You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
g. Data Breach Notification
In the event of a breach of your unsecured PHI, we will notify you as required by law. Notification will include details about the breach, the type of information affected, and steps you can take to protect yourself.
h. How We Protect Your PHI
We implement administrative, physical, and technical safeguards to secure your PHI. These include encryption, secure storage, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
3. Questions, Complaints, and Contact Information
If you believe your privacy rights have been violated or have questions about this Notice, you may contact us:
Embla Health U.S. Inc.
Georgetown Office Evolution
501 South Austin Avenue #1220 – 302
Georgetown, TX 78626
Email: [email protected]
You may also file a complaint with the U.S. Department of Health and Human Services (HHS). We will not retaliate against you for filing a complaint.
For additional information, please contact us at the details above.