Initial Effective Date: March 23, 2007 Latest Revised Date: June 11, 2019
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN THIS INFORMATION. PLEASE REVIEW THIS INFORMATION CAREFULLY.
BioIQ respects that you have entrusted us with your health data, and we are committed to safeguarding all the information you supply—including all personal information, the results of biometric screening tests, and the information in your health assessment risk profile.
I. OUR COMMITMENT TO PROTECTING HEALTH INFORMATION ABOUT YOU
BioIQ has policies and procedures in place to protect the privacy and security of your personal information including your PHI. To the extent BioIQ is providing services for or on behalf of a HIPAA Covered Entity, BioIQ is required by law to maintain the privacy of PHI and to notify the Covered Entity of any breach of unsecured PHI.
BioIQ keeps your PHI safe through the use of a combination of physical, technical, and administrative safeguards in accordance with applicable Federal and State laws. To use the BioIQ wellness/disease management website or mobile applications, you will create your own password protected account and you can change your contact information and password information on the site or the mobile application. Lost passwords are authenticated with security questions upon enrollment. Data transfer, storage, and integrity are secured and transmitted via secure encryption technology, regular data backups, and key code authentication. BioIQ also limits access to your PHI to employees, contractors and agents who need the data to do their jobs or provide their services.
Also, where required by law or in accordance with a Business Associate Agreement, third-party wellness and disease management program partners must protect the privacy of data BioIQ shares with them and they are required to keep your information private and secure.
BioIQ reserves the right to make changes to this notice and to make such changes effective for all PHI we may already have about you. If and when this notice is changed, we will post this information on our website and provide you with a copy of the revised notice upon your request or as otherwise required by law. It is your responsibility to check our website periodically for updates or changes to our policy.
II. HOW BIOIQ MAY USE AND DISCLOSE PROTECTED HEALTH INFORMATION ABOUT YOU
A. USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS
BioIQ is permitted to use and disclose PHI for treatment, payment, and health care operations and, when applicable, in accordance with a Business Associate Agreement (BAA) as required by HIPAA. The following examples are illustrative and do not list every type of use or disclosure that may fall within that category.
Treatment: BioIQ may use and disclose your PHI in connection with your participation in a Program. Your Program may involve, at your option, completing a health risk assessment form, obtaining laboratory biometric screenings for various health risks, discussing your health with health care coaches or others associated with your Program. BioIQ provides you with online viewing of your forms, explanations of laboratory test results and other health care information that may be relevant to you. BioIQ’s internet technology platform will facilitate the disclosure of laboratory test results to the ordering physician and to other healthcare professionals who may become involved in your participation in the Program. BioIQ may disclose PHI to third- parties designated by the sponsoring health plan for use in your participation in the Program.
Payment: BioIQ is allowed to use and disclose PHI so that we can bill and collect payment for our services, if applicable, or to assist your health plan with their claims payment processes.
Health Care Operations: BioIQ is permitted to use and disclose your PHI in performing business operations that are called health care operations. These include conducting quality improvement activities, auditing functions, cost management analysis and customer service. An example of this would be an internal assessment of the quality of our customer service operations. BioIQ may use and disclose your PHI to provide training to new employees who work with PHI within the scope of their employment at BioIQ. BioIQ employees receive training on the importance of maintaining the privacy of your PHI. BioIQ may also share your PHI with your sponsoring health plan as part of their health care operations. Plan sponsors that receive PHI are required by law to keep it from being used for reasons that are not proper and are required to keep it secure.
Health Related Services: BioIQ may contact you to provide you with information about changes to your Program or other health-related benefits and services that may be of interest to you as we view such information as part of the treatment you receive under your Program, and as directed by you or your sponsoring health plan. Our contracted third-party vendors may contact you directly with such Program information.
To You: In accordance with HIPAA and applicable Business Associate Agreements, BioIQ will provide access to you of your health care information.
B. OTHER USES AND DISCLOSURES YOU AUTHORIZE BIOIQ TO MAKE
Business Associates: In accordance with the above Treatment and/or Health Care Operations permitted uses and disclosures, we may provide your PHI to other companies or individuals to assist us in providing you with health and wellness services in conjunction with your Program or vendors that perform various activities on our behalf. These other entities are referred to under HIPAA as Business Associates. BioIQ is required by HIPAA to have written Business Associate Agreements with these entities whenever we share your PHI with the Business Associate. Likewise, we may receive your PHI by virtue of providing Business Associate services to your sponsoring health plan or Covered Entity. Business Associates are required by HIPAA to maintain the privacy and security of your PHI and to only use and disclose your PHI in accordance with HIPAA. For example, we may share your personal health information with a wellness coach with whom we have a Business Associate Agreement to assist you with the goals you have set under your Program.
Incentive Program: BioIQ may provide your PHI to your Program sponsor (your Health Maintenance Organization, Health Plan, or Employer-sponsored Health Plan) or incentive administrator for the implementation of incentives related to your participation in the Program. Your employer may receive a confirmation that you have completed an activity, such as completing your health risk assessment (HRA). However, your employer will never receive access to any information you supplied on your HRA other than notification that the HRA was completed.
Mobile Applications: BioIQ provides a technology platform through which you can access information connected with your Program, including access to your PHI. Although BioIQ has procedures in place to ensure the security of your information that is contained on our BioIQ web portal, when using mobile applications, you recognize and assume the risk that such data may be subject to telecommunication and other laws that govern your mobile device provider and which are outside the control of BioIQ.
Security Procedures: BioIQ may use your PHI to authenticate the security and integrity of our website. (For details regarding website usage, please see our website “Terms and Conditions Use”).
Website Experience: BioIQ may use personally identifiable information collected through our website to tailor your use and experience on the website.
C. USES AND DISCLOSURES REQUIRED BY LAW
BioIQ may use and disclose your PHI as allowed or required by law. PHI can be shared for public health oversight activities. It can also be shared for judicial or administrative proceedings, with public health authorities, for law enforcement reasons, and with coroners or medical examiners. PHI can also be shared with organ donation groups for certain reasons, for research (in accordance with HIPAA restrictions), and to avoid a serious threat to health or safety. It can be shared for special government functions, for Workers’ Compensation, to respond to requests from the U.S. Department of Health and Human Services, and to alert proper authorities if we reasonably believe that you may be a victim of abuse, neglect, domestic violence or other crimes. PHI can also be shared in any other manner required by law.
D. OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION REQUIRE YOUR AUTHORIZATION
Other uses and disclosures of PHI about you will be made only with your written authorization. If you have authorized us to use or disclose PHI about you, you may revoke your authorization at any time, except to the extent we have taken action based on the authorization. You may make such revocation by providing written notice to the address provided below. Information disclosed pursuant to your authorization may be subject to redisclosure by the recipient and no longer be protected under HIPAA. However, BioIQ executes Business Associate Agreements with any wellness/disease management providers whereunder they agree to maintain the privacy and security of your information.
III.YOUR RIGHTS REGARDING PROTECTED HEALTH INFORMATION ABOUT YOU
Right to Request Restrictions: You have the right to request additional restrictions on the PHI that BioIQ may use for treatment, payment, and health care operations. You may also request additional restrictions on our disclosure of PHI to certain individuals involved in your care or benefit coverage that otherwise are permitted by HIPAA. BioIQ is not required to agree to your request. If we do agree to your request, we are required to comply with our agreement except in certain cases, including where the information is needed to treat you or verify coverage in the case of an emergency. To request restrictions, you must make your request in writing to the Covered Entity (your sponsoring health plan), or in accordance with any Business Associate responsibilities assumed by us, to our Compliance Officer. In your request, please include (1) the information that you want to restrict, (2) how you want to restrict the information (for example, restricting use to this o4ice, restricting disclosure only to persons outside this office, or restricting both), and (3) to whom you want those restrictions to apply.
Right to Receive Confidential Communications: You have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. For example, you may request that BioIQ contacts you at home, rather than at work. You must make your request in writing to our Compliance Officer. You must specify how you would like to be contacted (for example, by regular mail to your post office box and not your home). We may be required via the provisions of a Business Associate Agreement to accommodate reasonable requests and, regardless, we will do our best to facilitate reasonable requests.
Right to Inspect and Copy: You have the right to request the opportunity to inspect and receive a copy of PHI about you from the Covered Entity and perhaps in certain records that BioIQ maintains as a Business Associate. Such records may include your insurance and billing records but does not include information gathered or prepared for a civil, criminal, or administrative proceeding. We may deny your request to inspect and copy PHI only in limited circumstances. To inspect and copy PHI, contact our Security Officer. If you request a copy of PHI about you, we may charge you a reasonable fee for the copying, postage, labor, and supplies used to meet your request.
Right to Amend: You have the right to request that the Covered Entity and perhaps in certain instances that we amend PHI about you as long as such information is kept by or for our office. To make this type of request of us, you must submit your request in writing to our Compliance Officer. You must also give us a reason for your request. We may deny your request in certain cases, including if it is not in writing or if you do not give us a reason for the request or if we are not the proper entity under HIPAA to perform such amendments.
Right to Receive an Accounting of Disclosures: You have the right to receive a list of certain disclosures of your PHI in the past six years other than disclosures made for treatment, payment or health care operations. You may exercise this right by contacting the Covered Entity and BioIQ will work closely with the Covered Entity to provide any accounting of disclosures in accordance with HIPAA.
Right to Breach Notification: Under HIPAA, a Covered Entity must provide notification to you upon any Breach of your PHI. BioIQ will work closely with the Covered Entity to provide any information necessary as required of a Business Associate in accordance with HIPAA.
Right to a Paper Copy of this Notice: You have a right to receive a paper copy of this notice at any time, even if you have previously agreed to receive this notice electronically. To obtain a paper copy of this notice, contact the Compliance Officer.
Questions/Complaints: If you want further information about matters covered in this notice, or believe that your privacy rights have been violated, or disagree with a decision made about access to your personal and health information, you can contact our Compliance Officer. You may also submit a complaint to the office of the Secretary of Health and Human Services. We want to hear your concerns and you will not be retaliated against if you file a complaint.
Prior Versions: You may access prior versions of this notice by contacting the Compliance Officer at the below address.
Attention: Compliance Officer
2300 Windy Ridge Pkwy Suite 850S
Atlanta, GA 30339