Notice of Privacy Practices

Last Updated Date. August 3, 2022.

THIS NOTICE DESCRIBES HOW YOUR PERSONAL HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Nudj Health, Inc. (“Nudj Health,” “Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this policy. Nudj Health operates the Nudj Health Collaborative Care Platform located at app.nudjhealth.com (the “Platform”), the Nudj Health mobile application named NUDJ (the “APP”), and the websites located at www.nudjhealth.com, patient.nudjhealth.com (the “Website”), and other websites, products, services, that link to this Privacy Policy (collectively, the “Services”). Users of the Services are referred to below as “Users,” “you,” or “your.”

We are legally required to maintain the privacy of your PROTECTED HEALTH INFORMATION (“PHI”) under the Federal Health Insurance Portability and Accountability Act (“HIPAA”) and to provide patients with notice of our legal duties and privacy practices with respect to your Protected Health Information. This Notice of Privacy Practices (“Notice”) explains how we collect, use, and share Protected Health Information.

This Notice is NOT an authorization. It describes how Nudj Health, authorized Healthcare Providers and other third parties may use and disclose your Protected Health Information to carry out our Services, and for other purposes that are permitted or required by law. It also describes your rights to access and control your Protected Health Information.

We are required to abide by the terms of this Notice for as long as it remains in effect. We reserve the right to change the terms of this Notice as necessary and to make a new notice of privacy practices effective for all Protected Health Information maintained by Nudj Health.

PHI Defined

“Protected Health Information” includes any information that identifies you, whether in electronic, oral, or written form, and includes information such as your name, contact information, demographics such as your age, gender, and ethnicity, your medical history, conditions, treatments, and medications, healthcare insurance information, information about you at your Healthcare Providers, or other information defined to be protected health information under the law.

Uses and Disclosures of Your Protected Health Information

The law permits or requires us to use or disclose your PHI for various reasons, which we explain in this Notice. We have included some examples, but we have not listed every permissible use or disclosure. When using or disclosing PHI or requesting your PHI from another source, we will make reasonable efforts to limit our use, disclosure, or request about your PHI to the minimum we need to accomplish our intended purpose.

  • Use of Nudj Health Services. When using the Nudj Health Services, your PHI will be shared with Nudj Health for the purposes stated in the Nudj Health Privacy Policy, where applicable and legally permissible. We may collect information from your doctor, hospital, clinic, healthcare practice, office, or facility, or other healthcare providers (“Healthcare Provider”) that you expressly authorize with respect to you and your information on or through the Services, to communicate with you via the Services, to provide information to your personal health record on or through the Services. We may also collect information from other third-parties that you expressly authorize to send information to the Services.
  • Business Associates. We may use and disclose your PHI to outside persons or entities that perform services on our behalf who provide us with services necessary to operate and function as a provider of care coordination services. We will only provide the minimum information necessary for the business associate(s) to perform their functions as it relates to our Services. For example, we may use a separate company to process our billing services that require access to a limited amount of your PHI. Please know and understand that all of our business associates are obligated to comply with the same HIPAA privacy and security rules in which we are obligated. Additionally, all of our business associates are under contract with us and committed to protect the privacy and security of your PHI.
  • Treatment. We may use or disclose your PHI and share it with other professionals who are treating you, including doctors, nurses, technicians, medical students, or hospital personnel involved in your care. For example, we might disclose information about your overall health condition with your health care providers, including information relating to your remote patient monitoring services, your mental health, your behavioral and mental health services, and your behavioral health integration consulting services.
  • Payment. We may use and disclose your PHI to bill and get payment from health plans or others. For example, we share your PHI with your health insurance plan so it will pay for the services you receive.
  • Health Care Operations. We may use and disclose your PHI to run our Services. For example, we may use your PHI to manage the Services you receive or to monitor the quality of our Services provided to you.
  • Health Information Exchanges. We may participate in health information exchanges (HIEs), which support electronic information sharing among members for treatment, payment, and health care operations purposes. Individuals may opt-out of HIEs. We will use reasonable efforts to limit the sharing of PHI in these electronic sharing activities for individuals who have opted out, to the extent applicable. If you would like to opt out, please contact us.
  • As required by law. We may use and disclosure your PHI to the extent required to comply with federal or state law.
  • Pursuant to an Authorization. We may use and disclosure your PHI if you provide written authorization to us that complies with the requirements under HIPAA, but only to the extent permitted by such authorization. You can revoke your authorization at any time in writing.

Other Uses and Disclosures

We may share your information in other ways, usually for public health or research purposes or to contribute to the public good. For more information on permitted uses and disclosures, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. For example, these other uses and disclosures may involve:

  • Public Health. We may use and disclosure your PHI and may be required by law to be disclosed for public health risks. This includes: to prevent or control disease; report injuries, births and deaths; report child abuse and/or neglect; reporting of reactions to medications or problems with health products; notification of recalls of products; reporting a person who may have been exposed to a disease or may be at risk of contracting and/or spreading a disease or condition.
  • Responding to Legal Actions. We may disclose your PHI to respond to a court or administrative order or subpoena, discovery request, or another lawful process. However, disclosure will only be made if efforts have been made to inform you of the request or obtain an order protecting the information requested. Your information may also be disclosed if required for our legal defense in the event of a lawsuit.
  • Minors. Protected Health Information of minors will be disclosed to their parents or legal guardians, unless prohibited by law.
  • Research. We may share your PHI for some types of health research that do not require your authorization, such as if an institutional review board has waived the written authorization requirement.
  • Medical Examiners or Funeral Directors. We may share PHI with coroners, medical examiners, or funeral directors when an individual dies.
  • Organ or Tissue Donation. We may share your PHI to arrange an authorized organ or tissue donation from you or a transplant for you.
  • Workers’ Compensation, Law Enforcement, or Other Government Requests. We may use and disclosure your PHI to the extent required to comply with federal or state law.
  • Pursuant to an Authorization. We may use and disclose your PHI for: workers’ compensation claims, health oversight activities by federal or state agencies, law enforcement purposes or with a law enforcement official, or specialized government functions, such as military and veterans’ activities, national security and intelligence, presidential protective services, or medical suitability.

Uses and Disclosures in Which You Have a Choice

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, please contact us and we will make reasonable efforts to follow your instructions. You have both the right and choice to tell us how we share your information in the following situations:

  • Communication with family and/or individuals involved in your care or payment of your care. We may disclose your PHI to family members, friends, or others involved in your care or payment of your care in which you have identified. You may be able to grant access to your account to an authorized individual or representative. You acknowledge and agree that Nudj Health has no responsibility or liability in connection with any access to, or use of, your account and information by any authorized individual or representative. You may be able to create accounts for minors or other members of your family over whom you have legal authority; provided however, you are the authorized, and by doing so, you certify that you have such authority, and provide whatever information is necessary to establish your authorization. We may enable you to give access to your account to authorized individuals. When you give access to an authorized individual, you grant permission to such authorized individual to access the information contained within, and/or perform actions through, your account. You also may permit your authorized Healthcare Providers to communicate with such authorized individuals about your health status.
  • Disaster. We may disclose your PHI in disaster relief situations, such as to a relief organization to assist with locating or notifying your family, close friends, or others involved in your care.
  • Fundraising. We may disclose your PHI to contact you regarding fundraising events and efforts. But, you have the right to object or opt out of these types of communications.

Uses and Disclosures that Require Authorization

In the situations below we will only share your information if you give us written permission:

  • Disclosure of Psychotherapy Notes: Unless we obtain your written authorization, in most circumstances we will not disclose your mental health care professional’s notes (psychotherapy notes) from a private counseling session or a group, joint, or family counseling session. However, there are certain purposes for which we may disclose psychotherapy notes, without obtaining your written authorization, including the following:
    1. to carry out certain treatment, payment or healthcare operations (e.g., use for the purposes of your treatment, for our own training, and to defend ourselves in a legal action or other proceeding brought by you)
    2. to the Secretary of the Department of Health and Human Services to determine our compliance with the law
    3. as required by law
    4. for health oversight activities authorized by law
    5. to medical examiners or coroners as permitted by state law
    6. for the purposes of preventing or lessening a serious or imminent threat to the health or safety of a person or the public
  • Marketing. We must obtain your authorization for any use or disclosure of your PHI.
  • Sale of Protected Information. We must obtain your authorization prior to receiving direct or indirect remuneration in exchange for your PHI.

You may revoke your authorization at any time, but it will not affect information that we already used and disclosed.

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

  • Right to inspect and obtain a copy of your PHI. Pursuant to your written request (and if applicable, by submitting an electronically signed form), you have the right to inspect and copy your Protected Health Information in paper or electronic format. We have up to 30 days to provide the Protected Health Information and may charge a fee for the associated costs.
  • Right to obtain a summary or explanation of your PHI. You have the right to request only a summary of your PHI if you do not desire to obtain a copy of your entire record. You also have the option to request an explanation of the information when you request your entire record.
  • Right to obtain an electronic copy of medical records. You have the right to request an electronic copy of your PHI for yourself or to be sent to another individual or organization when your PHI is maintained in an electronic format. We will make every attempt to provide the records in the format you request; however, in the case that the information is not readily accessible or producible in the format you request, we will provide the record in a standard electronic format or a legible hard copy form. Record requests may be subject to a reasonable fee for the associated costs.
  • Right to request amendments. At any time if you believe the PHI we have on file for you is inaccurate or incomplete, you may request that we amend the information. Your request for an amendment must be submitted in writing and details what information is inaccurate and why. Please note that a request for an amendment does not necessarily indicate the information will be amended.
  • Right to receive a notice of breach. In the event of a breach of your unsecured PHI, you have the right to be notified of such breach.
  • Right to request additional restrictions. You have a right to restrict and/or limit the information we disclose to others, such as family members, friends, and individuals involved in your care or payment for your care. Your request must be submitted in writing and include the specific restriction requested, whom you want the restriction to apply, and why you would like to impose the restriction. Please note that our practice/your physician is not required to agree to your request for restriction, and we may say “no” if it would affect your care; but we will agree not to disclose information to a health plan for purposes of payment or health care operations if the requested restriction concerns a health care item or service for which you or another person, other than the health plan, paid in full out-of-pocket, unless it is otherwise required by law.
  • Request an accounting of disclosures. You have the right to request an accounting of certain PHI disclosures that we have made. For these requests: we will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures, such as any you asked us to make. We will provide one accounting a year for free, but will charge a reasonable, cost-based fee if you ask for another one within 12 months. We will notify you about the costs in advance and you may choose to withdraw or modify your request at that time.
  • Right to request confidential communications. You have a right to request confidential communications from us by alternative means or at an alternative location. For example, you may designate that we send mail only to an address specified by you which may or may not be your home address. You may indicate we should only call you on your work phone or specify which telephone numbers we are allowed or not allowed to leave messages on. You do not have to disclose the reason for your request; however, you must submit a request with specific instructions in writing.
  • Right to receive a paper copy of this notice. Even if you have agreed to receive an electronic copy of this Privacy Notice, you have the right to request we provide it in paper form. You may make such a request at any time.
  • Right to choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. We will confirm the person has this authority and can act for you before we take any action.

Changes to this Notice

We reserve the right to change the terms of this Notice, and the changes will apply to all PHI we have about you. The date this Notice was last revised is identified at the top of the page. The new Notice will be available on request, in our office, and on our website. We will also send you a copy of the revised notice upon your request.

Contact us

To ask questions about this Notice and our privacy practices, please contact us as follows:

Mail – Nudj Health, Inc., 101 E. Green Street, Suite 11, Pasadena, CA 91105

Email – legalnotices@nudjhealth.com

Phone – Toll-free number: 833-411-5835

Complaints

If at any time you believe your privacy rights have been violated and you would like to register a complaint, you may make a complaint. We will not retaliate against you for filing a complaint.

If you wish to file a complaint with us, please submit it in writing to our Privacy/Compliance Officer, as follows:

Mail – Nudj Health, Inc., 101 E. Green Street, Suite 11, Pasadena, CA 91105

Email – legalnotices@nudjhealth.com

You may also file a complaint with the Office for Civil Rights at the US Department of Health and Human Services in writing by mail, fax, e-mail, or via the OCR Complaint Portal. For more information, please visit www.hhs.gov/hipaa/filing-a-complaint. The complaint can be mailed to: Centralized Case Management Operations, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Room 509F HHH Bldg., Washington, D.C. 20201; or emailed to OCRComplaint@hhs.gov.