top of page

​

Notice of Privacy Practices 

​

Last updated: February 28, 2024

 

THIS NOTICE OF PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW YOUR PROTECTED HEALTH INFORMATION MAY BE USED AND DISCLOSED WHEN YOU USE OR RECEIVE SERVICES PROVIDED THROUGH WEIGHT MD AND ITS AFFILIATES (“WEIGHT MD”, “WE” or “US”). 

 

Weight MD may disclose Protected Health Information (or “PHI”) (as defined by HIPAA) for purposes of treatment, billing and healthcare operations. 

By law, We are required to provide you with (a) with this Notice of our legal duties and privacy practices with respect to your PHI; (b) follow the terms of the Notice currently in effect; and (c) notify you if there is a breach of your PHI. We must also provide you with information regarding: (i) how We may use and disclose your PHI; (ii) your privacy rights; and (iii) our obligations concerning the use and disclosure of your PHI.

This Notice is NOT an authorization. Rather it describes how We, our business associates (as defined by HIPAA), and their subcontractors may use and disclose your PHI to carry out treatment, payment, or health care operations, and for other purposes as permitted or required by law. It also describes your rights to access and control your PHI.

​

I. USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION

A. Routine Uses and Disclosures of Protected Health Information

We are permitted to use and disclose PHI for certain purposes, including treatment, payment, and health care operations. Generally, We do not need your permission for these uses or disclosures under applicable laws. The following are examples of the types of routine uses and disclosures of PHI that We are permitted to make without your permission. Although this list is not exhaustive, it should give you an idea of the routine uses and disclosures We are permitted to make without your permission.

For Treatment: We keep a record of your PHI, which may include lab results, diagnoses, medications, your response to medications or other therapies, and information We learn about your health by providing services. We may use and disclose this information and other PHI to provide, coordinate, and/or manage your treatment and inform you of treatment alternatives and other health related benefits, products and services that may be of interest to you. We may use and disclose this information and other PHI to health care  professionals and/or other third parties to provide, coordinate, and manage the delivery of your health care. For example, We may disclose your PHI to a pharmacy to fill a prescription, to a laboratory to order a test, or to another clinician for consultation.

​

For Payment: We may use and disclose your PHI, as needed, to bill and obtain payment for the health care services provided to you. We may disclose your PHI to health plans, and health care clearinghouses for their payment activities. For example, We may use and disclose PHI about you to receive payment for our services, manage your account, and fulfill our responsibilities under your health plan.

For Health Care Operations: We may use or disclose your PHI in order to support our business operations. These activities may include, but are not limited to, reviewing our treatment and services, improving the services We provide, training and evaluating the performance of our staff in providing services, and providing customer service.

​

B. Uses and Disclosures That May Be Made Without Your Authorization or Opportunity to Object

We may use or disclose your PHI in the following situations without your authorization and without providing you an opportunity to object.

​

Required by the Secretary of Health and Human Services: We may be required to disclose your PHI to the Secretary of Health and Human Services to investigate or determine our compliance with the requirements of the HIPAA Privacy Rule.

​

Required By Law: We may use or disclose your PHI to the extent that the use or disclosure is required by federal, state, or local law.

​

Public Health: We may disclose your PHI for public health activities, such as tracking diseases and/or medical devices, which may include making disclosures to a public health authority or other government agency that is permitted by law to collect or receive the information (e.g., the Food and Drug Administration). These activities generally include the following: (a) to prevent or control disease, injury or disability; (b) to report births and deaths; (c) to report child abuse or neglect; (d) to report reactions to medications or problems with products; (e) to notify people of recalls of products they may be using; or (f) to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition. If We keep genetic testing information about you, We will release that information only to the state departments that monitor our work or if required by law to release that information.

​

Health Oversight: We may disclose PHI to a health oversight agency for oversight activities authorized by law, such as audits; civil, administrative or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative or criminal proceedings or actions; or other activities necessary for the oversight of the health care system, government benefit programs or entities subject to government regulations or civil rights laws. Oversight agencies include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.

Abuse or Neglect: If you have been a victim of abuse, neglect, or domestic violence, We may disclose your PHI to a government agency authorized to receive such information. In addition, We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect.

Judicial and Administrative Proceedings: We may disclose your PHI in response to an order of a court or administrative tribunal, and, in certain conditions, in response to a subpoena, discovery request or other lawful process.

​

Law Enforcement: We may disclose your PHI, so long as applicable legal requirements are met, for law enforcement purposes, such as providing information to the police about the victim of a crime.

Coroners and Funeral Directors: We may disclose your PHI to a coroner, medical examiner, or funeral director if it is needed to perform their legally authorized duties – for example to identify a deceased person, determine a cause of death, or as authorized by law.

​

For Appointment Reminders and Health-Related Benefits and Services: We may use your demographic PHI to contact you as a reminder that you have an appointment or to recommend possible treatment options or alternatives that may be of interest to you.

​

Business Associates: We may disclose your PHI to persons or entities who perform functions, activities or services to Us or on our behalf that require the use or disclosure of PHI. To protect your health information, We require the business associate to appropriately safeguard your information.

​

De-identified Information: We may de-identify your PHI for any of the purposes described above. PHI that is de-identified in accordance with the HIPAA standards is no longer protected under HIPAA and may be used and disclosed for any lawful purpose, including certain research related purposes.

​

C. Uses and Disclosures of Protected Health Information Based upon Your Written Authorization

Psychotherapy Notes: We must obtain your written authorization for most uses and disclosures of psychotherapy notes.

​

Marketing: We must obtain your written authorization to use and disclose your PHI for most marketing purposes (as defined by HIPAA).

​

Sale of PHI: We must obtain your written authorization for any disclosure of your PHI which constitutes a sale of PHI.

​

Other Uses: Uses and disclosures of your PHI not described above, will be made only with your written authorization unless otherwise permitted or required by law. If you sign an authorization to release your PHI, you may revoke that authorization in writing. Revocation will stop any future release of your PHI but will not change what was released pursuant to the valid authorization.

​

To the extent required by law, when using or disclosing your PHI or when requesting your PHI from another covered entity, We will make reasonable efforts not to use, disclose or request more than a “limited data set” (as defined by HIPAA) of your medical information, or, if needed by Us, no more than the minimum amount of medical information necessary to accomplish the intended purpose of the use, disclosure or request, taking into consideration practical and technological limitations.

​

D. We Use an Electronic Health Record to Create, Store and Maintain your Medical Record.

To help improve your medical care, We utilize an electronic health record (“EHR”) to create, store and maintain your medical record. 

​

II. YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION

You have certain rights regarding your PHI as explained below. You may exercise these rights by submitting a request to ________________________________.

​

A. You have the right to inspect and copy portions of your PHI. If you want to see or get a copy of your PHI that is contained in a designated record set (e.g., medical and billing records), you must make the request in writing. You have the right to request that We provide your PHI to you in either paper or electronic format. We are required to provide you with such PHI within the time period required by law. There are certain situations when We may deny your request for access to your PHI; if We do, We will inform you why We denied your request. For example, We may deny your request if We believe the disclosure will endanger your life or that of another person. Depending on the circumstances of the denial, you may have the right to have this decision reviewed.

​

B. You have the right to request that We restrict how We use or disclose your PHI. You have the right to request a restriction or limitation on the PHI We use or disclose about you for purposes of treatment, payment or health care operations. You also have the right to request a limit on the PHI We disclose about you to someone who is involved in your care or the payment of your care, like a family member or friend. Your request must state the specific restriction requested and to whom you want the restriction to apply. We are not required to agree to a requested restriction except that We must agree to not disclose your PHI to your health plan if the disclosure (a) is for payment or health care operations (and not treatment purposes) and is not otherwise required by law and (b) relates to a health care item or service for which We have been paid in full out-of-pocket. If We agree with (or are required to honor) your request, We will put any limits in writing and abide by them except in emergency situations. You may not restrict any use or disclosure of your PHI if We are legally required to release such PHI.

​

C. You have the right to request to receive confidential communications from Us by alternative means or at an alternative location. You have the right to request that We communicate with you in a certain way (for example, email instead of regular mail) or at a certain location (for example, sending information to your work address rather than your home address). We will accommodate reasonable requests as long as We can easily provide it in the format you requested. 

​

D. You have the right to request a correction or update of your PHI. If you believe there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that We correct the existing or add the missing information. We can do this for as long as We maintain the PHI. You must provide the request in writing. We will respond to your request within time period allowed by law. If We approve your request, We will make the change to your PHI, tell you that We have done it, and tell others who need to know about such change or amendment. If We determine that your PHI is accurate and complete, We may deny your request. If We deny your request, We will send you a written explanation stating our reasons and explain your right to file a written statement of disagreement. If you do not file a written statement of disagreement, you have the right to request that your request and our denial be attached to all future uses or releases of your PHI.

​

If you are a California resident, you have the right to submit a 250 word addendum about anything in your record you disagree with. If you tell Us to, We will put this addendum in your medical record. We may add a written rebuttal to the addendum and We will supply you with a copy of this rebuttal.

​

E. You have the right to receive a list of when and to whom We have disclosed your PHI (an “accounting of certain disclosures”). This accounting will not include disclosures made for treatment, payment, and health care operations purposes or any disclosures We may have made directly to you. If you request an accounting, you must specify the time period, which may not be longer than 6 years. We will respond to your request within the time period required by law. In addition, We will notify you, as required by law, if there has been any breach of your PHI.

​

III. NO WAIVER

We will never require you to waive your rights under the HIPAA Privacy Rule or the HIPAA Breach Notification Rule as a condition for receiving services or treatment.

​

IV. CHANGES TO THIS NOTICE

We reserve the right to modify this Notice and our privacy practices as described herein at any time. Any revision or amendment to this Notice will be effective for all of your records that We created or maintained in the past and for any of your records that We may create or maintain in the future. Our current Notice will always be available on our website at _______________and you can request a paper or electronic copy at any time by emailing _________________. A copy will also be available at our physical clinics. 

​

V COMPLAINTS

If you have questions about this Notice of Privacy Practices, you believe that We have violated your privacy rights, or you disagree with a decision We made about access to your PHI, please contact Us at: ___________________. You may also submit a complaint to the U.S. Department of Health and Human Services and can find more information how to do so on their website: hhs.gov. 

​

VI NO RETALIATION

We will not retaliate against you in any way for filing a complaint with Us, the Secretary of HHS or any state agency.

​

bottom of page