Privacy Policy

Privacy Policy for Iora Health Website

Your privacy is important to us. This privacy policy discloses the privacy practices for iorahealth.com. This privacy policy applies solely to information collected by this web site. It covers the following:

    1. What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
    2. What choices are available to you regarding the use of your data.
    3. The security procedures in place to protect the misuse of your information.
    4. How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

Iora Health is the sole owner of the information collected on this site. We only have access to information that you voluntarily give us via email or other direct contact from you.

We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request.

Unless you ask us not to, we may contact you via email in the future to tell you about news or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any.

  • Change/correct any data we have about you.

  • Have us delete any data we have about you.

  • Express any concern you have about our use of your data.

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.  Wherever we collect sensitive information (such as your phone number), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and this privacy statement does not govern such sites. You should exercise caution and look at the privacy statement applicable to the website in question.

How We Use Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets us know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Updates

Our Privacy Policy may change from time to time and all updates will be posted on this page.  If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at (617) 454-4672 or via email at info@iorahealth.com.


Privacy Policy for Iora Health Patients

This notice describes how medical information may be used and disclosed, and how you can access this information. Please review this carefully.

In providing care to you, the staff at Iora Health (“Iora” or “we”) will record your medical information in our electronic medical record. Information that identifies you or your health information is called Protected Health Information, or PHI. We are required by law to maintain the confidentiality of your PHI. We are also required to provide you with this Notice of Privacy Practices. This Notice gives you information about Iora’s legal duties, responsibilities, and privacy practices involving your PHI. When Iora uses or discloses PHI, we must and will abide by the terms of this Notice (or the Notice in effect at the time of any use or disclosure of your PHI).

How Iora May Use or Disclose PHI

Some reasons Iora may use your PHI are listed below (though not every reason for a use or disclosure is identified.) Some uses and disclosures will require your consent, while other reasons may not.

  • Iora may use or disclose your PHI, with your consent, as follows:
      1. Communications with Family and Others. We may disclose your PHI to your family members or friends only after obtaining your verbal or written agreement to do so, or after giving you an opportunity to object to such a disclosure and you do not do so.
      2. Research. For research purposes.
      3. Sale of PHI or for our Marketing Purposes. This does not include face-to-face communication about products or services that may be of benefit to you, or about prescriptions you have already been prescribed.
      4. Highly Confidential Information. In some instances, we may need additional, very specific, written authorization to disclose certain types of specially-protected information such as psychotherapy notes, HIV status, substance abuse treatment, mental health records, venereal disease information, research involving controlled substances, abortion consent forms, family planning services, and genetic testing information (“Highly Confidential Information”).
      5. Emancipated Minors. Certain information relating to your diagnosis or treatment may be Highly Confidential Information and will not be disclosed to a parent or guardian without your consent. Your consent is not required, however, if a physician reasonably believes your condition to be so serious that your life or limb is endangered. Under such circumstances, we may notify your parents or legal guardian of the condition, and will inform you of a notification. If you are a parent or legal guardian of an emancipated minor, certain portions of the emancipated minor’s medical record (or, in certain instances, the entire medical record) may not be accessible to you.
      • Iora may use or disclose PHI without your consent under the following circumstances:
        1. Treatment. Iora uses your PHI to provide treatment and other services to you to diagnose and treat your injury or illness. As part of that treatment, Iora may need to disclose PHI to other health care providers involved in your care, such as specialists, pharmacies, and labs.
        2. Payment. Iora may disclose your PHI to your insurance company in order to confirm your eligibility to receive care at Iora, and for Iora to collect payment for its services provided to you. Iora may also disclose your PHI to other health care providers so that they may seek payment for services they provided to you.
        3. Operations. We may need to use and disclose your PHI as necessary to support our day-to-day management or for internal administration and planning or quality improvement.
        4. Iora must disclose PHI as required by federal, state or local law, for:
          1. Public Health Reporting. Iora is required to provide information to public health authorities to:
            1. Report abuse or neglect of children, the elderly or the disabled, including instances of rape or sexual assault;
            2. State agencies in order to prevent or control disease, injury or disability;
            3. Notify a person of a potential exposure to a communicable disease;
            4. Notify a person of a potential risk of spreading or contracting a disease or condition;
            5. Report adverse reactions to drugs or problems with products or devices.
          2. Workplace Injury or Illness. For work-related illness or injury or as required for workplace medical surveillance, we must report to the insurer and/or the state industrial accident board and/or parties involved in workers’ compensation matters.
          3. Lawsuits and Similar Proceedings. In the event you are involved in a lawsuit or similar proceeding, Iora may need to use and share your PHI in response to a court order, or if a lawful request has been made by another party involved in the dispute with you, but only after we have made efforts to inform you of the request or obtain an order protecting your PHI from disclosure.
          4. Law Enforcement. PHI may be disclosed to police or other law enforcement officials as required or permitted by law, or to comply with a subpoena accompanied by a court order.
        5. Death. Iora may need to release PHI to a medical examiner or coroner.
        6. Organ/Tissue Donation. If you are an organ donor, Iora may release PHI to organizations that facilitate organ or tissue donation, banking and transplantation.
        7. Serious Threats to Health or Safety. Iora may use PHI to assist with efforts to prevent serious threat to the health and safety of you or others.
        8. Military. Iora may share your PHI if you are, or were, a member of the U.S. or foreign military, if required by the appropriate authorities.
        9. National Security. We may need to share PHI with officials for national security activities.
        10. Correctional Institutions or Law Enforcement.  If you are an inmate or in custody of law enforcement, we may need to disclose PHI:
          1. to the institution in order to provide healthcare to you,
          2. for the safety and security of the institution, and/or
          3. to protect your health and safety or the health and safety of others.

        Rights Regarding your PHI

        1. Communications. You may request that Iora communicate with you about your health and related issues in a particular manner (e.g., to contact you at home rather than work). You do not need to give a reason for your request.
        2. Restrictions. You have the right to request that we not share your PHI for treatment, payment, or healthcare operations, or that we share your PHI with only certain individuals. We will abide by your request, unless a disclosure is required by law or is necessary to treat you. To request a restriction, we will need to know: the information you wish to restrict; whether or how you want to restrict Iora’s use, disclosure or both; and to whom.
        3. Inspection, Copies, and Amendments. You have the right to see your PHI and have it copied. Requests for copies must be made in writing. If available, you may obtain an electronic copy of your health record, and/or may direct us to transmit a copy to a person you designate. If Iora created the information, you have a right to request that we amend the information if you believe it is inaccurate or incomplete. We cannot change medical information created by someone else, or if the change would make your medical record inaccurate or incomplete.
        4. Revoking your Authorization. With a written request to us, you may revoke or revise prior authorizations for future use/disclosure of your PHI.
        5. Obtain a Paper Copy of This Notice at Any Time. Email us at hipaa@iorahealth.com.
        6. Accounting and Access Reports. You have a right to receive a list of how, and to whom, PHI was disclosed. This is called an “accounting of disclosures.” This would not include disclosures of your PHI made for your treatment, payment, or health care operations. If we use or maintain your PHI in an electronic designated record set, you have a right to receive a report indicating where we (or our Business Associates) have disclosed, and/or who has accessed, your PHI (including access for the purposes of treatment, payment, and health care operations) during a period of time up to three years prior to the date of your request. Requests for an accounting of disclosures and/or requests access reports must be made in writing to Iora.
        7. Notice of a Breach. You have a right to receive notice of any unauthorized access of PHI.
        8. Revisions to Our Privacy Policies and Practices. Iora may change its privacy policies, including this Notice, and make new policies and practices, including revised Notice provisions, effective for all PHI that we maintain. A copy of the current Notice will be posted in our office and on our website.
          1. Right to File a Complaint. If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the Secretary of the Department of Health and Human Services (“HHS”). All complaints must be submitted in writing. You will not be penalized for filing a complaint. To file a complaint with HHS, contact:
                   Office for Civil Rights
                   US Department of Health and Human Services
                   200 Independence Avenue SW
                   Room 509F HHH Bldg
                   Washington DC 20201
          2. For questions about this Notice, contact Iora’s Privacy Officer:
                  Sean Nabi, Privacy Officer
                  Iora Health
                  101 Tremont Street, 6th Floor
                  Boston, MA 02108
                  617-580-0529
                  sean.nabi@iorahealth.com

        Effective Date: This Notice is effective as of April 15th 2015.