1. What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
2. What choices are available to you regarding the use of your data.
3. The security procedures in place to protect the misuse of your information.
4. How you can correct any inaccuracies in the information.
Information Collection, Use, and Sharing
Iora Health is the sole owner of the information collected on this site. We only have access to information that you voluntarily give us via email or other direct contact from you.
We will not sell or rent this information to anyone.
We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request.
Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:
• See what data we have about you, if any.
• Change/correct any data we have about you.
• Have us delete any data we have about you.
• Express any concern you have about our use of your data.
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information (such as your phone number), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
Links to Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and this privacy statement does not govern such sites. You should exercise caution and look at the privacy statement applicable to the website in question.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets us know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
This notice describes how medical information may be used and disclosed, and how you can access this information. Please review this carefully.
In providing care to you, the staff at Iora Health and the members of its affiliated covered entity (“Iora” or “we”) will record your medical information in our electronic medical record. An affiliated covered entity is a group of organizations under common ownership or control who designate themselves as a single affiliated covered entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).
Information that identifies you or your health information is called Protected Health Information, or PHI. We are required by law to maintain the confidentiality of your PHI. We are also required to provide you with this Notice of Privacy Practices. This Notice gives you information about Iora’s legal duties, responsibilities, and privacy practices involving your PHI. When Iora uses or discloses PHI, we must and will abide by the terms of this Notice (or the Notice in effect at the time of any use or disclosure of your PHI). The members of the Iora affiliated covered entity (“Iora ACE”) will share PHI with each other for the treatment, payment and health care operations of the Iora ACE and as permitted by HIPAA and this Notice. For a complete list of the members of the Iora ACE, please contact the Privacy Officer.
Some reasons Iora may use your PHI are listed below (though not every reason for a use or disclosure is identified.) Some uses and disclosures will require your consent, while other reasons may not.
1. Iora may use or disclose your PHI, with your consent, as follows:
a. Research. For research purposes.
b. Sale of PHI or for our Marketing Purposes. This does not include face-to-face communication about products or services that may be of benefit to you, or about prescriptions you have already been prescribed.
c. Highly Confidential Information. In some instances, we may need additional, very specific, written authorization to disclose certain types of specially-protected information such as psychotherapy notes, HIV status, substance abuse treatment, mental health records, venereal disease information, research involving controlled substances, abortion consent forms, family planning services, and genetic testing information (“Highly Confidential Information”).
d. Emancipated Minors. Certain information relating to your diagnosis or treatment may be Highly Confidential Information and will not be disclosed to a parent or guardian without your consent. Your consent is not required, however, if a physician reasonably believes your condition to be so serious that your life or limb is endangered. Under such circumstances, we may notify your parents or legal guardian of the condition, and will inform you of a notification. If you are a parent or legal guardian of an emancipated minor, certain portions of the emancipated minor’s medical record (or, in certain instances, the entire medical record) may not be accessible to you.
2. Iora may use or disclose PHI without your consent under the following circumstances:
a. Treatment. Iora uses your PHI to provide treatment and other services to you to diagnose and treat your injury or illness. As part of that treatment, Iora may need to disclose PHI to other health care providers involved in your care, such as specialists, pharmacies, and labs.
b. Payment. Iora may disclose your PHI to your insurance company in order to confirm your eligibility to receive care at Iora, and for Iora to collect payment for its services provided to you. Iora may also disclose your PHI to other health care providers so that they may seek payment for services they provided to you.
c. Operations. We may need to use and disclose your PHI as necessary to support our day-to-day management or for internal administration and planning or quality improvement. We may also disclose PHI to other healthcare providers or payers that are involved in your care for their healthcare operations.
d. Business Associates. We may share your PHI with third party business associates that perform various activities (e.g., billing, testing, or consulting) for Iora. Whenever an arrangement between a business associate and Iora involves the use or disclosure of your PHI, we will have a written agreement that will protect the privacy of your PHI.
e. Individuals Involved in Your Care. We may release your PHI to a friend or family member who is involved in your medical care. We may also give information to someone who helps pay for your care. We may share your PHI with these persons if you are present or available before we share your PHI with them and you do not object to our sharing your PHI with them, or we reasonably believe that you would not object to this. If you are not present and certain circumstances indicate to us that it would be in your best interests to do so, we will share information with a friend or family member or someone else identified by you, to the extent necessary. This could include sharing information with your family or friend so that they could pick up a prescription or a medical supply.
f. Death. Iora may need to release PHI to a medical examiner or coroner.
g. Organ/Tissue Donation. If you are an organ donor, Iora may release PHI to organizations that facilitate organ or tissue donation, banking and transplantation.
h. Serious Threats to Health or Safety. Iora may use PHI to assist with efforts to prevent serious threats to the health and safety of you or others.
i. Military. Iora may share your PHI if you are, or were, a member of the U.S. or foreign military, if required by the appropriate authorities.
j. National Security. We may need to share PHI with officials for national security activities.
k. Correctional Institutions or Law Enforcement. If you are an inmate or in custody of law enforcement, we may need to disclose PHI:
i. to the institution in order to provide healthcare to you,
ii. for the safety and security of the institution, and/or
iii. to protect your health and safety or the health and safety of others.
l. Training. Your PHI may be used or disclosed for the purpose of allowing students, residents, nurses, physicians and other healthcare professionals who are interested in healthcare, pursuing careers in the medical field or desire an opportunity for an educational experience to tour, shadow employees and/or providers or engage in a clinical practicum.
m. Required by Law. Iora must disclose PHI as required by federal, state or local law, for:
i. Public Health Reporting. Iora is required to provide information to public health authorities to:
ii. Workplace Injury or Illness. For work-related illness or injury or as required for workplace medical surveillance, we must report to the insurer and/or the state industrial accident board and/or parties involved in workers’ compensation matters.
iii. Lawsuits and Similar Proceedings. In the event you are involved in a lawsuit or similar proceeding, Iora may need to use and share your PHI in response to a court order, or if a lawful request has been made by another party involved in the dispute with you, but only after we have made efforts to inform you of the request or obtain an order protecting your PHI from disclosure.
iv. Law Enforcement. PHI may be disclosed to police or other law enforcement officials as required or permitted by law, or to comply with a subpoena accompanied by a court order.
Office for Civil Rights
US Department of Health and Human Services
200 Independence Avenue SW
Room 509F HHH Bldg
Washington DC 20201
Iora may change its privacy policies, including this Notice, and make new policies and practices, including revised Notice provisions, effective for all PHI that we maintain. A copy of the current Notice will be posted in our office and on our website.
For questions about this Notice, contact Iora’s Privacy Officer:
101 Tremont Street, 6th Floor
Boston, MA 02108
Effective Date: This Notice is effective as of July 10th 2019.