Ria Health Notice of Privacy Practices
(Last revised August 17, 2019)

Ria understands how important the privacy of personal information is to our users. We understand that your privacy matters and we respect your privacy choices. This privacy policy is intended to explain:

  • What information we collect about you
  • What choices you have about your information
  • How we use your information
  • How and with whom we may share the information we have about you
  • How we protect your information
  • How to contact us with questions or concerns

We urge you to take the time to read our entire Notice of Privacy Practices for complete detail about our privacy practices and your information.

DxRx, Inc. (dba Ria Health) and Ria Health PC (hereafter, “Ria Health”) are committed to providing you with quality treatment services. An important part of that commitment is protecting your health information according to applicable law. This notice (“Notice of Privacy Practices”) describes your rights and our duties under Federal Law. Protected health information (“PHI”) is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition; the provision of healthcare services; or the past, present, or future payment for the provision of healthcare services to you.

OUR DUTIES

We are required by law to maintain the privacy of your PHI; provide you with notice of our legal duties and privacy practices with respect to your PHI; and to notify you following a breach of unsecured PHI related to you. We are required to abide by the terms of this Notice of Privacy Practices. This Notice of Privacy Practices is effective as of the date listed on the first page of this Notice of Privacy Practices. This Notice of Privacy Practices will remain in effect until it is revised. We are required to modify this Notice of Privacy Practices when there are material changes to your rights, our duties, or other practices contained herein.

We reserve the right to change our privacy policy and practices and the terms of this Notice of Privacy Practices, consistent with applicable law and our current business processes, at any time. Any new Notice of Privacy Practices will be effective for all PHI that we maintain at that time. Notification of revisions of this Notice of Privacy Practices will be provided as follows:

  • Upon request;
  • Electronically via our website or via other electronic means; and
  • Electronically within the Ria Health app for members on IOS and Android.

In addition to the above, we have a duty to respond to your requests (e.g. those corresponding to your rights) in a timely and appropriate manner. We support and value your right to privacy and are committed to maintaining reasonable and appropriate safeguards for your PHI.

CONFIDENTIALITY OF ALCOHOL TREATMENT RECORDS

The confidentiality of alcohol treatment patient records maintained by us is protected by Federal law and regulations. Generally, we may not say to a person outside of Ria Health that you are a patient of Ria Health, or disclose any information identifying you as someone with an alcohol problem unless:

You consent in writing (as discussed below in “Authorization to Use or Disclose PHI”); The disclosure is allowed by a court order (as discussed below in “Uses and Disclosures”); or The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation (as discussed below in “Uses and Disclosures”). Violation of the Federal law and regulations by Ria Health is a crime. Suspected violations may be reported to appropriate authorities in accordance with Federal regulations.

Federal law and regulations do not protect any information about a crime committed by you against any person who works for Ria Health or about any threat to commit such a crime (as discussed below in “Uses and Disclosures”).

Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under State law to appropriate State or local authorities (as discussed below in “Uses and Disclosures”).

See 42 U.S.C. 290dd-3 and 42 U.S.C. 290ee-3 for Federal laws and 42 CFR part 2 for Federal regulations.

USES AND DISCLOSURES

Uses and disclosures of your PHI may be permitted, required, or authorized. The following categories describe various ways that we use and disclose PHI.

Among Ria Health Personnel. We may use or disclose information between or among personnel having a need for the information in connection with their duties that arise out of the provision of diagnosis, treatment, or referral for treatment of alcohol or drug abuse, provided such communication is: (i) Within Ria Health PC; or (ii) Between Ria Health PC and Ria Health. For example, our staff, including doctors, nurses, and clinicians, will use your PHI to provide your treatment care. Your PHI may be used in connection with billing statements we send you and in connection with tracking charges and credits to your account. Your PHI will be used to check for eligibility for insurance coverage and prepare claims for your insurance company where appropriate. We may use and disclose your PHI in order to conduct our healthcare business and to perform functions associated with our business activities, including accreditation and licensing.

Secretary of Health and Human Services. We are required to disclose PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA Privacy Rules.

Business Associates. We may disclose your PHI to Business Associates that are contracted by us to perform services on our behalf which may involve receipt, use or disclose of your PHI. All of our Business Associates must agree to: (i) Protect the privacy of your PHI; (ii) Use and disclose the information only for the purposes for which the Business Associate was engaged; (iii) Be bound by 42 CFR Part 2; and (iv) if necessary, resist in judicial proceedings any efforts to obtain access to patient records except as permitted by law.

Crimes on Premises. We may disclose to law enforcement officers information that is directly related to the commission of a crime on the premises or against our personnel or to a threat to commit such a crime.

Reports of Suspected Child Abuse and Neglect. We may disclose information required to report under state law incidents of suspected child abuse and neglect to the appropriate state or local authorities. However, we may not disclose the original patient records, including for civil or criminal proceedings which may arise out of the report of suspected child abuse and neglect, without consent.

Court Order. We may disclose information required by a court order, provided certain regulatory requirements are met.

Emergency Situations. We may disclose information to medical personnel for the purpose of treating you in an emergency.

Research. We may use and disclose your information for research if certain requirements are met, such as approval by an Institutional Review Board.

Audit and Evaluation Activities. We may disclose your information to persons conducting certain audit and evaluation activities, provided the person agrees to certain restrictions on disclosure of information.

Reporting of Death. We may disclose your information related to cause of death to a public health authority that is authorized to receive such information.

PERSONAL INFORMATION COLLECTED AUTOMATICALLY

We receive and store certain types of information whenever you interact with the Site or the Application. We automatically receive and record information on our server logs from your browser, including your IP address, and the page you requested. In addition, we may use personal identifiers to recognize you when you arrive at the Site via an external link, such as a link appearing on a third party site or in an Ria-generated email presented to you (see also our “Tracking Technologies” section below). We will also use your information to provide customer service and support.

Generally, the Site and Application automatically collect usage information, such as the numbers and frequency of visitors to the Site and Application and its components, similar to TV ratings that indicate how many people watched a particular show. We only use this data in aggregate form (i.e., as a statistical measure), and not in a manner that would permit us to identify you personally. This type of aggregate data enables us to figure out how often users or customers use parts of the Site or Application so that we can make the Site and Application as appealing to as many users and customers as possible. We may provide this de-identified, aggregate data to our partners and/or customers to identify how our users use our Site or Application. Again, we never disclose this information to a partner or customer in a manner that would identify you personally.

You may set your browser to refuse or disable these data collection methods, but doing so may change your experience with the Site or the Application, diminish certain aspects of the Site’s or Application’s functionality or render certain features of the Site or the Application inoperable. For example, the Site may not recognize or respond to “do not track” technologies employed by your browser.

EMAIL COMMUNICATIONS

We often receive a confirmation when you open an email from us if your computer supports this type of program. We use this confirmation to help us make emails more interesting and helpful. When you receive email from us, you can opt out of receiving further emails by following the included instructions to unsubscribe. However, by opting out of further email communications after you enroll in the Ria service, you may limit program reminders and other valuable program content and components.

TRACKING TECHNOLOGIES

In addition to any Personal Information or other information that you choose to submit to us via the Site or Application, we and our third party service providers may use a variety of technologies that automatically (or passively) store or collect certain information when you visit or interact with the Site or Application (“Usage Information”). This Usage Information may be stored or accessed using technologies that may be downloaded to your Device whenever you visit or interact with the Site or Application. To the extent we associate Usage Information with your Personal Information that we collect directly from you, we will treat it as Personal Information. Examples of Usage Information include: your IP address or other unique device identifier (e.g., a number that is automatically assigned to your Device used to access the Site which our computers use to identify your Device), your Device’s functionality (e.g., browser, operating system, mobile network information, etc.), the areas within the Site or Application that you visit and your activities there, your Device location, your Device characteristics and certain other data regarding your Device.

We may use various methods or technologies to store or collect your Usage Information, including your visits to or interactions with our Site and Application (“Tracking Technologies”). We may use these Tracking Technologies for a variety of purposes, including but not limited to uses deemed to be necessary or useful to assess the performance of our Site and Application (including as part of our analytic practices or otherwise to improve our Site and Application) or uses required to offer you enhanced functionality when accessing our Site and Application (including identifying you when you sign in to the Site or the Application or keeping track of your specified preferences).

Tracking Technologies may include the following (and may include subsequent technologies and methods later developed which perform a similar function):

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your browser to enable our systems to recognize your browser and tell us how and when pages in our Site are visited and by how many people. We use cookies to enhance visitors’ experiences by understanding how visitors and / or users engage with and navigate our Site. Regular cookies may generally be disabled or removed by tools that are available as part of most commercial browsers and in some but not all instances can be blocked in the future by selecting certain settings. Each browser that you use will need to be set separately, and different browsers offer different functionality and options in this regard. Also, these tools may not be effective with regard to certain types of cookies (e.g., Adobe Flash or HTML5 cookies). Please be aware that if you disable or remove cookies on your Device, some parts of our Site or Application may not function properly and when you revisit our Site or Application your ability to limit cookies is subject to your browser settings and limitations.

We may choose to serve ads on the Site or the Application. These ads may be delivered to users by our advertising partners, who may set cookies. These cookies allow the ad server to recognize your Device each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Notice of Privacy Practices refers only to the use of cookies by Company and does not cover the use of cookies by any third parties (e.g., advertisers).

Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site and Application, such as the links that you click on. The code is temporarily downloaded onto your Device, is active only while you are connected to the Site or Application, and is deactivated or deleted thereafter.

Web Beacons. Small graphic images or other web programming code called “web beacons” (also known as “1×1 GIFs” or “clear GIFs”) may be included in pages and messages of our Site and Application. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a page or email can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including to count visitors to the Site and Application, to monitor how users navigate the Site and the Application, to count how many sent emails were actually opened or to count how many particular articles or links were actually viewed.

There may be other Tracking Technologies now and later devised and used by us in connection with the Site and Application. Further, third parties may use Tracking Technologies with our Website. We do not control those Tracking Technologies, and we are not responsible for them. However, you consent to potentially encountering third party Tracking Technologies in connection with your use of the Site and Application and accept that this Notice of Privacy Practices does not apply to the Tracking Technologies or practices of such third parties. In such cases, you must check the third party websites to confirm how your information is collected and used.

AUTHORIZATION TO USE OR DISCLOSE PHI

Other than as stated above, we will not use or disclose your PHI other than with your written authorization. Subject to compliance with limited exceptions, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes, or sell your PHI unless you have signed an authorization. If you or your representative authorize us to use or disclose your PHI, you may revoke that authorization in writing at any time to stop future uses or disclosures. We will honor oral revocations upon authenticating your identity until a written revocation is obtained. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect.

QUESTIONS, REQUESTS FOR INFORMATION, AND COMPLAINTS

If you have questions or concerns about this Notice of Privacy Practices, please contact us by sending an email to:

  • CustomerService@riahealth.com

We support your right to privacy of your Protected Health Information. You will not be retaliated against in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

If you believe your rights have been violated and would like to submit a complaint directly to the U.S. Department of Health & Human Services, then you may submit a formal written complaint to the following address:

U.S. Department of Health & Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
877.696.6775
OCRMail@hhs.gov
www.hhs.gov

If you have a patient safety concern you may report your concern to The Joint Commission at:

Office of Quality and Patient Safety
The Joint Commission
One Renaissance Boulevard
Oakbrook Terrace, IL 60181
Fax: 630-792-5636
https://www.jointcommission.org/report_a_complaint.aspx

Ria Health Patient Rights & Responsibilities
(Last revised August 17, 2019)

PATIENT/MEMBER RIGHTS

The following are the rights that you have regarding PHI that we maintain about you. Information regarding how to exercise those rights is also provided. Protecting your PHI is an important part of the services we provide you. We want to ensure that you have access to your PHI when you need it and that you clearly understand your rights as described below.

RIGHT TO NOTICE

You have the right to adequate notice of the uses and disclosures of your PHI, and our duties and responsibilities regarding same, as provided for herein. You have the right to request both a paper and electronic copy of this Notice. You may ask us to provide a copy of this Notice at any time. You may obtain this Notice on our website at riahealth.com, from the Ria app, from Ria staff, or from our Privacy Officer.

RIGHT OF ACCESS TO INSPECT AND COPY

You have the right to access, inspect and obtain a copy of your PHI for as long as we maintain it as required by law. This right may be restricted only in certain limited circumstances as dictated by applicable law. All requests for access to your PHI must be made in writing. Under a limited set of circumstances, we may deny your request. Any denial of a request to access will be communicated to you in writing. If you are denied access to your PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by Ria Health will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the decision made by the designated professional. If you are further denied, you have a right to have a denial reviewed by a licensed third-party healthcare professional (i.e. one not affiliated with us). We will comply with the decision made by the designated professional.

We may charge a reasonable, cost-based fee for the copying and/or mailing process of your request. As to PHI which may be maintained in electronic form and format, you may request a copy to which you are otherwise entitled in that electronic form and format if it is readily producible, but if not, then in any readable form and format as we may agree (e.g. PDF). Your request may also include transmittal directions to another individual or entity.

RIGHT TO AMEND

If you believe the PHI we have about you is incorrect or incomplete, you have the right to request that we amend your PHI for as long as it is maintained by us. The request must be made in writing and you must provide a reason to support the requested amendment. Under certain circumstances we may deny your request to amend, including but not limited to, when the PHI: 1. Was not created by us; 2. Is excluded from access and inspection under applicable law; or 3. Is accurate and complete. If we deny amendment, we will provide the rationale for denial to you in writing. You may write a statement of disagreement if your request is denied. This statement will be maintained as part of your PHI and will be included with any disclosure. If we accept the amendment we will work with you to identify other healthcare stakeholders that require notification and provide the notification.

RIGHT TO REQUEST AN ACCOUNTING OF DISCLOSURES

We are required to create and maintain an accounting (list) of certain disclosures we make of your PHI. You have the right to request a copy of such an accounting during a time period specified by applicable law prior to the date on which the accounting is requested (up to six years). You must make any request for an accounting in writing. We are not required by law to record certain types of disclosures (such as disclosures made pursuant to an authorization signed by you), and a listing of these disclosures will not be provided. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. We will notify you of the fee to be charged (if any) at the time of the request.

RIGHT TO REQUEST RESTRICTIONS

You have the right to request restrictions or limitations on how we use and disclose your PHI for treatment, payment, and operations. We are not required to agree to restrictions for treatment, payment, and healthcare operations except in limited circumstances as described below. This request must be in writing. If we do agree to the restriction, we will comply with restriction going forward, unless you take affirmative steps to revoke it or we believe, in our professional judgment, that an emergency warrants circumventing the restriction in order to provide the appropriate care or unless the use or disclosure is otherwise permitted by law. In rare circumstances, we reserve the right to terminate a restriction that we have previously agreed to, but only after providing you notice of termination.

OUT-OF-POCKET PAYMENTS

If you have paid out-of-pocket (or in other words, you or someone besides your health plan has paid for your care) in full for a specific item or service, you have the right to request that your PHI with respect to that item or service not be disclosed to a health plan for purposes of payment or healthcare operations, and we are required by law to honor that request unless affirmatively terminated by you in writing and when the disclosures are not required by law. This request must be made in writing.

RIGHT TO CONFIDENTIAL COMMUNICATIONS

You have the right to request that we communicate with you about your PHI and health matters by alternative means or alternative locations. Your request must be made in writing and must specify the alternative means or location. We will accommodate all reasonable requests consistent with our duty to ensure that your PHI is appropriately protected.

RIGHT TO NOTIFICATION OF A BREACH

You have the right to be notified in the event that we (or one of our Business Associates) discover a breach involving unsecured PHI.

RIGHT TO VOICE CONCERNS

You have the right to file a complaint in writing with us or with the U.S. Department of Health and Human Services if you believe we have violated your privacy rights. Any complaints to us should be made in writing to our Privacy Officer at the address listed below We will not retaliate against you for filing a complaint.

QUESTIONS, REQUESTS FOR INFORMATION, AND COMPLAINTS

If you have questions or concerns about these Patient Rights and Responsibilities, please contact us by sending an email to:

  • CustomerService@riahealth.com

We support your right to privacy of your Protected Health Information. You will not be retaliated against in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

If you believe your rights have been violated and would like to submit a complaint directly to the U.S. Department of Health & Human Services, then you may submit a formal written complaint to the following address:

U.S. Department of Health & Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
877.696.6775
OCRMail@hhs.gov
www.hhs.gov

If you have a patient safety concern you may report your concern to The Joint Commission at:

Office of Quality and Patient Safety
The Joint Commission
One Renaissance Boulevard
Oakbrook Terrace, IL 60181
Fax: 630-792-5636
https://www.jointcommission.org/report_a_complaint.aspx