REJUVA MEDICAL AESTHETICS

NOTICE OF PRIVACY PRACTICES AND PRIVACY POLICY

EFFECTIVE DATE: 2/10/2020

Rejuva’s Privacy Officer:

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Privacy Policy on the website of Rejuva Medical Aesthetics, Inc. (referred to herein as “Rejuva,” “we” or “our”) describes Rejuva’s information practices regarding our medical practice and this website. We understand the importance of privacy and are committed to maintaining the confidentiality of your medical information. We make a record of the medical care we provide and may receive such records from others. We use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and to enable us to meet our professional and legal obligations to operate this medical practice properly. We are required by law to maintain the privacy of protected health information (“PHI”) and to provide individuals with notice of our legal duties and privacy practices with respect to PHI. This notice describes how we may use and disclose your medical information. It also describes your rights and our legal obligations with respect to your medical information. If you have any questions about this Notice, please contact our Privacy Officer listed above.

A. How this Website May Use or Disclose Health Information

The Privacy Policy explains how the website collects, uses and shares personally identifiable information and other information attained from and about individuals who visit this Site (“website” “site” “www.rejuvamedical.org”). The Internet gives an opportunity for us to reach our audience in new and exciting ways with product, educational and company information, and activities such as, but not limited to, offers, clinical studies, newsletters and other promotions. We are committed to providing and maintaining that opportunity in a safe and secure environment for our visitors.

  1. Agreement to This Privacy Policy and Privacy Policy Modifications. By visiting this website, you hereby agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not provide your personally identifiable information (“PII), e.g., your name, address, telephone number, screen name, email address or credit card information. We may occasionally use customer information for new, unanticipated uses not previously acknowledged in our privacy notice. If our information practices change at some time in the future, we will post the policy changes to our website to inform you of these changes and we will provide you with the ability to remove yourself from these new uses. If you are worried about how your information is used, you should check back periodically for updates.
  2. Collection of Your Personally Identifiable Information (“PII”) and Other Personal Information. This website is intended to provide a unique, informative and entertaining experience for users, without requiring them to give any more information than is necessary to participate in specific activities which may be offered, or to use the Site effectively. We do not require users to register or submit PII in order to merely visit the website. Most activities on the Site can be performed without providing PII. When we ask for PII to participate in an activity, we will not require anyone to give more PII than we believe is reasonably necessary to engage in the activity. You may be asked to provide non-PII, such as first name, age, gender, zip code, city and/or state of residence.

We compile information volunteered by the consumer, such as ‘contact us’ forms and newsletter sign-ups. The information submitted using our online forms does not use encryption methods, and the information we collect is not shared with any other institutions. If you supply us with your postal or email address online, you will only receive the specific information for which you provided your address.

  1. When PII and Non-PII May be Requested. Registration or input of PII may be required to participate in activities such as contests, promotional activities and offers, surveys, or for e-commerce activities. If PII is requested for participation in an activity, you cannot participate without disclosing the requested PII.

We may also ask you to provide us with non-PII, which does not allow us to identify you by email address, full name, full address or other PII. From time to time, we may use this non-PII information for internal informational purposes, or for creating reports for ourselves and third-party advertisers and partners, if any may exist.

  1. When PII and Non-PII May be Requested. We may use PII in promotional activities, for notification of special offers and newsletters.
  2. Use of Non-PII. Non-PII is data such as first name, zip code, age, gender, product and promotional preferences. Your non-PII may be gathered and used for our internal purposes or may be distributed to third parties for any purpose, without your permission. No third party will know who you are as a result of the use of your non-PII.
  3. Safety and Security. We take steps to help ensure that all information provided by you, whether PII or non-PII, is treated securely. We have implemented technical, administrative and physical security measures to safeguard visitor information from unauthorized access and improper use. We periodically review our security procedures in order to consider and implement appropriate new technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.

If you share your computer or use a computer that is accessed by the general public, remember to sign off and close your browser window after you have finished your session. This will help make sure that others cannot access your PII and use it with malicious intent. No data transmission over the Internet, however, can be guaranteed to be totally secure. To protect our security, to protect us against liability, or as required by law, we may collect a user’s name and email address. PII collected in accordance with this provision will not be used for any other purpose.

  1. Use of Cookies. During the course of any visit to the website, the pages you see, along with something called a “cookie,” are downloaded to your computer. Cookies are small pieces of data that are stored by your browser on your computer’s hard drive. These cookies do not contain any personally identifying information, but they do give us the ability to provide features such as personalization in your browsing experience. Most web browsers automatically accept cookies, but you can usually change your browser. Cookies in themselves do not identify the individual user, just the computer used. Users have the ability to set their computers to accept all cookies, to notify them when a cookie is used, or to never receive cookies at any time. Different browsers may address cookies differently. With regard to cookies, one cookie is set to make note of how individuals have found our site. It contains no personal information.

For each visitor to our web page, our web server automatically does not recognize information regarding the domain or email address.

Upon request, we offer visitors the opportunity to have factual inaccuracies corrected in information that we maintain about them.

If you feel that this site is not following its stated information policy, you may contact our Privacy Officer listed at the top of this Notice of Privacy Practices.

B. How this Medical Practice May Use or Disclose Health Information

This medical practice collects medical and related identifiable patient information (such as billing information, claims information, referral and health plan information) and stores it in a chart, in administrative or billing files, and on a computer. The medical record is the property of this medical practice, but the information in the medical record is accessible to the patient. This information is considered “protected health information” (PHI) under the HIPAA Privacy Rule. The law permits us to use or disclose health information for the following purposes without the patient’s written authorization:

  1. Treatment. We use medical information to provide medical care. We disclose medical information to our employees and others who are involved in providing the care our patients need. For example, we may share medical information with other physicians or other health care providers who will provide services that we do not provide or we may share this information with a pharmacist who needs it to dispense a prescription, or a laboratory that performs a test. We may also disclose medical information to members of patients’ families or others who can help them-when they are sick or injured, or following the patient’s death.
  2. Payment. We use and disclose PHI to obtain payment for the services we provide. For example, we give health plans the information they require for payment. We may also disclose information to other health care providers to assist them in obtaining payment for services they have provided to our patients.
  3. Health Care Operations. We may use and disclose PHI to operate this medical practice. For example, we may use and disclose this information to review and improve the quality of care we provide, or the competence and qualifications of our professional staff. Or we may use and disclose this information to get health plans to authorize services or referrals. We may also use and disclose this information as necessary for medical reviews, legal services, and audits, including fraud and abuse detection and compliance programs, and business planning and management. We may also share PHI with our “business associates,” such as our billing service, that perform administrative services for us. We have a written contract with each of these business associates that contains terms requiring them and their subcontractors to protect the confidentiality and security of this PHI. Although federal law does not protect health information which is disclosed to someone other than another health care provider, health plan, health care clearinghouse, or one of their business associates, California law prohibits all recipients of health care information from further disclosing it except as specifically required or permitted by law.
  4. We may also share PHI with other health care providers, health care clearinghouses, or health plans that have a relationship with our patients when they request this information to help them with their quality assessment and improvement activities, their patient-safety activities, their population-based efforts to improve health or reduce health care costs, protocol development, case management or care coordination activities, their review of competence, qualifications and performance of health care professionals, their training programs, their accreditation, certification or licensing activities, their activities related to contracts of health insurance or health benefits, or their health care fraud and abuse detection and compliance efforts.
  5. Appointment Reminders. We may use and disclose medical information to contact and remind our patients about appointments. If the patient is not home, we may leave this information on the patient’s answering machine or in a message left with the person answering the phone.
  6. Sign-in Sheet. We may use and disclose medical information about our patients by having them sign in when they arrive at our office. We may also call out their names when we are ready to see them.
  7. Notification and Communication with Family. We may disclose our patients’ health information to notify or assist in notifying a family member, personal representative or another person responsible for their care about their location or general condition in the event of their death, unless a patient had instructed us otherwise. In the event of a disaster, we may disclose information to a relief organization so that they may coordinate these notification efforts. We may also disclose information to someone who is involved with our patient’s care or helps pay for care. If our patient is able and available to agree or object, we will give the patient the opportunity to object prior to making these disclosures, although we may disclose this information in a disaster even over the patient’s objection if we believe it is necessary to respond to the emergency circumstances. If our patient is unable or unavailable to agree or object, our health professionals will use their best judgment in communication with the patient’s family and others.
  8. Marketing. Provided we do not receive any payment for making these communications, we may contact our patients to encourage them to purchase or use products or services related to their treatment, case management or care coordination, or to direct or recommend other treatments, therapies, health care providers or settings of care that may be of interest to them. We may similarly describe products or services provided by this practice and tell our patients which health plans we participate in. We may receive financial compensation to talk with our patients face-to-face, to provide them with small promotional gifts, or to cover our cost of reminding them to take and refill medication or otherwise communicate about a drug or biologic that is currently prescribed for the patient, but only if the patient either:

(1) has a chronic and seriously debilitating or life-threatening condition and the communication is made to educate or advise the patient about treatment options and otherwise maintain adherence to a prescribed course of treatment, or (2) the patient is a current health plan enrollee and the communication is limited to the availability of more cost-effective pharmaceuticals. If we make these communications while the patient has a chronic and seriously debilitating or life-threatening condition, we will provide notice of the following in at least 14-point type: (1) the fact and source of the remuneration; and (2) the patient’s right to opt-out of future remunerated communications by calling the communicator’s toil-free number. We will not otherwise use or disclose PHI for marketing purposes or accept any payment for other marketing g communications without the patient’s prior written authorization. The authorization will disclose whether we receive any financial compensation for any marketing activity our patients authorize, and we will stop any future marketing activity to the extent the patient revokes that authorization.

  1. Sale of Health Information. We will not sell our patients’ health information without their prior written authorization. The authorization will disclose that we will receive compensation for PHI if the patient authorizes us to sell it, and we will stop any future sales of information to the extent that the patient revokes that authorization.
  2. Required by Law. As required by law, we will use and disclose our patients’ health information, but we will limit our use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will further comply with the requirement set forth below concerning those activities.
  3. Public Health. We may, and are sometimes required by law, to disclose our patients’ health information to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child, elder or dependent adult abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure. When we report suspected elder or dependent adult abuse or domestic violence, we will inform our patients or their personal representative promptly unless in our best professional judgment, we believe the notification would place a patient at risk of serious harm or would require informing a personal representative we believe is responsible for the abuse or harm.
  4. Health Oversight Activities. We may, and are sometimes required by law, to disclose our patients’ health information to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by federal and California law.
  5. Judicial and Administrative Proceedings. We may, and are sometimes required by law, to disclose our patients’ health information in the course of any administrative or judicial proceeding to the extent expressly authorized by a court or administrative order. We may also disclose information about our patients in response to a subpoena, discovery request or other lawful process if reasonable efforts have been made to notify them of the request and they have not objected, or if their objections have been resolved by a court or administrative order.
  6. Law Enforcement. We may, and are sometimes required by law, to disclose out patients’ health information to a law enforcement official for purposes such as identifying of locating a suspect, fugitive, material witness or missing person, complying with a court order, warrant, grand jury subpoena and other law enforcement purposes.
  7. Coroners. We may, and are often required by law, to disclose our patients’ health information to coroners in connection with their investigations of deaths.
  8. Organ or Tissue Donation. We may disclose our patients’ health information to organizations involved in procuring, banking or transplanting organs and tissues.
  9. Public Safety. We may, and are sometimes required by law, to disclose our patients’ health information to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
  10. Proof of Immunization. We will disclose proof of immunization to a school where the law requires the school to have such information prior to admitting a student if the patient has agreed to the disclosure on behalf of themselves or their dependent.
  11. Specialized Government Functions. We may disclose our patients’ health information for military or national security purposes or to correctional institutions or law enforcement officers that have the patient in their lawful custody.
  12. Workers’ Compensation. We may disclose our patients’ health information as necessary to comply with workers’ compensation laws. For example, to the extent our patients’ care is covered by workers’ compensation, we will make periodic reports to their employer about their conditions. We are also required by law to report cases of occupational injury or occupational illness to the employer or workers’ compensation insurer.
  13. Change of Ownership. In the event that this medical practice is sold or merged with another organization, our patients’ health information/record will become the property of the new owner, although our patients will maintain the right to request that copies of their health information be transferred to another physician or medical group.
  14. Breach Notification. In the case of a breach of unsecured PHI, we will notify our patients as required by law. If they have provided us with a current email address, we may use email to communicate information related to the breach. In some circumstances our business associate may provide the notification. We may also provide notification by other methods as appropriate.
  15. Other disclosures specified in our Notice of Privacy Practices. We may disclose our patients’ health information as otherwise described in our Notice of Privacy Practices.
  16. Psychotherapy Notes. We will not use or disclose our patients’ psychotherapy notes without their prior written authorization except for the following: (1) treatment, (2) for training our staff, students and other trainees, (3) to defend ourselves if the patient sues us or brings some other legal proceeding, (4) if the law requires us to disclose the information to the patient or the Secretary of HHS or for some other reason, (5) in response to health oversight activities concerning the patient’s psychotherapist, (6) to avert a serious threat to health or safety, or (7) to the coroner or medical examiner following the patient’s death. To the extent the patient revokes an authorization to use or disclose their psychotherapy notes, we will stop using or disclosing these notes.
  17. Research. We may disclose our patients’ health information to researchers conducting research with respect to which their written authorization is not required as approved by an Institutional Review Board or privacy board, in compliance with governing law. We may also disclose your PHI to researchers when their clinical research study has been approved. They must have safeguards in place to ensure the privacy and protection of your PHI.
  18. Fundraising. We may use or disclose our patients’ demographic information, the dates that they received treatment, the department of service, their treating physician, outcome information and health insurance status in order to contact them for our fundraising activities. If they do not want to receive these materials, the patient can notify the Privacy Officer listed at the top of this Notice of Privacy Practices and we will stop any further fundraising communications. Similarly, the patient should notify the Privacy Officer if they decide they want to start receiving these solicitations again.

C. When this Medical Practice May Not Use or Disclose Health Information

Except as described in this Notice of Privacy Practices, this medical practice will, consistent with its legal obligations, not use or disclose health information which identifies individual patients without their written authorization. If a patient authorizes this medical practice to use or disclose health information for another purpose, the patient may revoke the authorization in writing at any time.

D. Our Patients’ Health Information Rights

  1. Right to Request Special Privacy Protections. Our patients have the right to request restrictions on certain uses and disclosures of their health information by a written request specifying what information they want to limit, and what limitations on our use or disclosure of that information they wish to have imposed. If our patients tell us not to disclose information to their commercial health plan concerning health care items or services for which they paid for in full out-of-pocket, we will abide by their request, unless we must disclose the information for treatment or legal reasons. We reserve the right to accept or reject any other request, and will notify our patients of our decision.
  2. Right to Request Confidential Communications. Our patients have the right to request that they receive their health information in a specific way or at a specific location. For example, they may ask that we send information to a particular email account or to their work address. We will comply with all reasonable requests submitted in writing which specify how or where our patients wish to receive these communications.
  3. Right to Inspect and Copy. Our patients have the right to inspect and copy their health information, with limited exceptions. To access their medical information, our patients must submit a written request detailing what information they want access to, whether they want to inspect it or get a copy of it, and if they want a copy, their preferred form and format. We will provide copies in the requested form and format if it is readily producible, or we will provide our patients with an alternative format they find acceptable, or if we can’t agree and we maintain the record in an electronic format, their choice of a readable electronic or hardcopy format. We will also send a copy to any other person our patients designate in writing. We will charge a reasonable fee which covers our costs for labor, supplies, postage, and if requested and agreed to in advance, the cost of preparing an explanation or summary, as allowed by federal and California law. We may deny our patients’ request under limited circumstances. If we deny a request to access a child’s records or the records of an incapacitated adult because we believe allowing access would be reasonably likely to cause substantial harm to the patient, the guardian or legal representative will have a right to appeal our decision. If we deny a patient’s request to access their psychotherapy notes, our patients will have the right to have them transferred to another mental health professional.
  4. Right to Amend or Supplement. Our patients have a right to request that we amend their health information if they believe it is incorrect or incomplete. Our patients must make a request to amend in writing, and include the reasons they believe the information is inaccurate or incomplete. We are not required to change our patients’ health information, and will provide them with information about this medical practice’s denial and how they can disagree with the denial. We may deny their request if we do not have the information, if we did not create the information (unless the person or entity that created the information Is no longer available to make the amendment}, if they would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. If we deny a request, our patients may submit a written statement of their disagreement with that decision, and we may, in turn, prepare a written rebuttal. Our patients also have the right to request that we add to their record a statement of up to 250 words concerning anything in the record they believe to be incomplete or incorrect. All information related to any request to amend or supplement will be maintained and disclosed in conjunction with any subsequent disclosure of the disputed information.
  5. Right to an Accounting of Disclosures. Our patients have a right to receive an accounting of disclosures of their health information made by this medical practice, except that this medical practice does not have to account for the disclosures provided to them or pursuant to their written authorization, or as described in paragraphs 1 (treatment), 2 (payment), 3 (health care operations), 6 (notification and communication with family) and 18 (specialized government functions) of Section A of this Notice of Privacy Practices or disclosures for purposes of research or public health which exclude direct patient identifiers, or which are incident to a use or disclosure otherwise permitted or authorized by law, or the disclosures to a health oversight agency or law enforcement official to the extent this medical practice has received notice from that agency or official that providing this accounting would be reasonably likely to Impede their activities.
  6. Right to Paper Copy of Notice of Privacy Practices. Our patients have a right to notice of our legal duties and privacy practices with respect to their health information, including a right to a paper copy of this Notice of Privacy Practices, even if they have previously requested its receipt by email. If we have a website, we must post our current Notice of Privacy Practices on our website.

E. Changes to this Notice of Privacy Practices

We reserve the right to amend our privacy practices and the terms of this Notice of Privacy Practices at any time in the future. Until such amendment is made, we are required by law to comply with this Notice. After an amendment is made, the revised Notice of Privacy Protections will apply to all PHI that we maintain, regardless of when it was created or received. We will keep a copy of the current notice posted in our reception area, and a copy will be available at each appointment.

F. Complaints

Complaints about this Notice of Privacy Practices or how this medical practice handles our patients’ health information should be directed to our Privacy Officer listed at the top of this Notice of Privacy Practices.

If you believe that your privacy rights have been violated, you should let us know by sending a letter describing the cause of the privacy concern. You will not be penalized or otherwise retaliated against for filing a complaint.