Notice of Privacy Practice for Express Rx
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
SCPGOpCo, LLC (and its affiliates, including, but not limited to Express Rx), is required by law to maintain the privacy of Protected Health Information (“PHI”) and to provide you with notice of our legal duties and privacy practices with respect to PHI. PHI is information that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services. This Notice of Privacy Practices (hereinafter called “Notice”) describes how we may use and disclose PHI to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. This Notice also describes your rights with respect to your PHI. We are required to provide this notice to you by the Health Insurance Portability and Accountability Act (“HIPAA”).
Express Rx is required to follow the terms of this notice. We will not use or disclose your PHI without your written authorization, except as described or otherwise permitted by this notice. We reserve the right to change our practices and this notice at any time, or as necessary, and to make the new notice effective for all PHI we maintain. Upon request, we will provide any revised notice to you.
How We Use and Disclose Protected Health Information (“PHI”) –
The following categories describe ways that we use and disclose your PHI. We have provided you with examples in certain categories; however, not every use or disclosure in a category may be listed.
Treatment. We may use your health information to provide and coordinate the treatment, medications and services you receive. For example, we may contact you regarding medications, equipment, supplies, compliance programs (such as drug recommendations, therapeutic substitution, refill reminders), other product or service recommendations (such as specialty and infusion therapies), counseling and drug utilization review (DUR), product recalls or disease state management.
Payment. We may use your health information for various payment-related functions. For example: We may contact your insurer, pharmacy benefit manager, or other health care payer to determine whether it will pay for your medications, equipment and supplies and the amount of your co-payment. We will bill you or a third-party payer for the cost of medications, equipment and supplies dispensed to you. The information on or accompanying the bill may include information that identifies you, as well as the medications you are taking.
Health Care Operations. We may use your health information for certain operational, administrative and quality assurance activities. For example: We may use information in your health record to monitor the performance of the staff and pharmacists providing treatment to you. This information will only be used to continually improve the quality and effectiveness of the health care and service we provide. We may disclose health information to business associates if they need to receive this information to provide a service to us and will agree to abide by specific HIPAA rules relating to the protection of health information. At no point will we request, require, or use your genetic information to make decisions about your eligibility for health insurance, your health insurance premium, contributions amounts, or coverage terms.
We may also use your health information to provide you with information about benefits available to you, and, in limited situations, about health-related products or services that may be of interest to you.
We are permitted to use or disclose your PHI in the following instances –
To Communicate with Individuals Involved in Your Care or Payment for Your Care. We may disclose to a family member, other relative, close personal friend or any other person you identify, PHI directly relevant to that person’s involvement in your care or payment related to your care.
Business Associates. We may contract with third parties to perform certain services for us, such as billing services, copy services or consulting services. These third-party service providers, referred to as Business Associates, may need to access your PHI to perform services for us. They are required by contract (called a Business Associate Agreement) and law to protect your PHI and only use and disclose it as necessary to perform their services for us.
Food and Drug Administration (FDA). We may disclose to the FDA, or persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacement.
Worker’s Compensation. We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
Public Health. As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
Law Enforcement. We may disclose your PHI for law enforcement purposes as required by law or in response to a subpoena or court order.
As Required by Law. We will disclose your PHI when required to do so by federal, state, or local law.
Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to tell you about the request or to obtain an order protecting the information requested.
Coroners, Medical Examiners, and Funeral Directors. We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Notification. We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.
Fundraising. We may contact you for fundraising efforts…but, you have the right to opt out of receiving such communication(s).
To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Military and Veterans. If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
National Security, Intelligence Activities, and Protective Services for the President and Others. We may release PHI about you to federal officials for intelligence, counterintelligence, protection to the President, and other national security activities authorized by law.
Victims of Abuse or Neglect. We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.
Other Uses and Disclosures of PHI – We will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in respect to the authorization.
Your Health Information Rights –
Obtain a paper copy of the Notice upon request. You may request a copy of our current Notice at any time, either from our pharmacy, our website, or you may request one by emailing HR@expressrx.net.
Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use or disclosure of your PHI by sending a request to the Privacy Officer at HR@expressrx.net. We are not required to abide by those restrictions. We cannot agree to restrictions on uses or disclosures that are legally required, or which are necessary to administer our business.
Inspect and obtain a copy of PHI. In most cases, you have the right to access and copy the PHI that we maintain about you. To inspect or copy your PHI, you must send an email request to the Privacy Officer at HR@expressrx.net. There may be a nominal fee for the costs related to copying, shipping and supplies that are necessary to fulfill your request. We may deny your request to inspect and copy in certain limited circumstances as outlined in HIPAA regulations. If it is possible, and you prefer it, we will provide a copy of your PHI in electronic format.
Request an amendment of PHI. If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send an email request to the Privacy Officer at HR@expressrx.net. You must include a reason that supports your request. In certain cases, we may deny your request for amendment.
Receive an accounting of disclosures of PHI. You have the right to receive an accounting of the disclosures we have made of your PHI for most purposes other than treatment, payment, or health care operations. The right to receive an accounting is subject to certain exceptions, restrictions, and limitations. To request an accounting, you must submit a request via email to the Privacy Officer at HR@expressrx.net. Your request must specify the time period.
Request communications of PHI by alternative means or at alternative locations. For instance, you may request that we contact you at a different residence or post office box. To request confidential communication of your PHI, you must submit a request in writing to the Privacy Officer at HR@expressrx.net. Your request must tell us how or where you would like to be contacted. We will accommodate all reasonable requests.
Where to obtain forms for submitting written requests. You may obtain forms for submitting written requests by contacting the Privacy Officer at HR@expressrx.net
Incidental Disclosures/Breach Notification Express Rx will make all reasonable efforts to avoid incidental disclosures of PHI. You have a right to be notified following any breach of your unsecured PHI.
Minors If you are a minor who has lawfully provided consent for treatment and you wish for Express Rx to treat you as an adult for purposes of access to and disclosure of records related to such treatment, please notify a staff member, pharmacist or the Privacy Officer.
For More Information, To Report a Problem, or File a Complaint If you have questions or would like additional information about Express Rx’s privacy practices, you may contact our Privacy Officer at HR@expressrx.net. If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer at HR@expressrx.net, by phone at (888) 814-3318, or with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to: 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
Effective Date This Notice is effective as of April 2020.