HIPAA PRIVACY NOTICE
This notice describes how medical information about patients of Infinipharm's Clients may be used and disclosed, and how patients of Clients can get access to this information. Please review it carefully.
Effective Date: 04-23-2021
The purpose of this document is to explain any use and/or disclosure by Infinipharm, LLC ("Infinipharm"), of Protected Health Information ("PHI", or "ePHI" for electronic Protected Health Information) of patients of Infinipharm's Clients ("Patients" collectively or "Patient" individually) provided by Clients of Infinipharm ("Clients" collectively, "Client" individually), as required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Standards for Privacy of Individually Identifiable Health Information (the "Privacy Rule").
Infinipharm only uses ePHI, as opposed to PHI. The use of ePHI is for the purpose of managing the information on behalf of the Clients, and potentially any employees of Infinipharm, to facilitate any services which Infinipharm provides to Clients. Any use of ePHI by Infinipharm employees would be limited to the scope provided within the documents entitled "Infinipharm Service Agreement" and "Business Associate Agreement", as partially cited below.
Infinipharm is allowed to use and disclose protected health information, without an individual's authorization, to the extent allowed by applicable law, for the following purposes or situations:
- To the individual (unless required for access or accounting of disclosures);
- Treatment, payment, and health care operations;
- Opportunity to agree or object;
- Incident to an otherwise permitted use and disclosure, including helping clients with questions and issues related to their account or the Infinipharm software;
- Public interest and benefit activities; and
- Limited data set for the purposes of research, public health or health care operations.
Infinipharm does not disclose any personally identifiable information to any third parties, unless required by law.
The below citation is meant to re-state the uses and disclosures of PHI by Infinipharm from the document entitled "Business Associate Agreement":
Except as otherwise limited in the Business Relationship or this BA Agreement, Business Associate may use and/or disclose Protected Health Information to perform the functions, activities, or services for, or on behalf of, Covered Entity as specified in the Business Relationship provided that such use and/or disclosure (a) would not violate the Privacy Rule if done by Covered Entity, (b) is in compliance with each applicable requirement of 45 C.F.R. § 164.504(e), and (c) is in compliance with the HITECH Act and those requirements relating to security and privacy that are made applicable to business associates by sections 13401 and 13404 of the HITECH Act. All other uses and/or disclosures not authorized by the Business Relationship or this BA Agreement are prohibited.
All requests by Patients for copies of the Patient's medical records, corrections of information on medical records, confidential communications, limitations on uses and disclosures of information, lists of those with whom the Patient's information has been disclosed to, and/or choosing someone to act on behalf of the Patient, must all be requested of the Client.
A Patient may request a copy of this privacy notice at the address shown below. A Patient may also submit a complaint to Infinipharm or to the Secretary of the department of Health and Human Services, if the individual believes his or her privacy rights have been violated.
All complaints, requests, or questions may be directed to:
PO Box 702
Springville, Utah 84663
Infinipharm is required by law to maintain the privacy and security of PHI and to provide Clients with notice of its legal duties and privacy practices. Infinipharm will promptly inform Clients if a breach occurs which may have compromised the privacy or security of any PHI of the Client's Patients.
Infinipharm is required to abide by the rules of this Privacy Notice.