Notice of Privacy Practices and Disclaimer - HIPAA
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Solta Medical, Inc. (“Solta”) is committed to keeping your personal health information (PHI) confidential and secure. We will protect your PHI by maintaining privacy policies and procedures that meet or exceed the requirements of the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”).
This Notice describes how Solta may use and disclose PHI about you to carry out treatment, payment or health care operations and for other purposes that are permitted and/or required by law. This Notice also describes your rights to access and control your own PHI. Please note that we may change our privacy practices and this Notice at any time. If you have any questions about this Notice or your rights under HIPAA, please contact our legal department at the address or phone number listed at the end of this Notice.
WHAT IS PHI?
PHI is information that may identify you, including demographic information, and relates to your past, present, or future physical or mental health or condition and related health care services that you receive and how you pay for them. Related information that might identify you in connection with your PHI is also protected. This information would include, for example, your Social Security number, your telephone number or other identification numbers assigned to you.
HOW SOLTA MAY USE AND DISCLOSE PHI
Solta will usually use or disclose your PHI only for purposes of promoting quality treatment and conducting our own company internal operations. Here are more specific descriptions of how we may use or disclose PHI:
- Treatment. We may use and disclose your PHI to help deliver, coordinate and manage your health care and related services. For example, we may consult with your health care provider in connection with custom products he or she may prescribe specifically for you of if questions arise in the course of using our products in providing care to you but only if sharing your PHI is necessary under the circumstances.
- Payment. We generally do not provide health care products for which patients make payments directly. While we expect such circumstances to arise infrequently, we may nevertheless use and disclose your PHI, as necessary, to obtain payment for the health care products we provide.
- Operations. We may use and disclose your PHI in order to support our business activities. These activities may include, but are not limited to, quality assessment and improvement activities, business planning, management and general administrative activities. For example, we may use your PHI to assess the performance of our products, determine how to improve our products, resolve complaints, and assess the performance of our staff. We may combine health information about many of our customers to determine whether certain services/products are effective or whether additional services/products should be provided. We may disclose your health information to physicians, nurses, nursing assistants, medication aides, rehabilitation therapy specialists, technicians, medical and nursing students, and other personnel for review and learning purposes. We also may combine health information with information from other health care providers or facilities to compare how we are doing and see where we can make improvements in the care and services/products offered to our customers. We will remove information that identifies you from this set of health information so that others may use the information to study health care and health care delivery without learning the specific identities of our customers.
Please note the above examples are for illustration purposes only since we cannot describe every possible use or disclosure.
OTHER REASONS WE MAY USE AND DISCLOSE YOUR PHI
Solta may use or disclose your PHI for other reasons in order to provide you with the best service possible and to comply with various public health and legal requirements. These reasons include:
Business Associates. Some activities are performed for us, or on our behalf, by our business associates. For example, our business associates may include contracted educators, third party administrators and accounting firms. We have contracts with our business associates requiring them to protect your PHI as required by law.
Individuals involved in your care or payment for your care. Unless you instruct us otherwise, we may release PHI about you to a family member, relative, or personal friend, or any other person identified by you. We will disclose only your PHI which is relevant to the person’s involvement with your health care. You have the opportunity to agree or object to the use or disclosure of the PHI to the third party. If you are not present or able to agree or object to the disclosure of the PHI to the third party, then we may use professional judgment to determine whether the disclosure is in your best interest. In this case, only the PHI that is relevant to your healthcare will be disclosed to the third party. In an emergency treatment situation, we may use or disclose your PHI without your authorization.
Education and Information. While we do not typically contact individual patients regarding our products, we may use or disclose your PHI to inform you about health-related benefits and services that we provide and that we think may be of interest to you, or to send you information relating to custom products that we make for you under your physician’s orders.
Government Agencies. We may disclose your PHI to the Food and Drug Administration or other agencies in the US Department of Health and Human Services, or share information with parties regulated under the jurisdiction of the these agencies, for purposes of complying with federal drug and medical device laws and other federal laws regulating delivering and paying for health care products and services.
Public Health. As required by law, we may disclose PHI about you to public health or legal authorities that are authorized by law to receive and collect health information for the purpose of preventing or controlling disease, injury, or disability.
Law Enforcement. We may disclose PHI about you for law enforcement purposes as required by law or in response to a valid subpoena or other legal process.
Health oversight activities. We may disclose PHI about you to an oversight agency that is authorized by law to conduct health oversight activities. These oversight activities may include audits, investigations, inspections or licensure and certification surveys. These activities are necessary for the government to monitor the health care system and government programs that provide health care to individuals, and to ensure compliance with state and federal laws.
Judicial and administrative proceedings. We may use or disclose PHI to courts or administrative agencies charged with the authority to hear and resolve lawsuits or disputes. We may disclose your PHI pursuant to a court order, a subpoena, a discovery request, or other lawful process issued by a judge or other person involved in the dispute, but only if efforts have been made to (i) notify you of the request for disclosure or (ii) obtain an order protecting the PHI.
Research. We may use or disclose PHI about you for research purposes under certain limited circumstances. Because all research projects are subject to a special approval process, we will not use or disclose your PHI for research purposes until the particular research project for which your PHI may be used or disclosed has been approved through this special approval process. However, we may use or disclose your PHI to individuals preparing to conduct the research project in order to assist them in identifying residents with specific health care needs who may qualify to participate in the research project. Any use or disclosure of your PHI which may be done for the purpose of identifying qualified participants will be conducted onsite at our facility. In most instances, we will ask for your specific permission to use or disclose your PHI if the researcher will have access to your name, address or other identifying information.
To avert a serious threat to health or safety. We may use and disclose PHI about you when necessary to prevent a serious threat to your health and safety or the health and safety of other individuals, which may include disease outbreaks, product recalls or identified threats to a particular person. Any such use or disclosure would be made solely to the individual(s) or organization(s) that have the ability and/or authority to assist in preventing the threat.
Coroners, medical examiners, and funeral directors. We may release PHI about you to a coroner or medical examiner, when necessary to identify a deceased person or determine cause of death.
Organ or tissue procurement. Consistent with applicable law, we may disclose PHI about you to an organ procurement organization or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
Victims of Abuse. We may disclose PHI about you to a government authority if we reasonably believe that you are a victim of abuse, neglect, or domestic violence.
National security. We may release PHI about you to authorized federal officials for intelligence and other national security activities authorized by law. This may include disclosures necessary for the protection of government officials and foreign dignitaries.
Military and veterans. If you are a member of the armed forces, we may release PHI about you as required by military command authorities for activities they deem necessary for their military mission.
Correctional institutions. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may use or disclose your PHI to the correctional institution or to the law enforcement official as may be necessary (i) for the institution to provide you with health care; (ii) to protect the health or safety of you or another person; or (iii) for the safety and security of the correctional institution.
ANY OTHER USE OR DISCLOSURE OF PHI
Solta will obtain your written authorization before using or disclosing PHI about you for any purposes other those described above, or otherwise permitted or required by law. You may also authorize others (e.g., family members) to act on your behalf, including controlling your PHI. Parents and guardians will generally have authorization over the PHI of minors under their care.
You may revoke an authorization in writing at any time. Upon receipt of your written revocation, we will stop using or disclosing PHI about you, except to the extent we have already taken action in reliance on your authorization. To revoke an authorization, please send your request in writing with a copy of the authorization being revoked (or, if not available, a detailed description of the authorization including the date) to our Legal department at the address below.
YOUR HEALTH INFORMATION RIGHTS
You have certain rights with respect to your personal PHI. If you have any questions about how to exercise these rights, please contact our Legal department at the address below. You have the right to:
- Obtain a Copy of this Notice. If we provide treatment or equipment to you directly, you have the right to receive a written copy of this Notice. In those situations, we will provide you with our Notice either when we send you a new user information packet or upon our first delivery of health care products to you. We will ask you to acknowledge receipt of the Notice by sending back an acknowledgement form to Solta. If we provide treatment or equipment indirectly to you through another health care provider (such as a physician, medical clinic, or medical equipment supplier), you will have the right at any time to request a copy of this Notice by contacting our legal department.
- Request a Restriction on Use and Disclosure of PHI. You may ask us to limit our use or disclosure of your PHI for treatment, payment or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone, such as a family member or friend, who is involved in your care or in the payment of your care. For example, you could ask that we not use or disclose PHI regarding a particular treatment that you received. However we are not required to agree to your requested restrictions except in limited circumstances involving disclosures to health plans when you pay the provider in full for health care services provided to you. To request such a restriction, you must send a written request to our legal department at the address shown at the end of this Notice. In your request, you must tell us (a) what PHI you want to limit; (b) whether you want to limit our use, disclosure or both; and (c) to whom you want the limits to apply (for example, disclosures to a family member).
- Inspect and obtain a Copy of PHI. You have the right to inspect and copy PHI in our “designated record set” for as long as Solta maintains the PHI. The designated record set generally contains information about billing records, product service, and any limited medical information we may have about you. To inspect and copy this information, you must send a request in writing to our legal department at the address shown at the end of this Notice. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, and supplies necessary to fulfill your request. We may deny your request in certain limited circumstances, in which case you may request us to review the denial. Another professional selected by us will review your request and denial; the person conducting the review will not be the person who initially denied your request. We will comply with the outcome of this review.
- Request an Amendment of PHI. If you believe that PHI maintained by Solta is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by Solta. To request an amendment, you must send a written request to the Legal department at the address shown below. You must include a reason to support your request. We may deny your request for amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that (i) was not created by us, unless the person or entity that created the information is no longer available to make the amendment; (ii) is not part of the PHI kept by us or for us; (iii) is not part of the information which you would be permitted to inspect and copy; or (iv) is accurate and complete. If we deny your request for amendment, you have the right to file a statement of disagreement with our decision and we may give a rebuttal to your statement.
- Receive an accounting of disclosures of PHI. You have the right to receive an accounting of any disclosures of your PHI made by we have made in the last six years (from the date of your request) not including disclosures for treatment, payment, or health care operations (except in certain circumstances). This accounting will exclude certain disclosures, such as disclosures made directly to you, disclosures you authorized, disclosures to friends or family involved in your care, and disclosures for notification purposes. To request an accounting, you must submit a written request to our legal department at the address shown at the end of this Notice. Your request must specify the time period covered by your request (which can include up to six years). You may be charged for this service if you make more than one request within a twelve-month period. We will notify you of the cost in advance and you may choose to withdraw or modify your request at that time.
- Request Confidential Communications. You may request that we communicate with you other than through our normal means. For example, you may request that we communicate with you only in writing or at a different address or post office box. We will accommodate any reasonable request. To request confidential communication of PHI about you, you must submit your request in writing to our Legal department at the address shown at the end of this Notice.
- Right to a Paper Copy of this Notice. You have the right to receive a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice.
To obtain a paper copy of this notice, contact our Legal department at the address shown below.
SOLTA’S DUTIES UNDER HIPAA
As described in this Notice, Solta has the following obligations under the law with respect to protecting your privacy:
- We are required by law to maintain the privacy of PHI and to provide our customers with notice of our privacy practices. We are also required to provide notice to individuals in certain circumstances in the event of an unauthorized disclosure of their PHI.
- Whenever we use or disclose your PHI, we are required to disclose only that necessary for the purpose of the use or disclosure and nothing more. In some cases, this means that we will use or disclose only information that does not identify you.
- We are required to abide by the terms of this Notice while it is in effect.
- We reserve the right to change the terms of this Notice. In that event we will make the revised Notice applicable to all health records maintained by Solta, regardless of whether the records were created before or after the revision to the Notice; make the changes available to our customers on request; and post a copy of the revised Notice on our website.
If you believe your privacy rights have been violated in any way, you may file a complaint in writing with our Legal department. We will attempt to resolve your complaint promptly. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services. You will not be penalized for filing a complaint under any circumstances.
This Notice is effective October, 2012.
Any questions or concerns relating to Solta’s privacy policies and practices should be directed to our legal department:
Solta Medical, Inc.
25881 Industrial Boulevard
Hayward, California 94545