HIPAA Policy

DREAMCLOUD PSYCHIATRY

HIPAA Notice of Privacy Practices
Effective on August 1, 2022

In connection with your use of DreamCloud’s services, website, mobile app, products, and other technology platforms (collectively, the “Services”), you may provide us with health information and other identifiable information. This health information, together with your identifiable information, is known as “protected health information” or “PHI”. Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), DreamCloud is required to provide you with this Notice of Privacy Practices (this “Notice”) that describes how we may use and share your PHI for treatment, payment, or other purposes, and how you can access your PHI that we collect.

This Notice is effective with respect to you on or after, depending on when you use or access the Services, the Effective Date.

1. What are DreamCloud’s responsibilities under HIPAA?

Our responsibilities under HIPAA with respect to your PHI include:

  • Maintaining the privacy and security of your PHI;

  • Following the duties and privacy practices described in this Notice;

  • Only using or sharing your PHI as described in this Notice unless you tell us in writing that we can use or share it in some other way; and

  • Promptly letting you know if an incident occurs that may have compromised the privacy or security of your PHI.

2. How does DreamCloud use or share your PHI?

We may use or share your PHI for the following reasons:

  • Treatment. PHI may be used or shared in connection with your medical treatment and to provide you with related healthcare services. Your PHI may be shared with physicians, pharmacists, nurses, psychotherapists, pharmacy technicians, or other medical staff who need the information to provide your medical care.

  • Billing and payments. PHI may be used or shared for billing purposes in order to collect payment from you or a third-party payor for any medical treatment, therapy, product, or service you receive from DreamCloud.

  • Health care operations. PHI may be used or shared during health care operations that may involve other entities that have a relationship with you. For example, we may share PHI with your health insurance provider, from whom we may need to obtain prior authorization for prescription coverage.

  • Appointment reminders, prescription information, and related healthcare services. PHI may be used or shared to contact you to remind you that you have an appointment with us. We also may use and share PHI to tell you about prescription information or other healthcare services that are related to your care.

  • Individuals involved in your care or the payment for your care. Only when appropriate, we may share PHI with an individual who is involved in your medical care or payment for your care, such as a family member or friend. Please let us know if you prefer that we not share PHI in this way. Please note we are still permitted to share PHI with these individuals if we determine that sharing PHI is in your best interest based on professional clinical judgment.

  • Business Associates. PHI may be used or shared with our business associates who perform functions on our behalf or provide us with services, only if the information is necessary to obtain those services. All of our business associates are required to protect the privacy of PHI and are not allowed to use or disclose PHI other than as specified in a written Business Associate’s Agreement (BAA).

3. How else can we use or share your PHI?

We may be required or allowed to share your PHI in order to contribute to the public good, such as for public health and safety. Here are specific other examples of when we may use or share your PHI:

  • Patient safety and public health. PHI may be used and shared in connection with public health and safety issues such as preventing the spread of disease, reporting adverse reactions to medications, reporting suspected abuse or neglect, or preventing or reducing a serious threat to your or another person’s health or safety.

  • Health oversight activities. PHI may be used and shared with a health oversight agency for oversight activities such as audits, investigations, inspections, and licensure.

  • Data breach notification. PHI may be used and shared to provide legally required notices of unauthorized access to or disclosure of PHI.

  • As required by law or law enforcement. PHI may be used or shared if federal or state laws require it to be shared in a given circumstance. For instance, we may share PHI if we’re required to respond to a court order or other lawful process. We may also share PHI in relation to criminal conduct.

  • Disputes and lawsuits. If you’re involved in a lawsuit or a dispute, we may be required to share PHI in response to a court order, subpoena, request, or other lawful process by another individual involved in the dispute. We’ll first attempt to inform you about the order or request so you may determine whether to obtain an order protecting the information from being shared.

  • Disability benefit providers, life insurance, or workers’ compensation. We may use or share PHI with disability benefit providers, life insurance policy companies, workers’ compensation, and/or similar entities. These programs provide benefits for medical injuries or illness.

  • Regulatory or governmental security activities. We may share PHI with units of the government that have special functions such as the U.S. Department of State, Center for Disease Control, Transportation Security Authority, or U.S. Customs and Border Protection, for intelligence, counterintelligence, or other security activity.

4. Is written permission required to use and share your PHI?

It is not required to obtain your written permission to use or share your PHI for the purposes outlined in Sections 2 and 3 of this Notice. In all other circumstances, we can only use or share your PHI with your written permission. Your written permission is required for the following examples:

  • Marketing. We must obtain your written permission prior to using PHI for marketing purposes as defined in HIPAA.

  • Sale of PHI. We do not sell PHI and under no circumstances will we sell your PHI without your written permission.

  • Psychotherapy notes. We will not use or share psychotherapy notes about you without your permission except to defend ourselves in a legal action or other proceeding brought by you.

Please note that you may give your written permission and then you may later revoke your permission any time by sending a written revocation to our Privacy Officer at the email or mailing address written under Section 6.

5. What are the patient’s rights under HIPAA?

HIPAA gives you the following rights pertaining to your PHI:

  • Right to inspect and copy. You can ask to receive an electronic or paper copy of your medical record or other PHI we have collected about you. We will provide a copy or of your PHI within 30 days. We may charge a processing fee for these requests.

  • Right to correct. You can ask us to correct any PHI that you believe is incorrect or not complete. If we deny your request, we will provide a reason in writing within 60 days.

  • Right to confidential communications. You can tell us to contact you in a specific way (for example, home phone vs. mobile phone) or to send email to a certain address only.

  • Right to request additional restrictions. You can ask us to not use or share your PHI with certain individuals (such as a family member or friend) involved with your care or with payment related to your care. Please note we are still permitted to share PHI with these individuals if we determine that sharing PHI is in your best interest based on professional clinical judgment..

  • Right to a list of disclosures. You may request a list of all the times we have shared your PHI in the previous six years. We can provide all disclosures except those pertaining to treatment, payment, and health care operations. We will provide a copy within 60 days.

  • Right to a paper copy of this notice. You may request and we will provide a paper copy of this notice at any time, even if you agreed to receive the notice electronically.

6. What else do you need to know?

  • Changes to this Notice. We may change this Notice at any time. However, we will provide prior notice of any major changes by sending you a letter via email or other channel, with the effective date.

  • Privacy Officer. If you would like more information about your privacy rights, wish to make a specific request as detailed in this Notice, or if you disagree with an action pertaining to your PHI, please contact our Privacy Officer, Chris Lee, by email at chris@dreamcloud.co, or by mail at DreamCloud Psychiatry, 252 NW 29th Street, Floor 9, Miami, Florida 33127.

  • Complaints. If you believe your privacy rights have been violated, you can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by mail at 200 Independence Avenue, S.W., Washington, D.C. 20201, by phone at (877)696-6775, by going online to https://www.hhs.gov/hipaa/filing-a-complaint/index.html. DreamCloud will not retaliate against you for filing a complaint.