loader image
Get Started

HIPAA Policy

HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

In connection with your use of Symfonirx pharmacy services, website, mobile application, products, and other technology platforms (collectively, the “Services”), we may collect your health information and other identifiable information. Individually identifiable health information is known as “Protected Health Information” or “PHI”.

Under the Health Insurance Portability and Accountability Act (“HIPAA”), Symfonirx is required to provide you with this Notice of Privacy Practices (“Notice”), which describes how we may use and disclose your PHI for treatment, payment, and healthcare operations, how you can access your PHI, and your HIPAA rights and how to exercise them.

1. Our Responsibilities Under HIPAA

Symfonirx has specific responsibilities under the Health Insurance Portability and Accountability Act (“HIPAA”) with respect to your Protected Health Information (“PHI”). These responsibilities include:

  • Maintaining the privacy and security of your PHI in accordance with HIPAA requirements;
  • Following the duties and privacy practices described in this Notice;
  • Using or sharing your PHI only as described in this Notice, unless you provide us with written authorization to use or share it in another way;
  • Promptly notifying you if HIPAA requires us to inform you of a breach that may have compromised the privacy or security of your unsecured PHI.

2. How We Typically Use or Share Your Protected Health Information

Symfonirx may use or share your Protected Health Information (“PHI”) for the following purposes:

For Treatment

PHI may be used and shared in connection with your treatment and to provide you with healthcare services. For example, we may disclose PHI to our healthcare providers, including pharmacists, technicians, and other personnel who need the information to provide your care, as well as to other healthcare facilities such as clinics, pharmacies, hospitals, or medical centers.

For Payment

PHI may be used and shared so that we or others may bill and receive payment from you, your insurance company, or another third party for the treatment and services you receive.

For Healthcare Operations

PHI may be used and shared as part of our healthcare operations to manage and improve our business activities and ensure quality care. We may also share PHI with other entities that have a relationship with you, such as your health plan, for their own healthcare operations.

Reminders, Treatment Alternatives, and Health-Related Benefits and Services

PHI may be used to contact you with prescription reminders. We may also use and share PHI to inform you about treatment alternatives or health-related benefits and services that may be relevant to your care.

Individuals Involved in Your Care or Payment

When appropriate and subject to HIPAA limitations, we may share PHI with a person involved in your care or payment for your care, such as a family member or close friend, but only to the extent the information is directly relevant to their involvement. If you prefer that we not share your PHI in this way, you may notify us.

Disaster Relief

We may disclose your PHI to authorized public or private entities to assist in disaster relief efforts and coordinate care during emergencies.

Business Associates

We may share PHI with our business associates—third-party vendors who perform services or functions on our behalf—when such sharing is necessary. These business associates are required by law and contract to protect the privacy of your PHI and may only use or disclose it as permitted under their agreements with us.

3. How else can we use or share your protected health information?

We may be permitted or required to share your PHI in other ways (although we may have to meet certain conditions first) – usually, these ways contribute to the public good, such as public health, research, and safety. Specifically, we may use or share your PHI for the following purposes:

Public Health and Safety Issues

Subject to HIPAA’s limitations, we may use and share PHI in connection with public health and safety issues such as helping with product recalls, preventing the spread of disease, reporting adverse reactions to medications, reporting suspected abuse or neglect, or preventing or reducing a serious threat to anyone’s health or safety.

PHI may be used and shared for limited research purposes without your authorization. We may use your PHI as permitted by HIPAA to prepare for potential research and to contact you to see if you are interested or eligible to participate in a study. Also, if, through an independent review, a privacy board determines that the research conducted will pose minimal risk to your privacy, we may use and disclose your PHI according to the approved research protocol. Otherwise, we will seek your written authorization before using or disclosing your PHI to conduct research.

Health Oversight Activities

Subject to HIPAA’s limitations, we may use and share PHI in connection with a health oversight agency’s oversight activities, such as audits, investigations, inspections, and licensure.

Data Breach Notification and Incident Response Purposes

PHI may be used and shared to investigate potential security incidents, privacy issues, or breaches and to provide legally required breach notices.

As Required by Law or Court Order, and Required or Requested by Law Enforcement

Subject to HIPAA’s limitations, we may use and share PHI if local, state, or federal laws require or permit it to be shared in a given circumstance, if a law enforcement agency needs the PHI to carry out its duties, and if we’re required to respond to a court order or similar process. We may also share PHI in relation to suspected or actual criminal conduct, such as if criminal conduct occurred on our premises.

Lawsuits and Disputes

Subject to HIPAA’s limitations, we may use and share PHI to respond to lawsuits or disputes, and we may be required to share PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, including to someone else involved in the dispute.

Workers’ Compensation

We may use and share PHI for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illnesses.

Organ or Tissue Donation

If you’re an organ donor, we may use and share PHI with organizations that handle organ procurement or other entities engaged in procurement, banking, or transportation of organs, eyes, or tissues to facilitate organ, eye, or tissue donation and transplantation.

Coroners, Medical Examiners, and Funeral Directors

Subject to HIPAA’s limitations, we may use and share PHI with a coroner, medical examiner, or funeral director as necessary for their duties.

Specialized Government Functions

We may use and share PHI with departments or units of the government with special functions, such as the U.S. military or the U.S. Department of State, for intelligence, counterintelligence, and other national security activities authorized by law.

Inmates or Individuals in Custody

If you’re an inmate of a correctional institution or under the custody of a law enforcement official, we may use and share PHI with the correctional institution or law enforcement official.

4. When You Can Opt Out and When Written Permission Is Required

We’re not required to obtain your written permission to use or share your PHI for the purposes outlined in Sections 2 and 3 of this Notice. We are permitted to use your PHI to contact you, but you have the right to opt out of those communications. In other circumstances, we can only use or share your PHI with your written permission. For example, your written permission is required for the following purposes:

Sometimes we must obtain your written permission prior to using PHI for certain marketing purposes as defined in HIPAA. Other times, we must provide you with the ability to opt out of certain marketing communications. For example, we do not need your written permission to discuss products or services that may be of benefit to you, but you may opt out of these communications.

Sale of PHI

HIPAA requires us to obtain your permission in some situations if we will receive something of value in exchange for PHI. In these situations, we will not do so without your written permission.

Clinical Research

While we can use your PHI for limited research purposes, we must obtain your written permission to include you in certain clinical trials.

Please note that when you are asked for your permission to allow us to use or disclose your PHI for these reasons, you do not have to agree. Also, you may later revoke your permission at any time by sending a written revocation to our Privacy Officer at the contact details provided in Section 7.

5. What Are Your Rights Under HIPAA?

Symfonirx respects your rights under the Health Insurance Portability and Accountability Act (“HIPAA”). These rights apply to your Protected Health Information (“PHI”) maintained by us.

Right to Inspect and Copy

You may request to see or obtain an electronic or paper copy of your medical records and other PHI we maintain, including billing and payment records used to make decisions about your care. We will provide a copy or summary within thirty (30) days of your request, unless an extension is needed. We may charge a reasonable, cost-based fee for processing your request.

Right to Correct

You may request that we correct or update information in your medical records or other PHI if you believe it is incorrect or incomplete. We may deny your request, but we will provide a written explanation, usually within sixty (60) days, unless an extension is required.

Right to Confidential Communications

You may request that we contact you in a specific way (such as a home or work phone number) or send communications to a different address (including mail or email).

Right to Request Additional Restrictions

You may request restrictions on how we use or share your PHI for treatment, payment, or healthcare operations, or with individuals involved in your care or payment. While we will carefully consider your request, we are not always required to agree.

If you pay for a service out-of-pocket in full, you may request that we not share that information with your health insurer for payment or operations purposes.

Right to a List of Disclosures

You may request a list of disclosures of your PHI made in the past six (6) years, including who it was shared with and the reason. This list excludes disclosures related to treatment, payment, healthcare operations, and certain other disclosures authorized by you.

You are entitled to one free accounting of disclosures per year. Additional requests within twelve (12) months may be subject to a reasonable, cost-based fee. We will respond within sixty (60) days unless an extension is necessary.

Right to a Paper Copy of This Notice

You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

6. What Additional Protections Apply to Your Health Information?

Symfonirx complies with HIPAA and may also be required to follow other applicable federal and state privacy laws that provide additional protections for certain types of health information. These laws may include, for example, state mental health confidentiality laws or HIV/AIDS-related confidentiality protections. Where such laws apply, we will protect your information in accordance with those requirements.

If we have facilitated or provided reproductive health services (“RHS”), we apply additional protections to the Protected Health Information (“PHI”) related to that care.

  • For example, we may require assurances from any requester of your PHI that may relate to RHS before disclosing such information in response to certain law enforcement requests, health oversight activities, legal proceedings, or requests from a coroner. In certain situations involving the RHS, HIPAA, and applicable law may prohibit us from disclosing your PHI.
  • We will also exercise caution when determining whether to treat someone as your personal representative if we believe that doing so could place you or your health at risk in connection with reproductive health services.

7. What Else You Need to Know

Symfonirx is committed to protecting your privacy and complying with applicable federal and state laws regarding the use and disclosure of your Protected Health Information (“PHI”).

Compliance with Laws

We will share information about you if state or federal laws require or permit us to do so.

Who Follows This Notice

This Notice applies to the designated healthcare components of Symfonirx, including:

  • Symfonirx pharmacists and staff; and
  • Symfonirx personnel who support the healthcare activities of Symfonirx.

Redisclosure

Some disclosures of PHI may be made to individuals or organizations that are not legally required to keep your information private. For example, if you authorize us to disclose your PHI to a third party that is not covered by HIPAA, that party may not be required to protect your health information in the same way.

Changes to This Notice

We reserve the right to change this Notice at any time, and any changes will apply to the information we already have about you as well as future information. The updated Notice will be made available upon request, in our office and on our website.

If you would like more information about your privacy rights, wish to make a request as described in this Notice, believe your privacy rights have been violated, or disagree with a decision regarding your access to PHI, you may contact us at:

Email: info@symfonirx.com
Fax: 718-935-1113
Address: 1336 Utica Ave, Brooklyn, NY 11203

Complaints

If you believe your privacy rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights:

No Retaliation

We will not retaliate against you for filing a complaint.