Hinge Health MSO Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. 

Hinge Health MSO, Inc. ("Hinge Health MSO") is committed to protecting the privacy and security of our patients' data. To that end, we operate in compliance with all applicable privacy and data protection laws including the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH") and implementing regulations (“HIPAA”).  

This Notice of Privacy Practices describes the practices that we will follow with respect to the privacy of the health information we collect in connection with your consultation with and treatment by our network of licensed health care professionals (“Services”). 

What Health Information We Collect

Hinge Health MSO and its affiliated clinical entities are an Affiliated Covered Entity under HIPAA. Hinge Health MSO takes the confidentiality of your health information seriously.  In providing our Services, some of the information we collect may constitute protected health information (“PHI”) under HIPAA. PHI is personal (individually identifiable) information about you that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care, which is created, received, transmitted or maintained by Hinge Health MSO. This Notice of Privacy Practices describes how we protect the privacy of your protected health information as a user of our Services. As a provider of health services, Hinge Health MSO has certain obligations under HIPAA for maintaining the privacy and security of your PHI collected while performing our Services. 

What Information We Disclose

When you use our Services, Hinge Health MSO may use and disclose your PHI for the purposes described below. These uses and disclosures do not require your prior authorization. You may revoke your authorization for us to use or share your health information at any time, except for uses or disclosures we have already made. Hinge Health MSO may use and disclose your health information for the following purposes: 

Treatment:

We can use and share your health information with healthcare professionals that provide, coordinate, or manage your health care and any related services including referrals for health care from one health care provider to another.  This may include coordination or management of your health care with a third party. For example, Hinge Health MSO may disclose your PHI as necessary, to our schedulers, your Hinge Health, Inc. health coach, or to your physician to whom you have been referred by law.  Hinge Health MSO may use or disclose your PHI, as necessary, to contact you to remind you of your appointment or to provide you with information about alternative treatments or other health care services we provide.  If you request that Hinge Health MSO not make such contact with you, we will observe your wishes but may be unable to provide the requested services. Hinge Health may participate in health information exchanges (HIEs) and may electronically retrieve your medical information from, and share your medical information with, other participants in the HIEs for treatment, payment and/or healthcare operations purposes. We will only ever access and use your health information as permitted by HIPAA and other privacy laws. You can opt out of participating in an HIE at any time by contacting us at help@hingehealth.com and informing us that you opt out of including your medical information in an HIE.  Your opt-out will be effective as soon as we are able to process your request.  Information shared or retrieved prior to receipt of your opt-out will not be affected.  If you choose not to opt out, we may provide your medical information to the HIEs in which we participate in accordance with applicable law.

Payment:

We may use and share your health information, as necessary, to obtain reimbursement for our Services provided to you, including billing, claims management, determinations of eligibility and coverage, collections, case management, and other utilization review activities.  For example, we may disclose your PHI to your health plan to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our services.

Health Care Operations: 

We may use and share your health information for our internal business operations related to health care. These activities include, but are not limited to: facilitating the telemedicine connection and visit, care coordination, compliance reviews, receiving and responding to patient comments and complaints, audits, business planning, development, management, legal, administrative activities, quality assessment activities, employee review activities, training of medical and health care students, licensing, and conducting or arranging for other business activities.  We may combine PHI about many patients to make clinical qualitative review decisions or decide whether to offer additional services, and whether certain treatments are effective.  We may also disclose PHI for review and educational purposes.  In addition, we may remove or de-identify information that identifies you so that others can use the de-identified information to study healthcare, conduct research, collect population health data, and determine methods for improved health care delivery without learning who you are. 

Business Associates:

From time to time, we work with other companies and individuals who help us deliver our services, known as “business associates.”  These entities are required to keep any PHI confidential and store it securely. For example, we use business associates to help store the data that we collect, and to bill your health plan for the Services rendered.

De-identifiable and Aggregated Data:

We may use and disclose your PHI in a de-identified and aggregated manner to analyze our patients’ experiences and help improve our services. 

Research:

We can use or share your information for health research as authorized by law.  

As Required by Law:

We may use or disclose your PHI if state or federal laws require it. 

Public Health and Safety

We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person, or as requested by an authorized public health authority for any other public safety reason.  We may also disclose PHI to those assisting in disaster relief efforts so that others can be notified about your condition, status and location.

Law Enforcement Activities

We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence, and for any other reason required by applicable law.

Legal Proceedings

We may disclose PHI to respond to a court or administrative order, or in response to a warrant, investigation demand or other legal process.

We may also use and disclose your PHI for other purposes as permitted by HIPAA.  

Note Regarding State Law 

Where state law is more restrictive of disclosure than federal law, we are required to follow the more restrictive state law.

Notice Regarding Technology

We may use electronic software, services, and equipment, including without limitation email, video conferencing technology, cloud storage and servers, internet communication, cellular network, voicemail, facsimile, electronic health record, and related technology to share PHI with you or third-parties subject to the rights and restrictions contained herein. In any event, certain unencrypted storage, forwarding, communications and transfers may not be confidential. We will take measures to safeguard the data transmitted, as well as ensure its integrity against intentional or unintentional breach or corruption. However, in very rare circumstances security protocols could fail, causing a breach of privacy or PHI.  In the unlikely event that happens, we will take immediate steps to stop further breach of information and promptly notify you if your information is impacted. 

Your Rights

As a user of Hinge Health MSO’s services, you have rights with respect to your health information:

• Right to Inspect and Obtain a copy of PHI: You have a right to inspect and obtain a copy of your protected health information we maintain. 

• Right to Request Restrictions: You may request that we limit what information we use or share.  We will notify you within 60 days whether we can agree to your request. If you pay for a service or health care item out of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share.

• Right to Request Alternative Means of Confidential Communication: You have the right to request that copies of your medical information be provided by alternative means.  

• Right to Request Corrections: You have a right to request that we correct your protected health information that you think is incorrect or incomplete. 

• Right to Receive an Accounting of Disclosures: You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

• Right to Obtain a Paper Copy of this Notice: You have the right to obtain a paper copy of this notice upon request at the address below.

• Right to File a Complaint: You may file a complaint with us if you believe your Privacy Rights have been violated.  To file a complaint, or to ask any questions about this Notice of Privacy Practices, send an email to us at compliance@hingehealth.com, or write to us at the following address: 455 Market St., Suite 700, San Francisco, CA 94105. You can also call us at (855) 902 2777.

• You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights, or your state board governing your treating provider (for example, the Board of Physical Therapy or Medical Board). We will not retaliate against any individual for filing a complaint.

 Our Responsibilities

• We are required by law to maintain the privacy and security of your protected health information. 

• We will not use or disclose your PHI for marketing purposes or to sell your PHI, unless you have agreed to this use or disclosure, although we may use your PHI to keep you informed of services we offer.  

• We must follow the duties and privacy practices described in this notice and provide you with a copy of it. 

• We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

• We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. 

Changes to the Terms of this Notice

From time to time, we may change this privacy statement, which is applicable to all PHI we maintain about you. For example, as we update and improve our services, new features may require modifications to the privacy statement.  The new notice will be available on our website. Accordingly, please check back periodically.

Last updated on December 21st, 2021