Last Updated: 1/10/2022
In compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and the applicable provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, we are required to ask each of our users to acknowledge receipt of this Notice.
LifeWallet is accountable for compliance with HIPAA and is required by law to maintain the privacy of your PHI.
LifeWallet, LLC (“LifeWallet”,” “we,” “our,” or “us”) is not a medical provider.
This Notice is published on the LifeWallet website, and in the LifeWallet application.
You acknowledge receipt of the Notice when you select the “Sign Form” button after being presented these forms during the account creation/sign-up process in the LifeWallet applications or LifeWallet website, or by indicating or signing your acknowledgement in another written or digital format provided to you. You can receive a copy of the Notice by visiting our website and printing the form from there.
Your acknowledging the Notice is required by HIPAA and LifeWallet and if you do not wish to be bound by this Notice you are not authorized to access or use our website, application, or make use of our services, and you must promptly exit our website or application.
Individually identifiable health information held or transmitted, in any form or media, whether electronic, paper, or oral is included in the definition of PHI and is protected by this Notice. Individually identifiable health information is information, including demographic data that relates to:
- The individual’s past, present or future physical or mental health or condition,
- The provision of health care to the individual, or,
- The past present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
PHI also includes any and all medical information you share with LifeWallet, including your medical history and any medical records from providers, and also includes more general personal information that may identify you, such as your name, social security number, billing information, addresses, phone numbers, date of birth, and email address.
You have the following rights regarding PHI:
- You have the right to inspect and obtain a copy of your PHI.
- If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request.
- We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed.
- If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information. You must provide a reason that supports your request.
- We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend any of the following information:
- Information that was not created by us, unless the person or entity that created the information is no longer available to make the amendment.
- Information that is not part of the information which you would be permitted to inspect and copy.
- Information that is accurate and complete.
- You have the right to request an "accounting of disclosures" (that is, a list of certain disclosures LifeWallet has made of your PHI) in the six years prior to the date on which the accounting is requested.
- You do not have a right to an accounting of disclosures where such disclosure was made:
- For treatment, payment, or health care operations;
- To you about your own health information;
- Incidental to other permitted disclosures;
- Where authorization was provided;
- To family or friends involved in your care (where disclosure is permitted without authorization);
- For national security or intelligence purposes or to correctional institutions or law enforcement officials in certain circumstances; and
- As part of a limited data set where the information disclosed excludes identifying information.
- You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or health care operations. We are not required to agree to your request.
- You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.
HIPAA generally permits the use and disclosure of your health information without your permission for purposes of health care treatment, payment activities, and health care operations. Some sharing is often necessary in order to deliver care: sharing between emergency medical services, between firefighters and emergency room departments, etc. These uses and disclosures are more fully described below. Please note that this Notice does not list every use or disclosure; instead it gives examples of the most common uses and disclosures.
- LifeWallet may use or disclose medical information about you to facilitate medical treatment or services. We may disclose medical information about you to health care providers, including first responders, EMS, doctors, nurses, technicians, medical students, or other hospital personnel who are involved in taking care of you. For example, we might disclose information about you with first responders in an emergency situation.
- PHI may be shared with anyone as necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public, consistent with applicable law.
- When and as appropriate, LifeWallet may use PHI to help us improve our services and products. PHI may be disclosed:
- For the administration and support of LifeWallet;
- For quality assessment and administration improvement;
- To protect against abuses including fraud and waste; or
- For review by individuals such as contractors, including service, that serve a role in how we deliver our products and services to you. All third-party companies involved in our operations are also required to provide protections for your PHI and must also abide by HIPAA.
- We will disclose PHI when required to do so by federal, state, or local law. For example, we may disclose medical information when required by the U.S. Department of Labor or other government agencies that regulate us; to federal, state, and local law enforcement officials; in response to a judicial order, subpoena, or other lawful process; and to address matters of public interest as required or permitted by law (for example, reporting child abuse and neglect, threats to public health and safety, and for national security reasons). We are required to disclose medical information about you to the Secretary of the U.S. Department of Health and Human Services if the Secretary is investigating or determining compliance with HIPAA, or to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law. We may disclose your medical information to a health oversight agency for activities authorized by law (such as audits, investigations, inspections, and licensure).
- If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
- We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
- To parents and legal guardians overseeing the care of minors in accordance with applicable laws and regulations. We will share a minor’s data with a parent or guardian when required to do so by applicable law.
- We may release medical information about you for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.
- We will disclose your PHI to individuals authorized by you, or to an individual designated as your personal representative or similar persons, as long as you provide us with a written notice/authorization and any supporting documents. Please note, however, that under the HIPAA privacy rule, we do not have to disclose information to a personal representative if we have a reasonable belief that:
- You have been, or may be, subjected to domestic violence, abuse, or neglect by such person; or
- Treating such person as your personal representative could endanger you; and
- In the exercise of professional judgment, it is not in your best interest to treat the person as your personal representative.
- Other uses or disclosures of your PHI not described above will only be made with your written authorization. For example, in general and subject to specific conditions, we will not use or disclose your PHI for marketing; and we will not sell your PHI, unless you give us a written authorization. You may revoke written authorizations at any time, so long as the revocation is in writing. Once we receive your written revocation, it will only be effective for future uses and disclosures. It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation.
Uses and disclosures other than those described in this Notice will require your written authorization. Your written authorization is required for: most uses and disclosures of psychotherapy notes; uses and disclosures of PHI for marketing purposes; and disclosures that are a sale of PHI. You may revoke your authorization at any time, but you cannot revoke your authorization if the Plans have already acted on it.
The privacy laws of a particular state or other federal laws might impose a more stringent privacy standard. If these more stringent laws apply and are not superseded by federal preemption rules, LifeWallet will comply with the more stringent law.
LifeWallet is committed to your privacy, and this means that your data is protected as yours, and that without your written or electronically signed authorization, your PHI will not be shared outside of the purposes and audiences listed in this Notice. Other than for the purposes described in this document, we commit that:
- LifeWallet will not sell your PHI, unless you grant authorization for such a disclosure.
- LifeWallet will not share your PHI with your employer, unless you grant authorization for such a disclosure.
- LifeWallet will not share your PHI with your school or educational institution, unless you provide an authorization for such a disclosure.
Additionally, LifeWallet abides by all applicable federal and state laws regarding special protections. As stated above, we apply the most stringent of any one state’s laws, and this includes the rules governing authorization requirements that must be met prior to sharing PHI related to:
- Sexual assault;
- Sexually transmitted diseases;
- Drug and alcohol abuse; and
- Specific communicable diseases, including HIV/AIDS
LifeWallet will not share a mental health provider’s process notes save for when covered by the very specific use cases defined by HIPAA.
Pursuant to changes to HIPAA required by the Health Information Technology for Economic and Clinical Health Act of 2009 and its implementing regulations (collectively, "HITECH Act") under the American Recovery and Reinvestment Act of 2009 ("ARRA"), this Notice also reflects federal breach notification requirements imposed on LifeWallet in the event that your "unsecured" protected health information is acquired by an unauthorized party. We will notify you following the discovery of any "breach" of your unsecured protected health information as defined in the HITECH Act (the "Notice of Breach"). Your Notice of Breach will be in writing and provided via first-class mail, or alternatively, by email if you have previously agreed to receive such notices electronically.
We can change the terms of this Notice at any time. If we do, the new terms and policies will be effective for all of the medical information we already have about you as well as any information we receive in the future. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically accessing the application or visiting our website and to check for any changes.
If you believe your privacy rights have been violated, you may file a complaint with LifeWallet or with the Secretary of the Department of Health and Human Services.
Email firstname.lastname@example.org from the email address associated with your account.