THIS NOTICE DESCRIBES HOW INFORMATION YOU PROVIDE TO GLUCOSE GUARDS, LLC MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
What is Protected Health Information (“PHI”)?
PHI is a category of information that refers to an individual’s medical records and history, which are protected under the Health Insurance Portability and Accountability Act (“HIPAA”) and its regulations. Glucose Guards may receive PHI from its members or their healthcare providers when its members are enrolled in our programs and assures it members that we follow the practices outlined in this Notice to safeguard all personal information that we receive.
What PHI does Glucose Guards collect from its members when enrolled?
When you voluntarily give your PHI to Glucose Guards through our online website, our mobile apps, our direct member portal, SMS messaging, email, approval given for us to access your medical records or any other means, and through your use of our Glucose Guards programs, we maintain strict standards to safeguard PHI in our secure systems. Examples of PHI you may provide to Glucose Guards may include some of the following information:
- When you join as a member of Glucose Guards, you provide personal information such as your name, address, height, weight, medical history, and/or insurance information.
- When you use our devices and online programs, we will receive health information from you, such as your blood glucose readings, blood pressure values, A1C values, and/or insulin intake units.
- We may also collect your prescription, lab and claims data from available information sources to allow us to provide you with a more customized program that fits your needs.
Who does Glucose Guards share my PHI with and why?
We use or disclose your PHI for treatment, payment, or healthcare operations purposes and other purposes permitted or required by law. By registering with Glucose Guards, you authorize Glucose Guards to use or disclose your PHI for such purposes, some examples of which are described below. We need your written authorization to use or disclose your health information for any purpose not covered by one of the categories below. We will not use or disclose your PHI for marketing purposes or sell your PHI, unless you have agreed to such use or disclosure.
You can inform us in writing at any time that you no longer allow us to use or disclose your PHI for the reasons shown below, but this will not stop any use or disclosure that we made based on your prior authorization. The law permits us to use and disclose your health information for the following purposes:
- Treatment: We may use or disclose your PHI to healthcare professionals for treatment purposes. This includes to the clinical teams at your employer, health plan, and/or pharmacy benefits managers, to the extent your employer, health plan, etc. sponsors your use of the Glucose Guards programs (e.g., by offering Glucose Guards as an employee benefit or paying for your use of Glucose Guards).
- Payment: We may use or disclose your PHI for purposes of billing and payment for the Glucose Guards programs. For example, we may disclose your PHI to your pharmacy benefits manager, health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our services. If you are insured under another person’s health plan (for example, parent, spouse, domestic partner, or former spouse), we may also send invoices to the subscriber whose policy covers your health services.
- Healthcare Operations: We may use or disclose your PHI for activities necessary to support our healthcare operations, such as performing quality checks on our services, internal audits, arranging for legal services, data analysis or developing reference ranges for our services. We also disclose your PHI to your health plan, employer’s clinical team, health care benefits consultant, or benefits manager clinical team, if your use of the Glucose Guards services is made available through and/or paid for by one of those groups. We will disclose only the minimum necessary PHI to accomplish the intended purpose of the particular use or disclosure.
- Business Associates – We may disclose your PHI to other companies or individuals that need the information to provide services to us. These other entities, known as “business associates,” are required to also keep the PHI confidential and secure. For example, we may provide information to companies that assist us with support services such as remote patient monitoring, glucometer devices or billing of our services.
- Deidentified and Aggregated Format: We may use and disclose your PHI in a deidentified and aggregated format (that is, one that does not include your individually identifiable information) to review our impact on all our members health and in hopes of making Glucose Guards programs even more effective to help you and patients or members like you better manage your chronic condition.
- Research: We may use and disclose PHI for research purposes when an Institutional Review Board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of your PHI and determined that the researcher does not need to obtain your authorization prior to using your PHI for research purposes.
- As Required by Law: We may use or disclose your PHI as required by law.
- Law Enforcement Activities, Legal Proceedings and Court Orders: We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence. We may disclose your PHI if required to do so by a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process during a judicial or administrative proceeding. We may also disclose PHI to those assisting in disaster relief efforts so that others can be notified about your condition, status and location.
- Family and Friends: At your request, we may disclose PHI to a family member, friend, or anyone else you specifically ask or permit us to provide the information to. Any such request will need to be in a specific written authorization that you sign.
- Other Uses and Disclosures: As and when permitted by HIPAA, we may disclose your PHI to:
- Public Health Authorities
- The Food and Drug Administration
- Health Oversight Agencies
- Military Command Authorities
- National Security and Intelligence Organizations
- Correctional Institutions
- Organ and Tissue Donation Organizations
- Coroners, Medical Examiners and Funeral Directors
- Workers Compensation Agents
What are my rights to my PHI?
You have rights to your PHI that we collect. You can request Glucose Guards to restrict the use and disclosure of your PHI by sending a signed, written request to the address below.
You can access your PHI we created or PHI you provided us online at any time by logging into your Glucose Guards member portal, or you can send a written or email request requesting your health information be sent to you. Once you review your PHI, if you see any problems with your PHI, you may request amendments to your PHI by making a written request to us at the address below. We may deny the request in some cases; for example, if we believe that the amendment you request would make your PHI inaccurate. If we deny your request to amend your PHI, we will provide you with a written explanation of the reason for the denial and additional information regarding further actions that you may take.
You also have the right to receive a list of certain disclosures of your PHI made by us in the six years before the date of your written request to us at the address below. Under the law, this does not include disclosures made for purposes of treatment, payment, or healthcare operations or the other certain other purposes we have stated above.
Please be aware that we are required under HIPAA to notify you in the event of a breach involving your PHI and will do so as required by law.
You have the right to obtain a paper copy of this Notice by written request to the address below.
What should I do if I have a question or concern about my collected PHI?
If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against any individual for filing a complaint.
Glucose Guards, LLC
Attention: Privacy Officer
994 W. Jericho Tpke. Suite 201
Smithtown, NY 11787
You can also call us at: (888) GLUCO49. However, please note that you may not revoke any authorization you have given us regarding your PHI except in a written notice of revocation, signed by you.
Does Glucose Guards collect information about me that is not PHI covered by HIPAA?
Glucose Guards is not a medical provider. While information we receive from your medical providers will generally be subject to HIPAA, certain other information – for example, information that you directly enter into any Glucose Guards portal, app, etc. – is not subject to HIPAA, even if it would be PHI if it came from your medical providers. We will store any such information in a manner that we reasonably believe to provide appropriate protection for the privacy and security of your personal information, but we do not represent or guarantee that we will store such information in a manner that would meet all requirements of HIPAA if HIPAA were applicable to it. In general, we will only use or disclose such information when such use or disclosure would be permitted by HIPAA, even though HIPAA may not apply to it.
How do I know whether information about me is PHI covered by HIPAA?
Generally, if you enroll directly in any Glucose Guards program (that is, if you are not enrolled through your physician, another of your healthcare providers, or your health insurance or managed care plan), then any information that you voluntarily provide to Glucose Guards through our website or otherwise, including your name and address and similar information, is not PHI covered by HIPAA. Only information that we obtain about you from your physician, another of your healthcare providers or your health plan will ordinarily be covered by HIPAA. As described above, we take what we believe are reasonable steps to provide appropriate protection for the privacy and security of your personal information, but you should not assume that specific HIPAA protections apply to personal information that you provide to us directly and not through your healthcare providers or health plan. If you have a question about whether particular personal information is covered by HIPAA, please contact us at the address shown above under “What should I do if I have a question or concern about my collected PHI?”