NOTICE OF PRIVACY PRACTICES: Community Telehealth, PLLC

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. OUR PLEDGE REGARDING HEALTH INFORMATION:
We understand that health information about you and your health care is personal. We are committed to protecting health information about you. We create a record of the care and services you receive from us. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated by this practice. This notice will tell you about the ways in which we may use and disclose health information about you. We also describe your rights to the health information we keep about you, and describe certain obligations we have regarding the use and disclosure of your health information.
We are required by law to:
Make sure that protected health information (“PHI”) that identifies you is kept private. Give you this notice of our legal duties and privacy practices with respect to health information. Follow the terms of the notice that is currently in effect. We can change the terms of this Notice, and such changes will apply to all information we have about you.
II. HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU:
The following categories describe different ways that we use and disclose health information. For each category of uses or disclosures we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.

For Treatment, Payment, or Health Care Operations: Federal privacy rules (regulations) allow health care providers who have direct treatment relationship with the patient/client to use or disclose the patient/client’s personal health information without the patient’s written authorization, to carry out the health care provider’s own treatment, payment or health care operations. We may also disclose your protected health information for the treatment activities of any health care provider. This too can be done without your written authorization. For example, if a health care provider were to consult with another licensed health care provider about your condition, we would be permitted to use and disclose your personal health information, which is otherwise confidential, in order to assist the health care provider in diagnosis and treatment of your condition.

Disclosures for treatment purposes are not limited to the minimum necessary standard. Because other health care providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, among other things, the coordination and management of health care providers with a third party, consultations between health care providers and referrals of a patient for health care from one health care provider to another.
Lawsuits and Disputes: If you are involved in a lawsuit, we may disclose health information in response to a court or administrative order. We may also disclose health information about your child in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Security, Fraud Detection, and Prevention: We use the information, which may include personal data, in order to prevent fraud and other illegal or infringing activities. We also use this information to investigate and detect fraud. We can use personal data for risk assessment and security purposes, including the authentication of users. For these purposes, personal data may be shared with third parties, such as law enforcement authorities as permitted by applicable law and external advisers.
III. CERTAIN USES AND DISCLOSURES REQUIRE YOUR AUTHORIZATION:

Patient Consent and Agreement

1. All PHI requires your Authorization to share unless the use or disclosure is:

a. For our use in treating you.

b. For our use in defending ourselves in legal proceedings instituted by you.

c. For use by the Secretary of Health and Human Services to investigate our compliance with HIPAA.

d. Required by law and the use or disclosure is limited to the requirements of such law.

e. Required by law for certain health oversight activities pertaining to the originator of the session notes.

f. Required by a coroner who is performing duties authorized by law.

g. Required to help avert a serious threat to the health and safety of others. Marketing Purposes. As a health care provider, we will not use or disclose your PHI for marketing purposes.

Sale of PHI. As a health care provider, we will not sell your PHI in the regular course of our business.
IV. CERTAIN USES AND DISCLOSURES DO NOT REQUIRE YOUR AUTHORIZATION.
Subject to certain limitations in the law, we can use and disclose your PHI without your Authorization for the following reasons:
  1. When disclosure is required by state or federal law, and the use or disclosure complies with and is limited to the relevant requirements of such law.
  2. For public health activities, including reporting suspected child, elder, or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety.
  3. For health oversight activities, including audits and investigations.
  4. For judicial and administrative proceedings, including responding to a court or administrative order, although our preference is to obtain an Authorization from you before doing so.
  5. For law enforcement purposes, including reporting crimes occurring on our premises.
  6. To coroners or medical examiners, when such individuals are performing duties authorized by law.
  7. Appointment reminders and health related benefits or services. We may use and disclose your PHI to contact you to remind you that you have an appointment with us. We may also use and disclose your PHI to tell you about treatment alternatives, or other health care services or benefits that we offer.
V. CERTAIN USES AND DISCLOSURES REQUIRE YOU TO HAVE THE OPPORTUNITY TO OBJECT.
  1. The Right to Request Limits on Uses and Disclosures of Your PHI. You have the right to ask us not to use or disclose certain PHI for treatment, payment, or health care operations purposes. We are not required to agree to your request, and we may say “no” if we believe it would affect your health care.
  2. The Right to Choose How We Send PHI to You. You have the right to ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address, and we will agree to all reasonable requests.
  3. The Right to See and Get Copies of Your PHI. You have the right to get an electronic or paper copy of your medical record and other information that we have about you. We will provide you with a copy of your record, or a summary of it, if you agree to receive a summary, within 30 days of receiving your written request, and we may charge a reasonable, cost based fee for doing so.
  4. The Right to Get a List of the Disclosures We Have Made. You have the right to request a list of instances in which we have disclosed your PHI for purposes other than treatment, payment, or health care operations, or for which you provided us with an Authorization. We will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list we will give you will include disclosures made in the last six years unless you request a shorter time. We will provide the list to you at no charge, but if you make more than one request in the same year, we will charge you a reasonable cost based fee for each additional request.
  5. For law enforcement purposes, including reporting crimes occurring on our premises.
  6. The Right to Correct or Update Your PHI. If you believe that there is a mistake in your PHI, or that a piece of important information is missing from your PHI, you have the right to request that we correct the existing information or add the missing information. We may say “no” to your request, but we will tell you why in writing within 60 days of receiving your request.
What Can I Do to Protect My Privacy?
Where you use a Portal or other Service that is secured with a username and password, you are also responsible for taking steps to protect the privacy of Personal Information about you. In order to protect your privacy, you should:

• Never share your username or password;

• Always sign out when you are finished using the Portal;

• Use only secure web browsers;

• Employ common anti-virus and anti-malware tools on your system to keep it safe;

• Use a strong password with a combination of letters and numbers; and

• Change your password often.

If you share your Portal username and password with another person, this will allow that person to see your confidential medical record information. We have no responsibility concerning any breach of your confidential medical record information due to your sharing or losing your user name or password. You will maintain the confidentiality of your account and other information and promptly notify us if you become aware of any third-party use of your account or other information relating to the Sites or the services offered through the Sites. You are responsible for all acts, omissions, statements and other uses of your account and other information on the Sites and the Service.
EFFECTIVE DATE OF THIS NOTICE
This notice went into effect on 9/10/2025
Acknowledgement of Receipt of Privacy Notice
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), you have certain rights regarding the use and disclosure of your protected health information. By checking the box below, you are acknowledging that you have received a copy of HIPAA Notice of Privacy Practices
Questions or Concerns
If you have questions or concerns about our processing of your personal data, or if you want to exercise any of the rights you have under this notice, you are welcome to contact us. You may also contact your local data protection authority with questions and complaints. If anything in our privacy policy is unclear, or if you have any questions, please email us at privacy@communitytelehealth.com
Changes to the Notice
Just as our business changes constantly, this Privacy Statement may also change from time to time. If you want to see changes made to this Privacy Statement from time to time, we invite you to access this Privacy Statement to see the changes. If we make material changes or changes that will have an impact on you (e.g. when we start processing your personal data for purpose other than those set out above), we will contact you prior to starting that processing.