HIPAA Privacy Policy
This Notice under the Health Insurance Portability and Accountability Act of 1996
(“HIPAA”) describes how medical information about you may be disclosed and how you can
get access to this information. By submitting personal health information (“PHI”)
that identifies you to Cooler Heads Care, Inc. (“Cooler Heads”) through our website and
data systems, you implicitly accept the terms of this Policy.
Cooler Heads’ Protection of PHI
Under HIPAA, Cooler Heads is required by law to maintain the privacy of your PHI, and to provide you
with notice of our legal duties and privacy practices regarding PHI. Cooler Heads is committed
to the protection of your PHI and will make reasonable efforts to ensure confidentiality of your
PHI.
Use and Disclosure of PHI
As permitted under HIPAA, the following categories explain the types of uses and disclosures of PHI
Cooler Heads may make:
- For Treatment and Potential Insurance Coverage – Cooler Heads may request, use,
or disclose PHI for purposes of treatment and determining whether you are eligible to use Cooler
Heads’ products and services pursuant to a valid medical prescription, including
disclosure to physicians, nurses, pharmacies, and other healthcare professionals who provide you
with health care services and/or are involved in the coordination of your care, such as
providing your healthcare provider with troubleshooting assistance and answers to questions
regarding your use of our products and/or services. We may also reach out to your health
insurance companies to determine whether our products or services are eligible for coverage
under your health care plan. Cooler Heads may require you to sign a release for your PHI
and health records from the above individuals or entities to obtain the necessary documents
(including but not limited to prescription(s)) and information needed to provide our equipment,
products, and services.
- For Payment – Cooler Heads may use or disclose PHI to bill and collect payment
for the equipment, products, and services we provide, including disclosure to any renter or
purchaser of products and services being used by you or your health care plan.
- For Health Care Operations – Cooler Heads may use or disclose PHI for health care
operations purposes. These uses and disclosures are necessary, for example, to evaluate
the quality of our products and/or services, sales functions, and for Cooler Heads’
operations and management functions. Cooler Heads may also disclose PHI to other health
care providers or health plans involved in your care for their health care operations. For
example, Cooler Heads may provide PHI to coordinate your use of our products and/or services
with your health care or benefits.
- Reminders and Health-Related Benefits – Cooler Heads may use and disclose PHI to
contact you and/or other individuals (such as renters of equipment used by you, health care
providers, or plans) to remind you regarding deadlines pertaining to products and/or services,
or about new products or services available through Cooler Heads based on PHI disclosed by you
and/or your healthcare providers and plans.
- Individuals involved in your care or payment for your care — Cooler Heads may
disclose PHI to a person who is involved in your care or helps pay for your care, such as a
family member or friend.
- Business Associates — Cooler Heads may disclose PHI to its business associates to
perform certain business functions or provide certain services to Cooler Heads. For example, we
use Shopify to perform billing services on our behalf, and we use Zendesk to maintain the
privacy and security of PHI. All entities that qualify and “Business Associates”
under HIPAA are required to maintain the privacy and confidentiality of your PHI. In addition,
at the request of your health care providers or health care plan, Cooler Heads may disclose PHI
to their business associates for purposes of performing certain functions or health care
services on their behalf. For example, we may disclose PHI to a business associate of Medicare
for purposes of medical necessity review and audit. The above-mentioned examples are
intended to be illustrative and are not exhaustive of the entities that may perform services on
our behalf.
- Disclosure for Judicial and Administrative Proceedings — Under certain
circumstances, Cooler Heads may disclose your PHI in the course of a judicial or administrative
proceeding, including in response to a court or administrative order, subpoena, discovery
request, or other lawful process.
- As Required by Law — Cooler Heads must disclose your PHI if required to do so by
federal, state, or local law (including but not limited to disclosures that would be required
under our Quality Management System under the Food, Drug, and Cosmetic Act).
- De-Identified Information and Limited Data Sets — Cooler Heads may use and
disclose health information that has been “de-identified” by removing certain
identifiers making it unlikely that you could be identified. Cooler Heads also may disclose
limited health information, contained in a “limited data set.” The limited data set
does not contain any information that can directly identify you. For example, a limited data set
may include your city, county and zip code, but not your name or street address. Such
information may no longer constitute PHI and be covered under HIPAA.
ZenDesk
Cooler Heads uses Zendesk, a third-party, to store and maintain all prescription-related PHI on
behalf of its customers. Zendesk is a business associate of Cooler Heads and utilizes an
Advanced Compliance feature to comply with HIPAA and other patient privacy statutes. For more
information regarding Zendesk’s compliance obligations, visit
www.zendesk.com.
Other Uses and Disclosures of PHI
For purposes not described above (including uses and disclosures of PHI for marketing purposes and
disclosures that would constitute a sale of PHI), Cooler Heads will ask for your patient
authorization before using or disclosing PHI. If you agree to the “Patient
Authorization” below, you may revoke it, in writing, at any time, except to the extent action
has been taken in reliance on the authorization.
Breach Notification
Cooler Heads is required to provide patient notification if it discovers a breach of unsecured PHI
unless there is a demonstration, based on a risk assessment, that there is a low probability that
the PHI has been compromised. You will be notified without unreasonable delay and no later than 60
days after discovery of the breach. Such notification will include information about what happened
and what can be done to mitigate any harm.
Patient Rights Regarding PHI
Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:
- Right to Receive a Copy of the Cooler Heads Notice of Privacy Practices — You
have a right to receive a copy of this HIPAA Policy at any time by visiting our website at
www.coolerheads.com.
- Right to Request Limits on Uses and Disclosures of your PHI — You have the right
to request that we limit: 1) how we use and disclose your PHI for treatment, payment, and health
care operations activities; or 2) our disclosure of PHI to individuals involved in your care or
payment for your care. Cooler Heads will consider your request but is not required to agree to
it.
- Right to Request Confidential Communications — You have the right to request that
Cooler Heads communicate with you about your PHI at an alternative address or by an alternative
means. Cooler Heads will work to accommodate reasonable requests.
- Right to See and Receive Copies of Your PHI — You and your personal
representative have the right to access PHI consisting of your PHI or prescriptions submitted by
your physician. Within 30 days after our receipt of your request, you will receive a copy of the
requested PHI unless an exception applies.
- Right to Receive an Accounting of Disclosures — You have a right to receive a
list of certain instances in which Cooler Heads disclosed your PHI. This list will not include
certain disclosures of PHI, such as (but not limited to) those made based on your written
authorization or those made prior to the date on which Cooler Heads was required to comply. If
you request an accounting of disclosures of PHI that were made for purposes other than
treatment, payment, or health care operations, the list will include disclosures made in the
past six years, unless you request a shorter period of disclosures. If you request an accounting
of disclosures of PHI that were made for purposes of treatment, payment, or health care
operations, the list will include only those disclosures made in the past three years for which
an accounting is required by law, unless you request a shorter period of disclosures.
- Right to Correct or Update your PHI — If you believe your PHI contains a mistake,
you may request, in writing, that Cooler Heads correct the information. If your request is
denied, we will provide an explanation of the reasoning for our denial.
How to Exercise Your Rights or Contact Us
To exercise any of your rights described in this notice, or if you have any questions or complaints
regarding this Policy, please direct inquiries to:
info@coolerheads.com. Cooler Heads will not take
retaliatory action against you for filing a complaint about our privacy practices.
Changes to the HIPAA Privacy Policy
Cooler Heads reserves the right to make changes to this notice and to our privacy policies from time
to time. Changes adopted will apply to any PHI we maintain about you. Cooler Heads is required to
abide by the terms of our notice currently in effect. When changes are made, we will promptly update
this notice and post the information on the Cooler Heads website at www.coolerheads.com.
I have read and agree to Cooler Heads’ HIPAA Privacy Policy.
MARKETING AUTHORIZATION.
Cooler Heads creates and maintains information about patients who use its products and related
services, which is referred to as Protected Health Information (“PHI”), which is subject
to certain privacy protections defined under Cooler Heads’ HIPAA Privacy Policy.
By clicking “Accept” I agree that Cooler Heads may use PHI that includes my name, age,
physical and e-mail address, biographical information, diagnosis, prognosis, clinical and healthcare
provider name(s), dates of treatment, the locations where healthcare was provided to me for the
marketing, advertisement, and promotion of Cooler Heads’ current and future products and
related services. This authorization shall expire five (5) years following the date of
Authorization.
I acknowledge I have the right to refuse to “Accept” this Authorization, and Cooler
Heads may not condition the provision of health care products and/or services on my acceptance of
this Authorization. I acknowledge that my refusal to “Accept” this Authorization
does not limit Cooler Heads’ right to use or disclose PHI consistent with the terms of the
HIPAA Privacy Policy. I acknowledge I have the right to revoke this Authorization at any time,
except to the extent that PHI has already been used by Cooler Heads in reliance on this
Authorization. I understand that I must revoke this Authorization in writing by sending a
signed and dated notification to
info@coolerheads.com, which shall be
effective upon confirmation of receipt by Cooler Heads.
I hereby acknowledge that I have read and understand the terms of this Authorization, and
voluntarily authorize Cooler Heads to use my PHI set forth above in accordance herewith.