HIPAA Policy

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.

When you use AccuMix Pharmacy, LLC’s pharmacy services, website, online portals, or other technology platforms (collectively, the “Services”), we create and maintain records that include information about you and your health. Some of this information is “protected health information” or “PHI” as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

This HIPAA Notice of Privacy Practices (“Notice”) explains:

  • How we may use and disclose your PHI;
  • Your rights with respect to your PHI; and
  • Our legal duties and privacy obligations under HIPAA and applicable law.

When we say “AccuMix,” “we,” “us,” or “our” in this Notice, we mean AccuMix Pharmacy, LLC and its designated pharmacy operations that receive, process, and dispense prescriptions and perform related healthcare functions.

Our Responsibilities Under HIPAA

We are required by HIPAA and applicable state law (including Illinois law where it applies) to:

  • Maintain the privacy and security of your PHI;
  • Provide you with this Notice describing our legal duties and privacy practices;
  • Follow the terms of this Notice currently in effect;
  • Use or disclose your PHI only as described in this Notice, unless you authorize a different use or disclosure in writing; and
  • Notify you, as required by law, if a breach occurs that compromises the privacy or security of your unsecured PHI.

How We Typically Use and Share Your PHI

We may use and disclose your PHI for the following purposes without your written authorization, as permitted by HIPAA. Not every use or disclosure in a category is listed, but all will fall within one of these categories.

Treatment

We may use and share your PHI to provide, coordinate, or manage your healthcare and pharmacy care. For example:

  • Our pharmacists, technicians, and staff may review your prescription and medication history to safely dispense your medication;
  • We may contact your prescriber or other healthcare providers to verify prescriptions, clarify orders, or discuss therapy options;
  • We may share PHI with clinics, hospitals, or other pharmacies involved in your care.

Payment

We may use and disclose your PHI to obtain payment for pharmacy services. For example:

  • Submitting claims to your health plan or pharmacy benefit manager;
  • Determining coverage, copayments, or other cost-sharing;
  • Responding to requests from your insurer for information needed to process your claim.

Healthcare Operations

We may use and disclose your PHI for our healthcare operations, which help us run our pharmacy and improve quality of care. For example:

  • Quality assessment, training, and internal audits;
  • Pharmacy management, licensing, and accreditation;
  • Reviewing the performance of our professionals and services;
  • Coordinating with your health plan for certain operational activities.

We may also disclose PHI to other covered entities that have a relationship with you (such as your health plan) for their own healthcare operations, as permitted by law.

Reminders, Treatment Alternatives, and Health-Related Benefits and Services

We may use your PHI to contact you:

  • To remind you about refills or prescriptions we maintain for you;
  • To inform you about treatment alternatives; or
  • To let you know about health-related services or benefits that may be relevant to your care.

You may have the right to limit or opt out of certain non-essential communications as described in Section 4.

Individuals Involved in Your Care or Payment

When appropriate and consistent with HIPAA, we may disclose PHI to a person involved in your care or the payment for your care—such as a family member, close friend, or other person you identify—if the information is relevant to that person’s involvement.

If you do not want us to share PHI with certain individuals involved in your care or payment, please tell us so we can record your preference.

f. Disaster Relief

We may disclose your PHI to public or private organizations authorized to assist in disaster relief efforts, so they can help notify your family or others involved in your care about your location, condition, or death.

g. Business Associates

We may share PHI with third-party “business associates” that perform services for us (for example, technology vendors, data storage providers, billing companies, and SMS/email vendors). Business associates are required by contract and by law to protect your PHI and to use or disclose it only as permitted by us and by HIPAA.

Other Ways We May Use or Disclose Your PHI

HIPAA also permits or requires us to use or disclose PHI for other purposes, often related to public responsibilities such as safety and compliance. In many of these cases, we must meet specific legal conditions before using or disclosing your PHI.

Public Health and Safety

We may disclose PHI for public health and safety purposes, including:

  • Reporting certain diseases or conditions to public health authorities;
  • Reporting adverse events or problems with medications or medical products;
  • Supporting product recalls;
  • Reporting suspected abuse, neglect, or domestic violence as required or authorized by law;
  • Preventing or reducing a serious threat to the health or safety of you or others.

Research

We may use or disclose your PHI for limited research purposes without your written authorization when permitted by law, for example:

  • To prepare for a research study (such as identifying potential participants), under certain safeguards;
  • When an Institutional Review Board or Privacy Board approves a waiver or alteration of authorization after determining the research poses minimal risk to your privacy.

In other cases, we will obtain your written authorization before using or disclosing your PHI for research.

Health Oversight Activities

We may share PHI with government agencies that oversee healthcare systems and ensure compliance with laws, such as for audits, investigations, inspections, licensure, or disciplinary actions.

Data Breach Notification and Incident Response

We may use and disclose PHI as needed to investigate potential privacy or security incidents, mitigate harm, and provide legally required breach notifications.

As Required by Law or for Law Enforcement

We may use or disclose PHI when required or expressly permitted by federal, state, or local law. For example:

  • To respond to a court order, subpoena, or other lawful process;
  • To assist law enforcement in specific circumstances, such as locating a suspect or reporting certain types of injuries or crimes;
  • In connection with suspected or actual criminal activity on our premises.

Lawsuits and Disputes

We may disclose PHI in response to a court or administrative order, or in response to a lawful subpoena, discovery request, or other lawful process in the context of a legal dispute, as permitted by law.

Workers’ Compensation

We may disclose PHI to comply with workers’ compensation laws or similar programs that provide benefits for work-related injuries or illnesses.

Organ and Tissue Donation

If you are an organ donor, we may disclose PHI to organizations involved in organ, eye, or tissue procurement, banking, or transplantation to facilitate donation and transplantation.

Coroners, Medical Examiners, and Funeral Directors

We may disclose PHI to coroners, medical examiners, or funeral directors as necessary for them to carry out their duties.

Specialized Government Functions

We may disclose PHI to authorized officials for specialized government functions, such as:

  • Military and veterans’ activities;
  • National security and intelligence activities;
  • Protection of public officials;
  • Lawful custodial situations.

Inmates or Individuals in Custody

If you are in the custody of a correctional institution or law enforcement official, we may disclose PHI as necessary for the institution or official to provide you with healthcare, protect your health and safety or that of others, or for the safety and security of the institution.

Fundraising

We may use limited PHI (such as contact information) to contact you for our own fundraising efforts, as permitted by law. You will have the right to opt out of receiving fundraising communications, and choosing not to receive them will not affect your access to care.

When We Need Your Written Permission (Authorization) & When You Can Opt Out

For some uses and disclosures, HIPAA requires your written authorization. In other situations, you may have the right to opt out of certain communications.

Uses and Disclosures Requiring Written Authorization

Except in limited circumstances allowed by law, we will obtain your written authorization before we:

  • Use or disclose your PHI for certain marketing purposes as defined by HIPAA;
  • Receive any form of payment or other value in exchange for your PHI (a “sale” of PHI), where such transactions are permitted by law;
  • Use or disclose PHI for certain research purposes that require authorization;
  • Use or disclose psychotherapy notes (if we maintain any), except for limited purposes allowed by law.

If you give us an authorization for these or other purposes, you may revoke it at any time by sending a written revocation to the Privacy Officer listed in Section 7. Revocation will not affect any use or disclosure we have already made in reliance on your authorization.

Marketing and Informational Communications / Opt-Out

We may contact you about products, services, or programs that may be relevant to your care, including communications such as refill reminders or adherence support. Some of these communications are part of treatment or healthcare operations and do not require your written authorization, though you may still be able to opt out.

If you wish to stop receiving certain non-essential communications (for example, certain promotional emails or text messages), you may:

  • Follow the opt-out instructions in the message; or
  • Contact us using the information in Section 7 to request changes to your communication preferences.

Your Rights Regarding Your PHI

HIPAA provides you with several important rights concerning your PHI. Some rights may be subject to limitations and conditions under federal or state law.

Right to Inspect and Obtain Copies

You have the right to request to see or get a copy of PHI we maintain about you in a designated record set (for example, your prescription profile and billing records). You may request this information in paper or, where available, electronic form.

We will respond to your request within the timeframes required by law (usually within 30 days, with a possible extension if needed). We may charge a reasonable, cost-based fee as allowed by law for copying, mailing, or preparing summaries.

Right to Request an Amendment

If you believe information we maintain about you is incorrect or incomplete, you may request that we amend it. Your request must be in writing and explain why the information should be changed.

We may deny your request in certain situations, for example if:

  • The information is accurate and complete;
  • We did not create the information (and the creator is the better source); or
  • The information is not part of the records we maintain or are required to keep.

If we deny your request, we will tell you in writing and explain your rights, including the right to submit a statement of disagreement.

Right to Request Confidential Communications

You may request that we communicate with you in a certain way (for example, at a different mailing address, via a particular phone number, or not at a workplace address). We will accommodate reasonable requests, and we may require that your request be in writing and specify how or where you wish to be contacted.

Right to Request Restrictions

You may ask us to restrict how we use or disclose your PHI for treatment, payment, or healthcare operations, or to limit what we disclose to individuals involved in your care or payment.

We are not required to agree to most requested restrictions. However, if:

  • You pay for a specific item or service out of pocket in full, and
  • You request that we not disclose information about that item or service to your health plan for payment or healthcare operations,

we will generally honor that request unless a law requires us to share the information.

If we agree to a restriction, we will comply with it except in emergencies or as otherwise permitted by law.

Right to an Accounting of Disclosures

You have the right to request a list of certain disclosures of your PHI made by us during the previous six years (or a shorter period you specify). This list will not include all disclosures—for example, it generally will not include disclosures:

  • For treatment, payment, or healthcare operations;
  • Made directly to you;
  • Made pursuant to your authorization;
  • For certain law enforcement or national security purposes.

We will provide one accounting free of charge in any 12-month period. We may charge a reasonable, cost-based fee for additional requests within that period, as permitted by law.Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice at any time, even if you have agreed to receive it electronically. You may request a copy by contacting us using the information in Section 7 or by visiting our pharmacy or website.

Additional Protections for Certain Types of Information

Certain types of health information may be subject to additional protections under federal or state law, including but not limited to:

  • Mental health or behavioral health information;
  • Substance use disorder treatment records;
  • HIV/AIDS-related information;
  • Genetic testing information;
  • Certain reproductive health services or sensitive services.

When these laws apply, we will follow the more protective requirements for those categories of information. For example, we may need your written consent or authorization, or a specific type of court order, before disclosing certain sensitive information in some circumstances.

We will also act cautiously when dealing with personal representatives (such as parents or guardians) if we believe that disclosure of certain sensitive information could put you at risk of harm, consistent with HIPAA and applicable state law.

Other Important Information

Compliance with Laws

We will use and disclose PHI as required by applicable federal and state laws. If a state law affords you greater privacy protections than HIPAA, we will follow the more protective law where it applies.

Who Follows This Notice

This Notice applies to:

  • AccuMix pharmacists, technicians, and other personnel involved in pharmacy and healthcare operations;
  • AccuMix staff and departments that support our healthcare activities (such as billing, IT, quality, and compliance).

Re-Disclosure of PHI

If we disclose your PHI to someone who is not subject to HIPAA (for example, an individual you have authorized us to speak with), that person may not be required by law to protect the privacy of your PHI in the same way we are. However, in many cases other privacy laws or contractual obligations may still apply.

Changes to This Notice

We reserve the right to change this Notice at any time, as permitted by law. Any revised Notice will apply to PHI we already maintain, as well as any PHI we create or receive in the future.

When we make material changes to this Notice, we will:

  • Update the “Last Updated” date at the top; and
  • Make the updated Notice available in our pharmacy and on our website.

You may request a copy of the current Notice at any time.

Contacting Us (Privacy Officer)

If you have questions about this Notice, would like to exercise your rights, or want more information about our privacy practices, you may contact:

Privacy Officer

AccuMix Pharmacy, LLC

655 West Grand Ave, suite 240

Elmhurst, IL 60126

Phone: (866) 817-5303

Email: privacy@accumixrx.com 

Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

  1. AccuMix Privacy Officer (using the contact information above); and/or
  2. The U.S. Department of Health and Human Services, Office for Civil Rights (OCR):
    • Website: https://www.hhs.gov/hipaa/filing-a-complaint/index.html
    • Phone: 1-877-696-6775
    • Mail:

U.S. Department of Health & Human Services

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, D.C. 20201

You will not be penalized or retaliated against for filing a complaint or exercising any of your rights under HIPAA.