This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.
HIPAA AND GDRP NOTICE
Sometimes It may be necessary to use the User’s data without the User’s prior authorization. This is a legal obligation and may be necessary for the following purposes:
a. Payment Purposes. Coapt may use, disclose, store, or transmit the User’s PHI for payment purposes relating to the User’s health care treatment. It may be necessary to use, disclose, store, or transmit the User’s PHI to receive approval from the User’s health insurance provider. It Is necessary for us to use, disclose, store, or transmit PHI so that treatment, services, and medical devices provided by Coapt may be billed and collected from the User, the User’s insurance company, or other third-party payers as appropriate.
Bills requesting payment may include information that identifies the User, the User’s condition (e.g., a diagnosis or prognosis), any applicable codes with the insurance billing structure, services required, associated devices or device repairs and/or replacements, or supplies used. Coapt may also use or disclose the User’s PHI to another health care provider or entity covered under the Health Insurance Portability and Accountability Act (hereafter, “HIPAA”) for their payment activities.
Coapt submits all transactions to healthcare payers using the transaction and code set standards described in HIPAA. Specifically, Coapt submits claims for Coapt products using various HCPCS codes, being subject to change, in accordance with services and products affiliated with Coapt.
b. Treatment Activities. Coapt may use, disclose, or transmit the User’s PHI to assist, coordinate, or manage the User’s health care treatment. Coapt may disclose the User’s PHI to other health care providers who are also involved or will be involved in the User’s health care treatment. Coapt may receive the User’s PHI from other health care providers who are currently or will be involved in the User’s health care treatment. Coapt may use or disclose the User’s PHI for consultation between health care providers regarding the User as a patient.
For example, if a certified health care professional needs assistance with one of Coapt’s devices or services in relation to a User’s health care treatment, Coapt and the health care professional may exchange the necessary PHI to ensure optimal treatment, repairs, additional services, or otherwise provide substantial treatment to the User.
c. Healthcare Operations. Coapt may use, disclose, store, or transmit the User’s PHI in order for Coapt to conduct healthcare operations as a medical device company and perform functions that support our business activities. These activities include but are not limited to: quality assessment and assurance activities, quality management and medical device tracking activities, employee review, training of staff, customer service, technical support, and conducting or arranging for other business activities.
d. Food and Drug Administration (FDA). Coapt, being a producer of medical devices and medical technologies, is subject to many of the rules and regulations required by the FDA and to FDA jurisdiction. A covered provider may disclose the User’s PHI to Coapt to: report an adverse event, to track an FDA-regulated product, or other purposes related to the quality, safety, or effectiveness of the FDA-regulated product. This may include the routine tracking of medical devices’ firmware and software statuses, device parts and components, and warranty information relating to the User and their product that they either own or control. Coapt may use, disclose, store, or transmit the User’s PHI as required by the FDA to report adverse events, product defects, product problems or malfunctions, track products, enable product recalls or device repairs, make repairs or replacements to damaged or malfunctioning products, or to conduct post marketing surveillance and customer support.
e. Collection of Information by Public Health Agencies. Coapt may use, disclose, store, or transmit the User’s PHI to a public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability. This information may be used to report disease, injury, adverse events, and to conduct public health surveillance, public health investigations, and public health interventions. Coapt also may disclose or transmit information to a foreign government agency that is collaborating with the public health authority.
f. Required by Law. Coapt may use, disclose, store, or transmit the User’s PHI to the extent that the law requires the use, disclosure, storage, or transmission of the User’s PHI. The use, disclosure, storage, or transmission will be made in compliance with the law and will be limited to the requirements of such law.
g. Health Oversight Activities. Coapt may disclose or transmit the User’s PHI to a health oversight agency for the oversight activities as authorized by law, such as audits, investigations, and inspections. In many cases, agents that are auditing Coapt procedures and practices (such as an FDA-sanctioned quality management system audit) may have access to Coapt health records that contain PHI from one or more Users. In some of these cases, and in the present example, an agent may request more detailed information regarding a particular case, device, product, service, or otherwise related healthcare activity for a particular User; in these cases, Coapt is obligated to supply the information in question only to the minimum extent that is required by law. For more information regarding healthcare provider audits and procedures, please visit the FDA website or statutory requirements for medical device provider audits and recordkeeping procedures.
h. Legal Proceedings. Coapt may disclose or transmit the User’s PHI in the course of a judicial or administrative proceeding, in response to an order of a court or administrative tribunal, or in certain conditions in response to a subpoena, discovery request, or other lawful process.
i. Law Enforcement. Coapt may disclose or transmit the User’s PHI to a law enforcement official for law enforcement purposes. These disclosures and transmissions include the following purposes: disclosures pursuant to legal processes and as otherwise required by law; disclosures of limited information for identification and location of a suspect, fugitive, material witness, or missing person; disclosures about an individual who is suspected to be a crime victim; disclosure if there is suspicion that a death occurred as a result of a crime; disclosure if we believe that a crime has occurred on Coapt’s premises; and disclosures which are related to reporting a crime in response to or during a medical emergency.
j. Research. In some instances, Coapt may use, disclose, store, or transmit the User’s PHI for research purposes. All research which uses PHI is subject to a special approval process which will, among other things, evaluate the precautions used to protect patient (e.g., the User) medical information. In many cases, information which identifies the User will be removed. In other cases, this may be covered during the informed consent process wherein the User is provided with additional data privacy, management, and/or usage information.
k. Worker’s Compensation. Coapt may disclose the User’s PHI as authorized to comply with the workers’ compensation laws and other similar programs.
l. Threats to Health or Safety. Coapt reserves the right to disclose limited PHI if Coapt believes it is necessary to prevent or lessen a serious and imminent threat to the User or to the public.
m. Specialized Government Functions. Coapt may disclose the User’s PHI for the following government functions: military and veterans’ activities, including information relating to separation or discharge from military services, veterans’ benefits, or government programs providing public benefits as authorized by law and for purposes of sharing eligibility or enrollment information or for other covered functions.
n. Mergers and Acquisitions. In the course of Coapt’s business operations, there may be a merger with a third party, an acquisition of a third party’s business assets by Coapt, or sale of Coapt’s business assets to a third party. Such mergers and acquisitions may involve the sale or the purchase of PHI, not to conflict with HIPAA regulations.
a. Restriction requests: The User will have the right to request restrictions on how a covered entity will use and disclose PHI about them for treatment activities, payment purposes, and health care operations. If you, the User, are interested in exploring a restriction request please send notification of the request including your name, contact address, and the nature of the restriction request (not to include PHI) to Coapt’s contact address as listed below in writing.
Coapt is not required to agree to a User’s request for a restriction, but is bound by any restrictions to which Coapt agrees. In the case that Coapt denies a restriction request, a written explanation will be provided in a timely manner to the User. In the case that a modification may be made to the restriction request to approve such a request, Coapt may, but does not have the obligation, to provide the User with alternative restriction request specifications.
b. Information requests: The User has the right to request, inspect, or copy the information that has been collected about them, the source of this information, and obtain accounting of disclosures made by Coapt to third parties. The User may contact Coapt in writing for this request. Coapt is not required to agree to a User’s request for information, but is bound by any restrictions to which Coapt agrees. In the case that Coapt denies an information request, a written explanation will be provided in a timely manner to the User. In the case that a modification may be made to the information request to approve such a request, Coapt may, but does not have the obligation, to provide the User with alternative information request specifications.
All information that is requested from Coapt will be provided to the User for free on the first request. Subsequent requests may require a charge fee, the amount being noted to the User before any additional information is provided. Information may be provided in any reasonable form requested by the User, including a paper copy.
c. Deletion requests: The User has the right to request that information about them is deleted. The User may contact Coapt in writing for this request. The User understands that Coapt has the right to deny the User’s request for deletion of PHI and associated data for valid purposes. In the case that Coapt denies a deletion request, a written explanation will be provided in a timely manner to the User.
The User has the right to request correction of information. The User may contact Coapt in writing for this request. The User understands that Coapt has the right to deny the User’s request for deletion of PHI and associated data for valid purposes. In the case that Coapt denies a deletion request, a written explanation will be provided in a timely manner to the User.
The User has the right to know of any automated decision-making based on their PHI, and may request to not be subject to such. Currently, Coapt does not use PHI for any automated decision-making.
USE OF DATA
PHI that is used by Coapt may include multiple data types and amounts, and may be used in part or in whole for the purposes as described herein. This may include the following types of information: names, dates (excluding year), telephone numbers, geographic data, FAX numbers, social security numbers, email addresses, medical record numbers, account numbers, health plan beneficiary numbers, certificate or license numbers, device identifiers and serial numbers, internet protocol addresses, full face photos and comparable images, and any unique identifying number or code.
USES AND DISCLOSURES BASED UPON THE USER’S AUTHORIZATION
Other uses and disclosures of the User’s PHI will be made only with the User’s written authorization unless otherwise permitted or required by law. The user has the right to withdraw consent at any time. Instances where Coapt will obtain written authorization include the following:
a. Marketing. Coapt will not use or disclose the User’s PHI for marketing purposes without the User’s prior authorization. The User has the right to revoke such authorization to use or disclose PHI except to the extent action has already been taken on behalf of Coapt. To provide or revoke authorization to utilize the User’s PHI, the User may contact Coapt in writing to make either request.
b. Information from Social Media and Other Sites. The User may post, create content, or otherwise interact with Coapt’s social media platforms and websites. Any information shared as a result of these interactions will be considered an authorization to collect and distribute such information, depending on the nature of the information and location of the information shares. The User should understand that posting PHI on any platform has inherent risks and privacy concerns associated with it, and to contact Coapt about any websites, forums, or platforms wherein sharing PHI may result in accidently divulging information. Additionally, it is to be understood by the User that sharing information in relation to their Coapt products that they either own or control, such as posting to third-party social media any screenshots of any applications, products, or web pages, may contain sensitive PHI as contained therein. The User should understand that sharing this type of information on third-party social media platforms may inadvertently violate the third-parties’ terms of service or privacy policies. It is advised for the User to reference any third-party policies before making such posts, and it is to be understood by the User that Coapt is not to be held responsible or liable in any fashion for such disclosures or violations of third-party privacy policies.
Coapt will never sell the User’s PHI to a third party unless explicitly stated otherwise herein. Coapt values each User’s privacy, and will maintain standards to ensure that PHI is properly managed and transferred. Coapt does not use user’s data for automated decision-making; instead, clinicians may use Coapt products to help determine whether Coapt is right for their patients. Patients are welcome and encouraged to engage with their clinician regarding clinical decisions.
DATA COLLECTION AND STORAGE
Data is collected from the patients and their clinicians. Data is anonymized where necessary, and the use of any third parties for data storage is compliant with applicable regulations. Data is retained for as long as is reasonable for business purposes, but at a minimum to comply with any national or international regulations.
CHILDREN UNDER THE AGE OF 13
Coapt does not knowingly collect personally identifiable information form children under the age of 13. Parent or guardian authorization is required before use of the Coapt website or Complete ControlRoomv2 Application by children under the age of 13. If Coapt discovers that a child under the age of 13 has provided information to us, we will immediately delete the data. If you are a parent or guardian and you are aware that your child has provided us with personally identifiable information, please contact us at +1(844)262-7800 or at firstname.lastname@example.org.
More information regarding HIPAA and rights as a User can be found on the Human Health Services Website: https://www.hhs.gov/hipaa/for-individuals/faq/index.html.
For further information regarding Coapt’s policies, or to submit a request pursuant to this Notice, you may contact Coapt’s compliance manager, by phone at (844)-262-7800, or at the following email address: email@example.com
VIOLATION OF PRIVACY RIGHTS
Coapt has a legal obligation to maintain privacy and is committed to protecting the PHI of users. If the user believes that their privacy rights have been violated, the user may file a complaint either with Coapt at +1(844)262-7800 or at firstname.lastname@example.org, or their local privacy authority, defined below. The user may file a complaint without fear of retaliation.
For United States Citizens. Secretary of the Department of Health and Human Services at 200 Independence Avenue, S.W.; Washington, DC, 20201, or reach the Secretary by phone at +1(202)690-7000.
For European Union Citizens. National Data Protection Authority within your country. For more information on how to contact your Data Protection Authority, please contact us at +1(844)262-7800 or at email@example.com.