This Notice of Privacy Practices describes the privacy practices of Tides, our workforce, and the licensed clinicians who provide care through our platform (together, "we", "us", or "our") with respect to your Protected Health Information ("PHI"). PHI is health information that identifies you and that we receive or create in the course of providing healthcare services to you.
We are required by law to:
We will use and disclose your PHI to provide, coordinate, or manage your healthcare. For example, the clinician reviewing your intake will access your medical history, current medications, and goals in order to make a prescribing decision. We will share necessary information with the licensed pharmacy partner that dispenses your prescribed compounds.
We will use and disclose your PHI as needed to obtain payment for the services we provide. For example, we will share the minimum information necessary with our payment processor to bill and collect for your order.
We will use and disclose your PHI for operational activities necessary to run our healthcare services, including clinical quality improvement, credentialing, training, care coordination, auditing, and compliance reviews.
We will disclose your PHI when required by federal, state, or local law.
We may disclose PHI for public health purposes, including: reporting births, deaths, disease, or conditions; reporting child abuse or neglect; reporting adverse events, product defects, or post-marketing surveillance to the FDA; and notifying a person who may have been exposed to a communicable disease.
We may disclose PHI to health oversight agencies for activities authorized by law, including audits, investigations, inspections, and licensure.
We may disclose PHI in response to a valid court or administrative order, or in response to a subpoena, discovery request, or other lawful process, provided the applicable conditions under HIPAA have been met.
We may disclose PHI to law enforcement officials in limited circumstances required or permitted by law, such as in response to a warrant or for identification of a suspect, fugitive, or missing person.
We may disclose PHI as necessary to these officials to carry out their duties.
We may disclose PHI to organizations that handle organ procurement or transplantation.
We may use or disclose PHI for research purposes only with your authorization or where an Institutional Review Board has approved a waiver of authorization and the required privacy protections are in place.
We may use or disclose PHI when necessary to prevent a serious and imminent threat to your health and safety or the health and safety of another person.
We may disclose PHI as required for military, national security, protective services for the President, and certain correctional-institution or inmate-related purposes.
We may disclose PHI as authorized by, and to the extent necessary to comply with, state workers' compensation laws.
We may share PHI with third parties who perform services on our behalf ("Business Associates"), including our database provider, email provider, and pharmacy partners. Every Business Associate is required by a written agreement to protect your PHI to the same standards we apply.
Uses and disclosures not described above will be made only with your written authorization. In particular, the following always require your authorization:
You may revoke an authorization in writing at any time, except to the extent we have already acted in reliance on it.
You have the right to inspect and obtain a copy of your PHI that we maintain in a designated record set, in the form and format you request if readily producible. We will respond within 30 days of your request (with one possible 30-day extension). We may charge a reasonable cost-based fee for copies.
If you believe your PHI is incorrect or incomplete, you may request that we amend it. Your request must be in writing and must explain why the information should be amended. We may deny your request in certain circumstances, in which case you have the right to submit a written statement of disagreement.
You have the right to request an accounting of disclosures of your PHI made by us for purposes other than treatment, payment, and health care operations, and certain other exceptions. Your request must specify the time period, which may not be longer than six years.
You have the right to request a restriction or limitation on how we use or disclose your PHI for treatment, payment, or health care operations. We are not generally required to agree to a requested restriction. However, if you pay for a service or healthcare item out-of-pocket and in full, you may request that we not disclose PHI about that item or service to your health plan for purposes of payment or health care operations, and we will agree to that request unless we are required by law to disclose the information.
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location (for example, only by email, or at a specific address). We will accommodate reasonable requests.
You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive it electronically.
You have the right to be notified if there is a breach of unsecured PHI that compromises your privacy or security.
To exercise any of the rights described above, contact our Privacy Officer using the contact information at the end of this Notice.
We are required by law to maintain the privacy and security of your PHI and to provide you with this Notice of our legal duties and privacy practices with respect to your PHI. We must abide by the terms of the Notice currently in effect. We reserve the right to change this Notice, and the revised Notice will apply to all PHI we maintain, including information created or received before the change. The current Notice will always be posted on our website, and the effective date is displayed at the top.
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.
To complain to us: contact our Privacy Officer at privacy@gettides.com.
To complain to HHS: file a complaint with the Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, SW, Washington, D.C. 20201, by calling 1-877-696-6775, or by visiting hhs.gov/hipaa/filing-a-complaint.
We may revise this Notice at any time. A revised Notice will be effective as of the new effective date displayed at the top and will apply to all PHI we maintain. We will post the current Notice prominently on our website and make copies available upon request.
Tides — Privacy Officer
Email: privacy@gettides.com