Privacy Policy


PRIVACY POLICY AND HEALTH INFORMATION PRIVACY NOTICE

Last updated January 1, 2024

This Notice Describes How Information About You May Be Used and Disclosed and How You Can Get Access to This Information. Please Review This Carefully.

In this Notice, “we”, “our” or “us” means the Movement for Life clinics and our workforce of employees, contractors, and volunteers. “You” and “your” refers to each of our patients who are entitled to a copy of this Notice.

About Protected Health Information (PHI). 

We are required by federal and state law to protect the privacy of your personal information, including medical and health information. In compliance with those laws, we will protect information about you in the manner that is described in this Notice. We will refer to types of information that specifically identifies you as Protected Health Information—or “PHI”. The categories of PHI that we have collected include:

  • Name, email address, postal address, telephone number, social security number, driver’s license number, government IDs, passport number, and similar identifiers, marital status.
  • Information about your physical condition and characteristics (including images), your health and medical history, and your disabilities.
  • Employment history.
  • Information about family members and personal contacts that you provide us.
  • Insurance information, bank account information, credit and debit card numbers, and any other financial information.

We may use (within the organization) or disclose (outside of the organization) your Protected Health Information for the following purposes:

  • We will use your PHI to treat you.
  • We will use your PHI and disclose it to get paid for your care and related services.
  • We use or disclose your PHI for certain activities that we call “health care operations,” which are described below.
  • We will also use or disclose your PHI as required by law.
  • Certain trusted third parties, such as those who provide information technology services and systems, may have access to your PHI, subject to confidentiality obligations.
  1. Treatment

We use and disclose your PHI in the course of your treatment. For instance, once we have completed your evaluation or re-evaluation, we send a copy or summary of our report to your referring physician. We also maintain records detailing the care and services you receive at our facility so that we can be accurate and consistent in carrying out that care in an optimal manner; that record also assists us in meeting certain legal requirements. These records may be used and/or disclosed by members of our workforce to assure that proper and optimal care is rendered.

  1. Payment Involving a Third Party Payer

After we treat you, typically we will bill a third party for services you received. We will collect the treatment information and enter the data into our computer and then process a claim either on paper or electronically. The claim form will detail your health problem, what treatments you received, and it will include other information such as your social security number, your insurance policy number, and other identifying pieces of information. The third-party payer also may ask to see the records of your care to make certain that the services were medically necessary. When we use and disclose your information in this way, it helps us to get paid for your care and treatment.

  1. Payment Exclusive of a Third Party Payer (fully self-pay)

If you choose to pay for your services, in full, without involving a third party (insurer, employer, etc.) you may request that we do not disclose any information regarding your services for payment purposes.

  1. Health Care Operations

We also use and disclose your PHI in our health care operations. For example, our therapists meet periodically to study clinical records to monitor the quality of care at our facility. Your records and PHI could be used in these quality assessments. Sometimes we participate in student internship programs, and we use the PHI of actual patients to test their skills and knowledge. Other operational uses may involve business planning and compliance monitoring or the investigation and resolution of a complaint.

  1. Special Uses  

We also may use or disclose your PHI for purposes that involve your relationship to us as a patient. We may use or disclose your PHI to:

  • Update your workers’ compensation case worker or employer.
  • Remind you of appointments
  • Release equipment and/or supplies to you or your designee
  • Carry out follow-ups on your home programs or discharge planning
  • Advise you of new or updated services or home supplies via telecommunication or via a newsletter (you can choose to opt-out of receiving information of this nature from us)
  1. Uses & Disclosures Required or Permitted by Law

Many laws and regulations apply to us that affect your PHI, and they may either require or permit us to use or disclose your PHI. Here is a list from the federal health information privacy regulations describing some of the required or permitted uses and disclosures.

Permitted Disclosures: We will always obtain authorization from you regarding the following disclosures, even though they are permitted without express authorization.

  • If you do not object, we may share some of your PHI with a family member or a friend if he/she is involved in your care.
  • We may use your PHI in an emergency if you are not able to express yourself.
  • If we receive certain assurance that your privacy will be protected, we may use or disclose your PHI for research.

Required Disclosures: Sometimes we are required to disclose your PHI.

  • For public health activities such as reporting a communicable disease or reporting an adverse drug reaction.
  • To report suspected neglect, abuse, or domestic violence.
  • To government regulators or their agents, to determine whether we comply with applicable rules and regulations.
  • In judicial or administrative proceedings such as a response to a valid subpoena, or when ordered by a court to turn over certain types of your PHI.
  • When properly requested by law enforcement officials or other legal requirements such as reporting gunshot wounds.
  • To avert a health hazard or to respond to a threat to public safety such as an imminent crime against another person.
  • When deemed necessary by appropriate military command authorities if you are in the Armed Forces.
  • In connection with certain types of organ donor programs.
  1. Your Authorization May Be Required

In the situations noted above we have the right to use and disclose your PHI. In some situations, however, we must ask for, and you must agree to give, a written authorization that has specific instructions and limits on our use or disclosure of your PHI. If you change your mind, at a later date, you may revoke your authorization.

  1. Your Privacy Rights and How to Exercise Them

You have specific rights under our federally required privacy program. Each of them is summarized below:

  • Your Right to Request Limited Use or Disclosure: You have the right to request that we do not use or disclose your PHI in a particular way. However, we are not required to abide by your request. If we do agree to your request we must abide by the agreement; we have the right to ask for that request to be in writing and we will exercise that right.
  • Your Right to Confidential Communication: You have the right to receive confidential communications from us at a location or phone number that you specify. We have the right to ask for that request to be in writing noting the other address or phone number and confirmation that it should not interfere with your method of payment; we will exercise the right to have your request in writing.
  • Your Right to Inspect and Copy Your PHI: You have the right to inspect and copy your PHI. If we maintain our records in paper, that will be the format utilized; however, if we maintain our records electronically you have the right to review and/or have copies made in an electronic format. Should we decline we must provide you with a resource person to assist you in the review of our refusal decision. We must respond to your request within fifteen (15) days, we may charge reasonable fees for copying and labor time related to copying and we may require an appointment for record inspection; we have the right to ask for your request in writing and will exercise that right.
  • Your Right to Revoke Your Authorization: If you have granted us authorization to use or disclose your PHI you may revoke it at any time in writing. Please understand that we relied on the authority of your authorization prior to the revocation and used or disclosed your PHI within its scope.
  • Your Right to Amend Your PHI: You have a right to request an amendment of your record. We have the right to ask for the request in writing and we will exercise that right. We may deny that request if the record is accurate and/or if the record was not created by this facility. If we accept the amendment we must notify you and make effort to notify others who have the original record.
  • Your Right to Know Who Else Sees your PHI (Records on paper): You have the right to request an accounting of certain disclosure that we have made over the past six years. We do not have to account for all disclosures, including those made directly to you, those involving treatment, payment, health care operations, those to the family/friend involved with your care and those involving national security. You have the right to request the accounting annually. We have the right to ask for the request in writing and to charge for any accounting requests that occur more than once per year; we must advise you of any charge and you have the right to withdraw your request or to pay to proceed.
  • Your Right to Know Who Else Sees your PHI (Records maintained electronically): You have the right to request an accounting of disclosures that we have made over the past three years. You have the right to request the accounting annually. We have the right to ask for the request in writing and to charge for any accounting requests that occur more than once per year; we must advise you of any charge and you have the right to withdraw your request or to pay to proceed.
  • You Have a Right to Complain: You have the right to complain if you feel your privacy rights have been violated. You may complain directly to us by contacting our HIPAA officer noted in Section 10, or to the:

Office for Civil Rights, Region IX

U.S. Department of Health and Human Services

50 United Nations Plaza, Room 322

San Francisco, CA 94102

Voice Phone (415) 437-8310

Fax (415) 437-8329

TDD (415) 437-8311

We will not retaliate against you if you file a complaint about us. Your complaint should provide a reasonable amount of specific detail to enable us to investigate your concern.

  1. Some of Our Privacy Obligations and How We Perform Them
  • We will let you know promptly of a breach that may have compromised the privacy or security of your information.
  • We will provide you with a copy of this notice on request.
  • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind
  1. Notice to California Residents

We also comply with California’s statutes and regulations, including the California Privacy Rights Act A (CPRA). The CPRA provides California residents with specific rights regarding their personal information. This section describes your rights as outlined with the CPRA, and explains how to exercise those rights. “Personal information” for purposes of the CPRA has the same meaning as “PHI” for purposes of this policy, except that “personal information” does not include medical or health information regulated by certain laws applicable to that type of information.

The Right to Access Your Personal Information.

You have the right to request and obtain from us the types of personal information we have collected, used and shared about you, in the 12 months preceding your request, and why we collected, used and shared that information. You have the right to make this request twice within a 12-month period. Once we receive and verify request, we will disclose to you:

  • The categories of personal information we collected.
  • The specific pieces of personal information we collected.
  • The categories of sources from which we collected personal information.
  • The purposes for which we use your personal information.
  • The categories of third parties with whom we share your personal information.

The Right to Delete.

You also have the right to request the deletion of your personal information that has been collected and retained in the past 12 months, subject to certain exceptions. Once we receive and verify your request, we will delete your personal information from our files. We will also direct our third party service providers to delete your personal information. In certain situations, we may deny your deletion request for one of the following reasons:

  • We are unable to verify your request (as required by the CPRA).
  • We need your personal information to complete your treatment and obtain payment.
  • We need your personal information for certain business security practices.
  • We need your personal information for certain internal uses that are compatible with reasonable expectations or the context in which the information was originally provided.
  • We need your personal information to comply with a legal obligation, exercise legal claims or rights, or defend legal claims.
  • If the personal information is exempt from the CPRA, such as certain medical information, and consumer credit reporting information.

The Right to Opt-Out of Sale

We do not sell your personal information; therefore, we do not offer an opt out.

The Right to Not Be Discriminated Against

We will not discriminate against you for exercising any of your CPRA defined rights. We will not discriminate against you for exercising your rights under the CPRA by doing any of the following:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Your Rights by Submitting a Request

To exercise your right to know, access, and delete your personal information, please submit a verifiable request to us as follows:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may make a verifiable request under the CPRA twice within a 12-month period. The verifiable request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Verification of Your Identity

We cannot respond to your request or provide you with personal information unless we can verify your identity, per CPRA guidelines. We may need to ask you for additional information for verification purposes exclusively.

Other California Privacy Rights

California’s Shine the Light law: Under California Civil Code Section 1798.83 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their personal information with third parties for the third parties’ direct marketing purposes. If you’d like to request more information under the California Shine the Light law, you can contact us as described in his policy.

“Do Not Track” Disclosure as Required by California Online Privacy Protection Act (CalOPPA): We do not track our patients over time and across third party websites to provide advertising, and therefore we do not respond to Do Not Track (DNT) signals from your web browser.

  1. Changes to our Privacy Policy

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the website and update the policy’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

  1. Contact Information

If you have questions about this Notice, or if you have a complaint or concern, please contact:

Name: Kelly Sanders

Address: 408 Higuera Street, Suite #200

San Luis Obispo, CA 93401

Phone: 866-387-7778

Effective Date: This revised notice takes effect on January 1, 2024.