The movement before you move.

Contact Us

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION MAY BE USED AND DISCLOSED BY PHY HEALTH, INC, AND HOW IT MAY BE ACCESSED BY PHY HEALTH PARTICIPANTS.


PLEASE REVIEW IT CAREFULLY.

Purpose of This Notice of Privacy Practices

This Privacy Policy describes the health information privacy practices of Phy Health, Inc. (referred to as “Phy Health,” “we,” “our,” or “us,” herein). Phy Health offers coaching and other forms of guidance or therapy using the Phy Solution to individual participants in Phy Health coaching or professional health care services (“Participants”).

Applicable Law

Phy Health shall make every reasonable effort to comply with the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009, and the regulations promulgated thereto. Phy Health complies with these federal laws, applicable state laws, including but not limited to, when applicable, the California Privacy Rights and Enforcement Act of 2020 (the “CPRA”) and the California Consumer Privacy Act of 2018 (the “CCPA”) as well as, when applicable, the European Union General Data Protection Regulation (“GDPR”) regarding the privacy and security of protected health information. Under the GDPR, if applicable, you have the right to be forgotten and may request deletion of your data from Phy Health computer systems at any time, by sending an email to Privacy@Phy.health. Any questions or concerns regarding the privacy or security of protected health information hosted or transmitted by Phy Health, shall be reported to the Phy Health Privacy Officer at privacy@phy.health.

Phy Health’s Privacy Obligations

Under applicable state and federal laws (Collectively, the “Laws”), Phy Health maintains the privacy of each Participant’s health information (“Protected Health Information” or “PHI”) and provides each Participant with this Notice of Privacy Practices regarding Protected Health Information. When Phy Health uses or discloses Protected Health Information, it is required to abide by the terms of its privacy policy as reflected in this Notice as it may be amended or updated from time to time.

The Laws divide uses and disclosures of PHI into those which can be done without Participant authorization and those which require Participant authorization. Section IV describes uses and disclosures that can be done without Participant authorization. Section V describes uses and disclosures that can be made only with written Participant authorization.

Permissible Uses and Disclosures Without A Written Authorization

  • Uses and Disclosures For Treatment, Payment and Health Care Operations. Phy Health may use and disclose PHI under federal law in order to provide treatment, receive payment or engage in healthcare operations as described below:

    Treatment. Phy Health may use and disclose PHI to provide diagnosis and treatment to a Participant. Consistent with that use and disclosure, Phy Health may contact provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest and to disclose PHI to other providers involved in a Participant’s treatment.

    Payment. Phy Health may use and disclose PHI to obtain payment for services that Phy Health provides, for example to your health plan. HITECH provides, however, that you may pay for the services and request that your PHI not be disclosed to the health plan for that service.

    Health Care Operations. Phy Health may use and disclose your PHI for health care operations, which include administration, management and activities that improve the quality and cost effectiveness of Phy Health Services. Phy Health may also disclose PHI to health care providers or health care facilities when such PHI is required for them to engage in treatment, payment or health care operations.

    Research. We may also use your de-identified PHI to run (or authorize third parties to run) statistical or other research on individual or aggregate health or medical trends. Such research would only use your PHI in an anonymous manner that cannot be tied directly back to you.

  • Disclosure to Relatives, Close Friends and Other Caregivers. Phy Health may use or disclose PHI to a Participant’s family member, other relative, a close personal friend or any other person identified by a Participant if Phy Health (1) obtains and documents the Participant’s authorization; (2) provides the Participant with a confidential opportunity to object to the disclosure and the Participant does not object; or (3) reasonably infers from the circumstances and in the Phy Health provider’s professional judgment, that the Participant’s condition is dependent upon such a disclosure and/or that the Participant would not object given the circumstances.

    If a Participant is not present, or the opportunity to agree or object to a use or disclosure cannot practicably be provided because of incapacity or an emergency circumstance, Phy Health personnel may exercise professional judgment to determine whether a disclosure is in the best interest of the Participant. If Phy Health discloses information to a family member, other relative or a close personal friend without an authorization, Phy Health would disclose only information that Phy Health believe is directly relevant to the person’s involvement with the health care or payment related to the Participant’s health care. Phy Health may also disclose PHI in order to notify (or assist in notifying) such persons of a Participant’s location, general condition or death.

  • Public Health Activities. Phy Health may disclose PHI in order to comply with public health requirements, including but not limited to: (1) to report certain diseases, conditions or other findings to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report suspected abuse or neglect to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse or neglect; (3) to report information about products and services under the jurisdiction of the U.S. Food and Drug Administration; or (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition (under specifically limited circumstances).

  • Health Oversight Activities. Phy Health may disclose PHI to a health oversight agency that oversees the health care system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicare or Medicaid and civil rights laws.

  • Judicial and Administrative Proceedings. Phy Health may disclose PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.

  • Law Enforcement Officials. Phy Health may disclose PHI to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena.

  • Uses or Disclosures Required By Law. Phy Health may use and disclose your PHI when required to do so by any other law not already referred to in the preceding categories.

Uses and Disclosures Requiring Written Authorization

This Section V describes the circumstances pursuant to which Phy Health must obtain Participant’s written authorization to use or disclose PHI.

Phy Health only may use or disclose PHI when it receives a written authorization for such use or disclosure for any purpose other than the ones described above, and as described below.

  • HIV/AIDS Related Information. Phy Health shall only disclose PHI related to HIV or AIDs with the express authorization of the Individual, and for those reasons listed above.

  • Behavioral Health Information. Consistent with State and Federal laws, Phy Health will only disclose Behavioral Health Information pursuant to a valid written authorization. The confidentiality of alcohol and drug abuse Participant records maintained by Phy Health is protected by federal and state law and regulations. Phy Health may not disclose drug and alcohol medical records without a Participant’s written authorization.

Rights Regarding Your Protected Health Information

  • For Further Information; Complaints. Further information, concerns or complaints about Phy Health’s privacy practices, or about any violations of Participant privacy rights or disagreements with a decision that Phy Health made regarding access to PHI, should be addressed to the Phy Health Privacy Office, at the following address:

    Privacy Officer, PHY HEALTH
    Privacy@Phy.Health

    A Participant may also file written complaints with the Office of Civil Rights of the U.S. Department of Health and Human Services, at the following address:

    Office for Civil Rights
    https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html

    Or

    Centralized Case Management Operations
    U.S. Department of Health and Human Services
    200 Independence Avenue, S.W.
    Room 509F HHH Bldg.
    Washington, D.C. 20201

    Or, Email to OCRComplaint@hhs.gov

    Phy Health will not retaliate against any person who reports a privacy issue or files a complaint with the Director of OCR/HHS or with the Privacy Officer.

  • Right to Request Restrictions. A Participant may request restrictions on Phy Health’s use and disclosure of PHI (1) for treatment, payment and health care operations, (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by the Participant) involved with care or with payment related to care or to prevent or limit the notification of such individuals regarding a Participant’s location and general condition. While Phy Health will consider all requests for restrictions carefully, Phy Health is not required to agree to a requested restriction.

  • Right to Receive Confidential Communications. A Participant may request, and Phy Health will accommodate, any reasonable written request to receive his or her PHI by alternative means of communication or at alternative locations. Requests should be made to the Privacy Office in writing.

  • Right to Revoke Your Authorization. A Participant may revoke his or her Authorization, except to the extent that Phy Health have taken action in reliance upon it, by delivering a written revocation statement to the Privacy Office identified above.

  • Right to Inspect and Copy Health Information. A Participant may request access to medical record files and billing records maintained by Phy Health, if any, in order to inspect and request copies of the records. Under limited circumstances, Phy Health may deny access to a portion of such records. Record requests must be made in writing to the Privacy Office. Phy Health will charge $1.00 per page, for the first 100 pages, and $0.25 per page after that, up to a maximum of $200.00 per record, plus postage costs if mailing is requested.

  • Right to Amend Records. Each Participant has the right to request that Phy Health amend Protected Health Information maintained in Phy Health’s medical record file or billing records, by making such a request in writing to the Privacy Office. Phy Health will comply with such requests unless Phy Health believes that the amendment is inaccurate or would result in an inaccurate or incomplete record.

  • Right to Receive An Accounting of Disclosures. Upon written request to the Privacy Office, Phy Health will provide a Participant with an accounting of certain disclosures of PHI made by Phy Health during any period of time prior to the date of said request to the Effective Date, provided such period does not exceed six years.

  • Right to Receive Paper Copy of this Notice. Upon request, Phy Health will provide a paper copy of this Notice.

Effective Date and Duration of This Notice

  • Effective Date. This Notice is effective on January 7th, 2022.

  • Right to Change Terms of this Notice. Phy Health may change the terms of this Notice at any time. If Phy Health change this Notice, Phy Health may make the new notice terms effective for all Protected Health Information that Phy Health maintain, including any information created or received prior to issuing the new notice. Copies of any amended notice will be available from the Privacy Office.