Kannact Health, Inc. (“Kannact”) makes security and privacy of your personal identifying information and your Protected Health Information, or “PHI”, top priority. Personal identifying information includes name, email address, date of birth, etc. PHI includes blood glucose readings, prescription information, notes from conversations with your coach, assessment and evaluation results, etc.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 Kannact requires by law that we protect your PHI. We are also required to provide you with this Notice of Privacy Practices upon request. It describes your rights, our duties, and a full accounting of our privacy practices.
Highlights of Kannact’s Security and Compliance Components
• User Identiﬁcation and Veriﬁcation
• Authentication to Conﬁrm the User’s Identity
• SSL Handshake Protocol
• Encrypting all Data in Transit and at Rest
• Automatic Log--off During Inactivity
• Audit Control to Protect Users from Security Violations
• Backup of All Network Activity
Kannact is required to follow the terms of this Notice, and to notify affected individuals in the event of a breach involving unsecured protected health information.
We use your PHI for treatment decisions, billing, or operational purposes, and for other purposes permitted or required by law. For any type of disclosure that is not covered in the above, we are required to get your written authorization before disclosing your PHI.
Subject to compliance with limited exceptions, we will not disclose PHI for any of the following purposes without your express written consent: marketing purposes, or selling your PHI.
To revoke your signed authorization, you will need to provide written notice to us at the address provided in this notice. You may revoke consent at any time and we will discontinue disclosing your PHI for the purposes stated above.
Not every disclosure is listed in this Notice. All of our disclosures of your health information will fall into one of the following types:
Kannact provides a personal diabetes management program. This program relies on information to ensure that we provide you with the best care possible. We disclose your health information to authorized healthcare professionals who are authorized and request access to your information for treatment.
Kannact will disclose your PHI to approved and authorized companies for billing and payment. This information is limited to your health plan information (ex. name and member id to verify eligibility), and your prescription information for blood glucose testing supplies.
Kannact will disclose your PHI for activities necessary to improve and support our operations. This can include quality analysis, internal audit, and data analysis.
Business Associate Agreements
Kannact will disclose your PHI to partners that need the information in order to provide contracted services to us. These partners are considered “business associates,” and sign as Business Associate Agreement with Kannact before handling any PHI. They are legally required to maintain the privacy and security of your PHI. For example, we may provide information to companies that assist us with the billing of our services. We may also use an outside collection agency to obtain payment when necessary.
Law enforcement Activities And Legal Proceedings
We may use and disclose your PHI in the event that it is required by the law. We may disclose your PHI to prevent or lessen a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials when it may help in their proceedings and the proper authorization is provided. We may also disclose PHI to appropriate agencies if we reasonably believe that a person may be a victim of abuse, neglect, or domestic violence.
We may be ordered by a court to disclose your PHI, and will comply if the order has the appropriate authorization. We may disclose your PHI in response to any legal process such as a discovery request. In this case we will comply only if efforts have been made to inform you about the request or to obtain an order of protection for the requested information.
Kannact can disclose PHI for research purposes. In this case an Institutional Review Board or privacy board will first review the research proposal and protocols to ensure that your PHI will be private and secure, and determine that the researcher does not need your authorization prior to using your PHI for research purposes.
Other Possible Disclosures
As explicitly permitted by HIPAA, we may disclose your PHI to:
Public Health Authorities
The Food and Drug Administration
Health Oversight Agencies
Military Command Authorities
National Security and Intelligence Organizations
Organ and Tissue Donation Organizations
Coroners, Medical Examiners and Funeral Directors
Workers Compensation Agents
With your verbal or written permission, we will disclose pertinent and approved PHI to a family member, friend, or anyone else you designate in order for that person to be aware of your care. We will also disclose PHI to authorized persons assisting in disaster relief efforts so that others can be notified about your condition, status, and location.
For all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.
RIGHT TO ACCESS
You have the right to access your PHI that we have created. You may receive your information online by logging in at www.kannact.co
AMENDING YOUR PHI
If you desire to amend your PHI, you can request an amendment in writing to the address provided in this privacy document. Kannact reserves the right to deny the request in some cases. If we deny your amendment, we will provide you with a written explanation of the reason.
PHI DISCLOSURE RESTRCITIONS
You have the right to request that we send your health information by alternative means or to an alternative address. The request must be made in writing to the address provided in this privacy document. We will make every effort to comply with any reasonable request of this nature.
You have the right to obtain a paper copy by writing to the address provided in this privacy document.
Requests must be made in writing to the address provided in this privacy document. Requests should contain the specific requirements of your request. Kannact will review your request and respond to you.
QUESTIONS AND COMPLIANTS
You have the right to file a complaint with Kannact. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. Kannact will not retaliate against any individual for filing a complaint.
To file a complaint with us, or to ask any questions about our Privacy Notice, you must provide your complaint/questions in writing to the address provided below
Kannact Health, Inc. 2211 NW Professional Dr. Suite 100, Corvallis, OR 97330
Kannact reserves the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. A copy of our Privacy Notice is available upon request.
Effective: October, 2016