Uses and Disclosures of PHI
We may use and disclose your PHI for the following purposes:
We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This may include communication with other healthcare providers regarding your treatment and coordinating your care with other providers.
We may use and disclose your PHI to obtain payment for healthcare services provided to you. This may include contacting your insurance company to verify coverage, billing and collection activities, and sharing PHI with healthcare providers, insurance companies, or collection agencies.
We may use and disclose your PHI for healthcare operations, including quality assessment and improvement activities, case management, accreditation, licensing, credentialing, and conducting or arranging for medical reviews, audits, or legal services.
We may use and disclose your PHI when required by federal, state, or local law.
We may use and disclose your PHI to prevent or control disease, injury, or disability; report child abuse or neglect; report reactions to medications or product issues; and notify individuals who may have been exposed to communicable diseases.
We may disclose your PHI to health oversight agencies for activities authorized by law, including audits, investigations, inspections, and licensure.
We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
We may disclose your PHI for law enforcement purposes as authorized by law.
We may use and disclose your PHI for research purposes when approved by an Institutional Review Board (IRB) and when appropriate privacy protections are in place.
If you are an organ donor, we may disclose your PHI to organizations involved in organ procurement, transplantation, or donation.
We may disclose your PHI as necessary to comply with workers' compensation laws and similar programs.
If you are a member of the armed forces, we may disclose your PHI as required by military authorities.
If you are an inmate, we may disclose your PHI to correctional institutions or law enforcement officials having lawful custody of you.
Your Rights Regarding PHI
You have the following rights regarding your Protected Health Information:
You have the right to inspect and obtain copies of your PHI maintained by us, subject to certain exceptions.
You have the right to request corrections or amendments to your PHI if you believe it is inaccurate or incomplete.
You may request an accounting of certain disclosures of your PHI made during the previous six years.
You may request restrictions on our use or disclosure of your PHI. While we will consider all requests, we are not required to agree to them.
You may request that communications regarding your PHI be made through specific methods or at specific locations.
You may obtain a paper copy of this Notice at any time, even if you previously agreed to receive it electronically.
You have the right to receive notification if a breach of your unsecured PHI occurs.
Transmission of PHI
We are committed to protecting the privacy and security of your PHI. Any electronic transmission of PHI will comply with the Health Insurance Portability and Accountability Act (HIPAA), including the use of Secure Socket Layer (SSL) encryption or equivalent technologies and adherence to applicable security standards.
Changes to This Notice
We reserve the right to revise this Notice at any time. Any revised Notice will apply to all PHI we maintain, including information collected before the revision date. Updated versions will be posted on our website and made available upon request.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the Secretary of the U.S. Department of Health and Human Services.
Contact Information
To exercise your rights or obtain additional information about this Notice, please contact us:
Luma Health Privacy Office
State-Specific Privacy Rights
Certain states provide additional privacy protections beyond HIPAA. Luma Health complies with all applicable state privacy laws, including those related to mental health records, HIV/AIDS information, genetic testing data, substance use treatment records, and other sensitive health information where required.
-
California
California residents may have additional rights under the Confidentiality of Medical Information Act (CMIA), including rights related to electronic access, marketing restrictions, sale of PHI, and protections for minors receiving sensitive healthcare services.
-
New York
We comply with New York laws protecting HIV-related information, mental health records, and genetic testing information.
-
Texas
We comply with the Texas Medical Privacy Act and applicable requirements concerning electronic PHI safeguards and consent-based disclosures.
-
Florida
We comply with Florida laws regarding mental health records, HIV/AIDS-related information, and substance abuse treatment records.
-
Illinois
We comply with Illinois privacy laws protecting mental health, HIV/AIDS, and genetic testing information and provide breach notifications as required by law.
-
Massachusetts
We comply with Massachusetts laws governing the protection of mental health, HIV/AIDS, and genetic testing information and maintain appropriate security safeguards.
For additional information regarding state-specific privacy rights, please contact our Privacy Officer at [email protected].