Effective Date: 2016
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
When this notice applies
This notice summarizes the Health Insurance Portability and Accountability Act (“HIPAA”) privacy practices of the EXOGEN Ultrasound Bone Healing System Health Care Component of Bioventus LLC (“Bioventus”) and those members of its workforce who provide EXOGEN treatment services to patients pursuant to a prescription or obtain reimbursement for EXOGEN, and those divisions, departments or business units that provide services to support these treatment and reimbursement functions (the “EXOGEN Health Care Component”).
We are required by law to:
- Maintain the confidentiality of protected health information;
- Give you this notice of our legal duties and privacy practices regarding health information about you;
- Notify you following a breach of unsecured protected health information about you; and
- Follow the terms of our notice that is currently in effect.
How we may use and disclose health information
The following categories of activities describe the ways that we may use and disclose protected health information that identifies you (“Health Information”).
Some of the categories include examples, but not every type of use or disclosure included in a category is listed. Except for the categories of activities described below, we will use or disclose Health Information about you only with written permission/authorization from you. If you give us permission to use or disclose Health Information for a purpose not listed in this notice, you may revoke that permission at any time by sending a written request to our Privacy Officer at the address listed at the end of this notice. However, we may release or use Health Information about you in reliance on your authorization at any time before receiving your notice of revocation.
a) For Treatment. We may use Health Information to assist in the provision of health care services. We may disclose Health Information to doctors, nurses, technicians, or other personnel, including people outside of the EXOGEN Health Care Component who may be involved in your medical care. For example, we may give Health Information to your doctor to assist you in using the EXOGEN Ultrasound Bone Healing System as appropriate for treatment purposes.
b) For Payment. Bioventus and its workforce may disclose Health Information about you so that we or others may bill or receive payment from you, from a government program, an insurance company or other responsible third party for the treatment and services you receive in connection with the EXOGEN Ultrasound Bone Healing System. For example, we may give your health plan information about your treatment with the EXOGEN Ultrasound Bone Healing System so that they will pay for such treatment. We also may tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment. If you choose to participate in the EXOGEN Connects program, aggregate data may be shared with health plans and their medical directors to facilitate reimbursement.
c) For Health Care Operations. We may use and disclose Health Information to support business activities that are necessary to maintain high quality care when delivering EXOGEN Health Care Component services to patients and for our business and management purposes. These activities include:
- Reviewing the adequacy and quality of the care that our patients receive, and the efficiency of our activities;
- Developing clinical guidelines for our services and the use of the EXOGEN Ultrasound Bone Healing System;
- Evaluating clinical outcomes for the EXOGEN Ultrasound Bone Healing System;
- Administrating the EXOGEN Ultrasound Bone Healing System operations;
- Conducting training programs for our services and the use of the EXOGEN Ultrasound Bone Healing System; or
- Conducting or arranging for medical review, legal services and auditing functions.
d) Individuals Involved in Your Care or Payment for Your Care. We may disclose Health Information to a person who is involved in your medical care or helps pay for your care, such as a family member or friend.
e) Research. Under certain circumstances, we may use and disclose Health Information for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one treatment to those who received another product for the same condition. Before we use or disclose Health Information for research, the project will go through a special approval process with an Institutional Review Board or Privacy Board. This process evaluates a proposed research project and its use of Health Information to balance the benefits of research with the need for privacy of Health Information as well as the rights and welfare of people who participate in research studies. We also may permit researchers to look at records to help them identify patients who may be included in their research project or for other similar purposes, so long as they do not remove or take a copy with them of any Health Information. In addition, we or our business associate independent contractors may contact you about opportunities to participate in future research studies that may help doctors better understand treatments for patients and that may help other patients in the future. Enrollment in most studies may occur only after you have been informed about the study, had an opportunity to ask questions, and indicated your willingness to participate by signing an authorization or consent form that has been reviewed and approved by an IRB or Privacy Board.
f) Business Associates. We may disclose Health Information to the business associates that we engage to provide services to the EXOGEN Health Care Component if the information is necessary for such services. For example, we may use independent contractors to work with you in filling your physician’s order for EXOGEN or we may use another company to perform billing services on our behalf. Our business associates are obligated, by contract, to protect the privacy of your information and are not allowed to use or disclose any information other than as permitted or required by the contract or as permitted or required by law.
g) Health Oversight Activities. We may disclose Health Information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure of health care facilities and providers. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
h) As Required by Law. We will disclose Health Information when required to do so by international, federal, state or local law.
i) We may contact you by mail, e-mail or phone to remind you of appointments or to tell you about treatment options or alternatives or health-related benefits, services and products that may be of interest to you. If you choose to participate in EXOGEN Connects, we may contact you by e-mail, text message, or telephone to provide treatment reminders and general health and wellness tips related to bone healing or specific suggestions on use of the EXOGEN device. If you allow others to have access to your text or e-mail messages, this information will be available to them as well. We may engage a business associate to provide you with these EXOGEN Connects treatment reminders.
In addition to the above, we may use and disclose Health Information in the following rare, special circumstances, some of which may never occur:
j) To Avert a Serious Threat to Health or Safety. We may use and disclose Health Information when necessary to prevent or lessen a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, will be to someone who may be able to help prevent the threat.
k) Military and Veterans. If you are a member of the armed forces, we may release Health Information as required by military command authorities. We also may release Health Information to the appropriate foreign military authority if you are a member of a foreign military.
l) Workers’ Compensation. We may disclose Health Information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or similar programs. These programs provide benefits for
work-related injuries or illness.
m) Public Health Activities. We may disclose Health Information for public health activities. These activities generally include disclosures to report reactions to medications or problems with products; notify people of recalls of products they may be using; and track certain products and monitor their use and effectiveness.
n) Lawsuits and Disputes. We may disclose Health Information in response to a court or administrative order. We also may disclose Health Information in response to a subpoena, discovery request, or other lawful process, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
o) Law Enforcement. We may release Health Information (1) as required by certain laws requiring the reporting of wounds or injuries, or in response to a court order, subpoena, warrant, summons or similar process; (2) in response to a request by law enforcement for limited information to identify or locate a suspect, fugitive, material witness, or missing person; (3) in response to a request by law enforcement for information about the victim of a crime if the victim agrees to the disclosure or if, under certain limited circumstances, we are unable to obtain the person’s agreement; (4) about a death we believe may be the result of criminal conduct; or (5) about criminal conduct on our premises.
p) Coroners and Medical Examiners. We may release Health Information to a coroner or medical examiner. In some circumstances this may be necessary, for example, to determine the cause of death.
q) National Security and Intelligence Activities. We may release Health Information to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
r) Protective Services for the President and Others. We may disclose Health Information to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
s) Inmates or Individuals in Custody. In the case of inmates of a correctional institution or that are under the custody of a law enforcement official, we may release Health Information to the appropriate correctional institution or law enforcement official. This release would be made if requested by the institution or law enforcement official (1) in order to provide you with health care, (2) to protect your health and safety or the health and safety of others, (3) for the safety and security of the correctional institution, or (4) for law enforcement at the correctional institution.
t) Incidental Disclosures. While we will take reasonable steps to safeguard the privacy of your Health Information, certain disclosures of your information may occur during or as an unavoidable result of our otherwise permissible uses or disclosures of your information. For example, during the course of a treatment session, other patients in the treatment area may see or overhear discussion of your information. These “incidental disclosures” are permissible.
You have the following rights, subject to certain limitations, regarding Health Information we maintain about you:
a) Right to Inspect and Copy. You have the right to inspect and copy Health Information that may be used to make decisions about your care or payment for your care. If we use or maintain an electronic health record about you, you may obtain a copy of your information in electronic format. We may not charge you more for a copy or a summary in electronic format than our labor costs in responding to the request for the copy. You may also direct us to transmit an electronic copy directly to an entity or person designated by you, as long as your designation is clear, conspicuous, and specific.
b) Right to Amend. If you feel that Health Information we have is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is maintained by or for us. You must tell us the reason for your request.
c) Right to an Accounting of Disclosures. You have the right to request an accounting of certain disclosures of Health Information we made for six years prior to the date of your request. We will provide one accounting a year for free, but will charge a reasonable, cost-based fee if you ask for another one within twelve months.
d) Right to Request Restrictions. You have the right to request a restriction or limitation on the Health Information that we use or disclose for treatment, payment, or health care operations. You have the right to request a limit on the Health Information that we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not share information about your treatment with your spouse. We are not required to agree to your request, except that we must comply with a request from you not to disclose your Health Information to a health plan, if the purpose for the disclosure is not related to treatment, and the health care items or services to which the information applies have been paid for out-of-pocket in full. If we agree to your request, we will comply with your request unless we need to use or disclose the information in certain emergency treatment situations. We may terminate our agreement to a restriction at any time by notifying you in writing, but our termination will only apply to information created or received after we sent you the notice of termination, unless you agree to make the termination retroactive.
e) Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we contact you only by mail or at work. Your request must specify how or where you wish to be contacted. We will accommodate reasonable requests.
f) Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. You may obtain a copy of our current notice at our website, https://www.exogen.com/.
g) Right to Breach Notification. You have the right to be notified following a breach of unsecured protected health information about you.
How to exercise your rights
Only our EXOGEN Health Care Component Privacy Officer can grant your request to exercise any of your rights described in this Notice. To exercise any of your rights, you must send a request, in writing, to our EXOGEN Health Care Component Privacy Officer:
Compliance Officer & EXOGEN Health Care Component Privacy Officer
4721 Emperor Blvd., Ste. 100
Durham, NC 27703
Phone: (901) 474-6845
Fax: (888) 279-5595
No other person is authorized to grant any request to exercise the rights described in this notice.
Changes to this notice
We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for Health Information we already have as well as any information we receive in the future. The notice will contain the effective date under the title “HIPAA Notice of Privacy Practices.” Copies of any revised notice will be provided upon written request, and our current notice will be posted on https://www.exogen.com/.
Complaints and questions
If you believe your privacy rights have been violated, you may file a complaint with us or the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696- 6775, or visiting www.hhs.gov/ocr/privacy/hipaa/ complaints/. To file a complaint with us, contact our Privacy Officer at the address listed above. All complaints to us must be made in writing. You will not be penalized or retaliated against for filing a complaint. If you have any questions about this notice, please contact our Privacy Officer.