HIPAA Privacy Notice


This Notice of Privacy Practices (“Notice”) describes the privacy practices of  Phil, Inc and its affiliates (“Phil”).

Phil is required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and implementing regulations to protect the privacy of protected health information (“PHI”) about you. Phil is also required by law to provide you with this Notice of Privacy Practices (this “Notice”) explaining its legal duties and privacy practices with respect to PHI. Phil is legally required to follow the terms of this Notice currently in effect. Phil is required by law to notify affected individuals following a breach of unsecured PHI. Phil may change the terms of this Notice at any time. Phil reserves the right to make changes and to make the new Notice effective for all information that Phil maintains. Changes to the notice will be posted to the website. Copies of the most current Notice are also available upon request from our Privacy Officer.

This Notice:

  1. discusses how Phil may use and disclose medical information about you.

  2. explains your rights with respect to medical information about you.

  3. describes how and where you may file a privacy-related complaint.

Permissible Uses and Disclosures Without Your Written Authorization

This section discusses how PHI may be used or disclosed without an authorization. Not every use or disclosure in a category will be listed. Your PHI may be stored in paper, electronic or other form and may be disclosed electronically and by other methods.

Treatment: Phil use and disclose your PHI to provide treatment to you. For example, Phil may use and disclose your PHI to fill prescriptions and coordinate care with other providers involved in your treatment. In addition, Phil may contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you.

Payment: Phil may use and disclose your PHI to obtain payment for equipment and services provided to you. For example, Phil may use and disclose PHI to claim and obtain payment from your health insurer, HMO, or other company that arranges or pays the cost of some or all of your healthcare (“Payors”), to verify that Payors will pay for healthcare rendered or for eligibility inquiries.

Health Care Operations: Phil may use and disclose your PHI in performing a variety of business activities referred to as “health care operations.” These activities allow Phil to improve the quality of care provided and reduce healthcare costs. For example, Phil may use PHI to evaluate the competence of its pharmacists and other healthcare workers and to arrange for legal services. Phil may also disclose PHI to other entities covered by HIPAA to conduct certain health care operations, such as quality assessment and improvement activities, or for healthcare fraud and abuse detection or compliance. We may also make incidental disclosures of limited PHI tothe extent permitted by law.

Disclosure to Relatives, Close Friends and Other Caregivers: Phil may use or disclose your PHI to a family member, other relative, a close personal friend or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if (1) Phil obtains your agreement; or (2) you do not object to the disclosure. If you are not present, or the opportunity to agree or object to a use or disclosure cannot practicably be provided because of your incapacity or an emergency circumstance, Phil may exercise professional judgment to determine whether a disclosure is in your best interests. If Phil discloses information to a family member, caregiver, other relative or a close personal friend, Phil would disclose only information that it believes is directly relevant to the person’s involvement with your healthcare or payment related to your healthcare. Phil may also disclose your PHI in order to notify (or assist in notifying) such persons of your location, general condition or death. If the patient is a minor, Phil may disclose PHI about the minor to a parent, guardian or other person responsible for the minor except in limited circumstances.

As Required by Law: Phil will use and disclose your PHI whenever required by law. For example, Phil is required to disclose PHI to the U.S. Department of Health and Human Services if requested to determine HIPAA compliance.

Public Health Activities: Phil may use or disclose your PHI for public health activities, such as the following: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability or aiding in disaster relief; (2) to report child abuse and neglect to public health authorities or other government authorities authorized by law to receive such reports; (3) to report information about products and services under the jurisdiction of the U.S. Food and Drug Administration; (3) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition; (4) to report information to your employer as required under laws addressing work- related illnesses and injuries or workplace medical surveillance.

Victims of Abuse, Neglect or Domestic Violence: If Phil reasonably believes someone is a victim of abuse, neglect or domestic violence, Phil may disclose PHI to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect, or domestic violence.

Health Oversight Activities: Phil may disclose your PHI to a health oversight agency that oversees the healthcare system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicare or Medicaid. For example, a government agency may request information while investigating possible insurance fraud.

Judicial and Administrative Proceedings: Phil may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order, subpoena or other lawful process.

Law Enforcement Officials: Phil may disclose your PHI to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena.

Decedents: Phil may disclose your PHI to a coroner or medical examiner as authorized by law and as necessary for these entities to carry out their lawful duties.

Organ and Tissue Procurement: Phil may disclose your PHI to organizations that facilitate organ, eye or tissue procurement, banking or transplantation.

Research: Phil may use or disclose your PHI for research if conducted in accordance with applicable law, such as pursuant to a privacy waiver or for activities preparatory to research.

Threat to Health or Safety: Phil may use or disclose your PHI to prevent or lessen a serious and imminent threat to a person’s or the public’s health or safety.

Specialized Government Functions: Phil may use or disclose your PHI for certain government functions, including but not limited to military and veterans’ activities; correctional institutions; national security and intelligence activities; or to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena.

Workers’ Compensation: Phil may disclose your PHI as authorized by and to the extent necessary to comply with state law relating to workers’ compensation or other similar programs.

Business Associates: Phil may disclose your PHI to third parties, known as business associates, that perform services on Phil’s behalf. Business associates are required to agree to protect all PHI.

De-Identification: Phil may (directly or by permitting its business associates to do so) use or disclose PHI to create information that is de-identified in accordance with applicable law, including the HIPAA safe harbor and expert determination methods. Any sales or disclosures of de-identified information will be conducted in accordance with applicable law, including the HIPAA de-identification safe harbor.

Limited Data: Phil may remove most identifiable information from a set of data and use and disclose this data set for research, public health and health care operations, provided the recipients of the data set agree to keep it confidential.

Health Information Exchanges: Phil may participate in one or more Health Information Exchanges (HIEs) and may electronically share your PHI for treatment, payment, healthcare operations and other permitted purposes with other participants in the HIE. HIEs allow your health care providers to efficiently access and use your PHI asnecessary for treatment and other lawful purposes.

Uses and Disclosures Requiring Your Written Authorization

Other uses and disclosures of PHI not described above in this Notice will be made only with a written authorization signed by you or your representative. Subject to compliance with limited exceptions, Phil will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes, or sell your PHI unless you have signed an authorization. If you or your representative authorizes Phil to use or disclose your PHI, you may revoke that authorization in writing at any time to stop future uses or disclosures. However, your decision to revoke the authorization will not affect or undo any use or disclosure of your PHI that occurred before you notified Phil of your decision to revoke your authorization.

Uses and Disclosures of Your Highly Confidential Information: In addition, federal and state law requires special privacy protections for certain highly confidential information about you (“Highly Confidential Information”). To the extent applicable to Phil and required by law, Phil will comply with such special privacy protections which may cover subsets of PHI that are viewed as sensitive, such as PHI that: (1) is about mental health and developmental disabilities services; (2) is about alcohol and drug abuse prevention, treatment and referral; (3) is about HIV/ AIDS testing, diagnosis or treatment; (4) is about venereal disease(s); or (5) is about genetic testing.

Your Rights Regarding Your Protected Health Information

Right to Inspect and Copy Your Health Information: You may request access to or receive copies of your medical records, billing records and other records used to make decisions about you or direct Phil to send a copy of your electronic information to another person designated by you in writing. There is a fee for obtaining copies of your records that is consistent with HIPAA and applicable state laws. Under limited circumstances, Phil may deny access requests. If you desire access to your records, please submit a written request as described below under “For Further Information.”

Right to Request Restrictions: You may request restrictions on Phil’s use and disclosure of your PHI (1) for treatment, payment and healthcare operations; (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care; or (3) to notify or assist in the notification of such individuals regarding your location and general condition. While Phil will consider all requests for restrictions carefully, it is not required to agree to a requested restriction, except that it must agree to a restriction relating to a disclosure of PHI to a health plan for the purposes of carrying out payment or healthcare operations in which the PHI pertains solely to a healthcare item or service for which it has already been paid out of pocket in full and the disclosure is not required by law. If you wish to request restrictions, please submit a written request to Patient Relations (see address below). A form to request restrictions is available upon request as described below under “For Further Information.”

Right to Receive Confidential Communications: You may request to receive your PHI by alternative means of communication or at alternative locations. Phil will accommodate all reasonable, written request from you.

Right to Revoke Your Authorization: You may revoke any written authorization obtained in connection with your PHI, except to the extent that Phil has taken action in reliance upon it, by delivering a written revocation statement to Phil (see address under “For Further Information” below).

Right to Amend Your Records: You have the right to request Phil to amend your PHI. If you desire to amend your records, please send a written request for the amendment, including the reason for the amendment, to Patient Relations (see address below). You may obtain a form to request an amendment as described below under “For Further Information.” Phil will comply with your request unless it believes that the information that would be amended is accurate and complete or other special circumstances apply.

Right to Receive an Accounting of Disclosures: Upon request, you may obtain an accounting of certain disclosures of your PHI made by Phil during any period of time prior to the date of your request provided such period does not exceed six years.

Right to Receive Paper Copy of This Notice: Upon request, you may obtain a paper copy of this Notice, even if you have agreed to receive such notice electronically, by contacting Phil as described below under “For Further Information.”

Personal Representatives: If you have given another individual a medical power of attorney, if another individual is appointed as your legal guardian or if another individual is authorized by law to make health care decisions for you (known as a “personal representative”), that individual may exercise any of the above rights listed for you.

For Further Information, Complaints: If you desire further information about your privacy rights, wish to submit a request related to your patient rights, are concerned that Phil has violated your privacy rights or disagree with a decision that has been made about access to your PHI, you may contact Phil at:

Phil, Inc.

ATTN: Privacy Officer 234 Front St, Floor 4 San Francisco, CA 94111 Phone:  (855) 977-0975 ; option 3 Email:  HIPAA@phil.us(mailto:HIPAA@phil.us)

You may also file complaints with the Office for Civil Rights of the U.S. Department of Health and Human Services (“OCR”). Upon request, Phil will provide you with the correct address for OCR. Phil will not retaliate against you if you file a complaint with us or OCR.

If, at any time, you have questions about information in this Notice or about Phil’s privacy policies, procedures or practices, you can contact us.

Effective Date of This Notice

This Notice is effective as of April 22, 2021

Share this article on: