Privacy Notice 

DECLARATION

 

Pursuant to 45 CFR § 164.520, this Notice of Privacy Practices (NPP) describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

 

This notice explains our legal duties and privacy practices regarding your protected health information (PHI), your rights under the Health Insurance Portability and Accountability Act (HIPAA), and our responsibilities to protect the privacy and security of your health information.

​
DEFINITIONS

Protected Health Information (PHI) refers to any information about your health status, provision of health care, or payment for health care that can be linked to an individual, as defined under HIPAA. This includes any part of your medical record or payment history.
 

INFORMATION WE COLLECT

Voluntarily Provided Information: Includes PHI actively provided by you when using our services, such as medical history, current health condition, and insurance details.

Automatically Collected Information: Includes data sent by your devices when accessing our services, such as IP addresses, device types, and location data, which may indirectly become linked to your personal identity when combined with PHI.

 

Automatically collected information is used for security, system performance, and service improvement. We do not sell or use this information for advertising purposes.

OUR RESPONSIBILITIES

We are required by law to maintain the privacy and security of your protected health information, provide you with this Notice of Privacy Practices, follow the duties and privacy practices described in this notice, and notify you if a breach occurs that may have compromised your PHI.
​
USE AND DISCLOSURE OF PHI

We may use and disclose your PHI for treatment, payment, and health care operations. This includes coordinating care, billing and insurance processing, quality improvement activities, and administrative operations. We may also disclose PHI when required by law or to protect health and safety. We adhere to the principle of "minimum necessary use" for any PHI. This means that only the essential information needed to perform a task is accessed or disclosed. Examples of permitted uses and disclosures include:
 

• To provide and manage our services.

• For billing and payment processing.

• To improve service quality through internal quality improvement and operational review activities.
   

We require all business associates and third-party service providers to comply with HIPAA standards and ensure they have signed Business Associate Agreements (BAAs) as required by HIPAA that restrict their use of PHI to the purposes for which they are engaged.


NO SALE OF PROTECTED HEALTH INFORMATION

 

We do not sell your protected health information. We will not receive payment in exchange for sharing your PHI with third parties for their own use or benefit. Any use or disclosure of your PHI is limited to what is permitted or required by law and is consistent with the purposes described in this Notice of Privacy Practices.
​
INDIVIDUAL RIGHTS

Under HIPAA, you have the right to:
 

• Access and obtain an electronic or paper copy of your PHI.

• Request amendments to incorrect or incomplete PHI.

• Receive an accounting of disclosures of your PHI.

• Request restrictions on certain uses and disclosures of your PHI.

• Request confidential communications (e.g., alternative address or phone)

• Designate a personal representative to act on your behalf

• Be notified of breaches of unsecured PHI
   

These rights are subject to certain limitations as permitted by law. To exercise any of these rights, please contact us at the details provided at the end of this notice.
​
SECURITY MEASURES

We implement stringent administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI. We are committed to regularly reviewing and updating our security practices to prevent unauthorized access or disclosure of your information.

 

TELEHEALTH AND ELECTRONIC COMMUNICATIONS

 

We may provide services via telehealth and communicate with you electronically as permitted by law. We use reasonable safeguards to protect your PHI; however, electronic communications may involve certain risks. We will not record telehealth sessions without your authorization, unless required by law.
​
DATA BREACH NOTIFICATION

In the unlikely event of a data breach affecting your PHI, we will notify you in accordance with HIPAA requirements and take steps to mitigate any potential harm.
​
COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. Contact details for lodging a complaint with us are provided below. We will not retaliate against you for filing a complaint.
​
CHANGES TO THIS NOTICE

We may update this Notice of Privacy Practices to reflect changes to our information practices. If we make any material changes, we will notify you by email (if available) or by means of a notice on our website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
​
CONTACT INFORMATION

You have the right to receive a paper copy of this Notice of Privacy Practices upon request. For any questions about this notice or our privacy practices, or to manage your PHI, please contact us at:

Email: admin@koruwell.com
Address: 3130 Maple Loop Dr, Suite G100, Lehi, Utah 84043
​
ACKNOWLEDGEMENT

This Notice of Privacy Practices describes how medical information about you may be used and disclosed and how you can access this information. You may be asked to acknowledge receipt of this notice.