noomee provides services, such as helping you connect with healthcare providers (each, “Your Healthcare Provider”) and communicate, manage and share your health-related information with your Healthcare Providers (“noomee Services”).
As part of noomee services, noomee may collect, use, share, and exchange your health history forms and other health-related information with your Healthcare Providers. Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), health/health-related information may be considered “protected health information” or “PHI” if such information is received from or on the behalf of your Healthcare Providers.
Safeguards for PHI
HIPAA protects the privacy and security of your PHI by limiting the uses and disclosures of PHI by most healthcare providers, health plans (called “Covered Entities”) and companies, like noomee, that provide certain types of assistance to Covered Entities (called “Business Associates”). Under certain circumstances described in HIPAA, an individual needs to sign an Authorization form before a Covered Entity, like your Healthcare Provider(s), can disclose protected health information to a third party.
Non-Protected Health Information
As necessary condition for creating your noomee account, you are required to read and agree to noomee’s Privacy Policy (https://www.noomee.me/privacy-policy/). noomee’s Privacy Policy explains how noomee processes and shares information provided by you that is not covered by HIPAA (“Non-PHI”).
Your PHI Authorization
The purpose of noomee Authorization (“Authorization”) is to request your written permission for allowing noomee to use & disclose your PHI in the same way as we use & disclose your Non-PHI.
If noomee is a business associate of your healthcare providers, it needs your authorization to be able to use & disclose your PHI in the same way as it can currently use & disclose your Non-PHI, but it this case, noomee is not working on behalf of your Healthcare Providers, instead working on its own behalf. This means that with the requested Authorization, noomee uses and discloses PHI as described in this Authorization, and not as a Business Associate. Therefore, HIPAA requirements that apply to Business Associates do not apply to such uses and disclosures.
If you e-sign this Authorization, you allow noomee to retain your PHI and use and/or disclose your PHI in the same way as your Non-PHI.
Particularly, you agree that noomee can use your PHI to:
• conduct health care operations (as defined under HIPAA);
• enable and customize your use of the noomee Services;
• provide you alerts or other communications methods regarding current and future noomee services;
• notify you about providers, that we think you may be interested in learning more about;
• share information with you about services, products or resources which we think you may be interested in learning more;
• provide you updates and information about the noomee services;
• market to you about noomee and third party products and services;
• conduct analysis for noomee’s business purposes;
• support development of the noomee services; and
• create de-identified information and then use & disclose this information in any way permitted by law, including to third parties in connection with their commercial and marketing efforts.
You also agree that noomee can disclose your PHI to:
• third parties assisting noomee with any of the uses described above;
• your Healthcare Providers to enable them to refer you and make appointments with other providers on your behalf, or to perform an analysis on potential health issues or treatments;
• a third party as part of a potential merger, sale or acquisition of noomee;
• our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to the operation or provision of our services, even when noomee is no longer working on behalf of your Healthcare Providers;
• a provider of medical services, in the event of an emergency; and
• organizations that collect, aggregate and organize your information so they can make it more easily accessible to your providers.
Redisclosure
If noomee discloses your PHI, noomee will require that the person or entity receiving your PHI agrees to only use and disclose your PHI to carry out its specific business obligations to noomee or for the permitted purpose of the disclosure (as described above).
However, noomee can not guarantee that any person or entity to which noomee discloses your PHI or other information will not re-disclose it in ways that you or we did not intend or permit.
Expiration and Revocation of Authorization
Your Authorization remains in effect until you provide written notice of revocation to noomee.
YOU CAN CHANGE YOUR MIND AND REVOKE THIS AUTHORIZATION AT ANY TIME AND FOR ANY (OR NO) REASON. If you wish to revoke this Authorization, you must notify noomee by submitting a revocation through your account settings page. Your decision not to execute this Authorization or to revoke it at any time will not affect your ability to use certain noomee services.
A Revocation of Authorization is effective after you submit it to noomee, but it does not have any effect on noomee’s prior actions taken in reliance on the previously revoked Authorization.
Once noomee receives your Authorization revocation, it can only use and disclose your PHI as permitted in noomee’s agreements with your Healthcare Provider(s). Your Authorization revocation does not affect noomee’s use of your Non-PHI.
