Last modified: April, 2019
This policy applies to information we collect:
on our Site;
in Site, email, and other electronic messages between you and us;
when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
It does not apply to information collected by the physicians or other healthcare providers that we contract with, including Galilea Medical Group, P.A. and Galileo Medical Group, P.C.
1. Information We Collect About You and How We Collect It
Information We Collect
We collect several types of information from and about users of our Site, specifically information:
by which you may be personally identified, such as name, postal address, e-mail address, phone number, date of birth, credit or debit card number (for payment purposes only), and your areas of health need and/or interest (“Personal Data”); and/or
that is about you but individually does not identify you, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to our Site, error information, clickstream data, and other communication data and the resources that you access and use on the Site.
We collect this information:
directly from you when you provide it to us;
automatically as you navigate through the Site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, geo-location services, and other tracking technologies; and
From third parties, for example, our business partners.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information to help us determine the usefulness of Site information, evaluate the effectiveness of Site navigational structure, and improve user experience. The technologies we use for this automatic data collection may include:
Web Beacons. Pages of our Site may contain small electronic files known as web beacons that permit Galileo, for example, to count users who have visited those pages, used those screens, or opened an email and for other related Site statistics (for example, recording the popularity of certain Site content and verifying system and server integrity).
2. How We Use Your Information
We will not trade, sell or share any personally identifiable information collected on the Site for use by any third parties without your permission. The term “third parties” does not include, and we may share your personal information with, a subsidiary or affiliate of Galileo, service providers or vendors acting on Galileo’s behalf, or the purchaser of substantially all of the assets of Galileo. Notwithstanding the above, we may disclose your information as reasonably necessary to comply with any court order, law, or legal process, including to respond to any government or regulatory request, or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Galileo, our customers, or others.
3. Targeted Advertising
We use or partner with ad networks that may use your browsing activity across participating websites to show you interest-based advertisements on those websites. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.
4. Information You Share with Third Parties
5. Data Security
We implement reasonable measures designed to secure your Personal Data from unauthorized access, use, alteration, and disclosure and from accidental loss, including by employing encryption technology for information sent and received by us.
Nonetheless, no transmission of information over the internet can be completely secure. As a result, while we do our best to try to protect your Personal Data, we cannot guarantee the security of any information you transmit to us.
7. Contact Information
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice describes how Galileo Medical, PC and members of its Affiliated Covered Entity (collectively, the “Medical Group,” “we,” or “us”) (and Galileo, Inc., when acting on behalf of the Medical Group) may use and disclose health information about you (“Protected Health Information”) and how you can access this information. An Affiliated Covered Entity is a group of health care providers under common ownership or control that designates itself a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). The members of the Medical Group may share Protected Health Information with each other for treatment, payment, and health care operations related to the Affiliated Covered Entity. For a complete list of members of the Affiliated Covered Entity, please contact the Medical Group’s Privacy Office.
I. Our Privacy Obligations
We understand that your health information is personal and we are committed to protecting your privacy. In addition, we are required by law to maintain the privacy of your Protected Health Information, to provide you with this Notice of our legal duties and privacy practices with respect to your Protected Health Information, and to notify you in the event of a breach of your unsecured Protected Health Information. When we use or disclose your Protected Health Information, we are required to abide by the terms of this Notice.
II. Permissible Uses and Disclosures Without Your Written Authorization
In certain situations, which we will describe in Section III below, we must obtain your written authorization in order to use and/or disclose your Protected Health Information. However, unless the Protected Health Information is Highly Confidential Information (as defined in Section III.D below) and the applicable law regulating such information imposes special restrictions on us, we may use and disclose your Protected Health Information without your written authorization for the following purposes:
We use and disclose your Protected Health Information to provide treatment and other services to you to diagnose your illness or injury. We may use your information to direct or recommend alternative treatments, therapies, health care providers, or settings of care to you or to describe a health-related product or service. We may also disclose Protected Health Information to other providers involved in your treatment.
We may use and disclose your Protected Health Information to obtain payment for health care services that we provide to you -- for example, disclosures to claim and obtain payment from your health insurer, HMO, or other company or program that arranges or pays the cost of your health care (“Your Payor”) to verify that Your Payor will pay for the health care. We may also disclose Protected Health Information to your other health care providers when such Protected Health Information is required for them to receive payment for services they render to you.
C. Health Care Operations.
We may use and disclose your Protected Health Information for our health care operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the care that we deliver to you. For example, we may use Protected Health Information to evaluate the quality and competence of our physicians and health care professionals. We may disclose Protected Health Information to our Member Services Department in order to resolve any complaints you may have and ensure that you are satisfied with our services. We also may create and use de-identified information, where information is removed from your Protected Health Information so that you can’t be identified, as authorized by law.
D. Disclosure to Relatives, Close Friends and Other Caregivers.
We may use or disclose your Protected Health Information to a family member, other relative, or any other person identified by you prior to the disclosure, if: (1) we obtain your agreement or provide you with the opportunity to object to the disclosure and you do not object; or (2) we reasonably infer that you do not object to the disclosure. If you are not present for or unavailable prior to a disclosure (e.g., when we receive a telephone call from a family member or other caregiver), we may exercise our professional judgment to determine whether a disclosure is in your best interests. If we disclose information under such circumstances, we would disclose only information that is directly relevant to the person’s involvement with your care.
E. As Required by Law.
We may use and disclose your Protected Health Information when required to do so by any applicable federal, state or local law.
F. Unique Circumstances.
We may use or disclose your Protected Health Information in the following unique circumstances without your authorization: to assist in public health activities, such as disease tracking and reporting information about products under the under the U.S. Food and Drug Administration’s jurisdiction; to inform authorities to protect victims of abuse or neglect; for health care oversight purposes, such as audits or investigations of fraud; in response to a legal order or other lawful process during a judicial or administrative proceeding; to law enforcement officials as required by law or in compliance with a court order; to coroners, funeral directors and organ donation agencies as authorized by law; for research purposes pursuant to a valid authorization from you or following institutional review board protocols; to avert a serious threat to health or safety; to assist in specialized government functions, such certain military activity and national security purposes; to comply with state law relating to workers’ compensation or other similar programs; and other required uses and disclosures.
III. Uses and Disclosures Requiring Your Written Authorization
For any purpose other than the ones described above in Section II, we only use or disclose your Protected Health Information when you give us your written authorization.
We must obtain your written authorization prior to using your Protected Health Information for purposes that are marketing under the HIPAA privacy rules. For example, we will not accept any payments from other organizations or individuals in exchange for making communications to you about treatments, therapies, health care providers, settings of care, products or services unless you have given us your authorization to do so or the communication is permitted by law.
These marketing restrictions do not include face-to-face communication about products or services that may be of benefit to you, or about prescriptions you have already been prescribed.
B. Sale of Protected Health Information.
We will not make any disclosure of Protected Health Information that is a sale of Protected Health Information without your written authorization.
C. Psychotherapy Notes.
We will not use or disclose psychotherapy notes about you without your authorization except for use by the mental health professional who created the notes to provide treatment to you, for our mental health training programs or to defend ourselves in a legal action or other proceeding brought by you.
D. Uses and Disclosures of Your Highly Confidential Information.
Federal and state law requires special privacy protections for certain health information about you (“Highly Confidential Information”), including Alcohol and Drug Abuse Treatment Program records and other health information that is given special privacy protection under state or federal laws other than HIPAA. However, in order for us to disclose any Highly Confidential Information for a purpose other than those permitted by law, we must obtain your authorization.
E. Revocation of Your Authorization.
You may revoke your authorization, except to the extent that we have taken action in reliance upon it, by delivering a written revocation statement to the Privacy Office identified below.
IV. Your Individual Rights
A. For Further Information; Complaints.
If you desire further information about your privacy rights, are concerned that we have violated your privacy rights or disagree with a decision that we made about access to your Protected Health Information, you may contact our Privacy Office. You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.
B. Right to Request Additional Restrictions.
You may request restrictions on our use and disclosure of your Protected Health Information (1) for treatment, payment and health care operations, (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care, or (3) to notify or assist in the notification of such individuals regarding your location and general condition. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction unless the request is to restrict our disclosure to a health plan for purposes of carrying out payment or health care operations, the disclosure is not required by law and the information pertains solely to a health care item or service for which you (or someone on your behalf other than the health plan) have paid us out of pocket in full. If you wish to request additional restrictions, please obtain a request form from our Privacy Office and submit the completed form to the Privacy Office. We will send you a written response.
C. Right to Receive Communications by Alternative Means or at Alternative Locations.
You may request, and we will accommodate, any reasonable written request for you to receive your Protected Health Information by alternative means of communication or at alternative locations.
D. Right to Inspect and Copy Your Health Information.
You may request access to your medical record file and billing records maintained by us in order to inspect and request copies of the records. Under limited circumstances, we may deny you access to a portion of your records. If you desire access to your records, please obtain a record request form from the Privacy Office and submit the completed form to the Privacy Office. If you request copies, we may charge you a reasonable copy fee.
E. Right to Amend Your Records.
You have the right to request that we amend your Protected Health Information maintained in your medical record file or billing records. If you desire to amend your records, please obtain an amendment request form from the Privacy Office and submit the completed form to the Privacy Office. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply.
F. Right to Receive An Accounting of Disclosures.
Upon request, you may obtain an accounting of certain disclosures of your Protected Health Information made by us during any period of time prior to the date of your request provided such period does not exceed six years. If you request an accounting more than once during a twelve (12) month period, we may charge you a reasonable fee for the accounting statement.
G. Right to Receive a Paper Copy of this Notice.
Upon request, you may obtain a paper copy of this Notice, even if you agreed to receive such notice electronically.
V. Effective Date and Duration of This Notice
A. Effective Date.
This Notice is effective on April 1, 2019.
B. Right to Change Terms of this Notice.
We may change the terms of this Notice at any time. If we change this Notice, we may make the new notice terms effective for all your Protected Health Information that we maintain, including any information created or received prior to issuing the new notice. If we change this Notice, we will post the new notice in our waiting room and on our Internet site at www.galileohome.com. You also may obtain any new notice by contacting the Privacy Office.
VI. Privacy Office
You may contact the Privacy Office at:
Galileo Medical, PC
319 Lafayette, #151
New York, NY 10012