Notice of Privacy Practices

The One Spa

Notice of Privacy Practices

Effective Date: 10/20/2024

**THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Introduction

At The One Spa ("we," "us," or "our"), we are committed to safeguarding the privacy and confidentiality of your protected health information ("PHI") in compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and applicable state laws. This Notice of Privacy Practices ("Notice") outlines our legal duties and privacy practices concerning your PHI and informs you of your rights regarding the same.

Our Legal Duties

We are required by law to:

  • Maintain the privacy and security of your PHI.

  • Provide you with this Notice detailing our legal duties and privacy practices with respect to your PHI.

  • Abide by the terms of this Notice currently in effect.

  • Notify you promptly if a breach occurs that may have compromised the privacy or security of your PHI.

Uses and Disclosures of Protected Health Information

Permissible Uses and Disclosures Without Your Written Authorization

We may use and disclose your PHI without your written authorization for the following purposes:

1. Treatment

We may use and disclose your PHI to provide, coordinate, or manage your health care and related services. This includes communication and consultation between health care providers, such as doctors, nurses, technicians, or other personnel involved in your care.

  • Example: A therapist may disclose your PHI to a physician for purposes of a consultation regarding your treatment.

2. Payment

We may use and disclose your PHI to obtain payment for the health care services we provide to you.

  • Example: We may disclose your PHI to your health insurance company to verify coverage or to obtain reimbursement for services rendered.

3. Health Care Operations

We may use and disclose your PHI for our health care operations, which include activities necessary to run our practice and ensure that our patients receive quality care.

  • Example: We may use your PHI to evaluate the performance of our staff or to conduct training programs.

4. Appointment Reminders and Health-Related Benefits

We may use and disclose your PHI to contact you with appointment reminders or information about treatment alternatives and other health-related benefits and services that may be of interest to you.

5. Required by Law

We may use or disclose your PHI to the extent required by federal, state, or local law.

6. Public Health Activities

We may disclose your PHI for public health activities, including disclosures to:

  • Prevent or control disease, injury, or disability.

  • Report births and deaths.

  • Report child abuse or neglect.

  • Report reactions to medications or problems with products.

  • Notify people of recalls of products they may be using.

  • Notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.

7. Health Oversight Activities

We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure.

8. Judicial and Administrative Proceedings

We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, subject to certain conditions.

9. Law Enforcement Purposes

We may disclose your PHI for law enforcement purposes, including:

  • Complying with legal processes or reporting limited information in specific circumstances.

  • Providing information to identify or locate a suspect, fugitive, material witness, or missing person.

  • Reporting criminal conduct on our premises.

10. Coroners, Medical Examiners, and Funeral Directors

We may disclose your PHI to coroners or medical examiners for identification purposes, determining cause of death, or other duties as authorized by law. We may also disclose PHI to funeral directors as necessary.

11. Organ and Tissue Donation

We may use or disclose your PHI to organizations involved in procuring, banking, or transplanting organs and tissues.

12. Research

Under certain circumstances, we may use or disclose your PHI for research purposes, provided that the research project meets privacy law requirements.

13. Serious Threat to Health or Safety

We may use or disclose your PHI when necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

14. Specialized Government Functions

We may disclose your PHI for specialized government functions, such as military and veterans activities, national security and intelligence activities, protective services for the President and others, medical suitability determinations, and correctional institution activities.

15. Workers' Compensation

We may disclose your PHI as authorized by laws relating to workers' compensation or similar programs.

Uses and Disclosures Requiring Your Written Authorization

Except as described in this Notice, we will not use or disclose your PHI without your written authorization. Uses and disclosures that require your written authorization include, but are not limited to:

1. Psychotherapy Notes

We must obtain your written authorization for most uses and disclosures of psychotherapy notes.

2. Marketing

We must obtain your written authorization to use or disclose your PHI for marketing purposes, except if the communication is in the form of:

  • A face-to-face communication made by us to you.

  • A promotional gift of nominal value provided by us.

  • No mobile opt-in will be shared with third parties for marketing purposes

3. Sale of PHI

We must obtain your written authorization for any disclosure that constitutes a sale of PHI.

Revocation of Authorization

You may revoke an authorization at any time, in writing, except to the extent that we have already taken action based on the authorization.

Your Rights Regarding Your Protected Health Information

1. Right to Inspect and Copy

You have the right to inspect and obtain a copy of your PHI contained in a designated record set, with certain exceptions. To exercise this right, you must submit your request in writing to our Privacy Officer.

  • Electronic Copies: If your PHI is maintained in an electronic format, you have the right to request an electronic copy.

2. Right to Request Amendment

If you believe that your PHI is incorrect or incomplete, you may request that we amend the information. Your request must be in writing and provide a reason supporting the amendment. We may deny your request under certain circumstances.

3. Right to an Accounting of Disclosures

You have the right to request an accounting of certain disclosures of your PHI made by us in the past six years, excluding disclosures made for treatment, payment, or health care operations, and certain other exceptions. The first accounting in a 12-month period is free; additional requests may incur a fee.

4. Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or health care operations. While we are not required to agree to your request, we will comply if we agree to the restriction in writing.

  • Restriction for Self-Paid Services: If you have paid for services out-of-pocket and in full, you may request that we do not disclose PHI related to those services to your health plan. We are required to honor this request.

5. Right to Request Confidential Communications

You have the right to request that we communicate with you using alternative means or at alternative locations. We will accommodate reasonable requests.

6. Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice upon request, even if you have agreed to receive it electronically.

7. Right to Be Notified of a Breach

You have the right to be notified following a breach of unsecured PHI that affects you.

Exercising Your Rights

To exercise any of the rights described above, please submit your request in writing to our Privacy Officer at the contact information provided at the end of this Notice.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services.

  • To File a Complaint with Us:

    • Contact our Privacy Officer using the information provided below.

    • We will not retaliate against you for filing a complaint.

  • To File a Complaint with the U.S. Department of Health and Human Services:

    • Office for Civil Rights

    • U.S. Department of Health and Human Services

    • 200 Independence Avenue, S.W.

    • Washington, D.C. 20201

    • Phone: 1-877-696-6775

    • Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

Changes to This Notice

We reserve the right to revise or amend this Notice at any time, and the revised or amended Notice will be effective for all PHI that we maintain. We will post a copy of the current Notice in our facility and on our website. The effective date of the Notice is stated at the top of the first page.

Contact Information

Privacy Officer:
Travis Woodward
The One Spa
2855 Hayes St. STE 208
Newberg, OR 97132
Phone: (971) 771-0111
Email: info@theonespaoregon.com

Disclaimer:

This Notice of Privacy Practices is intended to comply with the requirements of HIPAA and applicable state laws. It is provided for informational purposes only and does not constitute legal advice. You should consult with legal counsel to ensure that this Notice meets all legal requirements and is appropriate for your specific circumstances.

Confidentiality Notice:

The information contained in this Notice is confidential and intended solely for the individuals to whom it is addressed. Unauthorized use, disclosure, or copying of this information is strictly prohibited.

Effective Date: The terms of this Notice are effective as of the date indicated above and will remain in effect until revised or amended.

Additional State-Specific Provisions:

If your state has laws that provide greater protections or impose additional requirements beyond those of HIPAA, include provisions here to address those state-specific requirements.

Retention of Records:

We will retain your PHI in accordance with federal and state laws and our policies and procedures.

Governing Law:

This Notice and any disputes arising out of or related to it are governed by applicable federal laws and the laws of the state in which The One Spa is located (Oregon).

Authorization and Consent:

By signing the acknowledgment, you consent to our use and disclosure of your PHI as outlined in this Notice.

Thank You:

Thank you for entrusting your care to The One Spa. We are dedicated to protecting your privacy and providing you with the highest quality of care.