Patient Privacy Policy - Coach JPMD, LLC d/b/a Health ReExamined

Patient Privacy Policy for Telemedicine Services

This Patient Privacy Policy ("Policy") governs the collection, use, disclosure, and protection of Protected Health Information ("PHI") by Coach JPMD, LLC ("Practice"), a telemedicine healthcare provider operating in the state of Florida. This Policy is designed to comply with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended, and applicable Florida state laws regarding patient privacy and confidentiality.

1. Definitions

Protected Health Information (PHI): Individually identifiable health information created, received, maintained, or transmitted by Practice that relates to a patient's past, present, or future physical or mental health condition, provision of healthcare, or payment for healthcare. PHI includes demographic information, medical history, test results, insurance information, and any data used to identify an individual, whether in electronic, paper, or oral form.

Telemedicine: The practice of healthcare delivery, diagnosis, consultation, treatment, transfer of medical data, and education using interactive audio, video, or data communications.

2. Collection and Use of PHI

Practice collects and uses PHI for the following purposes:

  • Providing telemedicine healthcare services
  • Conducting billing and payment operations
  • Coordinating care with other healthcare providers
  • Quality assessment and improvement activities
  • Administrative, financial, and legal activities necessary for Practice operations
  • As required by law or regulation

3. Patient Rights

Patients have the following rights regarding their PHI:

  • Right to access and review their PHI
  • Right to request amendments to their PHI
  • Right to receive an accounting of disclosures of their PHI
  • Right to request restrictions on certain uses and disclosures
  • Right to request confidential communications
  • Right to receive a copy of this Privacy Policy
  • Right to file a complaint regarding privacy practices

4. Safeguards for PHI Protection

Practice implements appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI, including:

  • Encryption of electronic PHI during transmission and storage
  • Access controls limiting PHI access to authorized personnel
  • Regular security assessments and updates
  • Staff training on privacy and security procedures
  • Secure telemedicine platforms and communication channels

5. Disclosure of PHI

A. Authorized Disclosures

Practice may disclose PHI without patient authorization for:

  • Treatment, payment, and healthcare operations
  • Public health activities as required by law
  • Health oversight activities
  • Judicial and administrative proceedings
  • Law enforcement purposes under specific conditions
  • To avert a serious threat to health or safety

B. Disclosures Requiring Authorization

Any other disclosure or use of PHI not described in this Policy requires written patient authorization. Patients may revoke such authorization in writing at any time.

6. Business Associates

Practice may contract with business associates who perform functions involving the use or disclosure of PHI. All business associates are contractually obligated to appropriately safeguard PHI through Business Associate Agreements in accordance with HIPAA requirements. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

7. Breach Notification

In the event of a breach of unsecured PHI, Practice will:

  • Notify affected patients without unreasonable delay and within 60 days
  • Include a description of the breach, types of information involved, steps individuals should take, and Practice's response
  • Notify the Secretary of Health and Human Services and prominent media outlets for breaches affecting more than 500 patients
  • Comply with all Florida breach notification requirements

8. Changes to This Policy

Practice reserves the right to change this Policy at any time. Any changes will be posted on Practice's website, and patients will be notified during their next telemedicine session.

9. Governing Law

This Policy is governed by HIPAA, applicable federal regulations, and Florida state law. Where Florida law imposes a higher standard of confidentiality and security with respect to PHI, the higher standard shall prevail.