HIPAA
Notice of Privacy Practices

Effective/Revised December 1st, 2021

HIPAA NOTICE PROVIDES AN EXPLANATION OF INDIVIDUALS RIGHTS WITH RESPECT TO ZEST SENIORS CLIENTS’ PERSONAL HEALTH INFORMATION AND THE PRIVACY PRACTICES OF ZEST SENIORS. PLEASE REVIEW IT CAREFULLY.

This HIPAA Notice of Privacy Practices (the “Notice”) contains important information regarding your medical information. Our current Notice is posted at: https://zestseniors.com/hipaa/. You also have the right to receive a paper copy of this Notice and may ask us to give you a copy of this Notice at any time. If you received this Notice electronically, you are entitled to a paper copy of this Notice. If you have any questions about this Notice please contact us as set forth in Part 8, below.

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) imposes numerous requirements on how certain individually identifiable health information—known as protected health information (or PHI)—may be used and disclosed. This Notice describes how Zest Seniors, LLC (“Zest”) may use and disclose your protected health information in providing certain one-on-one activities and in-home companionship and visitations (collectively, the “Services”) and for other purposes that are permitted or required by law. This Notice also describes your rights to access and control your protected health information. “Protected health information” is information that is maintained or transmitted by Zest, which may identify you and that relates to your medical or other health care information that Zest may receive from you in the course of providing the Services.

We understand that medical information about you and your health is personal. We are committed to protecting medical information about you and will use it to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request of it. This Notice applies to all of the medical records we maintain. Your personal doctor or health care provider may have different policies or notices regarding their use and disclosure of your medical information. We are required by law to abide by the terms of this Notice to:

  • Make sure that medical information that identifies you is kept private.
  • Give you this Notice of our legal duties and privacy practices with respect to medical information about you.
  • Follow the terms of the Notice that is currently in effect.

1. How We May Use and Disclose Medical Information About You. HIPAA generally permits the use and disclosure of your health information without your permission for purposes of health care treatment, payment activities, and health care operations. These uses and disclosures are more fully described below. Please note that this Notice does not list every use or disclosure; instead it gives examples of the most common uses and disclosures.

  • Treatment: When and as appropriate, we may use or disclose medical information about you to facilitate medical treatment or services provided other professionals who are treating you. For example, we might disclose information about you with physicians who are treating you.
  • Services: When and as appropriate, we may use or disclose medical information about you to provide the Services, to improve your experience, and to contact you when necessary.
  • Organizational Purposes: When and as appropriate, we may use and disclose medical information about you for Zest’s operations, as needed. For example, we may use medical information in connection with: conducting quality assessment and administration improvement; business planning and development; and business management and general administrative activities of Zest; or to review the effectiveness of specific activities and the Services.

We will always try to ensure that the medical information used or disclosed is limited to a “Designated Record Set” and to the “Minimum Necessary” standard, including a “limited data set,” as defined in HIPAA and ARRA (as defined in Part 3, below) for these purposes. We may also contact you to provide information about treatment options or alternatives or other health-related benefits and services that may be of interest to you.

OTHER PERMITTED USES AND DISCLOSURES

  • Disclosure to Others Involved in Your Care: We may disclose medical information about you to a relative, a friend, or to any other person you identify, provided the information is directly relevant to that person’s involvement with your health care or payment for the Services. For example, in the event of an emergency, we may contact a person you have identified and instructed us to contact in such situations.
  • Workers’ Compensation: We may release medical information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
  • To Comply with Federal and State Requirements: We will disclose medical information about you when required to do so by federal, state, or local law. For example, we may disclose medical information when required by the U.S. Department of Labor or other government agencies that regulate us; to federal, state, and local law enforcement officials; in response to a judicial order, subpoena, or other lawful process; and to address matters of public interest as required or permitted by law (for example, reporting neglect, threats to public health and safety, and for national security reasons). We are required to disclose medical information about you to the Secretary of the U.S. Department of Health and Human Services if the Secretary is investigating or determining compliance with HIPAA, or to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law. We may disclose your medical information to a health oversight agency for activities authorized by law (such as audits, investigations, inspections, and licensure).
  • To Avert a Serious Threat to Health or Safety: We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone who is able to help prevent the threat. For example, we may disclose medical information about you in a proceeding regarding the licensure of a physician.
  • Military and Veterans: If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
  • Other Uses: If you are an organ donor, we may release your medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation. We may release your medical information to a coroner or medical examiner.

Uses and disclosures other than those described in this Notice will require your written authorization. Your written authorization is required for: uses and disclosures of PHI for marketing purposes; and disclosures that are a sale of PHI. You may revoke your authorization at any time, but you cannot revoke your authorization if Zest has already acted on it.

The privacy laws of a particular state or other federal laws might impose a more stringent privacy standard. If these more stringent laws apply and are not superseded by federal preemption rules under the Employee Retirement Income Security Act of 1974 (ERISA), Zest will comply with the more stringent law.

2. Your Rights Regarding Medical Information About You. You have the following rights regarding medical information that we maintain about you:

  • Right to Inspect and Copy: You have the right to inspect and obtain a copy of your medical information that may be used to provide the Services. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request. We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. If Zest does not maintain the health information, but knows where it is maintained, you will be informed of where to direct your request.
  • Your Right to Amend: If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for Zest. You also must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend any information that is not part of the medical information kept by or for Zest.
  • Your Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures” (that is, a list of certain disclosures Zest has made of your health information). Generally, you may receive an accounting of disclosures if the disclosure is required by law, made in connection with public health activities, or in situations similar to those listed above as “Other Permitted Uses and Disclosures”. You do not have a right to an accounting of disclosures where such disclosure was made:
    • For treatment, payment, or health care operations.
    • To you about your own health information.
    • Incidental to other permitted disclosures.
    • Where authorization was provided.
    • To family or friends involved in your care (where disclosure is permitted without authorization).
    • For national security or intelligence purposes or to correctional institutions or law enforcement officials in certain circumstances.
    • As part of a limited data set where the information disclosed excludes identifying information.

To request this list or accounting of disclosures, you must submit your request, which shall state a time period, which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Notwithstanding the foregoing, you may request an accounting of disclosures of any “electronic health record” that we receive (that is, an electronic record of health-related information about you that is created, gathered, managed, and consulted by authorized health care clinicians and staff). To do so, however, you must submit your request and state a time period, which may be no longer than three years prior to the date on which the accounting is requested.

  • Your Right to Request Restrictions: You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had.
 

We are not required to agree to your request. If Zest does agree to a request, a restriction may later be terminated by your written request, by agreement between you and Zest (including orally), or unilaterally by Zest for health information created or received after Zest has notified you that it has removed the restrictions and for emergency treatment. To request restrictions, you must make your request in writing and must tell us the following information:

  • What information you want to limit.
  • Whether you want to limit our use, disclosure, or both.
  • To whom you want the limits to apply (for example, disclosures to your spouse).
  • Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. You must direct any of the requests described above, to the person of contact in Part 8, below.

3. Breach Notification. Pursuant to changes to HIPAA required by the Health Information Technology for Economic and Clinical Health Act of 2009 and its implementing regulations (collectively, “HITECH Act”) under the American Recovery and Reinvestment Act of 2009 (“ARRA”), this Notice also reflects federal breach notification requirements imposed on Zest in the event that your “unsecured” protected health information (as defined under the HITECH Act) is acquired by an unauthorized party.

We understand that medical information about you and your health is personal and we are committed to protecting your medical information. Furthermore, we will notify you following the discovery of any “breach” of your unsecured protected health information as defined in the HITECH Act (the “Notice of Breach”). Your Notice of Breach will be in writing and provided via first-class mail, or alternatively, by email if you have previously agreed to receive such notices electronically. If the breach involves:

  • 10 or more individuals for whom we have insufficient or out-of-date contact information, then we will provide substitute individual Notice of Breach by either posting the notice on the Zest website or by providing the notice in major print or broadcast media where the affected individuals likely reside.
  • Less than 10 individuals for whom we have insufficient or out-of-date contact information, then we will provide substitute Notice of Breach by an alternative form.

Your Notice of Breach shall be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and shall include, to the extent possible:

  • A description of the breach.
  • A description of the types of information that were involved in the breach.
  • The steps you should take to protect yourself from potential harm.
  • A brief description of what we are doing to investigate the breach, mitigate the harm, and prevent further breaches.
  • Our relevant contact information.
 

Additionally, for any substitute Notice of Breach provided via web posting or major print or broadcast media, the Notice of Breach shall include a phone number for you to contact us to determine if your protected health information was involved in the breach.

4. Changes to This Notice. We can change the terms of this Notice at any time. If we do, the new terms and policies will be effective for all of the medical information we already have about you as well as any information we receive in the future. We will send you a copy of the revised notice.

5. Complaints. If you believe your privacy rights have been violated, you may file a complaint with Zest or with the Secretary of the Department of Health and Human Services. To file a complaint with Zest, contact the person listed in Part 8, below. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

6. Other Uses of Medical Information. Other uses and disclosures of medical information that are not covered by this Notice or the laws that apply to us will be made only with your written permission. If you grant us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we may be required to retain our records related to your benefit determinations and enrollment.

7. Effective Date. The effective date of this Notice is November 29, 2021.

8. Contact Information. All correspondence relating to the contents of this Notice should be directed as follows:

Attn: Vanessa Noel, CEO

PO Box 42223, Austin TX 78704

512-265-5336