Effective: December 1, 2022
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (the “Notice”) describes how the KMG Medical Group affiliates listed on the last page1 (called the “Affiliates,” “we,” or “our” in this Notice) may use and disclose your protected health information (also called "PHI"). PHI is information about you that identifies you and relates to your past, present or future physical health or condition, treatment, or payment for health care services. This Notice also describes your rights related to your own PHI.
The Affiliates provide medical services to customers of Thirty Madison, Inc. d/b/a Keeps, Cove, Nurx, and Facet and 30M One, Inc. d/b/a Picnic. Thirty Madison manages the Affiliates and will follow this Notice for all of your PHI. Thirty Madison also provides non-medical services to its customers. A different privacy policy describes the Thirty Madison privacy practices for non-medical services, which can be found at https://patient.thirtymadison.com/dashboard/legals/privacy-keeps.
USES AND DISCLOSURES OF PHI:
TREATMENT: We may use your PHI to provide, coordinate, and manage your health care and any related services. We may also disclose your PHI to others who need that information to treat you, or that assist in the coordination or management of your health care. For example, we may provide your PHI to a health care provider to whom you have been referred.
PAYMENT: We may use and disclose your PHI to get paid for the services we provided to you. For example, your health plan or health insurance company may ask to see parts of your medical record before they will pay us for your treatment.
HEALTH CARE OPERATIONS: We may use or disclose your PHI to support our business activities. For example, we may use your PHI to conduct quality improvement activities, to obtain audit, accounting or legal services, or to conduct business management and planning.
The Affiliates send prescriptions to and share PHI with the pharmacies, including those that are managed by Thirty Madison, called AFA Pharmacy, LLC, Propel Pharmacy, LLC, and Propel Pharmacy Ohio, LLC. Because Thirty Madison manages the Affiliates and the pharmacies, your PHI will be used for joint activities between the Affiliates and the pharmacies, such as quality improvement.
USES AND DISCLOSURES THAT DO NOT REQUIRE YOUR AUTHORIZATION: We may use or disclose your PHI in other situations without your authorization: as required by law; for public health purposes (such as communicable disease reporting or reporting adverse drug events to the FDA); for health care oversight purposes (such as medical board licensure); for abuse or neglect reporting; in connection with legal and administrative proceedings (such as responding to subpoenas and court orders); for public safety and law enforcement purposes (such as responding to search warrants and grand jury subpoenas); to coroners, medical examiners, funeral directors and organ donation agencies; for certain research purposes (such as identifying individuals who may want to participate in a clinical trial); for certain military, veterans, and national security purposes; and for workers’ compensation reporting.
State law may place additional limitations on the disclosure of your PHI. For example, some types of sensitive health information such as HIV information, genetic information, alcohol and/or substance abuse records and mental health records may be subject to additional confidentiality protections under state law. We will abide by any applicable state privacy laws when using and disclosing your PHI.
USES AND DISCLOSURES THAT REQUIRE YOUR AUTHORIZATION: We will not use or disclose your PHI for a purpose not described in this Notice unless we have your written authorization or unless we are legally permitted to do so. For example, without your authorization, we will not sell your PHI.
If you provide us with an authorization for certain uses and disclosures of your information, you may take back that authorization any time, unless we have already relied on your permission to use or disclose your information. If you want to take back your authorization, please send a written request to the Privacy Officer at the contact information at the end of this Notice.
YOUR RIGHTS WITH RESPECT TO YOUR PHI:
RIGHT TO REQUEST YOUR PHI: You have the right to look at your own PHI and to get a copy of that information. (The law requires us to keep the original record.) This includes your medical record, your billing record, and other records we use to make decisions about your care. If you request a paper copy of your information, we may charge you for our costs to copy the information, but we will tell you in advance what this copying will cost. If you want an electronic copy of your information, we will not charge you for that, unless you request a copy on CD. You can look at your record at no cost.
RIGHT TO REQUEST AMENDMENT OF PHI: If you look at your information and believe that some of the information is wrong or incomplete, you may ask us to amend your record.
RIGHT TO GET A LIST OF CERTAIN DISCLOSURES OF YOUR PHI: You have the right to ask for a list of many of the disclosures we make of your PHI. We will provide the first list to you free, but we may charge you for any additional lists you request during the same year. We will tell you in advance what this list will cost.
RIGHT TO REQUEST RESTRICTIONS ON HOW WE USE OR DISCLOSE YOUR PHI FOR TREATMENT, PAYMENT, OR HEALTH CARE OPERATIONS: You have the right to ask us not to make uses or disclosures of your PHI for treatment, payment or health care operations (which are described in the Notice above). At your request, we are required to agree not to disclose PHI to your health plan if the PHI deals solely with a health care item or service for which you (or someone else on your behalf) have paid in full out of pocket. We are not required to agree to other requests, but if we do agree, we will comply with that agreement. Your request must be in writing and detail the restriction you request.
RIGHT TO REQUEST CONFIDENTIAL COMMUNICATIONS: You have the right to ask us to communicate with you in a way you feel is more confidential. For example, you can ask us not to call your home. Please note if you ask us to communicate with you by email or text, those communications may not be secure.
You may exercise any of these rights by sending a written request to the Privacy Officer at the contact information listed at the end of this Notice.
SOCIAL MEDIA ACCOUNT SIGN ON: To the extent that you choose to use a social media account application (such as Google, Meta/Facebook, or Apple) to create your online account with Thirty Madison, you understand that if another person has access to your social media account, they will also have access to your account on the Thirty Madison site. That means that other person could access PHI in your account. It’s your decision about whether to give another person access to your social media account and whether to use that account to sign on to Thirty Madison.
REVISIONS TO THIS NOTICE: From time to time, we may change our practices concerning how we use or disclose PHI, or how we will implement patient rights. We reserve the right to revise this Notice and to make the revised Notice effective for PHI we already have about you and any PHI we receive in the future. Any changes to this Notice will be posted on the Thirty Madison website.
COPY OF THIS NOTICE: You are entitled to a paper copy of the Notice currently in effect.
QUESTIONS OR COMPLAINTS: We are committed to maintaining the privacy of your protected health information. If you have any questions or complaints about this Notice or how we handle your PHI, please contact our HIPAA Privacy Officer at 844-990-0267 or via email at privacy@thirtymadison.com.
Or write us by U.S. postal mail at the following address:
Thirty Madison, Inc.
82 Nassau St #61392
New York, NY 10038
You may also file a complaint with the federal government. We will not penalize you or retaliate against you in any way for filing a complaint with the federal government.
We are required by law to give you this Notice and to follow the term of the Notice that is currently in effect. We are also required to notify you if there is a breach of your unsecured PHI.
1The KMG Medical Group affiliates include the following legal entities: