Notice of Privacy Practices

EFFECTIVE SEPTEMBER 22, 2022

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

We understand the importance of privacy and are committed to maintaining the confidentiality of your health information. We make a record of the services we provide and may receive such records from others. We use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and to enable us to meet our professional and legal obligations to operate this clinical laboratory properly. We are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. This notice describes how Capital Nephrology Medical Group (the “Medical Group,” “we,” or “us”) may use and disclose your medical information. It also describes your rights and our legal obligations with respect to your medical information. If you have any questions about this Notice, please contact our Privacy Officer listed above.

How We May Use or Disclose Your Health Information Without Your Authorization

The record is the property of Medical Group, but the information in the health record belongs to you. The law permits us to use or disclose your health information for the following purposes:

1. Treatment. We can use your health information and share it with other professionals who are treating you.

2. Payment. We can use and disclose your health information to obtain payment for the services we provide. For example, we give your health plan the information it requires for payment. We may also disclose information to other health care providers to assist them in obtaining payment for services they have provided to you.

3. Health Care Operations. We may use and disclose your health information to operate our organization. For example, we may use and disclose this information to review and improve the quality of services, or the competence and qualifications of our professional staff. Or we may use and disclose this information to get your health plan to authorize services or referrals. We may also use and disclose this information as necessary for medical reviews, legal services and audits, including fraud and abuse detection and compliance programs and business planning and management. We may also share your health information with our “business associates,” such as our billing service, that perform administrative services for us. We have a written contract with each of these business associates that contains terms requiring them and their subcontractors to protect the confidentiality and security of your medical information. Although federal law does not protect health information, which is disclosed to someone other than another healthcare provider, health plan, healthcare clearinghouse, or one of their business associates, California law prohibits all recipients of healthcare information from further disclosing it except as specifically required or permitted by law. We may also share your information with other health care providers, health care clearinghouses or health plans that have a relationship with you, when they request this information to help them with their quality assessment and improvement activities, their patient-safety activities, their population-based efforts to improve health or reduce health care costs, protocol development, case management or care coordination activities, their review of competence, qualifications and performance of health care professionals, their training programs, their accreditation, certification or licensing activities, their activities related to contracts of health insurance or health benefits, or their health care fraud and abuse detection and compliance efforts.

4. Notification and Communication with Family. For certain health information you can tell us your choices about what we share. If you have a clear preference for how we share your information with your family, let us know. Tell us what you want us to do, and we will follow your instructions. You have the right and the choice to tell us to share information with your family, close friends, or others involved in your care.

5. Required by Law. As required by law, we will use and disclose your health information, but we will limit our use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will further comply with the requirement set forth below concerning those activities.

6. Public Health. We may, and are sometimes required by law to disclose your health information to public health authorities for purposes related to certain situations such as: preventing or controlling disease; health with product recalls; reporting adverse reactions to medications; reporting suspect abuse, neglect, or domestic violence; preventing or reducing a serious threat to anyone’s health or safety.

7. Health Oversight Activities. We may, and are sometimes required by law to disclose your health information to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by federal and California law.

8. Judicial and Administrative Proceedings. We may, and are sometimes required by law, to disclose your health information in the course of any administrative or judicial proceeding to the extent expressly authorized by a court or administrative order. We may also disclose information about you in response to a subpoena, discovery request or other lawful process after we exhaust reasonable efforts to notify you of the request and you fail to object, or if your objections are resolved by a court or administrative order.

9. Law Enforcement. We may be required by law to disclose your health information to a law enforcement official for purposes such as identifying of locating a suspect, fugitive, material witness or missing person, complying with a court order, warrant, grand jury subpoena and other law enforcement purposes.

10. Coroners. We may be required by law to disclose your health information to coroners in connection with their investigations of deaths.

11. Organ or Tissue Donation. We may disclose your health information to organizations involved in procuring, banking or transplanting organs and tissues.

12. Public Safety. We may, and are sometimes required by law, to disclose your health information to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.

13. Specialized Government Functions. We may disclose your health information for military or national security purposes or to correctional institutions or law enforcement officers that have you in their lawful custody.

14. Workers’ Compensation. We may disclose your health information as necessary to comply with workers’ compensation laws. For example, to the extent your care is covered by workers’ compensation, we will make periodic reports to your employer about your condition. We are also required by law to report cases of occupational injury or occupational illness to the employer or workers’ compensation insurer.

15. Change of Ownership. In the event that Medical Group is sold or merged with another organization, your health information/record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.

16. Breach Notification. In the case of a breach of unsecured protected health information, we will notify you as required by law. If you have provided us with a current email address, we may use email to communicate information related to the breach. In some circumstances our business associate may provide the notification. We may also provide notification by other methods as appropriate.

17. Research. We may disclose your health information to researchers conducting research with respect to which your written authorization is not required as approved by an Institutional Review Board or privacy board, in compliance with governing law.

18. De-identified Information. We may use your health information for the purpose of creating de-identified information, in compliance with governing law. De-identified information is information that does not identify you and that we reasonably believe cannot be used to identify you. De-identified information may be used by Medical Group for research or other operational purposes.

When Medical Group May Use or Disclose Your Health Information With Your Written Authorization

1. Marketing. Provided we do not receive any payment for making these communications, and with your prior written authorization, we may contact you to encourage you to purchase or use products or services related to your treatment, case management or care coordination, or to direct or recommend other treatments, therapies, health care providers or settings of care that may be of interest to you. We may similarly describe products or services provided by Medical Group. We will not otherwise use or disclose your medical information for marketing purposes or accept any payment for other marketing communications without your prior written authorization. The authorization will disclose whether we receive any financial compensation for any marketing activity you authorize, and we will stop any future marketing activity to the extent you revoke that authorization.

2. Sale of Health Information. We will not sell your health information without your prior written authorization. The authorization will disclose that we will receive compensation for your health information if you authorize us to sell it, and we will stop any future sales of your information to the extent that you revoke that authorization.

3. Highly Confidential Information. Federal and California law requires special privacy protections for certain highly confidential information about you (“Highly Confidential Information”), including the subset of your health information that: (1) is maintained in psychotherapy notes; (2) is about mental health and developmental disabilities services; (3) is about alcohol and drug abuse prevention, treatment, and referral; (4) is about HIV/AIDS testing, diagnosis or treatment; (5) is about communicable disease(s); (6) is about genetic testing; (7) is about child abuse or neglect; (8) is about domestic and elder abuse; or (9) is about sexual assault. In order for your Highly Confidential Information to be disclosed for a purpose other than those permitted by law, your written authorization is required.

When Medical Group May Not Use or Disclose Your Health Information

Except as described in this Notice of Privacy Practices, Medical Group will, consistent with its legal obligations, not use or disclose health information, which identifies you without your written authorization. If you do authorize Medical Group to use or disclose your health information for another purpose, you may revoke your authorization in writing at any time.

Your Health Information Rights

1. Right to Request Special Privacy Protections. You have the right to request restrictions on certain uses and disclosures of your health information by a written request specifying what information you want to limit, and what limitations on our use or disclosure of that information you wish to have imposed. If you tell us not to disclose information to your commercial health plan concerning healthcare items or services for which you paid for in full out-of-pocket, we will abide by your request, unless we must disclose the information for treatment or legal reasons. We reserve the right to accept or reject any other request, and will notify you of our decision.

2. Right to Request Confidential Communications. You have the right to request that you receive your health information in a specific way or at a specific location. For example, you may ask that we send information to a particular email account or to your work address. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications.

3. Right to Inspect and Copy. You have the right to inspect and copy your health information, with limited exceptions. To access your health information, you must submit a written request detailing what information you want access to, whether you want to inspect it or get a copy of it, and if you want a copy, your preferred form and format. We will provide copies in your requested form and format if it is readily producible, or we will provide you with an alternative format you find acceptable, or if we cannot agree, and we maintain the record in an electronic format, we will provide your health information in your choice of a readable electronic or hardcopy format. We will also send a copy to any other person you designate in writing. We will charge a reasonable fee, which covers our costs for labor, supplies, postage, and if requested and agreed to in advance, the cost of preparing an explanation or summary, as allowed by federal and California law. We may deny your request under limited circumstances. If we deny your request to access your child’s records or the records of an incapacitated adult you are representing because we believe allowing access would be reasonably likely to cause substantial harm to the patient, you will have a right to appeal our decision.

4. Right to Amend or Supplement. You have a right to request that we amend your health information that you believe is incorrect or incomplete. You must make a request to amend in writing, and include the reasons you believe the information is inaccurate or incomplete. We are not required to change your health information, and will provide you with information about a denial and how you can disagree with the denial. We may deny your request if we do not have the information, if we did not create the information (unless the person or entity that created the information is no longer available to make the amendment), if you would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. If we deny your request, you may submit a written statement of your disagreement with that decision, and we may, in turn, prepare a written rebuttal. You also have the right to request that we add to your record a statement of up to 250 words concerning anything in the record you believe to be incomplete or incorrect. All information related to any request to amend or supplement will be maintained and disclosed in conjunction with any subsequent disclosure of the disputed information.

5. Right to an Accounting of Disclosures. You have a right to receive an accounting of disclosures of your health information made by Medical Group, except that we do not have to account for certain disclosures including, but not limited to, disclosures provided to you or pursuant to your written authorization, disclosures for purposes of research or public health which exclude direct patient identifiers, disclosures which are incident to a use or disclosure otherwise permitted or authorized by law, or disclosures to a health oversight agency or law enforcement official to the extent this Medical Group has received notice from that agency or official that providing this accounting would be reasonably likely to impede their activities.

6. Notice. You have a right to notice of our legal duties and privacy practices with respect to your health information, including a right to a paper copy of this Notice of Privacy Practices, even if you have previously requested its receipt by email. If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, contact our Privacy Officer listed at the top of this Notice of Privacy Practices.

Changes to this Notice of Privacy Practices

We reserve the right to amend our privacy practices and the terms of this Notice of Privacy Practices at any time in the future. Until such amendment is made, we are required by law to comply with this Notice. After an amendment is made, the revised Notice of Privacy Protections will apply to all protected health information that we maintain, regardless of when it was created or received. When changes are made, we will promptly update this notice and post the updated information on the Medical Group website at www.capitalnephrology.com. Please review the website periodically to ensure that you are aware of such updates.

Complaints

Complaints about this Notice of Privacy Practices or how we handle your health information should be directed to our Privacy Officer listed at the top of this Notice of Privacy Practices. If you are not satisfied with the manner in which this office handles a complaint, you may submit a formal complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

ACKNOWLEDGEMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

333 University Avenue STE. 120
Sacramento, CA 95825
Privacy Officer: Jenny Xiong
(916) 929-8564
jenny.xiong@capitalnephrology.com

I hereby acknowledge that I received a copy of Medical Group’s Notice of Privacy Practices. I further acknowledge that a copy of the current notice and a copy of any amended Notice of Privacy Practices will be available at Medical Group’s website at www.capitalnephrology.com.

Signed: ______________________________

Date: ______________________________

Print Name: ______________________________

Telephone: ______________________________

If not signed by the patient, please indicate relationship:

___ guardian or conservator of an incompetent patient

Name of Patient: ____________________________________________________