PRIVACY POLICY, MEDICAL PRIVACY NOTICE & NOTICE OF HIPAA COMPLIANCE

Buenrostro by Verita S.A.P.I. de C.V. (with a commercial name as ‘Evolve by Verita’)’s Privacy Policy

General

This privacy policy is to inform users how their ‘Personally identifiable information’ (PII) is being used by this website. PII is data that may, partially or wholly used to identify, contact, or locate an individual, or to identify an individual in some context.

This website will collect, use, protect or otherwise handle your PII in accordance with the terms contained in this Privacy Policy.

 

What personal data do we collect from the people that visit our blog or website?
When ordering or registering on our site, you will be asked to enter your name, email address or other details.

When do we collect your data?

We collect data from you when you subscribe to a newsletter, fill out a form or enter data on our site.

How do we use your data?
We may use the data we collect from you when you register, make a purchase, sign up for our newsletter, respond to a marketing email or survey, surf the website, or use some other site features. We may

• Personalize the user’s experience to allow us to deliver the type of content and product offerings in which you are most interested.
• Improve our service to you in responding to your customer service inquiries.
• Email you regarding an order, or periodically regarding other products and services.

How do we protect user data?
We do not use vulnerability scanning and/or scanning to PCI standards.

We do not collect any sensitive data and so do not use an SSL certificate.

About ‘cookies’?
These data packets sit on your device hard drive that enables our site’s to recognize your browser and capture and record certain information. They also help understand your preferences based on previous or current site activity, enabling us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

• Understand and record user’s activity and preferences for future visits.
• Compile aggregated data about the activity of site traffic and actions to offer improved on-site experience and tools in the future. We may also engage third party services that track this data on our behalf.

You can set a warning each time a cookie is being sent, or you block our cookies. You do this through your browser (eg Chrome ) settings.

Disabled cookies may impair user experience, some of our services may not function properly.

Third party external links
Occasionally we may include or offer third party products or services on our website. These third party sites have their own independent privacy policies outside of our control. We therefore have no responsibility or liability for the content and activities of these linked sites. If any of these sites act irresponsibly or illegally inform us immediately.

Third Party Trade, we do not collect any sensitive data around Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.

Google
Google’s advertising requirements are covered by Google’s Advertising Principles. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We use Website based Google AdSense Advertising. Google uses cookies to decide which sites can serve ads. The DART cookie enables users receive customize ads based on their visit to our site and other online sites. Users may update or opt out of the use of the DART via the Google ad and content network privacy policy.

We use the following:

• Remarketing via Google AdSense, we, along with external vendors, e.g. GY Google cs Analytics and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.

Opting out: Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.

California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable data from California consumers to post a conspicuous privacy policy on its website stating exactly the data being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA we agree to the following:

Users can visit our site anonymously

Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.

Our Privacy Policy link includes the word ‘Privacy’, and can be easily be found on the page specified above.

Users will be notified of any privacy policy changes:

• On our Privacy Policy Page

Users are able to change their personal information:

• By calling us

How does our site handle do not track signals?

We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third party behavioral tracking?

No

Fair Information Practices
The Fair Information Practices and Principles cover privacy law in the United States. Understanding the Fair Information Practice Principles and their use is critical for compliance with the various personal information privacy laws.

In order to be in line with Fair Information Practices we undertake to respond as, should a data breach occur:

On site notification, clearly posted within 7 business days.

We agree to allow individual redress, granting the right for an individual to pursue their legally enforceable rights against any data collector or processor in breach of the law. This also grants individuals recourse to courts or a government agency to investigate and/or prosecute such non-compliance.

CAN SPAM Act
The CAN-SPAM Act is a law defining rules and requirements for commercial email and messages, gives recipients the right to stop emails from being sent to them, and sets out penalties for various violations.

We collect your email address to:

• Send you information and respond to your inquiries, requests or questions.
• Send direct marketing to our mailing list, or send emails to our clients, even after the original transaction is completed.

To be in compliance with CANSPAM we agree to the following:

• NOT to use false, or misleading subject lines or sender email addresses
• Reasonably identify the message as an advertisement
• Include the physical address of our business
• Monitor third party email marketing services for compliance.
• Honor unsubscribe or opt out requests promptly
• Include a clearly marked unsubscribe link at the bottom of each email

If at any time you would like to unsubscribe from receiving future emails, you can

• Click the unsubscribe link at the bottom of each email and follow the simple instructions

COPPA (Children Online Privacy Protection Act)
Children under 13 are protected by the Children’s Online Privacy Protection Act (COPPA). The Federal Trade Commission (FTC) enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not market specifically to children under 13.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Privacy Notice is being provided to you as a requirement of a federal law, the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Notice describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information in some cases. Your “protected health information” means any written and oral health information about you, including demographic data that can be used to identify you. This is health information that is created or received by your health care provider, and that relates to your past, present or future physical or mental health or condition.

1. Uses and Disclosures of Protected Health Information

This office may use your protected health information for purposes of providing treatment, obtaining payment for treatment, and conducting health care operations. Your protected health information may be used or disclosed only for these purposes unless the facility has obtained your authorization or the use or disclosure is otherwise permitted by the HIPAA privacy regulations or state law. Disclosures of your protected health information for the purposes described in this Privacy Notice may be made in writing, orally, or by facsimile.

1. We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party for treatment purposes. For example, we may disclose your protected health information to a pharmacy to fill a prescription or to a laboratory to order a blood test. We may also disclose protected health information to physicians who may be treating you or consulting with the facility with respect to your care. In some cases, we may also disclose your protected health information to an outside treatment provider for purposes of the treatment activities of the other provider.
2. Your protected health information will be used, as needed, to obtain payment for the services that we provide. This may include certain communications to your health insurance company to get approval for the procedure that we have scheduled. For example, we may need to disclose information to your health insurance company to get prior approval for the surgery. We may also disclose protected health information to your health insurance company to determine whether you are eligible for benefits or whether a particular service is covered under your health plan. In order to get payment for the services we provide to you, we may also need to disclose your protected health information to your health insurance company to demonstrate the medical necessity of the services or, as required by your insurance company, for utilization review. We may also disclose patient information to another provider involved in your care for the other provider’s payment activities. This may include disclosure of demographic information to anesthesia care providers for payment of their services.
3. We may use or disclose your protected health information, as necessary, for our own health care operations to facilitate the function of this office and to provide quality care to all patients. Health care operations include such activities as: quality assessment and improvement activities, employee review activities, training programs including those in which students, trainees, or practitioners in health care learn under supervision, accreditation, certification, licensing or credentialing activities, review and auditing, including compliance reviews, medical reviews, legal services and maintaining compliance programs, and business management and general administrative activities.

In certain situations, we may also disclose patient information to another provider or health plan for their health care operations.

1. Other Uses and Disclosures.As part of treatment, payment and health care operations, we may also use or disclose your protected health information for the following purposes: to remind you of your surgery date, to inform you of potential treatment alternatives or options, to inform you of health-related benefits or services that may be of interest to you, or to contact you to raise funds for the facility or an institutional foundation related to the facility. If you do not wish to be contacted regarding fundraising, please contact our Privacy Officer.

1. Uses and Disclosures Beyond Treatment, Payment, and Health Care Operations Permitted Without Authorization or Opportunity to Object

Federal privacy rules allow us to use or disclose your protected health information without your permission or authorization for a number of reasons including the following:

1. When Legally Required.We will disclose your protected health information when we are required to do so by any federal, state or local law.
2. When There Are Risks to Public Health.We may disclose your protected health information for the following public activities and purposes:

• To prevent, control, or report disease, injury or disability as permitted by law.
• To report vital events such as birth or death as permitted or required by law.
• To conduct public health surveillance, investigations and interventions as permitted or required by law.
• To collect or report adverse events and product defects, track FDA regulated products, enable product recalls, repairs or replacements to the FDA and to conduct post marketing surveillance.
• To notify a person who has been exposed to a communicable disease or who may be at risk of contracting or spreading a disease as authorized by law.
• To report to an employer information about an individual who is a member of the workforce as legally permitted or required.

1. To Report Suspended Abuse, Neglect Or Domestic Violence.We may notify government authorities if we believe that a patient is the victim of abuse, neglect or domestic violence. We will make this disclosure only when specifically required or authorized by law or when the patient agrees to the disclosure.
2. To Conduct Health Oversight Activities.We may disclose your protected health information to a health oversight agency for activities including audits; civil, administrative, or criminal investigations, proceedings, or actions; inspections; licensure or disciplinary actions; or other activities necessary for appropriate oversight as authorized by law. We will not disclose your health information under this authority if you are the subject of an investigation and your health information is not directly related to your receipt of health care or public benefits.
3. In Connection With Judicial And Administrative Proceedings. We may disclose your protected health information in the course of any judicial or administrative proceeding in response to an order of a court or administrative tribunal as expressly authorized by such order. In certain circumstances, we may disclose your protected health information in response to a subpoena to the extent authorized by state law if we receive satisfactory assurances that you have been notified of the request or that an effort was made to secure a protective order.
4. For Law Enforcement Purposes.We may disclose your protected health information to a law enforcement official for law enforcement purposes as follows:

• As required by law for reporting of certain types of wounds or other physical injuries.
• Pursuant to court order, court-ordered warrant, subpoena, summons or similar process.
• For the purpose of identifying or locating a suspect, fugitive, material witness or missing person.
• Under certain limited circumstances, when you are the victim of a crime.
• To a law enforcement official if the facility has a suspicion that your health condition was the result of criminal conduct.
• In an emergency to report a crime.

1. To Coroners, Funeral Directors, and for Organ Donation.We may disclose protected health information to a coroner or medical examiner for identification purposes, to determine cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. Protected health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes.
2. For Research Purposes.We may use or disclose your protected health information for research when the use or disclosure for research has been approved by an institutional review board that has reviewed the research proposal and research protocols to address the privacy of your protected health information.
3. In the Event of a Serious Threat to Health or Safety.We may, consistent with applicable law and ethical standards of conduct, use or disclose your protected health information if we believe, in good faith, that such use or disclosure is necessary to prevent or lessen a serious and imminent threat to your health or safety or to the health and safety of the public.
4. For Specified Government Functions.In certain circumstances, federal regulations authorize the facility to use or disclose your protected health information to facilitate specified government functions relating to military and veterans activities, national security and intelligence activities, protective services for the President and others, medical suitability determinations, correctional institutions, and law enforcement custodial situations.
5. For Worker’s Compensation.The facility may release your health information to comply with worker’s compensation laws or similar programs.

 

III. Uses and Disclosures Permitted without Authorization but with Opportunity to Object

We may disclose your protected health information to your family member or a close personal friend if it is directly relevant to the person’s involvement in your surgery or payment related to your surgery. We can also disclose your information in connection with trying to locate or notify family members or others involved in your care concerning your location, condition or death.

You may object to these disclosures. If you do not object to these disclosures or we can infer from the circumstances that you do not object or we determine, in the exercise of our professional judgment, that it is in your best interests for us to make disclosure of information that is directly relevant to the person’s involvement with your care, we may disclose your protected health information as described.

1. Uses and Disclosures which you Authorize

Other than as stated above, we will not disclose your health information other than with your written authorization. You may revoke your authorization in writing at any time except to the extent that we have taken action in reliance upon the authorization.

1. Your Rights

You have the following rights regarding your health information:

1. The right to inspect and copy your protected health information.You may inspect and obtain a copy of your protected health information that is contained in a designated record set for as long as we maintain the protected health information. A “designated record set” contains medical and billing records and any other records that your surgeon and the facility uses for making decisions about you. Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding; and protected health information that is subject to a law that prohibits access to protected health information. Depending on the circumstances, you may have the right to have a decision to deny access reviewed.

We may deny your request to inspect or copy your protected health information if, in our professional judgment, we determine that the access requested is likely to endanger your life or safety or that of another person, or that it is likely to cause substantial harm to another person referenced within the information. You have the right to request a review of this decision.

To inspect and copy your medical information, you must submit a written request to the Privacy Officer whose contact information is listed on the last page of this Privacy Notice. If you request a copy of your information, we may charge you a fee for the costs of copying, mailing or other costs incurred by us in complying with your request.

Please contact our Privacy Officer if you have questions about access to your medical record.

1. The right to request a restriction on uses and disclosures of your protected health information.You may ask us not to use or disclose certain parts of your protected health information for the purposes of treatment, payment or health care operations. You may also request that we not disclose your health information to family members or friends who may be involved in your care or for notification purposes as described in this Privacy Notice. Your request must state the specific restriction requested and to whom you want the restriction to apply.

The facility is not required to agree to a restriction that you may request. We will notify you if we deny your request to a restriction. If the facility does agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment. Under certain circumstances, we may terminate our agreement to a restriction. You may request a restriction by contacting the Privacy Officer.

1. The right to request to receive confidential communications from us by alternative means or at an alternative location.You have the right to request that we communicate with you in certain ways. We will accommodate reasonable requests. We may condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact. We will not require you to provide an explanation for your request. Requests must be made in writing to our Privacy Officer.
2. The right to request amendments to your protected health information.You may request an amendment of protected health information about you in a designated record set for as long as we maintain this information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Requests for amendment must be in writing and must be directed to our Privacy Officer. In this written request, you must also provide a reason to support the requested amendments.
3. The right to receive an accounting.You have the right to request an accounting of certain disclosures of your protected health information made by the facility. This right applies to disclosures for purposes other than treatment, payment or health care operations as described in this Privacy Notice. We are also not required to account for disclosures that you requested, disclosures that you agreed to by signing an authorization form, disclosures for a facility directory, to friends or family members involved in your care, or certain other disclosures we are permitted to make without your authorization. The request for an accounting must be made in writing to our Privacy Officer. The request should specify the time period sought for the accounting. We are not required to provide an accounting for disclosures that take place prior to April 14, 2003. Accounting requests may not be made for periods of time in excess of six years. We will provide the first accounting you request during any 12-month period without charge. Subsequent accounting requests may be subject to a reasonable cost-based fee.
4. The right to obtain a paper copy of this notice.Upon request, we will provide a separate paper copy of this notice even if you have already received a copy of the notice or have agreed to accept this notice electronically.

 

1. Our Duties

The facility is required by law to maintain the privacy of your health information and to provide you with this Privacy Notice of our duties and privacy practices. We are required to abide by terms of this Notice as may be amended from time to time. We reserve the right to change the terms of this Notice and to make the new Notice provisions effective for all future protected health information that we maintain. If the facility changes its Notice, we will provide a copy of the revised Notice by sending a copy of the revised Notice via regular mail or through in-person contact.

VII. Complaints

You have the right to express complaints to the facility and to the Secretary of Health and Human Services if you believe that your privacy rights have been violated. You may complain to the facility by contacting the facility’s Privacy Officer verbally or in writing. We encourage you to express any concerns you may have regarding the privacy of your information. You will not be retaliated against in any way for filing a complaint.