Updated: 7/10/2024
This Privacy Policy describes how Nutrition as Therapy Inc., hereinafter referred to as the "Organization," collects, uses, and protects the privacy of individually identifiable health information sent via text messages in compliance with the Health Insurance Portability and Accountability Act (HIPAA).
- Information Collected:
- Protected Health Information (PHI):
The Organization may collect and use individually identifiable health information as defined by HIPAA, including but not limited to patient names, medical records, treatment information, and any other information that identifies an individual. - Other Information:
The Organization may also collect non-PHI information related to the communication process, such as phone numbers, dates, and times of messages.
- Protected Health Information (PHI):
- Purpose of Collection:
- Treatment, Payment, and Operations:
The Organization will use PHI for the purpose of providing healthcare services, processing payments, and conducting necessary operations related to patient care. - Communication:
Text messages may be used for appointment reminders, treatment plans, prescription information, and other healthcare-related communications.
- Treatment, Payment, and Operations:
- Use and Disclosure:
- Authorized Personnel:
PHI will only be accessible and disclosed to authorized personnel involved in the patient's care, payment, or healthcare operations. - Consent:
The Organization will obtain written consent from patients before sending text messages containing PHI. The phone numbers collected for the SMS consent will never be shared with third parties or affiliates under any circumstances.
- Authorized Personnel:
- Security Measures:
- Access Controls:
Access to PHI will be restricted to authorized personnel through secure login credentials.
- Access Controls:
- Retention and Disposal:
PHI will be retained for the minimum period required by HIPAA regulations and securely disposed of when no longer needed. - Patient Rights:
Patients have the right to access their PHI, request corrections, and receive an accounting of disclosures. - Breach Notification:
In the event of a breach involving PHI, affected individuals and regulatory authorities will be notified in accordance with HIPAA requirements. - Changes to the Privacy Policy:
Any changes to this Privacy Policy will be communicated to affected individuals and posted on the Organization's website. - Contact Information:
For questions or concerns regarding this Privacy Policy or the use of text messages for healthcare communications,
please contact: Cristina Espinosa