Renalogic Notice of Privacy Practices
Effective Date: 3/12/2021
This Notice of Privacy Practices (“Notice”) is intended to give notice of how Renalogic, Inc. (“Renalogic,” “We” or “Us”) uses and discloses Personally Identifiable Information, including Protected Health Information. It is also intended to describe how individuals may exercise their rights with respect to their Personally Identifiable Information.
Why Do We Publish this Notice?
This Notice Renalogic is principally but not solely intended for purposes of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, and their implementing regulations (collectively “HIPAA”). This Notice is intended to be interpreted consistently with HIPAA.
Renalogic is not a Covered Entity under HIPAA. We provide Our services by contract with Health Plans, which are Covered Entities. Under HIPAA We are the Business Associate of these Health Plans. Each Health Plan is primarily responsible for compliance with HIPAA for the Protected Health Information of the individuals covered by the Health Plan (“Members”).
Our Health Plan clients have authorized Us to use and disclose their Protected Health Information in compliance with HIPAA and Our Business Associate Agreements with each Health Plan. We are required by law to maintain the privacy of Protected Health Information, and to abide by the terms of this Notice as currently in effect. We are not legally required to publish this Notice but have chosen to do so as part of our commitment to ethical business practices.
We do not provide consumer services. Individuals cannot purchase or acquire services from Renalogic. Renalogic provides its services only through Health Plans, to their covered Members. The Health Plan is responsible for contracting and paying for Renalogic’s services to its Members. Only individuals who are Health Plan Members may receive services from Renalogic.
We operate within the United States and do not provide services outside it.
Who Does This Notice Apply To?
This Notice applies to:
- Individuals who submit information through our website (“Website Users”). Website Users may contact Renalogic through our website to request information about Renalogic and its services for potential acquisition by or for Health Plans, not for individual acquisition. Website Users may not seek or acquire services from Renalogic individual, family or household use.
- Members who are participating in or covered by one or more of our Services (“Members”). Our Services include the following:
- The Kidney Disease Avoidance Program/Kidney Disease Prevention Program (“KDAP”).
- The Laboratory Services Program.
- The Member Advocacy Program.
- The Cost Containment Program.
This website is not a Renalogic service for Members.
Website User Privacy Information.
How Do We Collect, Use and Disclose Information About Website Users?
The only information We collect about Website Users is through the “Contact Us” page on Our website (“Website User Information”). This information is not Protected Health Information and is submitted voluntarily by each Website User. We are not responsible for any content submitted by any Website User. We do not solicit or accept requests from Website Users for potential acquisition of Renalogic services by individuals.
The information provided by a Website User is a limited set of Personally Identifiable Information for contact purposes (“Website User PII”). We may use or disclose Website User PII to contact the individual identified as the Website User in response to the submission of an inquiry through the “Contact Us” page. We may also use Website User PII for Our own internal business purposes such as website and Company administration, auditing, quality assurance, and improving Our Website, services or promotional efforts.
We do not sell Website User PII. We may disclose Website User PII to the company identified by the Website User in an inquiry as part of follow-up to the inquiry. We may also disclose Website User PII to third parties for purposes such as website and Company administration, auditing, quality assurance, and improving Our Website, services or promotional efforts. We may disclose Website User PII if required by law, or for purposes of regulatory inquiries or investigation or legal proceedings.
Can Website Users Request Changes to their PII?
Yes. If you have submitted an inquiry through Our “Contact Us” form on the Website and would like to change information you have provided in that inquiry, please send a written request to Us at Our contact address in this Notice below.
You must provide all the information submitted in your Website inquiry and specify the change(s) you request. You may only request a change to information which has already been received by Renalogic. You must provide satisfactory proof that you are the individual who is the subject of the Website User PII. Renalogic will either accept or reject a requested change within thirty (30) days of receipt, in Renalogic’s reasonable discretion.
Does Renalogic Track Website Users’ Activities?
We may track Website User activity on our Website using Google Analytics tags. These tags track a Website User’s path through Our web pages on the Website, and whether or not the Website User completes “Contact Us” information. We also use tags with on LinkedIn for tracking activity with respect to Our advertisement and certain posts on that service, which We may correlate with Google Analytics tags for activities on Our Website.
Website User activity information is not Website User PII unless it has been identified with a Website User who has provided identification information through Our “Contact Us” web page. We do not identify Website Users who do not complete the “Contact Us” information. We identify Website Users who submit “Contact Us” information through information provided through that web page.
Can Website Users Opt-Out of Website Usage Tracking?
No. Because We do not identify Website Users who do not provide identification information and Our tracking of Website activity is very limited, We do not maintain processes to respond to “do not track” signals or otherwise permit Website Users to opt-out of Website usage tracking.
Member Privacy Information.
How Do We Collect Protected Health Information About Members?
The information We collect about Members (“Member Information”) depends upon the Services their Health Plan has contracted for with Us. All such Member information is Protected Health Information which is subject to HIPAA and the Business Associate Agreement We have with the Member’s Health Plan.
Member information typically includes contact and demographic information. It may also include information about the Member’s health condition, health care provided to the Member, and payment for the Member’s health care.
We may collect Protected Health Information from a Member’s Health Plan, the Health Plan’s administrator, or the Health Plan’s service providers or advisors. Depending on the Service We may also collect Protected Health Information from the Member, or from the Member’s health care providers. In some cases we may collect personally identifiable information about a Member from other sources, including public sources. Once it is in our possession any such information is considered Protected Health Information.
We do not collect genetic information (as defined under HIPAA) or information from substance use disorder (alcohol and drug) treatment programs.
How Do We Use and Disclose Protected Health Information?
Our use and disclosure of Protected Health Information is limited to purposes authorized under HIPAA and Our Business Associate Agreement. Depending on the Service We may use or disclose Protected Health Information for Services purposes:
- To assist the Member’s Health Plan in developing, implementing and administering strategies and programs to improve the health of Health Plan members, or reduce the Health Plan’s costs. Under HIPAA, these are authorized as Health Care Operations activities.
- To assist the Member’s Health Plan in determining payments for health care for the Member, administering and responding to claims and inquiries about such payments, and related activities. Under HIPAA, these are authorized as Payment activities.
- To provide the Member with access to laboratory testing and to conduct health assessments, counseling, and education about the Member’s health conditions and care and treatment alternatives, and to help coordinate the Member’s care and communicate with health care providers in support of the Member. Under HIPAA some of these activities are authorized as Treatment activities, and some as Health Care Operations activities.
- To provide the Member with information and education about available programs and resources to help with issues affecting their health and coverage for their health care and communicating with community and governmental resources in support of the Member. Under HIPAA these are authorized as a Health Care Operations activities.
As part of the Services We may disclose Protected Health Information to the employer or other organization which sponsors the Health Plan for purposes permitted under Your Health Plan’s plan documents and Our Business Associate Agreement with the Health Plan. HIPAA requires such an employer to ensure that its employees who receive such information only use or disclose it as necessary to perform certain plan administration functions or as otherwise required by HIPAA, unless the Member authorizes other disclosures. In such a case a Member’s Protected Health Information cannot be used for employment purposes without the Member’s specific authorization.
We may also use or disclose Protected Health Information for purposes of Our own proper management and administration, to fulfill our legal responsibilities, or if We are required to do so by law. These may include such purposes as management and administration of our Services, business processes and information systems; financial, employee and contractor management, and fulfilling our legal obligations including those under HIPAA and our Business Associate Agreement.
Other types of uses or disclosures will be made only if and to the extent permitted by HIPAA and the applicable Business Associate Agreement, and in some cases based on Member authorization. We do not sell Protected Health Information or use it for fund-raising or marketing purposes.
What Rights Do Members Have with Respect to Their Protected Health Information?
HIPAA provides a number of rights for individuals with respect to their Protected Health Information. A Member’s Health Plan is principally responsible for these. Under Our Business Associate Agreements We are required to refer such requests to the Health Plan (or its administrator, if applicable) for fulfillment. These rights include:
- The right to request restrictions on the use and disclosure of their Protected Health Information in addition to those provided by HIPAA.
- The right to receive communications of Protected Health Information by an alternative means or at an alternative location.
- The right to inspect and copy Protected Health Information.
- The right to amend Protected Health Information.
- The right to receive an accounting of disclosures of Protected Health Information.
Members participating in the KDAP Program may request amendment of their contact and demographic information directly with their assigned Health Coaches.
For all other purposes, a Member may submit a request to exercise one of these rights to Our Chief Privacy Officer at the contact information provided below. Any such request will be forwarded to the Member’s Health Plan for decision. The Health Plan or its administrator, or Renalogic if directed by the Health Plan, will respond to the request.
How Do We Protect Protected Health Information?
We use reasonable and appropriate safeguards to ensure the confidentiality, integrity and availability of the Protected Health Information We create, receive, maintain and transmit; to protect against reasonably anticipated threats or hazards to such information, and against any reasonably anticipated uses or disclosures of such information not permitted under HIPAA; and to ensure Our compliance with HIPAA.
In case of a security breach affecting Protected Health Information We will notify the affected Health Plan(s) as required by HIPAA and our Business Associate Agreements. The Health Plan will be responsible for determining whether to notify affected Members. We will fully cooperate in any investigation and response to any security breach.
Can We Amend this Notice?
We reserve the right to revise and update this Notice of Privacy Practices, and to make any new notice applicable to all Personally Identifiable Information We maintain, including Protected Health Information, to the extent permitted by law. We will provide notification of any new notice by prominent publication on our Website no later than sixty (60) days before the effective date of the new notice.
How Do I File a Complaint?
Any Website User or Member may file a complaint with Us if they believe We have violated their privacy rights, under HIPAA or any other laws.
- To file a complaint with Us, please use the Contact Information provided in this Notice below.
The U.S. Federal Trade Commission (“FTC”) and the Attorney General of the state in which You reside have jurisdiction over Your consumer privacy issues. While this website and Our Services are not provided for consumer use, Website Users and Members who believe that We may have violated their consumer privacy rights may be able to make an inquiry or file a complaint with the FTC or the Attorney General of the state where they reside.
- To make an inquiry or file a complaint with the FTC, please see the information at the FTC’s website, https://www.ftc.gov/news-events/media-resources/identity-theft-and-data-security/filing-complaint.
California residents may make an inquiry or file a complaint with the California Attorney General.
- To make an inquiry or file a complaint with the California Attorney General please see their complaints web page, https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.
Members may also file a complaint with their Health Plan or the U.S. Department of Health and Human Services Office of Civil Rights (“Office of Civil Rights”). In some states the Attorney General may also accept HIPAA complaints.
- To file a complaint with the Health Plan, please see the Notice of Privacy Practices provided by the Health Plan. Information may also be provided in the Health Plan’s Summary Plan Description (“SPD”).
- To file a complaint with the Office of Civil Rights, please see the information at the HHS.gov website, https://www.hhs.gov/hipaa/filing-a-complaint/index.html.
Who Do I Contact at Renalogic About this Notice or to Exercise Privacy Rights?
For questions about this Notice or make a request to exercise Your privacy or HIPAA rights please contact:
Chief Privacy Officer
22601 N. 19th Ave., Suite 230
Phoenix, AZ 85027