Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Our Privacy Obligations
We understand that your health information is personal, and we at UniqueHuman Inc. ("we," "us," or "our") are committed to protecting your privacy. This Notice of Privacy Practices (the "Notice") describes how we may use and disclose your protected health information to carry out treatment, payment, and health care operations, and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information.
UniqueHuman provides migraine health tracking, journaling, and prediction services through our platform, which combines artificial intelligence with care delivered by licensed health care providers and clinics. Our services integrate health and device data, voice and text journaling, location-based weather analysis, and AI-powered predictions to help you understand and manage your migraines, and we connect you with licensed health care providers and clinics for your care.
"Protected health information" or "PHI" is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care to you, or payment for health care services. Your PHI may consist of paper, digital, or electronic records, and may also include photographs, videos, voice recordings, sensor and device data, and other electronic transmissions or recordings created during your care and treatment.
We are required by law to maintain the privacy of your PHI, to provide you with this Notice of our legal duties and privacy practices with respect to your PHI, and to notify you in the event of a breach of your unsecured PHI. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).
How We May Use and Disclose Your Protected Health Information
Your PHI may be used and disclosed by our staff, the health care providers and clinics that deliver care through our platform, and others involved in your care and treatment, for the purpose of providing health care services to you, to support our business operations, to obtain payment for your care, and for any other use authorized or required by law.
Treatment
We use and disclose your PHI to provide, coordinate, and manage your health care and any related services. For example, our AI-powered prediction engine analyzes your health data, sleep patterns, stress indicators, weather and location data, and personal triggers to generate migraine risk assessments and recommendations. We facilitate your access to licensed health care providers and clinics, and we disclose your PHI to the providers and clinics involved in your care so they can diagnose, treat, and manage your condition. We may use your information to direct or recommend alternative treatments, therapies, health care providers, or settings of care, or to describe a health-related product or service.
Payment
We may use and disclose your PHI to bill or obtain payment for the health care services provided to you. For example, we may disclose PHI to claim and obtain payment from Medicare, Medicaid, your health insurer, HMO, or other company or program that arranges or pays the cost of your health care, including activities such as determinations of eligibility or coverage and reviews of services for medical necessity. We may also disclose PHI to your other health care providers when such PHI is required for them to receive payment for services they render to you.
Health Care Operations
We may use and disclose your PHI, as needed, to support the business activities of our organization. These activities include, but are not limited to, internal administration and planning; improving the quality and cost-effectiveness of the care delivered through our platform; evaluating the quality and competence of the health care providers and clinics that deliver care through our platform and of our AI systems; resolving complaints and ensuring you are satisfied with our services; providing information about treatment alternatives or other health-related benefits and services; developing, maintaining, and supporting our computer and technology systems; legal services; and conducting audits and compliance programs, including fraud, waste, and abuse investigations.
Other Uses and Disclosures That Do Not Require Your Authorization
We are permitted or required to use and disclose your PHI in the following situations without your authorization, subject to the conditions imposed by law. State and federal laws may further restrict these disclosures.
- •Business Associates. We may disclose your PHI to certain "business associates" and other third parties that perform activities on our behalf, such as cloud hosting and data storage, AI and machine-learning processing, voice transcription, billing, care coordination, and technology services. We contractually require our business associates to implement appropriate safeguards to protect the privacy of your PHI and to use it only for the purposes we specify.
- •To Family, Friends, and Other Caregivers. We may use or disclose your PHI to a family member, other relative, close friend, or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if (1) we obtain your agreement or give you the opportunity to object and you do not object, or (2) we reasonably infer that you do not object. If you are not present or available prior to a disclosure, we may exercise our professional judgment to determine whether the disclosure is in your best interest, and would disclose only information directly relevant to that person's involvement in your care.
- •As Required by Law. We may use and disclose your PHI when required to do so by any applicable federal, state, or local law.
- •Public Health Activities. We may disclose your PHI to public health authorities to prevent or control disease, injury, or disability; to report child abuse and neglect; to report information about products under the jurisdiction of the U.S. Food and Drug Administration; to alert a person who may have been exposed to a communicable disease or may otherwise be at risk; and to report information to an employer as required under laws addressing work-related illnesses and injuries or workplace medical surveillance.
- •Victims of Abuse, Neglect, or Domestic Violence. We may disclose your PHI if we reasonably believe you are a victim of abuse, neglect, or domestic violence to a government authority authorized by law to receive such reports.
- •Health Oversight Activities. We may disclose your PHI to an agency that oversees the health care system and is responsible for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.
- •Judicial and Administrative Proceedings. We may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.
- •Law Enforcement. We may disclose your PHI to police or other law enforcement officials as required by law or in compliance with a court order.
- •Coroners, Medical Examiners, and Funeral Directors. We may disclose your PHI to a coroner, medical examiner, or funeral director as authorized by law.
- •Organ and Tissue Donation. We may disclose your PHI to organizations that facilitate organ, eye, or tissue procurement, banking, or transplantation.
- •Research. We may use and disclose your PHI for research purposes pursuant to a valid authorization from you or when an institutional review board or privacy board has waived the authorization requirement. Under certain circumstances, your PHI may be disclosed without your authorization to researchers preparing to conduct a research project, for research on decedents, or as part of a data set that omits information that can directly identify you.
- •Serious Threat to Health or Safety. We may use or disclose your PHI to prevent or lessen a serious and imminent threat to a person's or the public's health or safety.
- •Specialized Government Functions. We may use and disclose your PHI for specialized government functions, such as military and veterans' activities, national security and intelligence activities, and protective services, under certain circumstances.
- •Workers' Compensation. We may disclose your PHI as authorized by and to the extent necessary to comply with state law relating to workers' compensation or similar programs.
- •Correctional Institutions. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI as permitted by law.
- •Compliance with HIPAA. We must disclose your PHI to you when you request it, and to the Secretary of the U.S. Department of Health and Human Services when required to investigate or determine our compliance with HIPAA.
Some state and federal laws may apply more stringent privacy protections to certain categories of health information, such as mental health or developmental disability treatment information, HIV/AIDS information, and substance use disorder records. Where such laws apply, we will obtain your consent or authorization before using or disclosing that information unless otherwise permitted by law.
Uses and Disclosures That Require Your Written Authorization
For any purpose other than those described above, we will use or disclose your PHI only with your written authorization. In particular:
- •Marketing. We must obtain your written authorization before using your PHI for marketing under the HIPAA Privacy Rule. We will not accept payment from any organization or individual in exchange for communications to you about treatments, therapies, health care providers, settings of care, case management, care coordination, products, or services, unless you have authorized us to do so or the communication is otherwise permitted by law.
- •Sale of PHI. We do not sell your PHI, and we will not make any disclosure of your PHI that constitutes a sale of PHI without your written authorization.
- •Psychotherapy Notes. We will not use or disclose any psychotherapy notes about you without your authorization, except for use by the mental health professional who created the notes to provide treatment to you, for our own training programs, or to defend ourselves in a legal action or other proceeding brought by you.
We will not use your PHI for fundraising, and we will not use your PHI for third-party advertising, behavioral targeting, or ad personalization.
If you provide us with an authorization, you may revoke it at any time by delivering a written revocation statement to us using the contact information at the end of this Notice. Your revocation will not affect any use or disclosure we made in reliance on your authorization before we received your written revocation.
Uses and Disclosures of PHI Related to Reproductive Health Care
Our services may collect reproductive health information, including menstrual flow and cycle data.
HIPAA provides special protections for PHI related, or potentially related, to reproductive health care. Where the reproductive health care (a) is lawful under the laws of the state in which it was provided, (b) is protected, required, or authorized by federal law (regardless of the state in which it was provided), or (c) was provided by a person other than us, HIPAA prohibits us from using or disclosing PHI related, or potentially related, to such reproductive health care in furtherance of an investigation into, or the imposition of liability on, any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care. If we receive a request for PHI related to reproductive health care, a signed attestation may be required.
Your Rights With Respect to Your Protected Health Information
When it comes to your PHI, you have the following rights. To exercise any of these rights, please contact us using the contact information at the end of this Notice.
- •Right to Inspect and Copy. You may request access to and copies of your medical record and billing records maintained by us. Under limited circumstances, we may deny access to a portion of your records. If you request copies, we may charge a reasonable, cost-based fee.
- •Right to Request an Amendment. You may request that we amend your PHI maintained in your medical record or billing records. We may deny your request if we believe the information is accurate and complete or if other special circumstances apply. If we deny your request, you have the right to file a statement of disagreement; we may prepare a rebuttal and will provide you with a copy of any rebuttal.
- •Right to an Accounting of Disclosures. You may request an accounting of certain disclosures of your PHI made by us during the six years prior to the date of your request, other than disclosures made for treatment, payment, or health care operations, disclosures made pursuant to your authorization, and certain other excepted disclosures. If you request an accounting more than once in a twelve (12) month period, we may charge a reasonable fee.
- •Right to Request Restrictions. You may request a restriction on our use or disclosure of your PHI for treatment, payment, or health care operations, or to persons involved in your care. Your request must be in writing and state the specific restriction requested and to whom it applies. We are not required to agree to a requested restriction, except that we must agree to restrict disclosure to a health plan for payment or health care operations purposes regarding a service for which you (or someone on your behalf, other than the health plan) have paid us in full out of pocket.
- •Right to Confidential Communications. You may request, and we will accommodate, any reasonable written request to receive your PHI by alternative means or at an alternative location.
- •Right to Notification of a Breach. You have the right to be notified following a breach of your unsecured PHI, as described below.
- •Right to a Paper Copy of This Notice. You have the right to obtain a paper copy of this Notice upon request, even if you have agreed to receive it electronically.
Changes to This Notice
We reserve the right to change the terms of this Notice at any time. We reserve the right to make the revised Notice effective for PHI we already have about you, as well as any PHI we receive in the future. You are entitled to a copy of the Notice currently in effect. Any significant changes to this Notice will be posted on our website at uniquehuman.care, and you may obtain any new notice by contacting us using the contact information below.
Breach of Health Information
We will notify you if a reportable breach of your unsecured PHI is discovered. Notification will be made to you no later than 60 days from the discovery of the breach and will include, to the extent possible, a brief description of how the breach occurred, the PHI involved, and contact information for you to ask questions.
For Additional Information and Complaints
If you desire additional information about your privacy rights, disagree with a decision we made about access to your PHI, or believe we have violated your privacy rights, you may contact us using the contact information below.
You may also file a written complaint with the Office for Civil Rights of the U.S. Department of Health and Human Services by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, by calling 1-877-696-6775, or by visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.
We are required to follow the duties and privacy practices described in this Notice. We will maintain the privacy of your PHI and notify affected individuals following a breach of unsecured PHI.
Contact Us
UniqueHuman Inc.
3500 South DuPont Highway
Dover, Kent County, Delaware 19901
Email: privacy@uniquehuman.ai