Skip to content Skip to footer

Effective Date: January 5, 2023

Coralis Health, LLC

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Coralis Health, LLC
47 W Division St, #360
Chicago, IL 60610

www.coralishealth.us

Our Apps: Coralis Health for Patients and Coralis Health for Providers.

For privacy related matters please contact our Coralis Health CMO at:

(708)722-6061; or

privacy@coralishealth.us

This is a summary of how we may use and disclose your protected health information and your rights and choices when it comes to your information. We will explain these in more detail on the following pages.

Our Uses and Disclosures

We may use and disclose your information as we:

  • Treat you.
  • Bill for services.
  • Run our organization.
  • Do research.
  • Comply with the law.
  • Respond to organ and tissue donation requests.
  • Work with a medical examiner or funeral director.
  • Address workers’ compensation, law enforcement, or other government requests.
  • Respond to lawsuits and legal actions.

Your Choices

You have some choices about how we use and share information as we:

  • Communicate with you.
  • Tell family and friends about your condition.
  • Provide disaster relief.
  • Include you in a hospital directory.
  • Provide mental health care.
  • Market our services.
  • Raise funds.

Your Rights

You have the right to:

  • Get a copy of your paper or electronic protected health information.
  • Correct your protected health information.
  • Ask us to limit the information we share, in some cases.
  • Get a list of those with whom we’ve shared your information.
  • Request confidential communication.
  • Get a copy of this privacy notice.
  • Choose someone to act for you.
  • File a complaint if you believe we have violated your privacy rights.

Purpose

Coralis Health, LLC (“Coralis Health”, “us” or “we”) respects your privacy. As a Covered Entity (“CE”), we are also legally required to maintain the privacy of your protected health information (“PHI”) and electronic protected health information (“e-PHI”), which is a subset of PHI (collectively referred to hereinafter as PHI) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and other federal and state laws. We follow state privacy laws when they are stricter or more protective of your PHI than federal law.

As part of our commitment and legal compliance, we are providing you with this Notice of Privacy Practices (“Notice”). This Notice describes:

Contact

If you have any questions about this Notice or your rights, please contact us at privacy@coralishealth.us.

PHI Defined

Your PHI:

  • Is health information about you:
    • which someone may use to identify you; and
    • which we keep or transmit in electronic, oral, or written form.
  • Includes information such as your:
    • name;
    • contact information;
    • past, present, or future physical or mental health or medical conditions;
    • payment for health care products or services; or
    •  prescriptions.

Scope

We create a record of the care and health services you receive, to provide your care, and to comply with certain legal requirements. This Notice applies to all the PHI that we generate.

We follow and our employees and other workforce members follow the duties and privacy practices that this Notice describes and any changes once they take effect.

Changes to this Notice

We can change the terms of this Notice, and the changes will apply to all information we have about you. The new notice will be available on request, and on our Website and Apps.

Data Breach Notification

We will promptly notify you if a data breach occurs that may have compromised the privacy or security of your PHI. We will notify you within the legally required time frame and no later than 60 days after we discover the breach. Most of the time, we will notify you in writing, by first-class mail, or we may email you if you have provided us with your current email address and you have previously agreed to receive notices electronically. In some circumstances, our business associates, which are described in more detail below, may provide the notification. In limited circumstances when we have insufficient or out-of-date contact information, we may provide notice in a legally acceptable alternative form.

Uses and Disclosures of Your PHI

The law permits or requires us to use or disclose your PHI for various reasons, which we explain in this Notice. We have included some examples, but we have not listed every permissible use or disclosure. When using or disclosing PHI or requesting your PHI from another source, we will make reasonable efforts to limit our use, disclosure, or request about your PHI to the minimum we need to accomplish our intended purpose.

Uses and Disclosures for Treatment, Payment, or Health Care Operations

  • Treatment. We may use or disclose your PHI and share it with our network of healthcare providers and other professionals who are treating you, including doctors, nurses, technicians , or hospital personnel involved in your care. For example, we might disclose information about your overall health condition to physicians who are treating you for a specific injury or condition.
  • Health Care Operations. We may use and disclose your PHI to run our practice and improve your care. For example, we may use your PHI to manage the services you receive or to monitor the quality of our health care services.

Other Uses and Disclosures

We may share your information in other ways, usually for public health or research purposes or to contribute to the public good. For more information on permitted uses and disclosures, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. For example, these other uses and disclosures may involve:

  • Our Business Associates. We may use and disclose your PHI to outside persons or entities that perform services on our behalf, such as AthenaHealth for the purposes of Electronic Medical Record (“EMR”) keeping and telehealth services, for auditing, legal, or transcription purposes (“Business Associates”). The law requires our business associates and their subcontractors to protect your PHI in the same way we do. We also contractually require these parties to use and disclose your PHI only as permitted and to appropriately safeguard your PHI.
  • Health Information Exchanges. We participate in Health Information Exchanges (“HIEs”), which support electronic information sharing for treatment, payment, and health care operations purposes.
    • Example: PHI may be securely exchanged between your treating healthcare provider(s) via AthenaHealth EMR and Coralis Health to coordinate your care.
  • Legal Compliance. For example, we will share your PHI if the Department of Health and Human Services requires it when investigating our compliance with privacy laws.
  • Public Health and Safety Activities. For example, we may share your PHI to:
    • report injuries, births, and deaths;
    • prevent disease;
    • report adverse reactions to medications or medical device product defects;
    • report suspected child neglect or abuse, or domestic violence; or
    • avert a serious threat to public health or safety.
  • Responding to Legal Actions. For example, we may share your PHI to respond to:
    • a court or administrative order or subpoena;
    • discovery request; or
    • another lawful process.
  • Research For example, we may share your PHI for some types of health research that do not require your authorization, such as if an Institutional Review Board (“IRB”) has waived the written authorization requirement.
  • Medical Examiners or Funeral Directors. For example, we may share PHI with coroners, medical examiners, or funeral directors when an individual dies.
  • Organ or Tissue Donation. For example, we may share your PHI to arrange an authorized organ or tissue donation from you or a transplant for you.
  • Workers’ Compensation, Law Enforcement, or Other Government Requests. For example, we may use and disclose your PHI for:
    • workers’ compensation claims;
    • health oversight activities by federal or state agencies;
    • law enforcement purposes or with a law enforcement official; or
    • specialized government functions, such as military and veterans’ activities, national security and intelligence, presidential protective services, or medical suitability.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, please contact us at privacy@coralishealth.us and we will make reasonable efforts to follow your instructions.

You have both the right and choice to tell us whether to:

  • Share (or not share) information, such as your PHI, general condition, or location, with your family, close friends, or others involved in your care.
  • Share information in a disaster relief situation, such as to a relief organization to assist with locating or notifying your family, close friends, or others involved in your care.

We may share your information if we believe it is in your best interest, according to our best judgment, and:

  • If you are unable to tell us your preference, for example, if you are unconscious.
  • When needed to lessen a serious and imminent threat to health or safety.

Fundraising

We reserve the right to contact you for fundraising efforts, but you can tell us not to contact you again.

Uses and Disclosures that Require Authorization

In these cases we will only share your information if you give us written permission:

  • Most sharing of a mental health care professional’s notes (“psychotherapy notes”) from a private counseling session or a group, joint, or family counseling session.
  • Marketing purposes.
  • Other uses and disclosures not described in this Notice.

You may revoke your authorization at any time, but it will not affect information that we already used and disclosed.

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

You have the right to:

  • Inspect and Obtain a Copy of Your PHI. You have the right to see or obtain an electronic or paper copy of the PHI that we maintain about you (“right to request access”). Alternatively, you may request a summary of your PHI or an explanation of your PHI. Some clarifications about your access rights:
    • You may submit your request for access by submitting an electronically signed form on AthenaHealth’s website or through its app.
    • we may charge a reasonable, cost-based fee for the costs of copying, mailing, or other supplies associated with your request.
    • you may request that we provide a copy of your PHI to a family member, another person, or a designated entity. We require that you submit these requests in writing with your signature, and clearly identify the designated person and where to send the PHI.
    • you may request that we direct a copy of your PHI to a third party of your choice on a standing, regular basis. You may submit your request by completing and submitting applicable electronic form(s) on AthenaHealth’s website or through its app.
    • if you request a copy of your PHI, we will generally decide to provide or deny access within 30 days, however, if we cannot act within 30 days, we will give you a reason for the delay in writing and when you can expect us to act on your request; and
    • we may deny your request for access in certain limited circumstances, however, if we deny your access request, we will provide a written denial with the basis for our decision and explain your rights to appeal or file a complaint.
  • Make Amendments. You may ask us to correct or amend PHI that we maintain about you that you think is incorrect or inaccurate. For these requests:
    • you must submit requests by completing and submitting applicable electronic form(s) on AthenaHealth’s website or through its app. and specify the inaccurate or incorrect PHI, and provide a reason that supports your request.
    • we will generally decide to grant or deny your request within 60 days. If we cannot act within 60 days, we will give you a reason for the delay in writing and include when you can expect us to complete our decision, which will be no longer than an additional 30 days. We will only ask for an extension once in response to a request.
    • we may deny your request for an amendment if you ask us to amend PHI that is not part of our record, that we did not create, that is not part of a designated record set, or that is accurate and complete.
    • if we deny your request, we will tell you why in writing. You will have the right to submit a written statement disagreeing with the denial and, if you opt not to submit this statement, you may request that we provide your original request for amendment and the denial with any future disclosures of PHI subject to the amendment. [However, we may prepare a written rebuttal to any individual’s statement of disagreement; and
    • we will append the material created or submitted in accordance with this paragraph to your designated record.
  • Request Additional Restrictions. You have the right to ask us to limit what we use or share about your PHI (“right to request restrictions”). You can contact us and request us not to use or share certain PHI for treatment, payment, or operations or with certain persons involved in your care. We require you to ask us in writing. For these requests:
    • we are not required to agree;
    • we may say “no” if it would affect your care; but
    • we will agree not to disclose information to a health plan for purposes of payment or health care operations if the requested restriction concerns a health care item or service for which you or another person, other than the health plan, paid in full out-of-pocket, unless it is otherwise required by law.
  • Request an Accounting of Disclosures. You have the right to request an accounting of certain PHI disclosures that we have made. For these requests:
    • we will respond no later than 60 days after receiving the request. We may ask for an additional 30 days during this 60-day period, but if we do, we will only do it once, provide a written statement of why, and indicate the date by which we intend to send the response;
    • we will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures, such as any you asked us to make; and
    • we will provide one accounting a year for free, but will charge a reasonable, cost-based fee if you ask for another one within 12 months. We will notify you about the costs in advance and you may choose to withdraw or modify your request at that time.
  • Choose Someone to Act for You. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI.
  • Request Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or at a specific address. For these requests:
    • you must specify how or where you wish to be contacted; and
    • we will accommodate reasonable requests.
  • Make Complaints. You have the right to complain if you feel we have violated your rights. We will not retaliate against you for filing a complaint. You may either file a complaint:
    • directly with us by contacting via email at privacy@coralishealth.us or send a letter to:

    Coralis Health, LLC
    47 W Division St, #360
    Chicago, IL 60610

     or

    • with the Office for Civil Rights at the US Department of Health and Human Services. Send a letter to:

    Office for Civil Rights Headquarters
    U.S. Department of Health & Human Services
    200 Independence Avenue, S.W.
    Washington, D.C. 20201

    or

    • or call Toll Free Call Center at 1-800-368-1019;

    or