Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Pharmacy is required to provide you with a Notice of Privacy Practices that describes how we may use your information for treatment, payment and other purposes that details your rights regarding the privacy of your health and medical information.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS.
PLEASE REVIEW IT CAREFULLY.
We are required by law to:
Maintain the privacy of Protected Health Information
Give you this notice of our legal duties and privacy practices regarding health information about you
Follow the terms of our notice that is currently in effect
The following describes the ways we may use and disclose health information that identifies you (“Protected Health Information” or “PHI”). Except for the purposes described below, we will use and disclose Protected Health Information only with your written permission. You may revoke such permission at any time by writing to our company Privacy Officer.
For Treatment. We may use and disclose PHI for your treatment and to provide you with treatment-related health care services. For example, we may disclose PHI to doctors, nurses, pharmacists, technicians, or other personnel, including people outside our office, who are involved in your medical care and need the information to provide you with medical care.
For Payment. We may use and disclose Protected Health Information so that we or others may bill and receive payment from you, an insurance company or a third party for the treatment and services you received. For example, we may give your health plan information about you so that they will pay for your treatment.
For Health Care Operations. We may use and disclose PHI for health care operations purposes. These uses and disclosures are necessary to make sure that all of our patients receive quality care and to operate and manage our office. We also may share information with other entities that have a relationship with you (for example, your health plan) for their health care operation activities.
Reminders, Treatment Alternatives and Health Related Benefits and Services. We may use and disclose PHI to contact you to remind you that you have a prescription with us. We also may use and disclose PHI to tell you about treatment alternatives or health-related benefits and services that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care. When appropriate, we may share Protected Health Information with a person who is involved in your medical care or payment for your care, such as your family or a close friend. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort.
Research. Under certain circumstances, we may use and disclose PHI for research. For example, a research project may involve comparing the health of patients who received one medication to those who received another, for the same condition. Before we use or disclose PHI for research, the project must have been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
As Required by Law. We will disclose Protected Health Information when required to do so by international, federal, state or local law.
To Avert a Serious Threat to Health or Safety. We may use and disclose PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Disclosures, however, will be made only to someone who may be able to help prevent the threat.
Business Associates. We may disclose Protected Health Information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. All of our business associates are obligated to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract.
Organ or Tissue Donation. If you are an organ donor, we may use or release PHI to organizations that handle organ procurement or other entities engaged in procurement, banking or transportation of organs, eyes or tissues to facilitate organ, eye or tissue donation and transplantation.
Military and Veterans. If you are a member of the armed forces, we may release Protected Health Information as required by military command authorities. We also may release PHI to the appropriate foreign military authority if you are a member of a foreign military.
Worker’s Compensation. We may release PHI for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
Public Health Risks. We may disclose Protected Health Information for public health activities. These activities generally include disclosures to prevent or control disease, injury or disability; report births and deaths; report child abuse or neglect; report reactions to medications or problems with products; notify people of recalls of products they may be using; a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Health Oversight Activities. We may disclose PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Data Breach Notification Purposes. We may use or disclose your Protected Health Information to provide legally required notices of unauthorized access to or disclosure of your health information.
Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose PHI in response to a court or administrative order. We also may disclose PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement. We may release Protected Health Information if asked by a law enforcement official if the information is:
Coroners, Medical Examiners, and Funeral Directors. We may release PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We also may release PHI to funeral directors as necessary for their duties.
National Security and Intelligence Activities. We may release PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective Services for the President and Others. We may disclose PHI to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or to conduct special investigations.
Inmates or Individuals in Custody. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release PHI to the correctional institution or law enforcement official. This release would be if necessary: (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) the safety and security of the correctional institution.
Individuals Involved in Your Care or Payment for Your Care. Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your Protected Health Information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment.
Disaster Relief. We may disclose your PHI to disaster relief organizations that seek your PHI to coordinate your care or notify family and friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to such a disclosure whenever we practically can do so.
The following uses and disclosures of your Protected Health Information will be made only with your written authorization:
Uses and disclosures of Protected Health Information for marketing purposes; and
Disclosures that constitute a sale of your Protected Health Information
Other uses and disclosures of Protected Health Information not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer and we will no longer disclose Protected Health Information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.
You have the following rights regarding Health Information we have about you:
Right to Inspect and Copy. You have a right to inspect and copy PHI that may be used to make decisions about your care or payment for your care. This includes medical and billing records. We have up to 30 days to make your PHI available to you and we may charge you a reasonable fee for the costs of copying, mailing or other supplies associated with your request. We may not charge you a fee if you need the information for a claim for benefits under the Social Security Act or any other state of federal needs-based benefit program. We may deny your request in certain limited circumstances. If we do deny your request, you have the right to have the denial reviewed by a licensed healthcare professional who was not directly involved in the denial of your request, and we will comply with the outcome of the review.
Right to an Electronic Copy of Electronic Medical Records. If your Protected Health Information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. We will make every effort to provide access to your Protected Health Information in the form or format you request if it is readily producible in such form or format. If the PHI is not readily producible in the form or format you request your record will be provided in either our standard electronic format or if you do not want this form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record.
Right to Get Notice of a Breach. You have the right to be notified upon a breach of any of your unsecured Protected Health Information.
Right to Amend. If you feel that PHI, we have is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for our office.
Right to an Accounting of Disclosures. You have the right to request a list of certain disclosures we made of PHI for purposes other than treatment, payment and health care operations or for which you provided written authorization.
Right to Request Restrictions. You have the right to request a restriction or limitation on the Protected Health Information we use or disclose for treatment, payment, or health care operations. You also have the right to request a limit on the PHI we disclose to someone involved in your care or the payment for your care, like a family member or friend. We are not required to agree to your request unless you are asking us to restrict the use and disclosure of your PHI to a health plan for payment or health care operation purposes and such information you wish to restrict pertains solely to a health care item or service for which you have paid us “out-of-pocket” in full. If we agree, we will comply with your request unless the information is needed to provide you with emergency treatment.
Out-of-Pocket-Payments. If you paid out-of-pocket (or in other words, you have requested that we not bill your health plan) in full for a specific item or service, you have the right to ask that your Protected Health Information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request.
Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you by mail or at work. Your request must specify how or where you wish to be contacted. We will accommodate reasonable requests.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
Where to Obtain Forms for Submitting Written Requests. You may obtain forms for submitting written requests by contacting the Privacy Officer at 301 Havendale Blvd, Auburndale, FL 33823.
We reserve the right to change this notice and make the new notice apply to Protected Health Information we already have as well as any information we receive in the future. We will post a copy of our current notice at our office. The notice will contain the effective date on the first page, in the top right-hand corner.
If you believe your privacy rights have been violated, you may file a complaint with our office or with the Secretary of the Department of Health and Human Services. To file a complaint with our office, contact Pharmacy, 301 Havendale Blvd, Auburndale, FL 33823. All complaints must be made in writing. You will not be penalized for filing a complaint.
Auburndale, Florida: January 3, 2022 – Ravkoo recently discovered that a data security incident on Ravkoo’s AWS hosted portal may have resulted in the unintentional exposure of personal information. Ravkoo sent notification of this incident to potentially impacted individuals and has provided resources to assist them. Please be assured that Ravkoo takes the protection and proper use of personal information very seriously, and we sincerely apologize for any inconvenience this may cause.
What Happened: Ravkoo utilizes AWS cloud services for online hosting of its prescription portal. On September 27, 2021, Ravkoo detected that this portal was the target of a cybersecurity attack. An unauthorized third party attempted to infiltrate the portal. Ravkoo immediately engaged outside cybersecurity experts to conduct an investigation and to assist in its mitigation, restoration, and remediation efforts. Ravkoo’s responsive forensic investigation subsequently revealed that certain prescription and health information could have been compromised. Notably, we have found no evidence that any individual’s Social Security Number was accessed or compromised as Ravkoo does not maintain this information within the impacted portal. Further, Ravkoo does not have any evidence to indicate that any information involved in the incident has been or will be misused as a result of this incident.
What We Are Doing: Ravkoo worked with forensic experts to assess and increase the security of its AWS hosted portal. Further, Ravkoo reported the incident to the Federal Bureau of Investigation and is committed to assisting the FBI’s investigation into this matter.
As a safeguard, we have arranged for the potentially impacted individuals to enroll in a complimentary, online credit monitoring service provided by Kroll. With this protection, Kroll will help resolve issues if your identity is compromised.
What You Can Do: The notification letters that were sent to potentially affected individuals include resources and steps that they can take to help protect their personal and protected health information. Security recommendations include the following:
Again, at this time, there is no evidence that any sensitive information has been misused. However, we encourage the potentially impacted individuals to take full advantage of this service offering. Kroll representatives have been fully versed on the incident and can answer questions or concerns regarding protection of personal information.
For More Information: Please know that the protection of your personal information is a top priority, and we sincerely regret any concern or inconvenience that this matter may cause you. If you have any questions, please do not hesitate to call Kroll at 1-855-545-2509, Monday – Friday, 9:00am to 6:30pm Eastern Standard Time.
Credit Reports: You may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. You may obtain a free copy of your credit report from each of the three nationwide credit reporting agencies. To order your free credit report, please visit www.annualcreditreport.com, or call toll-free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available at https://www.consumer.ftc.gov/articles/0155-free-credit-reports ) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.
Security Freeze: You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, regular stamped mail, or by following the instructions found at the websites listed below. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse or a minor under the age of 16, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. As of September 21, 2018, it is free to place, lift, or remove a security freeze. You may also place a security freeze for children under the age of 16. You may obtain a free security freeze by contacting any one or more of the following national consumer reporting agencies:
|Equifax Security Freeze||Experian Security Freeze||TransUnion Security Freeze|
|P.O. Box 105788||P.O. Box 9554||P.O. Box 160|
|Atlanta, GA 30348||Allen, TX 75013||Woodlyn, PA 19094|
Fraud Alerts: You can place fraud alerts with the three credit bureaus by phone and online with:
A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. As of September 21, 2018, initial fraud alerts last for one year. Victims of identity theft can also get an extended fraud alert for seven years. The phone numbers for all three credit bureaus are at the bottom of this page.
Monitoring: You should always remain vigilant and monitor your accounts for suspicious or unusual activity.
File Police Report: You have the right to file or obtain a police report if you experience identity fraud. Please note that in order to file a crime report or incident report with law enforcement for identity theft, you will likely need to provide proof that you have been a victim. A police report is often required to dispute fraudulent items. You can generally report suspected incidents of identity theft to local law enforcement or to the Attorney General.
FTC and Attorneys General: You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.
The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338), TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement. This notice has not been delayed by law enforcement.
For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, 1-888-743- 0023, and www.oag.state.md.us.
For New Mexico residents, you have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit “prescreened” offers of credit and insurance you get based on information in your credit report; and you may seek damages from violators. You may have additional rights under the Fair Credit Reporting Act not summarized here.
Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act at www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580.
For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-877- 566-7226 or 1-919-716-6400, and www.ncdoj.gov.
For New York residents, the Attorney General may be contacted at Office of the Attorney General, The Capitol, Albany, NY 12224- 0341, 1-800-771-7755, and https://ag.ny.gov/.
For Rhode Island residents, the Rhode Island Attorney General can be reached at 150 South Main Street, Providence, Rhode Island 02903, www.riag.ri.gov, and 1-401-274-4400. Under Rhode Island law, you have the right to obtain any police report filed in regard to this incident.