HAZEL HEALTH, INC. (“we, “us”, “our” or “Company”) operates the www.hazel.co and my.hazel.co websites (“Sites”) and partners with Telehealth USA to provide telemedicine services. This policy applies to our websites as well as to the services and applications we and Telehealth Services USA provide, collectively known as the “Services.” Last reviewed and updated September 3, 2024.
We are committed to ensuring that your personal information shared over our Sites and/or Services is protected and kept confidential. By accepting Company’s Terms of Use or providing information to us via our Site, you consent to the use and disclosure of personally identifiable information as outlined in this Privacy Policy. Please note that the use and disclosure of such information is also subject to the practices of the health care providers with whom you may interact through the Services, as described in the Notice of Privacy Practices which is provided to you by such providers.
Information Collection
Protected Health Information (PHI) is information that includes, but is not limited to, identifying data such as name, social security number, address, contact information, as well as information about personal health issues and insurance submitted through the Services. Personally Identifiable Information (PII) may include all such types of information, except for health- or health-care-specific information. We aim to protect both types of information.
We collect PHI and other PII that you voluntarily submit. We know that privacy is of the utmost importance. We vigorously believe in keeping confidential any and all personally identifiable information that identifies an individual whether or not it relates to an individual’s past, present, or future physical or mental health condition.
As a Business Associate of health care providers that are Covered Entities under the federal health care privacy and security rules (HIPAA and HITECH), we maintain Protected Health Information (PHI) in compliance with these rules when applicable under our contractual obligations with health care providers. We collect information solely for the purposes of providing the Services, marketing and promoting our Services to you and for market research data. We use this information ourselves and we share it as needed with our partners solely for their performance of contracted services for us. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
You have the opportunity to “opt out” of receiving direct marketing or market research information by emailing us at privacy@hazel.co.
We maintain web logs to record data about all visitors who use the Sites and interact with the Services and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and information about the type of device you use to connect to the Services, the Sites pages you visited.
All Web logs are stored securely and are accessible to a very limited number of employees and contractors, who must adhere to strict guidelines regarding user data security and privacy.
“Cookies”
We may collect and process information about your use of the Services, such as the Sites pages you visit and the webSites you came from. Such information is used by us to help improve the contents of the Sites and the Services and to compile aggregate statistics about the use of our Sites and the Services for internal, market research purposes. In doing this, we may install “cookies” that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. A cookie is a small piece of information which is sent to your browser and stored on your computer or other device. Cookies do not damage your device. You can set your browser to notify you when you receive a cookie. This will enable you to decide if you want to accept it or not. If you do not accept cookies, you may not be able to use all functionality of your browser software or this Site. We may obtain the services of outside parties to assist us in collecting and processing information collected through cookies.
Internet Tags
We may also use internet tags (also known as action tags, web beacons, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) and cookies through the Services and may deploy these tags/cookies through a third-party advertising partner or a web analytical service partner which may be located and store the respective information (including your IP address) in a foreign country. These tags/cookies may be placed both on online advertisements that bring users to the Services and on different pages of the Site. We use this technology to measure the visitors’ responses to the Sites and the Services and the effectiveness of our advertising campaigns (including how many times a page is opened and which information is consulted) as well as to evaluate your use of the Services. The third-party partner or the web analytical service partner may be able to collect data about visitors to the Sites and other sites because of these internet tags/cookies, may compose reports regarding the Site’s activity for us and may provide further services which are related to the use of the Sites and the internet. They may provide such information to other parties if there is a legal requirement that they do so, or if they hire the other parties to process information on their behalf. If you would like more information about web tags and cookies associated with on-line advertising or to opt-out of third-party collection of this information, please visit the Network Advertising Initiative webSites http://www.networkadvertising.org. (We are not affiliated with the Networking Advertising Initiative in any way.) If you opt out, please be advised that your user experience will be degraded.
Non-Personal Data
We may use non-personal information to analyze data into useful information. This process of data mining is done in the aggregate, is non-personal, and allows Company to find correlations and patterns in the data.
We do not provide any personal information to third party sites that display our interest-based ads. However, third parties (including the ad networks, ad-serving companies, and other service providers they may use) may assume that users who interact with or click on a personalized ad or content are part of the group that the ad or content is directed towards (for example, users in the Southwest who have experienced ear infections). Also, some third parties may provide us information about you (such as the sites where you have been shown ads or demographic information) from offline and online sources that we may use to provide you with more relevant and useful advertising.
Notice of Privacy Practices - Hazel Health Services Affiliated Covered Entity
For purposes of this Notice, when we refer to “you” or “your,” we mean you as a patient or you as the provider of information about a minor patient.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (the “Notice”) describes how Telehealth Services USA or Telehealth Services South d/b/a Hazel Health Services and the members of its Affiliated Covered Entity (collectively “we” or “our”) may use and disclose your protected health information to carry out treatment, payment or business operations and for other purposes that are permitted or required by law. An Affiliated Covered Entity is a group of health care providers under common ownership or control that designates itself as a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). The members of the Hazel Health Services Affiliated Covered Entity will share protected health information with each other for the treatment, payment, and health care operations of the Hazel Health Services Affiliated Covered Entity and as permitted by HIPAA and this Notice of Privacy Practices. For a complete list of the members of the Hazel Health Services Affiliated Covered Entity, please contact the Hazel Health Services Privacy Office.
“Protected health information” or “PHI” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical health or condition, treatment or payment for health care services. This Notice also describes your rights to access and control your protected health information.
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION:
Your protected health information may be used and disclosed by our health care providers, our staff, and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you, to support our business operations, to obtain payment for your care, and any other use authorized or required by law.
TREATMENT:
We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party. For example, your protected health information may be provided to a health care provider to whom you have been referred to ensure the necessary information is accessible to diagnose or treat you.
PAYMENT:
Your protected health information may be used to bill or obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for your services, such as: making a determination of eligibility or coverage for insurance benefits and reviewing services provided to you for medical necessity.
HEALTH CARE OPERATIONS:
We may use or disclose, as needed, your protected health information in order to support the business activities of this office. These activities include, but are not limited to, improving quality of care, providing information about treatment alternatives or other health related benefits and services, development or maintaining and supporting computer systems, legal services, and conducting audits and compliance programs, including fraud, waste and abuse investigations.
USES AND DISCLOSURES THAT DO NOT REQUIRE YOUR AUTHORIZATION:
We may use or disclose your protected health information in the following situations without your authorization. These situations include the following uses and disclosures: as required by law; for public health purposes; for health care oversight purposes; for abuse or neglect reporting; pursuant to Food and Drug Administration requirements; in connection with legal proceedings; for law enforcement purposes; to coroners, funeral directors and organ donation agencies; for certain research purposes; for certain criminal activities; for certain military activity and national security purposes; for workers’ compensation reporting; relating to certain inmate reporting; and other required uses and disclosures. Under the law, we must make certain disclosures to you upon your request, and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA). State laws may further restrict these disclosures.
USES AND DISCLOSURES THAT REQUIRE YOUR AUTHORIZATION:
Other permitted and required uses and disclosures will be made only with your consent, authorization or opportunity to object unless permitted or required by law. Without your authorization, we are expressly prohibited from using or disclosing your protected health information for marketing purposes. We may not sell your protected health information without your authorization. Your protected health information will not be used for fundraising. If you provide us with an authorization for certain uses and disclosures of your information, you may revoke such authorization, at any time, in writing, except to the extent that we have taken an action in reliance on the use or disclosure indicated in the authorization.
YOUR RIGHTS WITH RESPECT TO YOUR PROTECTED HEALTH INFORMATION:
You have the right to inspect and copy your protected health information.
You may request access to or an amendment of your protected health information.
You have the right to request a restriction on the use or disclosure of your protected health/personal information. Your request must be in writing and state the specific restriction requested and to whom you want the restriction to apply. We are not required to agree to a restriction that you may request, except if the requested restriction is on a disclosure to a health plan for a payment or health care operations purpose regarding a service that has been paid in full out-of-pocket.
You have the right to request to receive confidential communications from us by alternative means or at an alternate location. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications. You have the right to request an amendment of your protected health information. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to our statement and we will provide you with a copy of any such rebuttal.
You have the right to receive an accounting of certain disclosures of your protected health information that we have made, paper or electronic, except for certain disclosures which were pursuant to an authorization, for purposes of treatment, payment, healthcare operations (unless the information is maintained in an electronic health record); or for certain other purposes.
You have the right to obtain a paper copy of this Notice, upon request, even if you have previously requested its receipt electronically by e-mail.
Please contact privacy@hazel.co to request any of the aforementioned items.
REVISIONS TO THIS NOTICE:
We reserve the right to revise this Notice and to make the revised Notice effective for protected health information we already have about you as well as any information we receive in the future. You are entitled to a copy of the Notice currently in effect. Any significant changes to this Notice will be posted on our website.
BREACH OF HEALTH INFORMATION:
We will notify you if a reportable breach of your unsecured protected health information is discovered. Notification will be made to you no later than 60 days from the breach discovery and will include a brief description of how the breach occurred, the protected health information involved and contact information for you to ask questions.
COMPLAINTS:
Complaints about this Notice or how we handle your protected health information should be directed to our HIPAA Privacy Officer at privacy@hazel.co. If you are not satisfied with the manner in which a complaint is handled you may submit a formal complaint to the Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696 6775, or visiting www.hhs.gov. We will not retaliate against you for filing a complaint.
We must follow the duties and privacy practices described in this Notice. We will maintain the privacy of your protected health information and to notify affected individuals following a breach of unsecured protected health information. If you have any questions about this Notice, please contact us at (415) 424-4266 and ask to speak with our HIPAA Privacy Officer or e mail at privacy@hazel.co. To submit a complaint in writing, please complete this form and send it to Hazel Health’s Compliance Department at compliance_report@hazel.co or via mail using the address at the bottom of the form.
Sharing of Information
We share Protected Health Information (PHI) and Personally Identifiable Information (PII) as permitted or required by law and as authorized by you as described in the Terms of Use, this Privacy Policy, or otherwise.
We employ other companies and individuals to perform functions on our behalf. Examples include analyzing data, providing marketing assistance, processing credit card payments, and providing customer service. They have access to anonymized and personal information needed to perform their functions, but may not use it for other purposes. Access to this information will permit them to provide services more efficiently and effectively to you and to us.
For example: your IP address may be used to estimate your location and personalize your experience with the Services; we may share information such as IP address, user name, email address and cookie and web beacon information with third parties in order to personalize your experience; your IP address and email address and the page you are viewing may be shared with a third party that operates the customer service “chat” feature for our Services; and aggregate data about IP addresses, pages loaded, time to load pages and errors encountered may be used by third-party performance monitoring and improvement products.
These third parties may be required to disclose information, as described in the section below entitled “Disclosures in Accordance with Law.”
Security of Information Collected
We use account information in a password-protected environment as a security measure to protect your data. We use administrative, physical and technical safeguards to protect data. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and industry standard data encryption during transmission and storage.
In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal account and log-in/password information. If you use a public computer, e.g., at a library or a university, always remember to log out of the Sites or Services. Please remember that use of the Sites or the Services is at your own risk and Hazel cannot and does not guarantee the security of information sent to, or received by it.
If you use our Sites or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand on your employer’s or such other site’s privacy and security policy with respect to Internet use.
We are not responsible for your handling, sharing, re-sharing and/or distribution of your personal health information. Moreover, if you forward Personal Health Information (PHI) electronically to another person on or off the Sites or Service, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.
Self-Review of Data and Ability to Delete Your Account Information
You may request to delete any personal information and to de-authorize the collection of personal information in the future by sending us an email at privacy@hazel.co.
Third Party Sites / Trusted Relationships
As noted above, the Company is a Business Associate of health care providers under HIPAA and we share information with health care providers who provide services to individuals, and they share information with us, for purposes related to treatment, payment and health care operations, and otherwise as agreed or authorized by you.
Our Sites contain links to other sites. We do not share your Personally Identifiable Information (PII) with those sites (unless you specifically authorize such sharing) and are not responsible for their privacy procedures. We seek to work with trusted partners and organizations that will adhere to similar privacy and ethical standards, however, we encourage you to learn their particular privacy policies.
Disclosures in Accordance with Law
We disclose Personally Identifiable Information (PII) about you as required or permitted by law, including complying with legal process (for example, we may disclose your information as necessary to comply with an authorized civil, criminal or regulatory investigation). We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities and may, in our sole discretion, disclose personal information or other information to satisfy any law, regulation, subpoena, or government request. We reserve the right to release personal information or other information about users who we believe are engaged in illegal activities or are otherwise in violation of our Terms of Use, even without a subpoena, warrant or court order, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our Sites or to protect our rights or property, or that of our affiliates, or our officers, directors, employees, agents, third-party content providers, suppliers, sponsors, or licensors. We also reserve the right to report to law enforcement agencies any activities we reasonably believe in our sole discretion to be unlawful. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
Children
We do not knowingly allow individuals under the age 18 to create accounts that allow access to our Site.
California Residents
Pursuant to California Civil Code Section 1798.83, residents of the State of California have the right to request from companies conducting business in California certain information regarding Hazel’s disclosure within the immediately preceding calendar year of that California resident’s personal information to third parties (and in some cases affiliates) for their direct marketing purposes. Alternatively, the law provides that a company may comply, as Hazel does, by disclosing in its privacy policy that it provides consumers choice (opt-out or opt-in) regarding sharing personal information with third parties and affiliates for those third parties’ and affiliates’ direct marketing purposes, and information on how to exercise that choice.
The Board of Behavioral Sciences receives and responds to complaints regarding services provided within the scope of practice of marriage and family therapists. You may contact the board online at www.bbs.ca.gov, or by calling (916) 574-7830.
Florida Residents
To file a complaint with the Attorney General of Florida, please fill out the online form. In addition, please report known or suspected abuse/neglect/exploitation of a child or vulnerable adult to the state’s Abuse Hotline at 1-800-962-2873 or online at https://reportabuse.dcf.state.fl.us or call 911.
MEDICAID OFFICE
1-877-254-1055
Complaints and grievances regarding Medicaid and Medicaid HMO’s should be directed to the following:
Agency for Health Care Administration, Department of Insurance Consumer Service Helpline
HMO Hotline 800-342-2762
800-419-3456 200 East Gaines Street,
2727 Mahan Drive, OR Larson Building,
Building 1-Mail Stop #27, Tallahassee, FL 32399
Tallahassee, FL 32308Acha.myflorida.com
Texas Residents
Complaints about physicians, as well as other licensees and registrants of the Texas Medical Board, including physician assistants, acupuncturists, and surgical assistants may be reported for investigation at the following address: Texas Medical Board, Attention: Investigations, 333 Guadalupe, Tower 3, Suite 610, P.O. Box 2018, MC-263, Austin, Texas 78768-2018. Assistance in filing a complaint is available by calling the following telephone number: 1-800-201-9353. For more information, please visit our website at www.tmb.state.tx.us
Changes to This Privacy Policy
We may amend our Privacy Policy in the future. In the event changes are made, we will be sure to post changes at the Sites and at other places we deem appropriate.
Questions or Suggestions
If you have any questions or suggestions on ways we can improve our privacy policy with respect to personal information, please email us at privacy@hazel.co.