Questions? Call us: (734) 251-4006 · info@chphousecalls.com · Staff Login ↗

Privacy Policy & HIPAA Notice

How we collect, use, and protect your personal and health information.

Effective Date: January 1, 2025

Contents

  1. HIPAA Notice of Privacy Practices
  2. How We Use Your Health Information
  3. Your Patient Rights
  4. Website & Online Privacy
  5. Data Security
  6. Contact Our Privacy Officer
1

HIPAA Notice of Privacy Practices

This Notice describes how Continuity Health Partners ("we," "our," or "the Practice") may use and disclose your protected health information ("PHI") and how you can get access to this information. Please review it carefully.

We are required by law to maintain the privacy of your PHI, to provide you with this Notice of our legal duties and privacy practices, and to notify you in the event of a breach of your unsecured PHI. We are required to abide by the terms of this Notice while it is in effect.

Your health information is private. We will not sell your medical information to third parties or use it for marketing purposes without your explicit written authorization.
2

How We Use Your Health Information

Uses and Disclosures for Treatment, Payment, and Health Care Operations

We may use and disclose your PHI without your authorization for the following purposes:

Treatment: We may use your PHI to provide, coordinate, or manage your health care and related services. For example, we may share your health information with other physicians, specialists, hospitals, labs, or pharmacies involved in your care.
Payment: We may use and disclose your PHI to obtain payment for services we provide to you. For example, we may submit claims to Medicare, Medicaid, or your private insurance company, which may include information about your diagnosis and treatment.
Health Care Operations: We may use and disclose your PHI for our internal business operations, such as quality assessment, staff training, licensing, conducting audits, and business planning.
Appointment Reminders: We may contact you by phone, text message (SMS), or mail to remind you of scheduled appointments or to provide information about treatment alternatives or other health-related benefits and services.
Care Coordination: We may share your PHI with care coordinators, social workers, or other health care professionals involved in managing your care to ensure continuity and quality of services.

Other Permitted Disclosures Without Authorization

Federal law permits or requires us to disclose your PHI without your authorization in certain circumstances, including:

  • As required by law (court orders, subpoenas, law enforcement requests)
  • To public health authorities for disease reporting, vital statistics, and public health surveillance
  • To report suspected abuse, neglect, or domestic violence to appropriate authorities
  • To the Food and Drug Administration (FDA) regarding product safety
  • For workers' compensation purposes as authorized by law
  • To coroners, medical examiners, and funeral directors as permitted by law
  • For organ, eye, and tissue donation
  • For research purposes approved by an Institutional Review Board with appropriate safeguards
  • To avert a serious threat to health or safety
  • For national security and intelligence activities as authorized by law
  • To the Department of Health and Human Services for compliance investigations

Disclosures Requiring Your Written Authorization

Other uses and disclosures of your PHI not described above will be made only with your written authorization. You may revoke such authorization in writing at any time. Revocation will not apply to information already disclosed in reliance on your authorization. Uses and disclosures requiring authorization include:

  • Most disclosures of psychotherapy notes
  • Use or disclosure of PHI for marketing purposes
  • Sale of PHI
  • Disclosure to employers for employment decisions
  • Disclosure to life, disability, or casualty insurance companies
3

Your Patient Rights

You have the following rights with respect to your protected health information. To exercise any of these rights, please submit a written request to our Privacy Officer (contact information below).

Right to Access Your Health Information: You have the right to inspect and obtain a copy of your PHI that we maintain in your designated record set, which includes your medical and billing records. We may charge a reasonable cost-based fee. We will provide access within 30 days of your request (or 60 days if the records are stored off-site).
Right to Request Amendment: If you believe that information in your record is incorrect or incomplete, you may request that we amend it. We may deny your request if the information was not created by us, is not part of your designated record set, is not available for inspection, or is already accurate and complete. If we deny your request, you have the right to submit a statement of disagreement.
Right to an Accounting of Disclosures: You have the right to receive a list of disclosures we have made of your PHI (other than for treatment, payment, health care operations, and certain other exceptions) during the six years prior to your request.
Right to Request Restrictions: You have the right to request that we restrict how we use or disclose your PHI for treatment, payment, or health care operations. We are not required to agree to your requested restriction except in one circumstance: if you pay out-of-pocket in full for a service and request that we not submit the claim to your insurance, we must honor that restriction.
Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we contact you only at a specific phone number or by written correspondence only.
Right to Receive a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive it electronically.
Right to Be Notified of a Breach: You have the right to be notified if there is a breach of your unsecured PHI. We will notify you without unreasonable delay and within 60 days of discovering the breach.
Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.
How to file a complaint with the U.S. Department of Health and Human Services:
Office for Civil Rights, U.S. Department of Health and Human Services
200 Independence Avenue, S.W., Washington, D.C. 20201
Toll-free: 1-877-696-6775 · Web: www.hhs.gov/ocr/privacy/hipaa/complaints
4

Website & Online Privacy

Information We Collect Online

When you visit chphousecalls.com, we may collect the following non-personal information:

  • Browser type and version, operating system, and referring URLs
  • Pages visited and time spent on our site (aggregated and anonymous)
  • IP address (used only for security and analytics, not stored with personal data)

Patient Intake Form

Information you submit through our patient intake form is treated as PHI and is subject to all HIPAA protections described in this Notice. It is transmitted securely (TLS encryption) and stored in our HIPAA-compliant electronic health records platform.

Cookies

Our website uses essential cookies necessary for the site to function. We do not use third-party advertising cookies or sell your browsing data. You may disable cookies in your browser settings, though some site features may not function properly as a result.

Third-Party Services

We may use HIPAA-compliant third-party services to support our operations, including cloud hosting (Amazon Web Services), electronic health records, and SMS communication (Twilio). Each vendor has signed a Business Associate Agreement (BAA) with us as required by HIPAA.

5

Data Security

We implement appropriate administrative, physical, and technical safeguards to protect your PHI from unauthorized access, use, or disclosure, including:

  • TLS/SSL encryption for all data transmitted over the internet
  • Encrypted storage of PHI in HIPAA-compliant cloud infrastructure
  • Role-based access controls limiting staff access to PHI on a need-to-know basis
  • Regular security risk assessments and workforce training
  • Audit logs tracking access to protected health information
  • Business Associate Agreements (BAAs) with all vendors who handle PHI

Despite our efforts, no system is completely secure. If you suspect a security incident involving your health information, please contact us immediately.

6

Contact Our Privacy Officer

For questions about this Notice, to exercise your patient rights, or to file a privacy complaint with our practice, please contact:

Privacy Officer

Continuity Health Partners

Detroit Metro Area, Michigan

Phone: (734) 251-4006

Email: privacy@chphousecalls.com

Changes to This Notice: We reserve the right to change this Notice at any time. We will post the revised Notice on our website and make copies available at our office. Changes will apply to all PHI we maintain, including information created or received before the change.

This Notice was last revised on January 1, 2025.