Privacy Policy

Modified on July 11th, 2020

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUTYOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Nexus Patient Services must maintain the privacy of your personal health information (PHI) and give you this notice that describes our legal duties and privacy practices concerning your PHI. We must follow the privacy practices described in this notice.

Our Obligations

We are required by law to:

• Maintain the privacy of PHI.

• Give you this notice of our legal duties and privacy practices regarding health information about you.

• Follow the terms of our notice that is currently in effect.

Without your written authorization, we can use your PHI for the following purposes:

1. Treatment: We may use and disclose your PHI to healthcare professionals or other third parties to provide, coordinate and manage delivery of health care. We may use this information for many treatment reasons, including but not limited to, contacting you regarding your care, dispensing prescription medication to you, verifying the accuracy of prescriptions being filled, and to help you avoid known drug allergies and adverse drug reactions. We may also contact you to provide treatment-related services, such as refill reminders, treatment alternatives (such as available generic products) and other health related benefits and services that may interest you.

2. Payment: We may share your PHI with your insurer, payor or other agent to determine whether they will pay for your prescription and to determine the payment amount. We may also contact you regarding payment or a balance due for prescriptions dispensed through Nexus Patient Services.

3. Health Care Operations: We will use your PHI to carry out pharmacy operations, such as monitoring the effectiveness and quality of our services and employees. We may also use your PHI within Nexus Patient Services to create de-identified information for data aggregation. Additionally, your PHI may be transferred for purposes of carrying out the pharmacy services should we buy or sell pharmacy locations.

4. For fundraising purposes: We may want to use information found in your medical record, such as your name, address, phone number, health insurance status and treatment dates, to contact you for fund-raising purposes. You will be given the opportunity to opt-out of future fund-raising In all fundraising communications you receive from Nexus Patient Services, you will be given the opportunity to elect not tor eceive any further fundraising communications

5. As required or permitted by law: Sometimes we must report some of your PHI to legal authorities, such as law enforcement officials, court officials, or government agencies. For example, we may have to report abuse, neglect, domestic violence or certain physical injuries, or to respond to a court order, subpoena, summons or warrant. If state or local law within your jurisdiction offers you additional protections against improper use or disclosure of PHI, we will follow such laws to the extent they apply.

6. For public health activities: We may be required to report your PHI to authorities to help prevent or control disease, injury, or disability. This may include using your medical record to report certain diseases, injuries, birth or death information, information of concern to the Food and Drug Administration, or information related to child abuse or neglect. We may also have to report to your employer certain work-related illnesses and injuries so that your workplace can be monitored for safety.

7. For health oversight activities: We may disclose your PHI to authorities so they can monitor, investigate, inspect, discipline or license those who work in the health care system or for government benefit programs.

8. For activities related to death: We may disclose your PHI to coroners, medical examiners and funeral directors so they can carry out their duties related to your death, such as identifying the body, determining cause of death, or in the case of funeral directors, to carry out funeral preparation activities.

9. For organ, eye or tissue donation: We may disclose your PHI to people involved with obtaining, storing or transplanting organs, eyes or tissue of cadavers for donation purposes.

10. For research: Under certain circumstances, we may use and disclose your PHI to help conduct research. For example, a research project may involve comparing the health of patients who received one treatment to those who received another, for the same condition. Before we use or disclose PHI for research, the project will go through a special approval process. Even without special approval, we may permit researchers to look at records to help them identify patients who may be included in their research project or for other similar purposes, as long as they do not remove or take a copy of any PHI.

11. To avoid a serious threat to health or safety: As required by law and standards of ethical conduct, we may release your PHI to the proper authorities if we believe, in good faith, that such release is necessary to prevent or minimize a serious and approaching threat to your or the public’s health or safety.

12. For military, national security, or incarceration/law enforcement custody: If you are involved with the military, national security or intelligence activities, or you are in the custody of law enforcement officials or an inmate in a correctional institution, we may release your PHI to the proper authorities so they may carry out their duties under the law.

13. Protective services for the President and others: We may disclose your PHI to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or to conduct other special investigations.

14. For workers’ compensation: We may disclose your PHI to the appropriate persons in order to comply with the laws related to workers’ compensation or other similar programs. These programs may provide benefits for work-related injuries or illness.

15. Business Associates: We provide some services through other companies termed “business associates”. On occasion, we may disclose your PHI to business associates acting on our behalf. Federal law requires us to enter into business associate agreements with these entities to safeguard your PHI as required by Nexus Patient Services and by law.

16. To those involved with your care or payment of your care: If people such as family members, relatives, or close personal friends are helping care for you or helping you pay your medical bills, we may release important PHI about you to those people. You have the right to object to such disclosure, unless you are unable to function or there is an emergency. In addition, we may release your PHI to organizations authorized to handle disaster relief efforts so those who care for you can receive information about your location or health status. We may allow you to agree or disagree orally to such release, unless there is an emergency. It is our duty to give you enough information so you can decide whether or not to object to release of your PHI to others involved with your care.

17. United States Department of Health and Human Services: Under federal law, we are required to disclose your PHI to the U.S. Department of Health and Human Services to determine if we are in compliance with federal laws and regulations regarding the privacy of PHI.

V04.11.16 1

Use or Disclosure of your PHI for Other Purposes Requiring Your Authorization

Except for the situations listed above, we must obtain your specific written authorization for any other release of your PHI. For example, your specific written authorization for the use and disclosure of your PHI would be required in order to use it for marketing purposes or for the sale of your PHI. Marketing includes communications made by Nexus Patient Services to you, in which Nexus Patient Services received payment to make, for the purposes of treatment and health care operations about health-related products or services. Sale of PHI includes the disclosure of your PHI by Nexus Patient Services, where Nexus Patient Services received payment from the recipient in exchange for the PHI. If you sign an authorization form, you may withdraw your authorization at any time, as long as your withdrawal is in writing. If you wish to withdraw your authorization, please submit your written withdrawal to Nexus Patient Services: Attn: Privacy Officer at the address listed below.

Other uses and disclosures of PHI not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer and we will no longer disclose Protected Health Information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.

Your PHI Rights

You have several rights with regard to your PHI. If you wish to exercise any of the following rights, please contact Nexus Patient Services, Attn: Privacy Officer at the address listed below. Specifically, you have the right to:

1. Inspect and obtain a copy of your PHI: you have the right to inspect and obtain a copy of your PHI contained within the “designated record set”. However, there are a few exceptions to this right. For example, this right does not apply to psychotherapy notes or information gathered for judicial proceedings. To request a copy of your PHI, submit a written request to Nexus Patient Services, Attn: Privacy Officer at the address listed below. We must respond to your request within 30 days, unless you agree to a one-time 30 day extension. In addition, we may charge you a reasonable fee for the costs of copying, mailing or other supplies associated with your request. We may not charge you a fee if you need the information for a claim of benefits under the Social Security Act or any other state or federal needs-based benefit program.

2. Right to an electronic copy of electronic medical records. If Nexus Patient Services maintains an electronic health record containing your PHI, you have the right to request that we send a copy of your PHI in an electronic format to you or a third party that you have identified. We will make every effort to provide access to your PHI in the form or format you request, if it is readily producible in such form or format. If the PHI is not readily producible in the form or format you request, your record will be provided in either our standard electronic format or, if you do not want this form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic record.

3. Request to amend your PHI: If you believe your PHI is incomplete or incorrect, you may ask us to correct the information. You may be asked to make such requests in writing and to give a reason as to why your PHI should be changed. However, if we did not create the PHI that you believe is incorrect, or if we disagree with you and believe your PHI is correct, we may deny your request.

4. Request restrictions on certain uses and disclosures: You have the right to ask for restrictions on how your PHI is used or to whom your information is disclosed for treatment, payment and healthcare operations. You may also want to limit the PHI provided to family or friends involved in your care or payment of medical bills. These requests should be submitted in writing to the address listed below and should identify: 1) what specific information you would like to restrict, 2) to whom you want the restrictions to apply. We are not required to agree, in all circumstances, to your requested restriction unless you are asking us to restrict the use and disclosure of your PHI to a health plan for payment or healthcare operations purposes and such information you wish to restrict pertains solely to a health care item or service for which you, or someone on your behalf, has paid us, out-of-pocket, in full. If we agree, we will comply with your request unless the information is needed to provide you with emergency treatment.

5. As applicable, receive confidential communication of PHI: You have the right to ask that we communicate your PHI to you in different ways or places in order to protect the confidentiality of your PHI. For example, you may wish to receive information about your health status through a written letter sent to a private address. Your request must be submitted in writing to Nexus Patient Services, Attn: Privacy Officer at the address listed below, and must state how, where and when you would like to be contacted. We will accommodate reasonable requests.

6. Receive a record of disclosures of your PHI: You have the right to ask for a list of certain disclosures of your PHI we have made during the previous six years, but the request cannot include dates before April 14, 2003. This list must include the date of each disclosure, who received the disclosed PHI, a brief description of the PHI disclosed, and why the disclosure was made. We must respond to your request for a list within 30 days, unless you agree to a one-time 30-day extension, and we may not charge you for the list, unless you request such list more than once per year. In addition, we will not include in the list disclosures made to you, or for purposes of treatment, payment, health care operations, national security, law enforcement/corrections, and certain health oversight activities. To obtain the list, the request must be submitted in writing to Nexus Patient Services, Attn: Privacy Officer, at the address listed below.

7. Right to notification in the event of a breach: Nexus Patient Services has implemented all of the necessary safeguards to ensure the privacy of your PHI. However, in the unlikely event that your unsecured PHI is acquired by, accessed, used or disclosed to an unauthorized person(s), Nexus Patient Services will promptly notify you of such a circumstance.

8. Opt out of fundraising communications: You have the right to request that you not be included in fundraising communications. Upon request, your information will be removed from future communications.

9. Obtain a paper copy of this notice: Upon your request, you may at any time receive a paper copy of this notice, even if you earlier agreed to receive this notice electronically.

10. Complaint: If you believe your privacy rights have been violated, you may file a written complaint with us at the address listed below and with the federal Department of Health and Human Services. You will not be penalized for filing a complaint.

Again, if you have any questions or concerns regarding your privacy rights or the information in this notice, please contact

Nexus Patient Services Attn: Privacy Officer 5080 N 40th St suite 300, Phoenix, AZ 85018. (602) 840-9506

We reserve the right to change the privacy practices described in this notice, in accordance with the law. Changes to our privacy practices would apply to all PHI we maintain. If we change our privacy practices, you will receive a revised copy.

This Notice of Privacy Practices is effective as of September 1, 2013.

V04.11.16 2