BOOK A DEMO Quick Tour
BOOK A DEMO Quick Tour

 

Member Support >

Employer Login >

About Us

Careers

Press

Contact

HealthJoy Connected Navigation Platform
Connected Navigation Platform
Guiding to high-value care

Mental Health
Behavioral Health
Foster a mentally healthy workplace

Employee Assistance Program
EAP
Supporting holistic wellbeing

    Virtual MSK Care Icon
    Virtual MSK Care
    Reimagining musculoskeletal care

    Virtual Primary Care
    Virtual Primary Care
    Powered by smart navigation

    SurgeryPlus COE Icon
    Surgery Centers of Excellence
    Best-in-class surgical outcomes

      Virtual Urgent Care
      Virtual Urgent Care
      Immediate care, any hour of the day

      Chronic Care
      Chronic Care
      A new approach to chronic care

      HealthJoy Integrations
      Integrations
      Flexible to any strategy

        HIPAA Notice of Privacy Practices

        THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

        HealthJoy , LLC, and its affiliates, subsidiaries, parent companies and any companies that HealthJoy , LLC controls or is under common control with (collectively, “HealthJoy”) is committed to protecting the privacy and security of our customers' data. To that end, we operate in compliance with all applicable privacy and data protection laws including the Health Insurance Portability and Accountability Act of 1996 , as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH") and implementing regulations (“HIPAA”).

        This Notice of Privacy Practices describes the practices that we will follow with respect to the privacy of the health information of users of this site and our mobile applications and related services (“Services”).

        Table of Contents

         

        What Health Information We Collect

        HealthJoy takes the confidentiality of your health information seriously. In providing our Services, some of the information we collect may constitute protected health information (“PHI”) under HIPAA. PHI is personal (individually identifiable) information about you that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care, which is created, received, transmitted or maintained by HealthJoy. This Notice of Privacy Practices describes how we protect the privacy of your protected health information as a user of our Services. As a provider of health services, HealthJoy has certain obligations under HIPAA for maintaining the privacy and security of your PHI collected while performing our Services.

         

        What Information We Disclose

        When you use our Services, HealthJoy may use and disclose your PHI for the purposes described below. These uses and disclosures do not require your prior authorization. You may revoke your authorization for us to use or share your health information at any time, except for uses or disclosures we have already made. HealthJoy may use and disclose your health information for the following purposes:

         

        Treatment:

        We can use and share your health information with healthcare professionals to treat you. For example, we can disclose your information to your HealthJoy Coach in order to personalize your experience.

         

        Payment:

        We may use and share your health information to obtain payment for our services. For example, we may disclose your PHI to your health plan to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our services.

         

        Health Care Operations:

        We may use and share your health information for our operations related to health care. For example, we may use your health information to administer your account.

         

        Business Associates:

        From time to time, we work with other companies and individuals who help us deliver our services, known as “business associates.” These entities are required to keep any PHI confidential and store it securely. For example, we use business associates to help store the data that we collect.

         

        De-identifiable and Aggregated Data:

        We may use and disclose your PHI in a de-identifiable and aggregated manner to analyze our users’ experiences and help improve our services.

         

        Research:

        We can use or share your information for health research as authorized by law.

         

        As Required by Law:

        We may use or disclose your PHI if state or federal laws require it.

         

        Public Health and Safety

        We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person. We may also disclose PHI to those assisting in disaster relief efforts so that others can be notified about your condition, status and location.

         

        Law Enforcement Activities

        We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence.

         

        Legal Proceedings

        We may disclose PHI to respond to a court or administrative order, or in response to a warrant, investigation demand or other legal process.

        We may also use and disclose your PHI for other purposes as permitted by HIPAA.

         

        Note Regarding State Law

        Where state law is more restrictive of disclosure than federal law, we are required to follow the more restrictive state law.

         

        Prohibition on Use or Disclosure of Reproductive Health Care


        We are committed to protecting your privacy and ensuring compliance with the HIPAA Privacy Rule, especially concerning reproductive health care. The following practices apply to the use and disclosure of your PHI:

        1. Prohibited Uses and Disclosures: We will not use or disclose any individual’s PHI for purposes of conducting criminal, civil, or administrative investigations, or for imposing liability, related to:

        • The act of seeking, obtaining, providing, or facilitating reproductive health care, where such health care is lawful under the circumstances.
        • The identification of any person for the purpose of conducting such investigations or imposing liability.


        2. Rule of Applicability: Certain prohibitions on the use or disclosure of PHI related to reproductive health care apply only when a “reasonable determination” is made that one or more of the following conditions are met:

        • Lawfulness of Care: The reproductive health care was lawful in the state and under the circumstances in which it was provided.
        • Federal Protections: The reproductive health care is protected, required, or authorized by federal law in the circumstances in which it was provided, regardless of the state in which it was provided.
        • Presumption of Lawfulness: Reproductive health care provided by a person other than us is presumed lawful unless we have actual knowledge that the care was unlawful or we receive factual information from the requesting party demonstrating a substantial basis that the care was unlawful.


        3. Attestation Requirement: If we receive a request for PHI related to health oversight activities, judicial or administrative proceedings, law enforcement purposes, or disclosures to coroners and medical examiners, and the request may involve reproductive health care PHI, we will forward the request to the applicable “Covered Entity” and provide reasonable assistance to the Covered Entity for the Covered Entity to complete such request.

        Substance Use Disorder Confidentiality Regulations


        We are committed to protecting the privacy of your substance use disorder information while enabling effective and comprehensive care. The following outlines how your information may be shared, protected, and managed to ensure your confidentiality and promote comprehensive treatment:


        1. General Consent for Disclosure

        • You may provide general consent allowing us to share your substance use disorder information with other entities involved in your treatment.
        • This general consent ensures a more holistic approach to care by enabling coordination among providers and continuity of treatment.


        2. Prohibition on Redisclosure

        • Your substance use disorder information shared with other entities is subject to strict redisclosure prohibitions.
        • Recipients of this information may not further disclose it without your explicit written consent, except as permitted in specific circumstances.


        3. Integration with Electronic Health Records (EHRs)

        • To enhance care coordination, substance use disorder treatment records may be integrated into Electronic Health Records (EHRs).
        • This integration facilitates seamless information exchange while maintaining safeguards to protect the confidentiality of sensitive treatment information.


        4. Disclosure for Research and Audit Purposes

        • To improve care coordination, we may integrate your substance use disorder treatment records into Electronic Health Records (EHRs).
        • Any disclosures will comply with applicable laws and ensure that identifying information is properly safeguarded.


        5. Breaches and Penalties

        • The revised rule aligns with HIPAA standards for breaches, patient notification requirements, and penalties:
          • Breach Notification: If a breach involving your substance use disorder information occurs, we will notify you promptly.
          • Civil and Criminal Penalties: Violations are subject to the same civil monetary fines and criminal enforcement as other HIPAA violations.

        Disclosure and Redisclosure of Information

        Under certain circumstances, information disclosed under the HIPAA Privacy Rule may be redisclosed by the recipient and may no longer be protected by HIPAA.
        Redisclosure Notice: Once PHI is shared with entities not bound by HIPAA, such as law enforcement or other third parties, those entities may redisclose the information, and it may lose its HIPAA protections.

        Example: If you authorize the disclosure of your health information to a third party for a legal proceeding, that information may not be protected under HIPAA once shared.

         

        Your Rights

        As a user of HealthJoy’s services, you have rights with respect to your health information:

        • Right to Inspect and Obtain a copy of PHI: You have a right to inspect and obtain a copy of your protected health information we maintain.
        • Right to Request Restrictions: You may request that we limit what information we use or share. We will notify you within 60 days whether we can agree to your request. If you pay for a service or health care item out of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share.
        • Right to Request Alternative Means of Confidential Communication: You have the right to request that copies of your medical information be provided by alternative means.
        • Right to Request Corrections: You have a right to request that we correct your protected health information that you think is incorrect or incomplete.
        • Right to Receive an Accounting of Disclosures: You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make).
        • Right to Obtain a Paper Copy of this Notice: You have the right to obtain a paper copy of this notice upon request at the address below.
        • Right to File a Complaint: You may file a complaint with us if you believe your Privacy Rights have been violated. To file a complaint, or to ask any questions about this Notice of Privacy Practices, send an email to us at support@healthjoy.com, or write to us at the following address: 215 West Superior Street, 5th Floor, Chicago, IL 60654. You can also call us at 877-500-3212. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against any individual for filing a complaint.

         

        Our Responsibilities

        • We are required by law to maintain the privacy and security of your protected health information.
        • We will not use or disclose your PHI for marketing purposes or to sell your PHI, unless you have agreed to this use or disclosure.
        • We must follow the duties and privacy practices described in this notice and give you a copy of it.
        • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
        • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

         

        Changes to the Terms of this Notice

        From time to time, we may change this privacy statement, which is applicable to all PHI we maintain about you. For example, as we update and improve our services, new features may require modifications to the privacy statement. The new notice will be available on our website. Accordingly, please check back periodically.

        December 20, 2024