HIPAA NOTICE OF PRIVACY PRACTICES FOR LYRA CLINICAL ASSOCIATES P.C. AND OTHER CONTRACTED AFFILIATES
Effective date: May 25, 2018.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides standards for how medical information should be used and disclosed by healthcare providers, health plans, and other covered entities. We provide each of our users with this information and ask each of our users to acknowledge receipt of our HIPAA Notice of Privacy Practices for Lyra Clinical Associates P.C., which discloses our practices for personal information gathering and dissemination. Please note that by using the website (the “Site”) or the services provided by Lyra Health, Inc., Lyra Behavioral Health, Inc., Lyra Clinical Associates P.C., together with any independent contracted affiliates (together “Lyra”, “we”, “our” or “us”), you accept the practices described in this Notice of Privacy Practices. If you do not agree to this Notice, please do not use the Site or Lyra’s services. IF YOU ARE UNDER 13 YEARS OF AGE OR RESIDE OUTSIDE OF THE UNITED STATES, PLEASE DO NOT USE OR ACCESS OUR SITE.
What information do we collect from users and how is it used?
Forms. To fully use our offerings, you may need to fill out forms that ask for or contain personal information such as your name, contact information, health, and other personal information. By providing us with your mobile phone number, you consent to receiving information from us by text or voicemail, including in the case of voicemail, protected health information.
Medical Records. In order for us to get you the best care, we may ask you to provide us with your medical records, for which we will obtain a signed authorization from you. In order to support your care, we may also ask you for a description of symptoms, a medical history, lifestyle descriptions and information on the progress of your treatment from your provider either over the phone, by email, or through our Site.
Correspondence. If you correspond with us via email or text, we may gather in a file specific to you the information that you submit.
Recordings. If you contact our care team by videoconference, phone or by email, we may record and retain copies of the interaction for, among other things, quality assurance purposes. If you access any apps or other services we offer, we may record your interactions with our software or our providers. We will inform you if we are recording your interactions with our care team or providers and, if you do not wish to be recorded, you can let the care team or provider know at that time.
Outcomes. We may periodically send you surveys to collect your feedback on the outcomes of your therapy. Understanding outcomes is central to our mission of providing effective, evidence-based care, and data can help inform Lyra’s approach to treatment and assessment of progress. In addition, Lyra uses outcomes data to provide our customers with insight into how their employees are coping better with stressors, functioning at a higher level, and becoming more psychologically flexible. Please note, outcomes data will only be shared as de-identified aggregate data. We anonymize and convert individual outcome scores into improvement levels, and then aggregate those in reporting across an employer’s entire population.
We will store the above described categories of information for as long as needed to provide our services, and as recommended to comply with our legal obligations (including those under HIPAA), resolve potential or actual disputes, improve the quality of our services, or enforce our agreements.
In addition, your individual Lyra provider may capture independent clinical and psychotherapy notes, which would be subject to his or her separate HIPAA privacy practices.
How does Lyra use and disclose protected health information about you that we collect?
Lyra will collect protected health information (“PHI”), which includes your name, age, gender, contact information, problems you are seeking help for, and progress and outcomes of your treatment, from you and will use or share it for the following purposes:
Treatment. We can use your PHI and share it with other professionals or programs that are treating you, such as when you are referred to another mental health professional for further treatment. By using our services, you hereby explicitly consent to the sharing of information like your name, age, gender, problems you are seeking help for, including alcohol and substance use, care preferences, health plan coverage, and progress of your treatment with current and potential therapists to promote good outcomes.
Business Operations. We can use and share your PHI to run our practice, improve our offerings to clients, improve your care and the coordination of your care, and contact you when necessary, such as using your PHI to manage your treatment and services.
Billing and Payment. We may use and share your PHI to confirm eligibility for services and to ensure proper payment to providers. For example, we may request your PHI from your health plan or employer in order to confirm eligibility for services.
Lyra is also permitted and/or required to use and disclose your PHI for: public health and safety issues; health research; mandatory reporting requirements; compliance with law enforcement; responses to lawsuits and legal actions or legal requests; organ and tissue donation requests; work with medical examiners or funeral directors; statistical analysis (Lyra will de-identify and/or aggregate your PHI for statistical analysis, and in these situations, we do not disclose any information that can personally identify you); and when we use third-party contractors in order to provide certain services or to complete or confirm a transaction that you conduct with us.
You have both the right and the choice to tell us to share your PHI with your family, close friends, or others involved in your care; share your PHI in a disaster relief situation; and whether to contact you for fundraising efforts. If you are not able to tell us your preference, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
We will never share your PHI, unless you give us written permission to, for marketing purposes, for sale of your information, and for any sharing of most psychotherapy notes. You may revoke or restrict the authorization to disclose your PHI for these purposes at any time.
Lyra reserves the right to release collected information to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate. If you use our Site outside of the United States, you consent to the transfer and processing of your information out of your locale, to servers inside the United States and maintained pursuant to this Notice of Privacy Practices.
What are your rights regarding your protected health information?
You have certain rights regarding protected health information that we maintain about you, including rights to:
What are Lyra’s responsibilities with my information?
We are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your protected health information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
How will I know about changes in the Notice of Privacy Practices?
Lyra reserves the right to update this Notice of Privacy Practices from time to time. Please visit this page periodically so that you will be apprised of any changes. The policies indicated in this Notice will remain effective, even if you are no longer using our Site or services.
How to contact us?
If you have questions, or need to reach us for any other reason, you may contact the Chief Privacy Officer at (800) 505-5972 or at firstname.lastname@example.org.