Notice of Privacy Practices

PeopleOne Health, Inc. and Affiliated Entities Including PeopleOne Health Florida, LLC and PeopleOne Health Medical Group, PA

THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW YOUR PROTECTED HEALTH INFORMATION (PHI) MAY BE USED AND DISCLOSED, HOW YOU CAN GET ACCESS TO THIS INFORMATION, AND YOUR RIGHTS REGARDING YOUR PHI.

This Notice applies to all PeopleOne Health services, including employer-sponsored programs and individual direct memberships. This Notice governs all PeopleOne Health entities and locations where you receive care.

Our Legal Obligations

We are required by law to:

  • Make sure that medical information that identifies you is kept private (with certain exceptions)
  • Provide you with notice of a breach of your unsecured protected health information
  • Follow the terms of the notice that is currently in effect
  • Follow the minimum necessary standard, using and disclosing only the minimum amount of PHI necessary to accomplish the intended purpose

Uses and Disclosures Without Authorization

For Treatment We may use and disclose your health information to provide you with medical treatment or services or to assist in the coordination, continuation or management of your care and any related services. This includes coordination with independent Care Partners who provide additional services outside of direct primary care under separate contracts with PeopleOne Health.

For Payment (Enhanced for Dual Payment Structure) We may use and disclose your health information for payment purposes:

  • Employer-Sponsored Members: We may disclose to your employer that you are enrolled in our services and basic participation status necessary for employer payment obligations, but we will not disclose specific treatment details unless required for payment processing
  • Individual Direct Members: We may disclose PHI to payment processors, credit card companies, and financial institutions as necessary to process your payments, including recurring billing authorization and refund processing
  • Credit Card Processing: We use PCI DSS-compliant payment processors to handle credit card transactions. Credit card information is encrypted during transmission and storage
  • Billing Statements: Individual member billing statements contain only necessary PHI for payment purposes. Detailed treatment information is available separately through your patient portal

For Healthcare Operations

We may use and disclose health information about you for operational purposes, including:

  • Communicating with you about our activities and locations
  • Evaluating the performance of our staff
  • Assessing the quality of care and outcomes
  • Learning how to improve our facilities and services
  • Determining how to continually improve the quality and effectiveness of healthcare we provide
  • Identifying engagement and prioritizing outreach to improve care coordination, member support services, and health outcomes

Membership-Specific Operations:

  • Employer-Sponsored Members: To notify your employer of program completion and outcome metrics for insurance premium discounts, limited to participation status without disclosing specific treatment details
  • Individual Members: To provide you with program completion certificates and outcome summaries for your personal records

Communications

Treatment-Related Communications We may use and disclose your information to provide appointment reminders and treatment-related communications. We may contact you to provide information about treatment alternatives or other health-related benefits and services directly related to your care.

Marketing Communications Requiring Authorization Any communications about non-treatment services, products, or programs require your separate written authorization, except for face-to-face communications or promotional gifts of nominal value.

Marketing communications requiring authorization include:

  • Individual membership upgrades or additional services
  • Third-party products or services
  • Employer wellness programs (for individual members)
  • Any communication where we receive financial remuneration from a third party

Membership-Specific Marketing Authorization:

  • Individual Members: Marketing authorizations are obtained directly from you
  • Employer-Sponsored Members: Program communications may be received through your employer’s authorized channels

Business Associates

We may contract with third parties (business associates) who perform services on our behalf, including: payment processors, credit card companies, IT service providers, cloud storage vendors, marketing platforms, employer wellness program administrators, and independent Care Partners.

Care Partner Arrangements: Independent Care Partners who provide additional services outside of direct primary care operate under separate business associate agreements that require them to maintain the same privacy and security standards as PeopleOne Health entities.

All business associates must sign HIPAA-compliant business associate agreements requiring them to:

  1. Safeguard PHI privacy and security
  2. Report any breaches
  3. Return or destroy PHI when services end
  4. Comply with minimum necessary standards
  5. Allow us to monitor their compliance

Breach Notification

If a breach of your unsecured PHI occurs, we will:

  1. Individual Notification: Notify you within 60 days of discovering the breach via first-class mail or email (if you’ve agreed to electronic notice)
  2. HHS Notification: Notify the Department of Health and Human Services within 60 days
  3. Media Notification: Notify media outlets if the breach affects 500+ individuals in a state/jurisdiction
  4. Employer Notification: For employer-sponsored members, notify the employer’s designated privacy contact as required by the employer’s agreement
  5. Content Requirements: All breach notifications will include: nature of breach, types of information involved, steps we’re taking, steps you should take, and our contact information

Your Rights

Standard HIPAA Rights:

  • Request restrictions on uses and disclosures
  • Obtain a paper copy of this Notice
  • Inspect and obtain copies of your health and billing records
  • Request amendments to your health information
  • Request confidential communications
  • Receive an accounting of disclosures

Membership-Specific Rights:

Employer-Sponsored Members:

  • Right to request that we not disclose participation details to your employer beyond what’s required for payment
  • Right to receive individual copies of your health records separate from employer reporting
  • Right to opt-out of employer wellness program communications

Individual Members:

  • Right to designate authorized representatives for account management
  • Right to update payment and contact information directly
  • Right to receive detailed billing statements
  • Right to request payment plan arrangements

Contact Information and Complaints

Privacy Officer Contact:

  • Email: compliance@peopleonehealth.com
  • Phone: 1-888-330-6891 x5

Filing Complaints: You may file a complaint with us or with the U.S. Secretary of Health and Human Services. We will not reduce your level of service or retaliate against you for filing a complaint.

Covered Entities

The entities that comprise “PeopleOne Health” and that will abide by this notice include:

  • PeopleOne Health, Inc.
  • PeopleOne Health Florida, LLC
  • PeopleOne Health Medical Group, PA

Note: Independent Care Partners operate under separate privacy notices while maintaining business associate agreements with PeopleOne Health entities.

Changes to This Notice

We reserve the right to change this Notice and make the revised notice effective for medical information we already have about you as well as any information we receive in the future. The current Notice will be available on our website and at all PeopleOne Health locations.