Privacy Policy

HIPAA NOTICE OF PRIVACY PRACTICES

THIS DOCUMENT IS REQUIRED BY FEDERAL LAW. IT DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Your employer, as the sponsor of a group health plan administered by Redwood Health Services (RHS), is required by law to take steps to ensure the privacy of your personally identifiable health information and to provide you with this Notice of Privacy Practices (“Privacy Notice”). This Privacy Notice is provided to you as a covered person under the health coverage that is provided by your employer (for purposes of this Privacy Notice, referred to as the “Health Plan”).
A federal law, known as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), requires the Health Plan to maintain the privacy of your protected health information (“PHI”). PHI encompasses substantially all “individually identifiable health information” which is transmitted or maintained by the Health Plan, regardless of its form. PHI includes medical information relating to your physical or mental health or condition, the provision of health care to you, or the payment for health care provided to you. However, PHI does not include all health information that may be maintained by your employer or its benefit plans. For example, PHI does not include health information that is used or maintained by your employer’s non-health benefit plans, such as life insurance, accidental death and dismemberment (AD&D) and short and long term disability benefits. PHI also does not include any health information that was obtained by your employer in its capacity as an employer (e.g., through an FMLA or leave of absence request). If health information is not PHI, then the health information is not protected by HIPAA and is not covered by this Privacy Notice.

RHS and the Health Plan understand that your PHI is personal and private, and both are committed to maintaining the privacy of your PHI. This Privacy Notice summarizes the Health Plan’s and RHS’ privacy practices and those of any third party that assists in the administration of the Health Plan. In particular, this Privacy Notice describes the ways in which the Health Plan may use or disclose your PHI. It also describes the Health Plan’s obligations to you and your individual rights regarding the use and disclosure of your PHI. HIPAA requires the Health Plan to provide this Privacy Notice to you and to comply with its terms.

Please note you may also receive a separate Notice of Privacy Practices from your primary health insurance carrier with respect to the privacy practices of the insurer. This Privacy Notice does not cover benefits that are fully insured or provided through an HMO.

Use and Disclosure of your Health Information

The following categories describe different ways that the Health Plan uses and discloses your health information. For each category, the Privacy Notice will outline the uses or disclosures included in the category, but not every use or disclosure within a category can be listed.

For Treatment. The Health Plan may use and disclose your PHI to provide, coordinate or manage your health care treatment and any related services provided to you by health care providers. This includes the coordination or management of your health care by a health care provider. For example, the Health Plan may use and disclose your PHI in order to describe or recommend treatment alternatives to you or to provide information about health-related benefits and services that may be of interest to you.

For Payment. The Health Plan may use and disclose your PHI to make coverage determinations and provide payment for health care services you have received. These activities include determining your eligibility for benefits under the Health Plan (including coordination of benefits or the determination of cost sharing amounts); processing your claims for benefits under the Health Plan; resolving subrogation rights under the Health Plan; billing, claims management and collection activities; obtaining payment under stop-loss and excess-loss insurance policies; reviewing health care services you receive for Health Plan coverage, medical necessity and appropriateness; and conducting utilization review activities (including precertification, preauthorization, concurrent review and retrospective review activities). For example, the Health Plan may disclose your health information to a third party (for instance, a medical reviewer) when necessary to resolve the payment of a claim for health care services that have been provided to you.

For Health Care Operations. The Health Plan may use and disclose your PHI for administration and operations, including quality assessment and quality improvement activities; underwriting, premium rating and other activities relating to the creation, renewal or replacement of a health insurance or health benefits contract or a stop-loss or excess-loss insurance contract; conducting or arranging for medical assessments, legal services and auditing functions (including fraud and abuse detection and compliance programs), and other general administrative activities such as customer service and HIPAA compliance. For example, the Health Plan may disclose your health information to potential health insurance carriers in order to obtain a premium bid from the carrier.

Disclosure of your Health Information in Special Situations
Outlined below are situations in which the Health Plan may disclose your PHI without your authorization.

Disclosure to You or Your Personal Representative. The Health Plan may disclose your PHI to you or your personal representative.

Disclosure to the Employer. The Health Plan, or an insurer of benefits provided under the Health Plan, may disclose your PHI without your written authorization to your employer for plan administration purposes. The employer agrees not to use or disclose your health information other than as permitted or required by the plan document(s) for the Health Plan and by applicable law. In particular, your health information that is PHI will not be used for employment decisions.

Public Health Activities. The Health Plan may use or disclose your PHI for public health activities. Permitted disclosures include:

Disclosure to a person subject to the jurisdiction of the Food and Drug Administration (“FDA”) in connection with activities related to the quality, safety or effectiveness of FDA-regulated products.
Disclosure to report births and deaths.
Disclosure to report reactions to medications, problems with health-related products or to notify a person of recalls of medications or products the person may be using.
Disclosure to a public health authority for the purpose of controlling disease or injury or to report child abuse or neglect.
Disclosure, if authorized by law, to a person who may have been exposed to or be at risk of contracting a communicable disease.

Abuse or Neglect. The Health Plan may disclose your PHI to an appropriate government authority that is authorized by law to receive reports of child abuse, neglect or domestic violence, including a social services or protective services agency, if the Health Plan reasonably believes you to be a victim of abuse, neglect or domestic violence. However, the Health Plan will only disclose your PHI in these situations, if (1) the disclosure is required by law; (2) you agree to the disclosure; or (3) the Health Plan reasonably believes that the disclosure is necessary to prevent harm to you or other potential victims. The Health Plan will notify you of a disclosure for abuse or neglect purposes if doing so will not place you at further risk.

Health Oversight Activities. The Health Plan may disclose your PHI to a health oversight agency for certain activities authorized by law including audits; civil, administrative, or criminal investigations; inspections; licensure or other activities necessary for appropriate oversight of the health care system.

Judicial and Administrative Proceedings. In certain limited situations, the Health Plan may disclose your PHI in response to a valid court or administrative order. The Health Plan may also disclose your PHI in response to a subpoena, discovery request or other lawful process, but only if the Health Plan receives satisfactory assurances that the party seeking the information has tried to inform you of the request or to obtain a qualifying protective order to safeguard the information requested.

Required by Law. The Health Plan will disclose your PHI where required to do so by federal, state or local law. The Health Plan may also disclose your PHI to the Department of Health and Human Services regarding HIPAA compliance matters.

Coroners, Medical Examiners and Funeral Directors. The Health Plan may disclose your PHI to a coroner or medical examiner for identification purposes, for determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. The Health Plan may also disclose PHI to a funeral director, as necessary to allow the funeral director to carry out his or her duties.

Organ and Tissue Donation. If you are an organ donor, the Health Plan may disclose your PHI as necessary to facilitate organ or tissue donation, including transplantation.

Research. The Health Plan may disclose your PHI to researchers without your authorization if their research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI and the researchers have provided certain necessary representations regarding the research.

Serious Threat to Health or Safety. The Health Plan may disclose your PHI, consistent with applicable law and standards of ethical conduct, if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public in general or, in certain cases, when the information is necessary for law enforcement authorities to identify or apprehend an individual.

Military Activity and National Security. When the appropriate conditions apply and if you are a member of the Armed Forces, the Health Plan may disclose your PHI (1) for activities deemed necessary by appropriate military command authorities, (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits, or (3) to a foreign military authority if you are a member of that foreign military service. The Health Plan may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities for the conduct of lawful intelligence, counter-intelligence and national security activities. The Health Plan may also disclose PHI to authorized federal officials for the provision of protective services to the President or others that are authorized by law.

Inmates. If you are an inmate of a correctional institution or in the custody of a law enforcement official, the Health Plan may disclose your PHI to the institution or official if the information is necessary for (1) the provision of health care to you, (2) your health and safety or the health and safety of other inmates, the officers, employees, or others at the correctional institution, (3) law enforcement on the premises of the correctional institution, or (4) the safety and security of the correctional institution.

Workers’ Compensation. The Health Plan may disclose your PHI as necessary to comply with workers’ compensation laws and other similar legally established programs that provide benefits for work-related injuries or illness without regard to fault.

Law Enforcement Purposes. The Health Plan may disclose your PHI, in certain situations, to law enforcement officials, including: (1) when directed by a court order, subpoena, warrant, summons or similar process; (2) if necessary to identify or locate a suspect, fugitive, material witness or missing person; and (3) if necessary to report information about the victim of a crime in limited circumstances where the victim is unable to provide consent.

Other Uses and Disclosures of Health Information

In order to use or disclose your PHI for any reason other than those described in this Privacy Notice, the Health Plan must obtain your written authorization. If you sign an authorization form, you may revoke your authorization by submitting a request in writing. If you revoke your authorization, the Health Plan will no longer use or disclose your PHI for the reasons covered by the authorization. However, the Health Plan is unable to retract or invalidate any uses or disclosures that were already made with your permission prior to your revocation of the authorization.

Your Rights Regarding your Health Information

You have several important rights with regard to your PHI, which are summarized below. Please contact your employer or RHS to exercise any of these rights. (Please see the last page of this Privacy Notice for appropriate contact information.)

Right to Inspect and Copy. With certain exceptions described below, you have the right to inspect and copy your PHI if it is part of a “designated record set” or “DRS.” The DRS is the group of records maintained by or on behalf of the Health Plan and contained in the enrollment, payment, claims adjudication, and case or medical management record systems of the Health Plan, and any other records which are used by the Health Plan to make decisions about individuals. This right does not extend to psychotherapy notes, information gathered for certain civil, criminal or administrative proceedings, and information maintained by the employer that duplicates information maintained by the Health Plan’s third-party administrator in its DRS. If you request a copy of your PHI contained in a DRS, the Health Plan may charge you a reasonable, cost-based fee for the expense of copying, mailing and/or other supplies associated with your request. To inspect and obtain a copy of your PHI that is part of a DRS, you must submit your request in writing. In most cases, you must use a specific form, which you can request directly from the health carrier or vendor.

If you exercise your right to access your PHI, the Health Plan will respond to your request within 30 days, unless the information is stored off-site, in which case the Health Plan will respond to your request within 60 days. If the Health Plan is unable to respond within these time periods, it may have a one-time 30-day extension by providing you with a written explanation for the delay and the date by which it will respond to your request.

The Health Plan may deny your request to inspect and copy your PHI in certain limited situations. If you are denied access to your PHI, you will be notified in writing. The notice of denial will include the basis for the denial, and a description of any appeal rights you may have and the right to file a complaint with the Health Plan or with the Department of Health and Human Services. If the Health Plan does not maintain the PHI that you are seeking but knows where it is maintained, the Health Plan will notify you of where to direct your request.

Right to Amend. If you believe that your PHI in a Designated Record Set is incorrect or incomplete, you may request that the Health Plan amend the PHI. Any such request must be made in writing and must include a reason that supports your requested amendment. In most cases, you must use a specific form, which you can request directly from the health carrier or vendor. The Health Plan must respond to your request within 60 days. If the Health Plan is not able to respond within this 60-day period, it may have a one-time 30-day extension by providing you with a written explanation for the delay and the date by which it will respond to your request.

In limited situations, the Health Plan may deny your request to amend your PHI. For example, the Health Plan may deny your request if (1) the PHI was not created by the Health Plan (unless the person who created the information is no longer available to make the amendment); (2) the Health Plan determines the information to be accurate or complete; (3) the information is not part of the DRS; or (4) the information is not part of the information which you would be permitted to inspect and copy, such as psychotherapy notes. If your request is denied, you will be notified in writing. The notice of denial will include the basis for the denial, and a description of your right to submit a statement of disagreement and the right to file a complaint with the Health Plan or with the Department of Health and Human Services.

Right to an Accounting of Disclosures. You have the right to request an accounting of certain types of disclosures of your PHI made by the Health Plan during a specified period of time. You do not have the right to request an accounting of all disclosures of your PHI. For example, you do not have the right to receive an accounting of (1) disclosures for purposes of Treatment, Payment or Health Care Operations; (2) disclosures to you or your personal representative regarding your own PHI; (3) disclosures pursuant to an authorization; or (4) disclosures prior to April 14, 2003.

Your request must indicate the time period for which you are seeking the accounting, such as a single month, six months or two calendar years. This time period may not be longer than six [6] years and may not include any disclosures of PHI made before April 14, 2003. The Health Plan must respond to your request within 60 days. If the Health Plan is not able to respond within this 60-day period, it may have a one-time 30-day extension by providing you with a written explanation for the delay and the date by which it will respond to your request.

The Health Plan will provide the first accounting you request in any 12-month period free of charge. The Health Plan may impose a reasonable, cost-based fee for each subsequent accounting request within the same 12-month period. The Health Plan will notify you in advance of the fee and provide you with an opportunity to withdraw or modify your request.

Right to Request Restrictions. You have the right to request a restriction or limitation on the PHI that the Health Plan uses or discloses about you in certain situations. However, the Health Plan is not required to agree to your request. The Health Plan has determined that approving these requests would generally interfere with the resolution of benefit claims and, therefore, a restriction request will only be approved in special and compelling circumstances in the sole discretion of the Health Plan.

Right to Request Confidential Communications. You have the right to request that the Health Plan communicate with you about health matters in a specific manner or specific location. To request confidential communications, you must make your request in writing and must specify how and/or where you wish to be contacted, for example, by mailings to a post office box. In most cases, you must use a specific form, which you can request directly from the health carrier or vendor. The Health Plan will consider all reasonable requests.

Right to a Paper Copy of this Notice. You have the right to request a paper copy of this Privacy Notice, even if you previously received this Privacy Notice electronically. Any such request should be submitted using the contact information below.

Personal Representatives. You may exercise your rights though a personal representative. The representative must produce appropriate evidence of his or her authority to act on your behalf. Examples of acceptable authority include (1) a power of attorney, notarized by a notary public, (2) a court order of appointment as conservator or guardian and (3) a parent of an unemancipated minor. The Health Plan may deny access to PHI to a personal representative, including a parent of an unemancipated minor, if the denial is in the best interest of the individual.

Changes to this Privacy Notice

The Health Plan reserves the right to change, at any time, its privacy practices and this Privacy Notice. If this Privacy Notice is revised, a revised copy of the Privacy Notice will be delivered to you, within 60 days of the revision. The revised Privacy Notice will be effective for all PHI that the Health Plan maintains at the time of the revision as well as PHI the Health Plan receives in the future.

Complaints

If you believe your privacy rights have been violated, you may submit a complaint to the Health Plan or the Secretary of the Department of Health and Human Services. Your employer or RHS will not retaliate against you for filing a complaint with the Health Plan or with the Department of Health and Human Services.
To submit a complaint to the Health Plan, you must submit the complaint in writing using the contact information below. To submit a complaint to the Department of Health and Human Services, you must contact the Office for Civil Rights of the Department of Health and Human Services, Hubert H. Humphrey Building, 200 Independence Avenue, SW, Washington, DC 20201. Further information is also available on the Office’s website at www.hhs.gov/ocr/hipaa/.

Contact Information

If you have any questions about this Privacy Notice or would like to submit a complaint to the Health Plan, please contact your employer or RHS. RHS may be contacted at 3510 Unocal Pl. #108, Santa Rosa, CA 95403 or 1-800-548-7677.

If you would like to exercise any of your rights concerning your health information (such as your right to request access to your health information), you should contact your health carrier or vendor directly. For example, if your request concerns health information maintained by RHS, you should contact RHS using the above contact information.

3. EMBEDDED CONTENT

Pages on this site may include embedded content, like YouTube videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged-in to that website. Below you can find a list of the services we use:

FACEBOOK

The Facebook page plugin is used to display our Facebook timeline on our site. Facebook has its own cookie and privacy policies over which we have no control. There is no installation of cookies from Facebook and your IP is not sent to a Facebook server until you consent to it. See their privacy policy here: Facebook Privacy Policy .

TWITTER

We use the Twitter API to display our tweets timeline on our site. Twitter has its own cookie and privacy policies over which we have no control. Your IP is not sent to a Twitter server until you consent to it. See their privacy policy here: Twitter Privacy Policy .

YOUTUBE

We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: YouTube Privacy Policy.

4. COOKIES

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.

NECESSARY COOKIES (ALL SITE VISITORS)

cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. See more information on privacy here: CloudFlare Privacy Policy.
PHPSESSID: To identify your unique session on the website.

NECESSARY COOKIES (ADDITIONAL FOR LOGGED IN CUSTOMERS)

wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.

5. WHO HAS ACCESS TO YOUR DATA

If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself.

If you are a client with a registered account, your personal information can be accessed by:

Our system administrators.
Our supporters when they (in order to provide support) need to get the information about the client accounts and access.

6. THIRD PARTY ACCESS TO YOUR DATA

We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us. Please see below:

ENVATO PTY LTD

For the purpose of validating and getting your purchase information regarding licenses for the Avada theme, we send your provided tokens and purchase keys to Envato Pty Ltd and use the response from their API to register your validated support data. See the Envato privacy policy here: Envato Privacy Policy.

TICKSY

Ticksy provides the support ticketing platform we use to handle support requests. The data they receive is limited to the data you explicitly provide and consent to being set when you create a support ticket. Ticksy adheres to the EU/US “Privacy Shield” and you can see their privacy policy here: Ticksy Privacy Policy.

7. HOW LONG WE RETAIN YOUR DATA

When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation.

If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.

8. SECURITY MEASURES

We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.

In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.

9. YOUR DATA RIGHTS

GENERAL RIGHTS

If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.

You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).

If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.

GDPR RIGHTS

Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. AxiomThemes permits residents of the European Union to use its Service. Therefore, it is the intent of AxiomThemes to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.

10. THIRD PARTY WEBSITES

AxiomThemes may post links to third party websites on this website. These third party websites are not screened for privacy or security compliance by AxiomThemes, and you release us from any liability for the conduct of these third party websites.

All social media sharing links, either displayed as text links or social media icons do not connect you to any of the associated third parties, unless you explicitly click on them.

Please be aware that this Privacy Policy, and any other policies in place, in addition to any amendments, does not create rights enforceable by third parties or require disclosure of any personal information relating to members of the Service or Site. AxiomThemes bears no responsibility for the information collected or used by any advertiser or third party website. Please review the privacy policy and terms of service for each site you visit through third party links.

11. RELEASE OF YOUR DATA FOR LEGAL PURPOSES

At times it may become necessary or desirable to AxiomThemes, for legal purposes, to release your information in response to a request from a government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.

Any passing on of personal data for legal purposes will only be done in compliance with laws of the country you reside in.

12. AMENDMENTS

We may amend this Privacy Policy from time to time. When we amend this Privacy Policy, we will update this page accordingly and require you to accept the amendments in order to be permitted to continue using our services.