Good Methods Global Inc dba CareStack (CareStack) offers a range of products and services, such as an online service to help you locate dentists and other healthcare providers (“Healthcare Providers”), book appointments with the Healthcare Providers of your choice, and manage and forward certain health-related information that you share with us to your Healthcare Providers (“CareStack Services”). In addition, CareStack works with Healthcare Providers by providing to them practice management software and systems to manage their practices, including patient scheduling, intake, and communications.
In order to provide you with the CareStack Services, we may collect, use, share, and exchange your personal information–including your health-related information–and share it with the Healthcare Providers of your choosing.
Under the Health Insurance Portability and Accountability Act (“HIPAA”), individually identifiable information relating to your past, present, or future health status that is created, collected, transmitted, or maintained by or on behalf of a HIPAA-covered entity (for example, your Healthcare Provider) in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations is considered “Protected Health Information” or “PHI.”
When CareStack performs certain functions or activities on behalf of Healthcare Providers, CareStack is a “Business Associate” (as defined in HIPAA) of those Healthcare Providers. When CareStack is acting as the Business Associate of your Healthcare Providers, to the extent that your PHI is provided to CareStack, we will handle your PHI in accordance with the applicable HIPAA requirements. This means that CareStack will only use or disclose your PHI as consented to by you or as otherwise permitted under the law.
CareStack’s Privacy Policy (https://www.carestack.com/legal/2020-1/privacypolicy/) explains how CareStack processes and shares personal information (including health-related information that is not considered PHI under HIPAA) received from or about you that is not PHI (“Non-PHI”). For instance, when you provide health-related information to CareStack using our “direct-to-consumer” features, this information is Non-PHI because these direct-to-consumer features are not provided to you on behalf of a Healthcare Provider.
HIPAA requires HIPAA-covered entities and Business Associates to limit their use and disclosure of PHI. Under certain circumstances, HIPAA allows an individual to consent to things like how their data may be used and for how long, so that entities, like your Healthcare Provider(s), can disclose PHI to a third party.
The purpose of this CareStack Consent (“Consent”) is to request your written permission to allow CareStack to use and disclose your PHI in the same way as we use and disclose your Non-PHI (as described in our Privacy Policy). This allows us to provide the CareStack Services to you and others.
By e-signing or otherwise accepting this Consent, you give your permission to CareStack to retain your PHI and to use and/or disclose your PHI in the same way that we use your Non-PHI under our Privacy Policy.
If CareStack discloses your PHI, CareStack will require that the person or entity receiving your PHI agrees to only use and disclose your PHI to carry out its specific business obligations to CareStack or for the permitted purpose of the disclosure, as further described in our Privacy Policy. Please note, however, that CareStack cannot guarantee that any such person or entity to which CareStack discloses your PHI will not re-disclose it in ways that you or CareStack did not intend or permit.
Your Consent remains in effect until you provide written notice of revocation to CareStack.
YOU CAN CHANGE YOUR MIND AND REVOKE THIS CONSENT AT ANY TIME FOR ANY REASON OR NO REASON AT ALL.
If you wish to revoke this Consent, you must notify CareStack by contacting us at privacyconcerns@carestack.com. A revocation of this Consent is effective when received by CareStack, but it does not have any effect on CareStack’s actions taken prior to such revocation.
Once CareStack receives your revocation of this Consent, CareStack will only use and disclose your PHI as permitted in CareStack’s agreements with your Healthcare Provider(s) or as otherwise permitted by law. Your revocation of this Consent does not affect CareStack’s use of your Non-PHI.
We will make available to your Healthcare Provider(s), current and past, your agreement to or revocation of this Consent.