Notice of Privacy Practices & Privacy Policy
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (the “Notice”) describes the privacy practices of Livelyhood Health, Inc., a Delaware corporation (“Livelyhood,” “we,” “us,” or “our”), together with the independent medical groups and licensed healthcare providers that deliver clinical services through the Livelyhood platform (collectively, the “Medical Groups” and “Providers”). This Notice also serves as our Privacy Policy and explains how we collect, use, disclose, and protect your personal information and your protected health information (“PHI”), and describes your rights with respect to that information under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and applicable state law.
We are required by law to maintain the privacy and security of your PHI, to provide you with this Notice of our legal duties and privacy practices with respect to your PHI, to notify you following a breach of unsecured PHI, and to follow the terms of the Notice currently in effect.
1. Who this Notice applies to
This Notice applies to Livelyhood and to the Medical Groups and Providers who deliver clinical services to you through the Livelyhood platform, including, where applicable, OpenLoop Healthcare Partners, PC and its affiliated professional entities. It also applies to our workforce, business associates, and subcontractors who receive, use, or disclose your PHI on our behalf. We operate under an Organized Health Care Arrangement with the Medical Groups and Providers, which allows us to share PHI among participants as necessary to treat you and to carry out our joint healthcare operations.
2. Information we collect
2.1 Information you provide to us
- Identity and contact information: name, date of birth, mailing address, email address, phone number, emergency contact, and government-issued identification where required to verify your identity.
- Health information: medical history, current medications, allergies, behavioral health history, substance use history, alcohol-use history, treatment history, height, weight, photographs you upload, lab results, and any other information you share with your Provider during your consultation.
- Payment information: Livelyhood does not bill insurance. Payment card data is collected and processed by our third-party payment processor; Livelyhood does not store full card numbers.
- Communications: messages to your care team, form responses, survey answers, and support requests.
2.2 Information we collect automatically
- Device and usage information, including browser type, operating system, IP address, approximate location derived from IP, pages viewed, and referring URLs.
- Cookies and similar technologies for authentication, security, fraud prevention, and analytics. You can control cookies through your browser settings.
2.3 Information from third parties
- Identity verification vendors, laboratories, pharmacies (including our partner pharmacies), and other healthcare providers involved in your care.
3. How we may use and disclose your PHI
We are permitted to use and disclose your PHI for the following purposes without your written authorization:
3.1 For Treatment
We use and disclose PHI to evaluate, diagnose, and treat you. This includes coordinating care among Providers, pharmacies, laboratories, and other healthcare professionals involved in your treatment. For example, your Provider may share your prescription with a partner pharmacy so it can be dispensed to you.
3.2 For Payment
We use and disclose PHI as necessary to obtain payment for the services you receive. For example, we may use your information to process your subscription, verify a charge, or issue a refund.
3.3 For Health Care Operations
We use and disclose PHI to support the business activities of Livelyhood and the Medical Groups, including quality assessment and improvement, peer review, credentialing, training, legal and auditing functions, business planning, and customer service.
3.4 Business Associates
We disclose PHI to service providers — such as hosting, analytics, electronic health records, communications, and payment processors — that help us operate the platform. These vendors are our “business associates” and are contractually required to protect your PHI consistent with HIPAA through written Business Associate Agreements.
3.5 As Required by Law
We will disclose PHI when required by federal, state, or local law, including in response to a valid subpoena, court order, warrant, or other lawful process.
3.6 Public Health and Safety
We may disclose PHI to public health authorities for activities such as preventing or controlling disease, reporting adverse events and product defects, and notifying persons who may have been exposed to a communicable disease. We may also disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
3.7 Health Oversight, Law Enforcement, and Legal Proceedings
We may disclose PHI to health oversight agencies for audits, investigations, inspections, and licensure; to law enforcement officials as permitted or required by law; and in judicial and administrative proceedings pursuant to a court or administrative order or other lawful process.
3.8 Research, Coroners, Organ Donation, Military, and Workers’ Compensation
We may disclose PHI for research purposes subject to the approval of an institutional review board or privacy board; to coroners, medical examiners, and funeral directors; for organ, eye, or tissue donation; for specialized government functions including military, national security, and protective services for public officials; and as authorized by workers’ compensation laws.
3.9 Appointment Reminders and Treatment Alternatives
We may use and disclose PHI to contact you about appointments, refills, treatment alternatives, and other health-related benefits and services that may be of interest to you.
3.10 Uses and Disclosures That Require Your Authorization
Other uses and disclosures of your PHI that are not described above will be made only with your written authorization. Specifically, we will obtain your written authorization before we:
- Use or disclose your psychotherapy notes (other than limited exceptions permitted by law);
- Use or disclose your PHI for marketing purposes; or
- Sell your PHI.
You may revoke a prior authorization at any time by writing to us at the contact information below. A revocation will not affect any use or disclosure we already made in reliance on your authorization.
4. Your rights regarding your PHI
You have the following rights with respect to your PHI. To exercise any of these rights, submit a written request to our Privacy Officer at the contact information in Section 9.
4.1 Right to Inspect and Copy
You have the right to see and get a copy of the PHI we maintain about you in our designated record set, including your medical and billing records. We will provide access or a copy within thirty (30) days of your request, or within sixty (60) days if we need additional time and we notify you in writing. We may charge a reasonable, cost-based fee for copies. We may deny access in certain limited circumstances; if we do, we will inform you of your right to have the denial reviewed.
4.2 Right to Amend
If you believe PHI we maintain about you is incorrect or incomplete, you may ask us to amend it. Your request must be in writing and include a reason supporting your request. We may deny your request in certain limited circumstances. If we deny your request, we will provide you with a written explanation and you may submit a written statement of disagreement.
4.3 Right to an Accounting of Disclosures
You have the right to request an accounting of certain disclosures of your PHI made by us in the six (6) years prior to the date of your request. This accounting does not include disclosures made for treatment, payment, or health care operations, disclosures made pursuant to your authorization, or certain other disclosures. You are entitled to one (1) accounting in any twelve-month period free of charge; we may charge a reasonable, cost-based fee for additional requests within the same twelve-month period.
4.4 Right to Request Restrictions
You have the right to request a restriction on how we use or disclose your PHI for treatment, payment, or health care operations, or to persons involved in your care. We are not required to agree to your request, except that we must agree to restrict disclosures to a health plan for payment or operations purposes if you paid for the service in full out of pocket.
4.5 Right to Request Confidential Communications
You have the right to request that we communicate with you about health matters in a certain way or at a certain location (for example, at your work phone rather than your home). We will accommodate reasonable requests.
4.6 Right to a Paper Copy of This Notice
You have the right to a paper copy of this Notice at any time, even if you previously agreed to receive it electronically. To obtain a paper copy, contact our Privacy Officer.
4.7 Right to Be Notified of a Breach
You have the right to be notified in the event of a breach of your unsecured PHI, as required by HIPAA.
4.8 Right to File a Complaint
You may file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights, if you believe your privacy rights have been violated. You will not be retaliated against for filing a complaint. Contact information is provided in Section 9 below.
5. How we protect your information
We use administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of your PHI consistent with the HIPAA Security Rule. These safeguards include encryption in transit and at rest, access controls based on the minimum necessary standard, audit logging, workforce training, and vendor risk management. No method of transmission or electronic storage is completely secure, and we cannot guarantee absolute security of your information.
6. Records retention
We retain medical records for adult patients for a minimum of ten (10) years from the date of last treatment, which is designed to satisfy the longest applicable state-required retention periods and Centers for Medicare & Medicaid Services requirements. Records for minors are retained longer where required by state law. Non-medical account information is retained for as long as necessary to operate the platform, meet our legal obligations, resolve disputes, and enforce our agreements.
7. Children’s privacy
Livelyhood services are intended for adults eighteen (18) years of age or older. We do not knowingly collect information from children under 18 through the platform. If you believe a child has provided information to us, please contact our Privacy Officer and we will take reasonable steps to delete it.
8. State privacy rights and changes to this Notice
Depending on your state of residence, you may have additional rights regarding your personal information beyond those described above, including the right to know, access, correct, delete, or limit the use or disclosure of your personal information, and to opt out of certain processing activities. Information governed by HIPAA is generally exempt from these state consumer privacy laws, but non-health personal information may be covered. To submit a state-law privacy request, email support@livelyhood.co with the subject line “Privacy Request.”
We reserve the right to change this Notice and to make the revised Notice effective for all PHI that we maintain, including PHI created or received before the effective date of the revised Notice. We will post the revised Notice on our website and, where required, make paper copies available upon request. The “Effective Date” at the top of this Notice indicates when the current version took effect.
9. Contact and complaints
Questions, complaints, or requests about this Notice or your PHI can be directed to:
Livelyhood Health, Inc.
Attn: Privacy Officer
A Delaware corporation
support@livelyhood.co
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue SW
Washington, DC 20201
1-877-696-6775
hhs.gov/ocr
You will not be retaliated against for filing a complaint.