Notice of Privacy Practices

Effective Date: January 1, 2023

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Privacy Officer Contact Information: privacy@hellobrightline.com or call (888) 251-0110.

Brightline Medical Associates, P.A., all members of its Affiliated Covered Entity, including Brightline Medical Associates of California, Inc., Brightline Medical Associates of New Jersey, P.A., Brightline Medical Associates of Kansas, P.A., and any agents thereof (collectively, “Brightline Medical Associates,” “we” or “our”), operating with administrative support from Brightline, Inc. (“Brightline”), may use and disclose your health information to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law.  An Affiliated Covered Entity is a group of health care providers under common ownership or control that designates itself as a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). The members of the Brightline Medical Associates Affiliated Covered Entity will share health information with each other for the treatment, payment, and health care operations of the Brightline Medical Associates Affiliated Covered Entity and as permitted by HIPAA and this Notice of Privacy Practices.  For a complete list of the members of the Brightline Medical Associates Affiliated Covered Entity, please contact the Brightline Medical Associates Privacy Officer at privacy@hellobrightline.com.  Please review this Notice carefully.

The protection of your health information is very important to us.  By “health information,” we mean Protected Health Information as defined under federal law (HIPAA and its implementing regulations). We recognize that many of the things we discuss are sensitive, and because of this, it is important that you are aware of how this health information is used and may be revealed.  This document contains a description about how your health information is used and sometimes disclosed.    

In general, the communications between a patient and provider are confidential and protected by law and we can only release your health information with your permission, or under certain circumstances.  This document and the other intake documents you received discuss those circumstances.  When we make a disclosure, we will always try to limit the health information that we reveal.  In general, we will try to disclose only the amount necessary.

Capitalized terms used but not defined in this Notice shall have the meaning given in the Brightline Terms of Service and/or Privacy Policy.

How we collect and maintain your health information

The health information that we collect or maintain may include:

  • Your name, age, email address, username, password, and other registration information.

  • Health information that you provide us, which may include information or records relating to your medical or health history, health status and laboratory testing results, diagnostic images, and other health related information.

  • Health information about you prepared or obtained by the clinical professionals and support staff who provide clinical services through the Services and Brightline Medical Associates, such as medical and records, treatment and examination notes, remote monitoring data, and other health related information.

  • Billing information that you provide us, such as credit card information, or that we receive from a health plan or other provider of healthcare benefits on your behalf.

Uses and Disclosures

We use and disclose your health information for the normal business activities that the law sees as falling in the categories of treatment, payment and healthcare operations. Generally, we do not need your permission for these disclosures under applicable laws. Below we provide examples of those activities, although not every use or disclosure falling within each category is listed:

  • An example of a disclosure for treatment purposes is one where we discuss your treatment/evaluation with your general physician to coordinate our services.  

  • An example of a disclosure for payment is where we discuss your case with your health insurance carrier to determine if you are eligible for coverage.  

  • An example of a disclosure for health care operations is where we disclose health information for the purposes of conducting quality assessment and quality improvement functions.  

We may also use and disclose your health information to:

  • Comply with federal, state or local laws that require disclosure.

  • Assist in public health activities such as tracking diseases or medical devices.

  • Inform authorities to protect victims of abuse or neglect.

  • Comply with federal and state health oversight activities such as fraud investigations.

  • Respond to law enforcement officials or to judicial orders, subpoenas or other processes.

  • Inform coroners, medical examiners and funeral directors of information necessary for them to fulfill their duties.

  • Facilitate organ and tissue donation or procurement.

  • Conduct research following internal review protocols to ensure the balancing of privacy and research needs.

  • Avert a serious threat to health or safety.

  • Assist in specialized government functions such as national security, intelligence and protective services.

  • Inform military and veteran authorities if you are an armed forces member (active or reserve).

  • Inform a correctional institution if you are an inmate.

  • Inform workers’ compensation carriers or your employer if you are injured at work.

  • Recommend treatment alternatives.

  • Tell you about health-related products and services.

  • Communicate within our organization for treatment, payment, or healthcare operations.

  • Communicate with other providers, health plans, or their related entities for their treatment or payment activities, or health care operations activities relating to quality assessment and improvement, care coordination and the qualifications and training of healthcare professionals. 

  • Provide information to other third parties with whom we do business. Certain aspects and components of our services are performed through contracts with outside persons or organizations, such as administrative services, billing, auditing, accreditation, outcomes data collection, legal services, scheduling, etc., which are considered business associates of ours. Before doing so, we require each business associate to sign a contract agreeing to maintain the privacy and security of your health information.  An example of a disclosure for the purposes of facilitating your care is the disclosure of health information to an automated appointment scheduling service for the scheduling and coordination of your appointments. However, you should know that in these situations, we require third parties to provide us with assurances that they will safeguard your information.

  • We may also use or disclose your personal or health information for operational purposes. For example, we may communicate with individuals involved in your care or payment for that care, such as family or guardians and send appointment reminders.

When we make disclosures for these purposes, we will disclose only the health information necessary.All other uses and disclosures, not previously described, may only be done with your written authorization. We will also obtain your authorization before we use or disclose your health information for marketing purposes or before we would sell your information. You may revoke your authorization at any time; however, this will not affect prior uses and disclosures. In some cases state law may require that we apply extra protections to some of your health information.Our Duties:We are required by law to:

  • We are required by law to maintain the privacy of health information, to provide you with notice of our legal duties and privacy practices with respect to your health information, and to notify affected individuals following a breach of unsecured health information.

  • We are required to abide by the terms of the notice currently in effect.

We reserve the right to change the terms of this Notice and to make the new notice provisions effective for all health information that we maintain.  If we change the terms of this Notice we will make the revised notice available through the Services and notify you via the email address you supplied to us upon registration, and/or the email address you have currently listed in your account profile.

Your Individual Rights

You have the right to:

  • Request that we restrict the disclosure of health information, but we are not required to agree to these restrictions in every circumstance.  However, if we do agree to these restrictions we must abide by our agreement unless an emergency occurs.  If we do have to disclose health information in an emergency we will request the persons to whom we make the disclosure that the health information remain as confidential as possible.  Any agreement that we make with you to restrict these disclosures will be written down and signed; if either of us needs to terminate our agreement we will document our agreement in writing and give you a copy.  You cannot limit the uses and disclosures that we are legally required or allowed to make.

  • Receive communications from us by alternative means (such as billing at a different address) you have the right to make reasonable requests.  This is especially true if our usual means of communicating with you could endanger you or someone else.  If you want to make such a request, please do so in writing and we will discuss how it would work and if it would be possible for us to agree to your request.  

  • Inspect and copy your health information, unless your provider determines that access to parts of the record could cause you harm.  You also have the right to amend your health information.  If you want a copy of your health information, we can charge you a reasonable fee for providing you with these copies.  

  • Request an electronic or paper copy of your medical record.  You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.  We will provide a copy or summary of your health information, usually within fifteen (15) days of your request.  We may charge a reasonable, cost-based fee.  You can also ask us to provide an electronic copy of your electronic health record to a designee of your choice.

  • Ask us to correct your medical record if you think any health information we have about you is incorrect or incomplete.  We may say “no” to your request, but we will tell you why in writing within sixty (60) days.

  • Receive an accounting of most of the disclosures of your health information that have occurred in the last six years.  We will provide one accounting a year free of charge but will charge a reasonable, cost-based fee if you ask for another accounting within twelve (12) months.

  • Receive a paper copy of this Notice.  

  • Choose someone to act for you with respect to choices about your health information.

  • We may ask that you make some of these requests in writing.

Complaints or Requests for Additional Information

  • If you would like further information about our privacy policies, request a restriction, or you have a complaint about how we have disclosed or failed to disclose your health information, you can contact us at our mailing address or via email: 

400 Concar Dr., San Mateo, CA 94402privacy@hellobrightline.com 

  • You may also make a complaint to the U.S. Secretary of Health and Human Services at: 

Office for Civil Rights Department of HHS

Jacob Javits Federal Building

26 Federal Plaza – Suite 3312 New York, NY 10278

Voice Phone (212) 264-3313 

FAX (212) 264-3039

TDD (212) 264-2355

We will not retaliate against you for filing a complaint.