healthŌme and GalenusRx Forge Strategic Partnership to Launch Genomics-based Personalized Medication Safety Program
Read press release
Contact Us

Notice of Privacy Practices

Purpose

The GalenusRx Notice of Privacy Practices is for individuals receiving GalenusRx pharmacy services. Individuals are entitled to adequate notice of the uses and disclosures of their protected health information (PHI), of their rights and GalenusRx’s responsibilities with respect to PHI unless an exception applies. The Privacy Rule requires GalenusRx to describe its privacy practices in plain English, in a document called a Notice of Privacy Practices (“Notice”). GalenusRx must give individuals a copy of this document.

GalenusRx must make its Notice available to all individuals and post the Notice throughout its facilities and on its website. GalenusRx must also make a good faith effort to obtain written acknowledgements from patients that they have received the Notice. The Notice must contain all of the required elements notifying an individual of the permitted uses and disclosures; uses and disclosures that require an opportunity for them to agree or object; uses and disclosures that require an authorization; whether GalenusRx intends to use or disclose information for marketing, facility directories or fundraising; the individual’s rights to access, amendment, accounting and limitations on sharing; GalenusRx’s responsibilities; a way to make complaints; contact details for further information; and an effective date.

Procedures

Notice Content Requirements

The Notice shall contain the following content:

“Header:”

Must contain this exact language as a header or otherwise prominently displayed:

  • “THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.”

“Uses and Disclosures:”

  • A description, including at least one example of the types of uses and disclosures of information that GalenusRx is permitted to make for each of the following purposes: treatment, payment, and health care operations
  • A description of each of the other purposes (aside from treatment, payment, or health care operations) for which GalenusRx is permitted or required to use or disclose PHI without the individual’s written authorization
  • If a use or disclosure otherwise allowed under the two paragraphs above is materially limited or prohibited by a stricter law, the description of the use or disclosure must reflect the more stringent law
  • The description of the use or disclosures allowed under the first two paragraphs above must include sufficient detail to place the individual on notice of the uses and disclosures that are permitted or required by applicable law
  • A description of the types of uses and disclosures that require an authorization, including psychotherapy notes, some marketing and sale of PHI. Another statement that other uses and disclosures not described in the Notice will be made only with the individual’s written authorization and that the individual may revoke authorization at any time in writing – revocation will be effective except to the extent GalenusRx has acted in reliance on it and
  • If GalenusRx both intends to use information in any of the following ways and acts in the capacity of the type of covered entity mentioned, it must include a separate statement in the Notice for each of the following activities:
  • Covered entity may contact individuals for fundraising activities and the individual has a right to opt out
  • Group health plan, health insurance issuer or HMO may share PHI to the plan sponsor or
  • Non-long term care health plan may use information for underwriting purposes, excluding the use of genetic information.

“Individual Rights:”

A statement of the individual’s rights with respect to PHI, and how he or she may exercise the right to:

  • Request restrictions on certain uses and disclosures of information (the notice must contain a statement that GalenusRx is not required to agree to all restrictions requested)
  • Receive confidential communications of PHI
  • Inspect and copy their own PHI
  • Seek amendment of their own PHI
  • Receive an accounting of disclosures of their own PHI and
  • Obtain a paper copy of the Notice of Privacy Practices upon request even if an electronic copy has already been provided.

“GalenusRx’s Duties:”

  • GalenusRx is required by law to maintain the privacy of PHI, to provide individuals with notice of its legal duties and privacy practices with respect to PHI, and to notify affected individuals following a breach of unsecured PHI;
  • GalenusRx must abide by the terms of the Notice currently in effect; and
  • If GalenusRx desires to reserve the right to amend the Notice, the Notice must state that GalenusRx reserves the right to change the terms of its Notice and to make the new Notice provisions effective for all PHI it maintains. This statement must also explain how GalenusRx will provide individuals with a revised Notice.

“Complaints:”

The Notice must explain that individuals may file a complaint with GalenusRx and/or the Secretary of HHS if they believe their privacy rights have been violated. A brief description of how to file a complaint with GalenusRx must be included along with a statement that the individual will not be retaliated against for filing a complaint.

“Contact Information:”

The Notice must contain the name, or title, and telephone number of a person or office to contact for further information.

“Effective Date:”

The Notice must contain an effective date that is not earlier than the date it is published.

Notice Dissemination and Publication Requirements

  1. GalenusRx will provide the Notice to individuals no later than the date of the first service delivery by a direct care provider. The Notice may also be given to an individual by e-mail, if the individual agrees to such electronic notice. If GalenusRx knows that the e-mail transmission has failed, we will provide a hard paper copy. If the first service is delivered electronically, GalenusRx must send the notice electronically and contemporaneously with provision of the service.
  2. GalenusRx will make the Notice available for individuals to take with them. (When the individual is not physically present, the Notice may be sent by first class mail.)
  3. The Notice must be posted in a clear and prominent location where individuals can be reasonably expected to be able to read the Notice.
  4. The Notice will be posted prominently on GalenusRx’s website (if any) and will be available electronically through the website.
  5. If GalenusRx acts as a health plan, it will follow the requirements as set forth in 45 CFR 520(c)(1).
  6. If GalenusRx participates in an organized health care arrangement it may comply with the Notice requirements by a joint Notice if it meets the requirements of 45 CFR 520(d).

Special Notice Requirements

  1. No Notice is required to be given to inmates who may receive treatment at an organization facility.
  2. In the case of patients who are unemancipated minors, the Notice should be given to the minor’s parent or guardian.
  3. If organization is a group health plan, Notice will be available directly from the group health plan if the plan is uninsured or if it creates or receives PHI in addition to summary plan information, participation information or enrollment information. If the group health plan provides benefits through an insurer or HMO and does not receive the above information, then Notice is provided through the insurer or HMO.

Optional Elements

  1. If organization elects to limit its use and disclosure beyond the required limitations, we may describe the more limited use and disclosures in the Notice although we may not limit uses and disclosures required by law or allowed to the individual.
  2. Organization reserves its right to revise its Notice to change its limited uses for any information created or received prior to the revision.

Acknowledgement of Notice of Privacy Practices

  1. Organization will make a good faith effort to obtain a written Acknowledgement that the individual received the Notice. If an individual refuses to sign the Acknowledgement, then we will document the good faith efforts taken and the reason why the Acknowledgement was not obtained.
  2. A “good faith effort” to obtain written acknowledgment is not required when emergency treatment or stabilization is needed. Additionally, if we mail the notice to the correct address even if the individual does not return the acknowledgment form, organization does not need to make further good faith efforts to obtain a written acknowledgment.
  3. In non-emergency situations, organization will seek to obtain acknowledgement of the Notice during our intake process.

Revisions to the Notice of Privacy Practices

  1. The Organization will promptly revise and distribute its Notice whenever there is a material change to privacy practices, including practices regarding PHI uses and disclosures, individual’s rights, and organization’s legal duties, or other privacy practices stated in the Notice.
  2. Organization will make the revised notice available upon request.
  3. Organization will post the Notice in service delivery areas.
  4. Organization will post the revised notice on its website.
  5. Unless organization reserved the right to amend its Notice within the previous Notice, we will not make any changes applicable to PHI created or received prior to the effective date of the new Notice.

Record Retention

All versions of organization’s approved Notice of Privacy Practices will be archived and maintained by the Privacy Officer for a period no less than six (6) years from the date of its creation or the date when it was last in effect, whichever is later. Any acknowledgments of receipt or good faith efforts to obtain such acknowledgements must also be retained no less than six (6) years from the date when it was received or the date when it was last in effect, whichever is later.

Changes to This Privacy Policy

We may change this privacy policy from time to time, including as required to keep current with rules and regulations, new technologies and security standards. We will post the change(s) on our Site. If the policy is changed in a material and retroactive manner, we will provide appropriate notice to users.

Contact Us

If users have questions or concerns about this Privacy Policy or how we collect and use the information of its users, they may contact us by email at care@galenusrx.com, or by postal address at 17101 Porter Ave., PO Box 560025, Montverde, FL 34756, or by telephone at 1-855-425-3687.

Report an Incident

Please use the below form to report incidents involving compliance, data security, privacy, health information, employee safety, or human resources matters.

Compliancy Group – Guard