Notice of Privacy Practices

Last updated: December 16, 2020

THIS NOTICE OF HIPAA PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED BY PACIFIC CREST URGENT CARE, LLC (“BRAVE CARE PROVIDERS,” “WE” OR “US”), ( AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THE NOTICE CAREFULLY.

The Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) requires us to ask each of our patients to acknowledge receipt of this Notice. The Notice is published on the Brave Care website, Brave Care mobile application, and available at Brave Care Providers clinics. You acknowledge receipt of the Notice by clicking on the “I Acknowledge Receipt of the Notice of HIPAA Privacy Practices” button, or by indicating your acknowledgement in another written or digital manner provided. You can receive a copy of the Notice by asking for one at a Brave Care Providers clinic, or by printing one from our website at any time.

The Brave Care Providers together designate themselves as a single Affiliated Covered Entity (“ACE”) for purposes of compliance with HIPAA, including without limitation: Pacific Crest Children’s Urgent Care, LLC. These entities, collectively, are referred to in this policy as the “Brave Care Providers.” Each of these entities, and their related sites, locations and care providers will follow the terms of this Notice. In addition, the entities, sites, locations and care providers may share medical information with each other for treatment, payment, or healthcare operations related to the ACE. This designation may be amended periodically to add new covered entities that are part of the Affiliated Covered Entity under HIPAA.

Brave Care Providers Responsibilities

Under HIPAA, the Brave Care Providers must take steps to protect the privacy of your Protected Health Information (“PHI”). PHI includes information that we have created or received regarding your health or payment for your health. It includes both your medical records and personal information such as your name, social security number, financial information, address, and phone number.

Under federal law, we are required to:

  • Protect the privacy of your PHI. All of our employees and physicians are required to maintain the confidentiality of PHI and receive appropriate privacy training
  • Provide you with this Notice of Privacy Practices explaining our duties and practices regarding your PHI
  • Notify you in the case of a breach of unsecured PHI
  • Follow the practices and procedures set forth in this Notice

Uses and Disclosures of Your Protected Health Information That Do Not Require Your Authorization

Brave Care Providers use and disclose PHI in a number of ways connected to your treatment, payment for your care, and our healthcare operations. Some examples of how we may use or disclose your PHI without your authorization are listed below.

Treatment

  • To our physicians, nurses, physician assistants, and others involved in your healthcare or preventive healthcare.
  • To our different departments to coordinate treatment-related activities, such as prescriptions, lab work, and X-rays.
  • To other healthcare providers treating you who are not on our staff such as dentists, emergency room staff, specialists and other providers.  For example (and without limitation), if you are being treated for an injured foot, we may share your PHI among your primary physician, the foot specialist, and your physical therapist, so they can provide proper care.

Payment

  • To administer your health benefits policy or contract.
  • To bill you for healthcare we provide.
  • To pay others who provided care to you.
  • To other organizations and providers for payment activities, unless disclosure is prohibited by law.

Healthcare Operations

  • To administer and support our business activities or those of other healthcare organizations (as allowed by law), including providers and plans. For example (and without limitation), we may use your PHI to conduct quality analysis, data aggregation, review and improve our services and the care you receive and to provide training.
  • To other individuals (such as consultants and attorneys) and other companies and organizations that help us with our business activities. (Note: If we share your PHI with other organizations for this purpose, they must agree to protect your privacy.)

Other

We may use or disclose your PHI without your authorization for legal and/or governmental purposes in the following circumstances:

  • As required by law - When we are required by laws, including workers' compensation laws.
  • Public health and safety - To an authorized public health authority or individual to:
  • Protect public health and safety.
  • Prevent or control disease, injury, or disability.
  • Report vital statistics such as births or deaths.
  • Investigate or track problems with prescription drugs and medical devices.
  • Abuse or neglect - To government entities authorized to receive reports regarding abuse, neglect, or domestic violence.
  • Minors - In general, parents and legal guardians are legal representatives of minor patients. However, in certain circumstances, as dictated by state law, minors can act on their own behalf and consent to their own treatment. In general, we will share the PHI of a patient who is a minor with the minor’s parents or guardians, unless the minor could have consented to the care themselves (except where parental disclosure may be required per applicable law).
  • Oversight agencies - To health oversight agencies for certain activities such as audits, examinations, investigations, inspections, and licensure.
  • Legal proceedings - In the course of any legal proceeding or in response to an order of a court or administrative agency and in response to a subpoena, discovery request, or other lawful process.
  • Law enforcement - To law enforcement officials in certain circumstances for law enforcement purposes. By way of example and without limitation, disclosures may be made to identify or locate a suspect, witness, or missing person; to report a crime; or to provide information concerning victims of crimes.
  • Health Information Exchanges - We may participate in health information exchanges (HIEs) and may electronically share your medical information for treatment, payment and healthcare operations purposes with other participants in the HIEs. HIEs allow us, and your other healthcare providers and organizations, to efficiently share and better use information necessary for your treatment and other lawful purposes. In some states, the inclusion of your medical information in an HIE is voluntary and subject to your right to opt-in or opt-out; if you choose to opt-in or not to opt-out, we may provide your medical information in accordance with applicable law to the HIEs in which we participate.
  • Financial information - We may ask you about income or other financial information to determine if you may qualify for a low income waiver of the membership fee or other services where applicable. We may use this information for operations, marketing, and administrative purposes and to improve our service offerings.
  • Military activity and national security - To the military and to authorized federal officials for national security and intelligence purposes, to the Department of Veterans Affairs as required by military authorities, or in connection with providing protective services to the President of the United States.

We may also use or disclose your PHI without your authorization in the following miscellaneous circumstances:

  • Contacting you directly - We may use your PHI, including your email address or phone number, to contact you. For example, we may also use this information to send you visit follow-ups and other communications relating to your care and treatment, or let you know about treatment alternatives or other health related services or benefits that may be of interest to you, via email, phone call, or text message.
  • Your patient account - We may make certain PHI, such as information about care or treatment, appointment histories and medication records, accessible to you through online tools, such as email or your BraveCare.com account.
  • Family and friends - To a member of your family, a relative, a close friend—or any other person you identify who is directly involved in your healthcare—when you are either not present or unable to make a healthcare decision for yourself and we determine that disclosure is in your best interest. We will also assume that we may disclose PHI to any person you permit to be physically present with you as we discuss your PHI with you. For example, we may disclose PHI to a friend who brings you into an emergency room, we may allow someone other than you to pick up your prescription, and we will assume that we may discuss your healthcare with a person you bring with you to your in-office appointments.
  • Unless you notify us that you object, your name, location within our facility, and general information about your health condition may be disclosed to people who ask for you by name. Members of the clergy will be told your religious affiliation if they ask. This is to help your family, friends, and clergy visit you in the facility and generally know how you are doing.
  • In the waiting area of our office - When you join us in our office, we may call your name aloud in the waiting area. If you do not wish to have your name called aloud, please tell the front desk admin and we will make adjustments to meet your request.
  • Treatment alternatives and plan description—To communicate with you about treatment services, options, or alternatives, as well as health-related benefits or services that may be of interest to you, or to describe our health plan and providers to you.
  • De-identified information—If information is removed from your PHI so that you can’t be identified, except as prohibited by law.
  • Coroners, funeral directors, and organ donation—To coroners, funeral directors, and organ donation organizations as authorized by law.
  • Disaster relief—To an authorized public or private entity for disaster relief purposes. For example, we might disclose your PHI to help notify family members of your location or general condition.
  • Threat to health or safety—To avoid a serious threat to the health or safety of yourself and others.

Uses and Disclosures of Your Protected Health Information That Require Us to Obtain Your Authorization

Except in the situations listed in the sections above, we will use and disclose your PHI only with your written authorization. This means we will not use your PHI in the following cases, unless you give us written permission:

  • Marketing purposes, except as allowed by HIPAA or applicable law (by way of example, marketing communications allowed by HIPAA without authorization include communications pertaining to care or treatment and/or our products or services.)
  • Sale of your information.
  • Most sharing of psychotherapy notes.

In some situations, federal and state laws provide special protections for specific kinds of PHI and require authorization from you before we can disclose that specially protected PHI. For example, additional protections may apply in some states to genetic, mental health, drug and alcohol abuse, rape and sexual assault, sexually transmitted disease and/or HIV/AIDS-related information, and/or to the use of your PHI in certain review and disciplinary proceedings of healthcare professionals by state authorities. In these situations, we will comply with the more stringent state laws pertaining to such use or disclosure. If you have questions about these laws, please contact the Privacy Officer at 503-963-7963 or support+privacy@bravecare.com.

Your Rights Regarding Your Protected Health Information

You have the right to:

  • Request restrictions by asking that we limit the way we use or disclose your PHI for treatment, payment, or healthcare operations. You may also ask that we limit the information we give to someone who is involved in your care, such as a family or friend. Please note that we are not required to agree to your request, except when a restriction has been requested regarding a disclosure to a health plan in situations where the patient has paid for services in full and where the purpose of the disclosure is for payment. If we do agree, we will honor your limits unless it is an emergency situation.
  • Ask that we communicate with you by another means. For example, if you want us to communicate with you at a different address, we can usually accommodate that request. We may ask that you make your request to us in writing. We will agree to reasonable requests.
  • Request an electronic or paper copy of your PHI. We may ask you to make this request in writing and we may charge a reasonable fee for the cost of producing and mailing the copies, which you will receive usually within 30 days. In certain situations, we may deny your request and will tell you why we are denying it. In some cases, you may have the right to ask for a review of our denial.
  • Ask to amend PHI we created that you feel is incorrect or incomplete. Your request for an amendment must be in writing and provide the reason for your request. In certain cases, we may deny your request, in writing. You may respond by filing a written statement of disagreement with us and ask that the statement be included with your PHI.
  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will confirm the person has the authority and can act for you before we take any action.
  • Seek an accounting of certain disclosures by asking us for a list of the times we have disclosed your PHI. Your request must be in writing and give us the specific information we need in order to respond to your request. You may request disclosures made up to six years before your request. You may receive one list per year at no charge. If you request another list during the same year, we may charge you a reasonable fee. These lists will not include disclosures made for treatment, payment, or healthcare operations and certain other disclosures as permitted by law.
  • Request a paper copy of this Notice.
  • Receive written notification of any breach of your unsecured PHI.
  • File a complaint if you believe your privacy rights have been violated. You can file a written complaint with us at the address below, or with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints. We will not retaliate against you for filing a complaint.

Communication Platforms

We may also use PHI to send you appointment reminders and other communications relating to your care and treatment, or let you know about treatment alternatives or other health related services or benefits that may be of interest to you, via email, phone call, or text message.

We may make certain PHI, such as information about care or treatment, appointment histories and medication records, accessible to you through secured online tools such as your BraveCare.com patient account.

If you choose to communicate with us via emails, texts or chats, you acknowledge that we may exchange PHI with you via email, text or chat, that email, text and certain chat functionality may not be a secure method of communication, and that you agree to the security risks of such communication. If you would prefer not to exchange PHI via email, text or chat, you can choose not to communicate with us via those means, and you can notify us at support+privacy@bravecare.com.

Changes to Privacy Practices

Brave Care Providers may modify this Notice from time to time. The revised Notice will apply to all PHI that we maintain. We will make any such changes to this Notice by posting the revised Notice on our website. The date of the last update will be clearly indicated at the top of this Notice. Please review this Notice from time to time to ensure you are familiar with our HIPAA privacy practices.

Questions and Complaints

If you have any questions about this Notice or would like an additional copy, please contact our Privacy Officer at 503-300-4111 or support+privacy@bravecare.com.

If you think that we may have violated your privacy rights or you disagree with a decision we made about access to your PHI, you may send a written complaint to the Privacy Officer at 6924 NE Sandy Blvd, Portland, OR 97213.

Information You Provide to Us. We collect your PII when you create a Brave Care account, when you submit an entry for a sweepstakes or other promotion, or when you submit your PII to us through the Services for any other reason. If you create an account through the Site or the App or register to use our Membership Services we may also collect your credit or debit card information, title, birth date, gender, occupation, industry, personal interests, and other information. When you register for our Membership Services, we may also collect information about your income or other financial information to determine if you qualify for a waiver of the membership fee where applicable. Cookies and Tracking Technology. A “cookie” is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the website uses to track the pages you’ve visited, but the only PII a cookie can contain is information you supply yourself. A cookie can’t read data off your hard disk or read cookie files created by other websites. Some parts of the Services use cookies to understand user traffic patterns and to tell us how and when you interact with our Services. We do this in order to determine the usefulness of our Services to our users, to see how effective our navigational structure is in helping users reach that information and to customize and improve our Services. Unlike persistent cookies, session cookies are deleted when you log off from the Services and close your browser.

If you prefer not to receive cookies while using our Services, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser. You do not need to have cookies turned on to use/navigate through many parts of our Services, although if you do so, you may not be able to access all portions or features of our Services. Some third-party services providers that we engage (including third-party advertisers) may also place their own cookies on your hard drive. Note that this Privacy Policy covers only our use of cookies and does not include use of cookies by such third parties.

Web beacons (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included in our Services for several purposes, including to deliver or communicate with cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services , and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user’s hard drive, web beacons are typically embedded invisibly on web pages (or in an e-mail).

Information Related to Your Use of the Services. If you have not created an account, when you use our Services, you use our Services anonymously. We do automatically log your IP address (the Internet address of your computer) and other information such as your browser type, operating system, the web page that you were visiting before accessing our Services, the pages or features of our Services to which you browsed to give us an idea of which part of our Services you visit and how long you spend there (we refer to this information as “Log Data”). But we do not link your IP address to any PII unless you have logged in via your account. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance the Services by expanding their features and functionality and tailoring them to our users’ needs and preferences.

Information Sent by Your Mobile Device. We collect certain information that your mobile device sends when you use our Services, like a device identifier, user settings and the operating system of your device, as well as information about your use of our Services . You understand that, by logging into the App on your mobile device, some information pertaining to your medical treatment may be stored to your mobile device. We are not responsible for any unauthorized access by any third party to such information on your mobile device.

Location Information. When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or course location if you enable location services on your device. We may use location information to improve and personalize our App for you. If you do not want us to collect location information, you may disable that feature on your mobile device.

Opt Out

We may periodically send you free newsletters and e-mails that directly promote our Services. When you receive such promotional communications from us, you will have the opportunity to “opt-out” (either through your account or by following the unsubscribe instructions provided in the e-mail you receive). We do need to send you certain communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Service or this Privacy Policy or information about billing.

Information Sharing and Disclosure

Your PII is not shared outside of Brave Care without your permission, except as described below.

Information Shared with Our Services Providers. We may engage third-party services providers to work with us to administer and provide the Services. These third-party services providers have access to your PII only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your PII for any other purpose.

Information Shared with Third Parties. We may share your aggregated information and non-identifying information with third parties to conduct on-going quality improvement activities, or for industry research and analysis, demographic profiling and other similar purposes.

Information Disclosed in Connection with Business Transactions. Information that we collect from our users, including PII, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your PII, may be disclosed or transferred to a third party acquirer in connection with the transaction.

Information Disclosed in Connection with Business Transactions. Information that we collect from our users, including PII, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your PII, may be disclosed or transferred to a third party acquirer in connection with the transaction.

Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Terms of Use, (ii) to respond to claims, legal process (including subpoenas); (iii) to protect our property, rights and safety and the property, rights and safety of a third party, our users, or the public in general; (iv) to stop any activity that we consider illegal, unethical or legally actionable activity; and (v) as required in accordance with HIPAA or related applicable local, state or federal laws (please refer to the NPP).

Your Ability to Review Your Account and Information

If you are a registered user with an account, you can review your PII by going to www.bravecare.com and signing in using the login page.

Data Security

Your account information is password-protected for your privacy and security. Brave Care safeguards the security of the information you provide to us with physical, electronic, and managerial procedures. In certain areas of our Site and App, we use industry-standard SSL-encryption to enhance the security of data transmissions. While we strive to protect your PII, we cannot ensure the security of the information you transmit to us, and so we urge you to take every precaution to protect your PII when you are on the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser.

Responding to Do Not Track Signals

Our Site does not have the capability to respond to “Do Not Track” signals received from various web browsers.

Children and Privacy

Our Services do not target and are not intended to attract children under the age of 13. We do not knowingly solicit PII from children under the age of 13 or send them requests for PII. If we learn that we have collected PII of a child under 13 directly from that child we will take steps to delete such information from our files as soon as possible. Notwithstanding the foregoing, we may collect PII about children under 13 that parents or guardians provide to us when establishing an account for their children’s records.

Third Party Sites

The Services contain links to other sites that are owned or operated by third parties. We are not responsible for the content, privacy or security practices of any third parties. To protect your information, we encourage you to learn about the privacy policies of those third parties.

International Transfer

Your information is stored by Brave Care on controlled servers with limited access and may be stored and processed in the United States or any other country where Brave Care or our agents are located. If you’re located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there. Those who choose to access and use the Service from outside the U.S. do so on their own initiative, at their own risk, and are responsible for compliance with applicable laws.

Notice for California Users and Residents

Under California Civil Code Section 1789.3, California users are entitled to the following specific consumer rights notice: If you have a question or complaint regarding the Services , please send an email to support+privacy@bravecare.com. You may also contact us by writing to Brave Care, Inc., 6924 NE Sandy Blvd, Portland, OR 97213. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 400 R Street, Suite 1080, Sacramento, California 95814, or by telephone at (916) 445-1254 or (800) 952-5210.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask for a notice identifying the categories of PII which we share with certain third parties for direct marketing purposes under certain circumstances and providing contact information for such third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: Brave Care, Inc., 6924 NE Sandy Blvd, Portland, OR 97213.

Questions or Suggestions

If you have questions or concerns about our collection, use, or disclosure of your PII, please email us at support+privacy@bravecare.com. You may also contact us by writing to Brave Care, Inc., 6924 NE Sandy Blvd, Portland, OR 97213.