HIPAA

HIPAA Notice of Privacy Practices

Effective Date: January 1, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Who We Are and Our Legal Duty

Routely LLC (“Routely”) is a same-day medical courier company operating in South Florida. We serve as a Business Associate to healthcare providers, health plans, and other Covered Entities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).

In the course of providing transportation and logistics services, Routely may come into contact with Protected Health Information (“PHI”) — individually identifiable health information relating to the past, present, or future health, treatment, or payment of an individual.

We are required by law to:

  • Maintain the privacy and security of your PHI
  • Notify you following a breach of your unsecured PHI
  • Follow the duties and privacy practices described in this Notice
  • Give you this Notice of our legal duties and privacy practices with respect to your health information

We are required to abide by the terms of this Notice currently in effect. We reserve the right to change the terms of this Notice, and the changes will apply to all information we have about you. Any revised Notice will be posted on our website and made available upon request.

How We May Use and Disclose Your Health Information

Routely uses and discloses PHI only in the following ways, as permitted by HIPAA:

Treatment

We may use and disclose your PHI to provide transportation and logistics services that support your treatment. For example, when we transport a medical specimen from your physician's office to a laboratory, the label on the specimen container may include your name, date of birth, and the test ordered. We use this information solely to ensure that the specimen reaches the correct destination.

Payment

We may use or disclose your PHI for payment purposes when authorized by the Covered Entity that engaged our services. This may include information shared with billing departments or insurance companies to facilitate payment for healthcare services.

Healthcare Operations

We may use and disclose your PHI for our healthcare operations activities as a Business Associate. This includes quality assurance activities, training of our drivers in proper specimen handling and HIPAA compliance, and internal audits. We use the minimum necessary amount of PHI for these purposes.

As Required by Law

We may use or disclose your PHI when required to do so by federal, state, or local law, including in response to a court order, subpoena, or administrative request, and when required by the Secretary of Health and Human Services for investigations, compliance reviews, and enforcement actions.

Public Health Activities

We may disclose your PHI for public health activities authorized by law, such as reporting diseases, injuries, or vital statistics to public health authorities, or reporting adverse reactions to the FDA.

Health Oversight Activities

We may disclose your PHI to a health oversight agency for activities authorized by law, including audits, civil or criminal investigations, inspections, or disciplinary proceedings.

Law Enforcement

Under certain circumstances, we may disclose your PHI to law enforcement officials in response to a court order, warrant, or grand jury subpoena, or as otherwise required by law.

Business Associates

We may share your PHI with our subcontractors and vendors who perform functions on our behalf and who agree in writing to protect the privacy of your information in a manner consistent with HIPAA requirements.

Other Uses and Disclosures

Any other uses or disclosures of your PHI not described in this Notice will only be made with your written authorization, or as specifically permitted or required by law. You have the right to revoke any such authorization at any time by submitting a written revocation to our Privacy Officer, except to the extent that we have already taken action in reliance on your authorization.

Your Rights Regarding Your Health Information

Because Routely acts as a Business Associate — not directly as your healthcare provider — most individual rights under HIPAA should be exercised directly with the Covered Entity (e.g., your doctor, hospital, or health plan) that engaged our services. However, we will cooperate with Covered Entities in facilitating the exercise of your rights and will not take actions that would prevent you from exercising them.

Your HIPAA rights, which you may exercise through the Covered Entity, include:

Right to Access

You have the right to inspect and obtain a copy of your PHI that is maintained in a Covered Entity's designated record set. You may request electronic copies in a format you specify. The Covered Entity may charge a reasonable cost-based fee for providing copies.

Right to Amend

If you believe that your PHI is incorrect or incomplete, you have the right to request an amendment. The Covered Entity may deny the request in certain circumstances and will explain the basis for any denial.

Right to an Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your PHI made by the Covered Entity and its Business Associates during the six years prior to the date of your request. This right does not apply to disclosures made for treatment, payment, or healthcare operations purposes.

Right to Request Restrictions

You have the right to request restrictions on how your PHI is used or disclosed for treatment, payment, or healthcare operations. The Covered Entity is not required to agree to a requested restriction unless it relates to disclosures to a health plan for payment or operations purposes when you or someone on your behalf has paid for the service in full.

Right to Confidential Communications

You have the right to request that the Covered Entity communicate with you in a specific way or at a specific location (e.g., a different address or phone number).

Right to Receive Notice of a Breach

You have the right to receive notification if your unsecured PHI is breached. Routely will notify the relevant Covered Entity of any breach of your PHI within the timeframes required by HIPAA, and the Covered Entity will notify you as required by law.

How to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint. You will not be retaliated against for filing a complaint.

Complaint to Routely

You may submit a written complaint to our Privacy Officer at:

Routely LLC — Privacy Officer

1817 Mears Pkwy, Margate, FL 33063

Email: privacy@routelypro.com

Complaint to the U.S. Department of Health and Human Services

You may file a complaint with the Secretary of Health and Human Services through the Office for Civil Rights (OCR):

U.S. Department of Health and Human Services

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, D.C. 20201

Toll-Free: 1-877-696-6775

Website: hhs.gov/ocr/privacy/hipaa/complaints

Changes to This Notice

Routely reserves the right to change this Notice and to make the new Notice provisions effective for all PHI that we maintain, including PHI we created or received before the effective date of the change. Any revised Notice will be posted on our website at routelypro.com and will be made available in paper form upon request. The effective date of any revised Notice will be prominently displayed.

Contact Our Privacy Officer

For questions about this Notice, to exercise your rights, or to report a privacy concern, please contact:

Routely LLC — Privacy Officer

1817 Mears Pkwy, Margate, FL 33063

Email: privacy@routelypro.com

Phone: 888-920-1907