HIPAA & PHI
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its regulations restrict health care providers’ ability to use and disclose protected health information (PHI). While the Recoverypad Platform does not in any way provide health care (as described in the “Recoverypad-Terms of Use”) and, as such, is in no way obligated to adhere to HIPAA, the Company has instituted HIPAA’s regulations as they pertain to coaching only. We have done so in order to create as confidential and secure a Platform, as possible. However, such adherence should not be construed as legally- or ethically-mandated, nor as indicating that the Company or the Platform provides healthcare services of any kind, including or counseling or psychotherapy.
Protected Health Information. Given that the Platform is not required to adhere to HIPAA’s regulations around protected health information (PHI), we have adapted its definition to make reference to coaching (which is not the provision of healthcare) versus healthcare. Thus, on the Platform, PHI refers to information that is created or received by the Company and relates to the past, present, or future physical or mental states of a Client; the provision of coaching to a Client; or the past, present, or future payment for the provision of coaching to a Client; and that identifies the Client for which there is a reasonable basis to believe the information can be used to identify the Client. Protected health information includes information of persons living or deceased.
Some examples of PHI are:
- Client’s demographic information (e.g. address, telephone number)
- Images of the Client
- Parts of conversations (text-based or otherwise) between a coach or administrator, and the Client that could reveal the identity of the Client
- Billing information about the Client
- Any health information that can lead to the identity of an Client or the contents of the information that can be used to make a reasonable assumption as to the identity of the Client
It is the Company’s policy to comply with HIPAA’s requirements, as described above. To that end, all staff members who have access to PHI must comply with this HIPAA Privacy and Security Plan. For purposes of this plan and the Company’s use and disclosure procedures, the workforce includes individuals who would be considered part of the workforce under HIPAA such as employees, volunteers, interns, board members and other persons whose work performance is under the direct control of the Company, whether or not they are paid by the Company. The term “employee” or “staff member” includes all of these types of workers.
No third-party rights (including but not limited to rights of Clients or coaches) are intended to be created by this plan. The Company reserves the right to amend or change this plan at any time (and even retroactively) without notice.
All staff members must comply with all applicable HIPAA privacy and information security policies.