Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

REFERENCE: 45 CFR §164.520)

Effective Date: November 2024

At Ulo, we are committed to protecting the privacy and security of your health information. This Notice of Privacy Practices describes how your Protected Health Information (PHI) may be used and disclosed, and how you can access this information in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

1. How We Use and Disclose Your Health Information

We may use and disclose your PHI for the following purposes, as permitted by HIPAA:

A. Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This includes communication with healthcare providers, pharmacies, or specialists involved in your care.

B. Payment

We may use and disclose PHI to bill and collect payment for healthcare services provided to you, including with your health plan, insurance company, or other payers.

C. Healthcare Operations

We may use and disclose PHI for healthcare operations, such as quality improvement, staff training, compliance monitoring, and administrative functions.

D. Legal and Regulatory Compliance

We may disclose your PHI when required by law, including reporting public health risks, responding to legal requests, and cooperating with government agencies for compliance purposes.

E. Business Associates

We may share your PHI with third-party service providers who perform functions on our behalf, such as data storage, billing, and IT support. These business associates are required to sign a Business Associate Agreement (BAA) to ensure they safeguard your PHI in compliance with HIPAA regulations.

F. Other Uses and Disclosures

We may use or disclose your PHI in certain additional circumstances, such as:

  • To prevent or reduce a serious threat to health or safety

  • For research purposes (subject to special approvals)

  • For law enforcement or judicial proceedings

  • To comply with workers’ compensation laws

Except as outlined above, we will not use or disclose your PHI without your explicit written authorization. You have the right to revoke any such authorization at any time. We will not use or disclose your PHI for marketing purposes, nor will we sell your PHI, without your explicit written authorization, as required by HIPAA.

2. Your Rights Regarding Your PHI

Under HIPAA, you have the following rights regarding your health information:

A. Right to Access and Obtain Copies
You also have the right to request your PHI in electronic format, and we will provide it in a secure and accessible manner, as required by the HITECH Act.

You have the right to request access to and obtain a copy of your PHI. Requests can be made by contacting us at [Insert Contact Information].

B. Right to Request Amendments

If you believe your PHI is incorrect or incomplete, you may request an amendment. We will review your request and may deny it under certain circumstances, providing you with an explanation.

C. Right to an Accounting of Disclosures

You may request a list of instances where your PHI has been disclosed for reasons other than treatment, payment, or healthcare operations.

D. Right to Request Restrictions

You have the right to request restrictions on how your PHI is used or shared. While we will consider your request, we may not be required to agree if it affects your treatment or legal obligations.

E. Right to Request Confidential Communications


Additionally, we may contact you for fundraising efforts, but you have the right to opt out of receiving such communications.


You may request that we communicate with you using alternative methods or at a specific location (e.g., only via email instead of phone). We will accommodate reasonable requests.

F. Right to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services (HHS). We will not retaliate against you for filing a complaint.

3. Our Responsibilities

  • We are required by law to maintain the privacy of your PHI and provide this notice detailing our legal duties and privacy practices.

  • We must follow the terms of this notice and notify you if a breach of your PHI occurs. In accordance with the HIPAA Breach Notification Rule (45 CFR §164.400-414), we will notify you without unreasonable delay and no later than 60 days after discovering a breach.

  • We reserve the right to change our privacy practices, and any changes will be updated in this notice and posted on our website.

4. Data Security Measures
We implement administrative, physical, and technical safeguards to protect your PHI from unauthorized access, use, or disclosure. Our security measures are designed to comply with HIPAA regulations and industry best practices to ensure the confidentiality and integrity of your health information.

5. Contact Information

If you have any questions about this Notice of Privacy Practices or wish to exercise any of your rights, please contact us at:

Ulo
850 New Burton Rd., Ste. 201 

Dover, DE  19904

Phone: ‪(415) 212-8312‬
Email: concierge@ulo.co

For more information about your HIPAA rights, visit www.hhs.gov/hipaa.