Notice of Privacy Practices

Effective January 15, 2025

Keeping your health information private is vitally important to Modum. We are required by law to maintain the privacy of your Protected Health Information (“PHI”) and to provide you with notice of our legal duties and privacy practices with respect to PHI. 

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Uses and Disclosures of Your Information

We may use and share your information as we:

  • Work with your healthcare provider

  • Run our organization

  • Do research

  • Comply with the law

  • Address law enforcement and other government requests

Your Rights

  • Receive a copy of your paper or electronic medical record

  • Correct your paper or electronic medical record

  • Ask Modum to limit the information we share

  • Get a list of those with whom Modum has shared your information

  • Get a copy of this privacy notice

  • File a complaint if you believe your privacy rights have been violated

  • Share information in an emergency situation

Our Responsibilities

  • Provide you with this notice of our legal duties and privacy practices

  • Follow the privacy practices described in this notice 

  • Notify you in the event of a breach of your unsecured PHI  

  • Not use or share your information other than as described here unless you tell us we can 

For a more detailed explanation of Our Uses and Disclosures, Your Rights, and Our Responsibilities please see the comprehensive explanations below.

Definition of PHI – Your Information Modum May Use

As used in this notice, the terms “Protected Health Information” or “PHI” include any information that we maintain that reasonably can be used to identify you and that relates to your physical or mental health condition. Examples of PHI we may collect to provide our diagnostic services include:

  • Name, gender, and date of birth

  • Address and phone number

  • Email address, password, and login

  • Prescribing physician and office

  • Primary indication

  • Symptoms and activities you report, by time and date

  • ·Sensor data while monitoring including electro-myography (muscle related) data and IMU (accelerometers and gyroscopic) data

Our Uses and Disclosures

I. How Modum Typically Uses or Shares Your Information

Physiotherapy / Muscle Health Guidance

We may use or disclose your PHI to provide and manage physiotherapy services for you. Our use and disclosure may include working with your health care providers and providing them sensor data from your exercise sessions as well as answers to the questionnaires you provide us through the Modum apps. For example, we will share the results of our analysis of your exercise data collected by the sensor to the prescribing physician treating you.

Operations

We may use PHI to operate our business, such as conducting quality assessment and improvement activities, conducting fraud and abuse investigations, communicating with you about health related benefits and services or treatment alternatives that may be of interest to you, and communicating with your health care provider or health plan. We may also use your PHI to create de-identified data, which is data that no longer identifies you, and may use this de-identified data for research, business planning, data analytics, and other lawful purposes.

II. How Modum May Use or Share Your Information

Modum is allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. Modum has to meet legal conditions before we can share your information for these purposes. For more information visit: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html.

As Required By Law: We may use and disclose PHI when we are required to do so by law.

Business Associates: Modum may disclose your PHI to third parties known as business associates so that they may perform services for us. These third parties may be provided with access to PHI needed to perform their functions. Modum’s business associates are required, both in their contract with Modum and under applicable law, to protect the privacy of your PHI and are not allowed to use or disclose any PHI other than as specified in our contract with them.

For Emergency Notification: We may disclose your PHI in the event of an emergency (e.g., to a disaster relief organization) so that your family or other persons responsible for your care can be notified about your condition, status, and location. 

Law Enforcement: We may disclose PHI for law enforcement purposes, or to a law enforcement official as required by law.

Legal Process and Proceedings: We may use and disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.

Public Health and Safety: We may disclose PHI to public health authorities charged with preventing or controlling disease, injury, abuse, disability, or serious threat to health or safety, such as to the Food and Drug Administration for product safety purposes. 

Research: We may use and disclose your PHI for research purposes under certain circumstances, including but not limited to circumstances where the research has been approved by an institutional review board or privacy board to ensure that the privacy of your information is protected. 

Your Rights

If you wish to exercise your rights regarding your PHI, please contact us in writing using the email address contained in the contact information listed at the end of this notice.

Access: You have the right to see, or obtain copies of, most health records we maintain about you. We may charge you a reasonable fee as allowed by law to obtain this information.

Amendment or Deletion: You have the right to request that we amend health records we maintain about you if you believe they are incomplete or incorrect. If we disagree, we will explain why and your rights.

Disclosure Accounting: You have the right to request and receive a list of certain non-routine disclosures made of your PHI. If you request this list more than once in a 12-month period, we may charge you a reasonable fee as allowed by law to respond to any additional request.

Use/Disclosure Rejection or Objection: You have a right to request that we restrict our use or disclosure of your PHI for certain purposes. We are not required to agree to a requested restriction, except in the case of a disclosure to a health plan for payment of health care operation purposes and when the PHI relates to a health care item or service for which you have paid in full. We will agree to other restriction requests provided that the law allows and we determine the restriction does not impact our ability to operate our business, provide diagnostic services, and comply with the law. Even when we agree to a restriction request, we may still disclose your PHI in a medical emergency and use or disclose your PHI for public health and safety and other similar public benefit purposes permitted or required by law.

Confidential Communication: You have the right to request that we communicate with you in confidence about your PHI at an alternative address or by an alternative method. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request to the Privacy Officer at the contact information below. Modum will not ask you the reason for the request and will accommodate all reasonable requests. The request must specify how or where you wish to be contacted.

Privacy Notice: You have the right to request and receive a paper copy of this notice at any time, even if you have previously agreed to receive it electronically. 

Complaints/Violations: If you believe that we have violated your privacy rights, you may submit a complaint to us using the contact information listed at the end of this notice. You may also submit a complaint to the U.S. Department of Health and Human Services by visiting www.hhs.gov/ocr/privacy/hipaa/complaints. We will provide you with the address for the U.S. Department of Health and Human Services upon request. We support your right to protect the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

Modum’s Responsibilities

  • Modum is required by law to provide you with this notice of our legal duties and privacy practices. 

  • ·Modum is required to follow the privacy practices described in this notice and provide you with a copy of it. 

  • ·Modum is required by law to notify you in the event of a breach of your unsecured PHI.

  • Modum will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. 

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

CHANGES TO THIS NOTICE

We have the right to change our privacy practices and the terms of this notice at any time. We reserve the right to make any revised or changed notice effective for information we already have and for information that we receive in the future. You may obtain the most current notice by visiting the privacy section of our website, www.modumhealth.com/privacy_policy or by contacting us at the contact information below.

CONTACT INFORMATION:

If you have questions or would like additional information

Modum, Inc.

Telephone: 1-833-MY-MODUM

Email: privacy@Modumhealth.com