Mae Health, Inc.

Notice of HIPAA Practices

Effective Date: May 28, 2021

THIS NOTICE OF HIPAA PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED BY MAE HEALTH, INC. (“MAE,” “WE”, OR “US” OR “OUR”) AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE CAREFULLY REVIEW THIS NOTICE.

Our Obligations

Mae is committed to protecting the privacy of your health information. We are also required by HIPAA and related state and federal laws to take steps to maintain the privacy of your Protected Health Information (“PHI”), which includes both information related to your health and other information that can identify you individually, such as your name and address. Specifically, we are required to provide you with this Notice of our legal duties; protect the privacy of your PHI consistent with the policies and practices detailed in this Notice; and notify you in the event of a breach of your unsecured PHI.

PHI Mae Collects

When you sign up for a Mae account and use Mae’s services such as our health trackers and surveys, we collect information about you that is considered PHI. Examples of the information we collect are your:

  • Name
  • Contact information such as your email address, phone number, and zip code;
  • Insurance information (if you receive Mae as part of your health plan);
  • Medical history; and
  • Current health information such as your pregnancy symptoms and due date.

Uses And Disclosures Of PHI That Do Not Require Your Written Authorization

  • Mae may use your PHI without obtaining your written permission in relation to your treatment, for payment, to facilitate our healthcare operations, and for other purposes permissible under the law as described below.
  • Treatment: We use your PHI to healthcare professionals to facilitate your treatment, including to identify and alert you to potential health issues, or to recommend treatments or healthcare professionals. Additionally, we may use your email address to send you information related to your care.
  • Payment: We may share your PHI with your insurer to obtain payment for services we provide, except where prohibited by law.
  • Healthcare Operations: We may use and disclose your PHI to facilitate our healthcare operations. This includes conducting internal audits and quality analyses, and other activities that improve our services.
  • Friends and Family: We may disclose your PHI to your friends and family (1) with your permission, which may be revoked at any time; (2) if when given the opportunity to object to the disclosure you do not object or we reasonably infer that you do not object; or (3) if you are not present or able to consent or object and we believe in our professional judgment that disclosure is in your best interest.
  • Legal Obligations: We may use and disclose your PHI to comply with judicial and administrative proceedings; cooperate with law enforcement; or as otherwise required by law including compliance with worker’ compensation laws.
  • Public Health Activities: We may disclose your PHI to authorized public health authorities (1) to protect public health and safety; (2) to prevent or control disease, injury, or disability; (3) to the U.S. Food and Drug Administration (“FDA”) in relation to FDA-regulated products or activities; or (4) to report child abuse or neglect. We may also disclose your PHI to individuals who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.
  • Research: Typically, we will ask for your permission before using your PHI for research purposes. However, in certain circumstances we may use your PHI without your authorization if an Institutional Review Board or privacy board has waived the authorization requirement. Your name and other directly identifying information will not be used without your authorization.
  • Victims of Abuse, Neglect, or Domestic Violence: We may disclose your PHI to a government authority authorized to accept reports of abuse, neglect, or domestic violence, such as social service agencies, if we reasonably believe that you are a victim of abuse, neglect, or domestic violence.
  • Health Oversight Activities: We may disclose your PHI to health oversight agencies for purposes including but not limited to audits, investigations, inspections, licensure, discipline, and criminal and administrative proceedings.
  • De-Identified and Aggregated Information: We may use your PHI if identifying information is removed, except as prohibited by law. We may also use this de-identified data in aggregate.

Uses and Disclosures of PHI That Require Your Written Authorization

In circumstances other than those described in the section above, we must obtain your written authorization prior to disclosing your PHI. We will not disclose your PHI for the purposes described below without your authorization. Once given, you have the right to revoke your authorization at any time. To do so, please contact us at privacy@meetmae.com.

Marketing Purposes: Disclosure of your PHI for marketing purposes requires your authorization except as permitted by HIPAA or other applicable law.

Sale of Your PHI: We will not sell your PHI will without your written authorization.

Psychotherapy Notes: Disclosure of psychotherapy notes written about you requires your authorization in most circumstances. These notes may be disclosed without your permission (1) when used by the therapist who created them in relation to your treatment; (2) to defend ourselves in legal action; or (3) as otherwise authorized by law.

Highly Confidential Information: Some state and federal laws other than HIPAA have more stringent requirements on the disclosure of PHI that may be considered highly confidential information such as STD and HIV/AIDS status, alcohol and drug use issues, and treatment related to sexual assault. We follow these more stringent standards and will not disclose your highly confidential information without your authorization.

Your Rights

Right to Request Restrictions: You have the right to request we limit the way we use or disclose your PHI for treatment, payment, or healthcare operations. You may also restrict who of your family and friends we share your PHI with, including revoking previously given permission to share. Please be aware that although we consider all requests, we are not required to grant them unless the requested restriction relates to disclosure to a health plan for the purpose of carrying out payment or healthcare operations and is not otherwise required by law; and the PHI only relates a health care item or service that you have paid for out of pocket in full. If granted, we will honor your request in all but emergency situations.

To request or revoke a restriction, please contact us at privacy@meetmae.com.

Right to Amend the Way We Communicate With You: You have the right to request that we communicate with you in a different way, such as writing to a different email address. [You can change your contact information on your account settings dashboard on our website] or you can make such a request by emailing us at privacy@meetmae.com. We will accommodate reasonable requests.

Right to Access Your PHI: You have a right to request access to your PHI, including billing records. Please email us at privacy@meetmae.com to do so. Please indicate whether you would like your information sent via email or post. We will respond to your request in writing. Please note that if you request hardcopy versions of these documents, we may charge you a modest fee. If we deny your request, we will explain our reason for doing so.

Right to Receive an Accounting of Disclosures of Your PHI: You have a right to view the disclosures we have made of your PHI during a specified time period not to exceed six years prior to the date of your request. To request a statement, please email us at privacy@meetmae.com. This statement is provided free of charge at your request once every twelve months. If you request a statement more than once within a twelve month period, we may charge you a reasonable fee.

Right to Amend your PHI: If you believe the PHI we have on file is incorrect or incomplete, you may request that we amend the information. To do so, please contact us at privacy@meetmae.com. We will respond to you in writing. If we deny your request, we will explain our reason for doing so.

Right to Receive a Paper Copy of this Notice: Upon request we will send you a paper copy of this notice. To request one, please contact us at privacy@meetmae.com.

Notice of Breach: We are required to notify you if there has been a breach of unsecured PHI.

File a Complaint: If you believe we have violated your privacy rights, you may file a written complaint with us by emailing us at privacy@meetmae.com. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visitingwww.hhs.gov/ocr/privacy/hipaa/complaints. We will not retaliate against you for filing a complaint.

Changes to This Policy

Mae may occasionally modify this Notice by posting an updated version of the Notice here. Any changes will be effective as of the Effective Date noted at the top of the Notice. We encourage you to review this page periodically for the latest information.

Contact Us

If you have any questions or concerns regarding this Notice, please contact us at privacy@meetmae.com.