Notice of Privacy Practices

Effective Date: 11/11/2024

This Notice of Privacy Practices (the “Notice”) describes how Dune Medical Group, PC (“Dune”) and the members of its Affiliated Covered Entity (collectively “we” or “our”) may use and disclose your protected health information (“PHI”) to carry out treatment, payment or business operations and for other purposes that are permitted or required by law. An Affiliated Covered Entity is a group of health care providers under common ownership or control that designates itself as a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). For a complete list of the members of the Dune Affiliated Covered Entity, please contact Dune at privacy@heydune.com.

This Notice describes how your PHI may be used and disclosed and how you can get access to this information.Please review it carefully ⚠️.

Your information

PHI is information about you that may be used to identify you (such as your name, social security number or address), and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In conducting its business, Dune will receive and create records containing your PHI. Dune is required by law to maintain the privacy of your PHI and to provide you with notice of its legal duties and privacy practices with respect to your PHI.

Uses and disclosures of your PHI

How do we typically use or share your health information?

Your PHI may be used and disclosed by our health care providers, our staff, and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you, to support our business operations, to obtain payment for your care, and any other uses authorized or required by law. We typically use or share your PHI in the following ways:

1️⃣ Treatment: We can use your health information and share it with other professionals who are treating you or supervising your treating professional. For example, your primary care physician may discuss your condition with a specialized doctor.

2️⃣ Health Care Operations: We can use and share your health information to run our health care operations, improve your care, and contact you when necessary. For example, we may use PHI to conduct quality assessment reviews to evaluate performance in caring for you.

3️⃣ Payment: We can use and share your health information to bill and get payment from health plans or other entities for services we provide. For example, we give information about you to your health insurance plan so it will pay for your services.

Uses and Disclosures of PHI Based Upon Your Written Authorization

We are permitted to use and disclose your PHI with your written authorization, to the extent such use or disclosure is consistent with your authorization (unless otherwise permitted or required by law as described below). You may revoke your authorization at any time, in writing, except to the extent that Dune has taken an action in reliance on the use or disclosure described in the authorization.

How else can we use or share your health information?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. In these situations, we may have to use or disclose your PHI, even without your consent or authorization. These situations include:

  • To help with public health and safety issues. We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. We may also disclose your PHI, if directed by the public health authority, to a government agency that is collaborating with the public health authority. We can share health information about you for certain situations such as:
    • Preventing disease;
    • Reporting suspected abuse, neglect, or domestic violence; and/or
    • Preventing or reducing a serious threat to anyone's health or safety.
  • To conduct research. We may, under certain circumstances, use or disclose PHI without your consent or authorization if an Institutional Review Board or Privacy Board approves a waiver of authorization for such disclosure.
  • To comply with the law. We will share your PHI to the extent that the use or disclosure is required by state or federal laws. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.
  • To address law enforcement. We may disclose your PHI, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include requests: (1) pursuant to legal processes or as otherwise required by law; (2) for limited information for identification and location purposes; (3) pertaining to potential victims of a crime; (4) relating to suspicion that a death has occurred as a result of criminal conduct; (5) in the event that a crime occurs at Dune; or (6) relating to a medical emergency (not at Dune) and it is necessary to alert law enforcement regarding a potential crime.
  • Respond to organ and tissue donation requests. We can share health information about you with organ procurement organizations.
  • Work with a medical examiner or funeral director. We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
  • Address workers' compensation, law enforcement, and other government requests. We can use or share health information about you:
    • For workers' compensation claims;
    • For law enforcement purposes or with a law enforcement official;
    • With health oversight agencies for activities authorized by law; and/or
    • For special government functions such as military, national security, and presidential protective services.
  • To respond to lawsuits and legal actions. We can share health information about you in response to a court or administrative order, or other lawful process or request.
  • Food and Drug Administration. We may disclose your PHI to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products; to enable product recalls; to make repairs or replacements; or to conduct post marketing surveillance, as required.
  • Information Not Personally Identifiable. We may use or disclose your PHI in ways that do not personally reveal your identity.
  • Specialized Government Functions. We, may in certain situations, use and disclose PHI of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits. We may also disclose PHI to federal officials for intelligence and national security purposes.

We never market or sell personal health information ⚠️

Our responsibilities

👉 We are required by law to maintain the privacy and security of your PHI.

👉 We will let you know promptly if a breach occurs that may have compromised the privacy or security of your PHI.

👉 We must follow the duties and privacy practices described in this Notice and give you a copy of it.

👉 We will not use or share your PHI other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

👉 We are required by law to ask you to sign a written authorization form should we need to release your personal health records.

Your choices

You have the following rights regarding the PHI maintained by Dune and may request the following from us:

  • A paper or electronic copy of your PHI:
    • You can ask to see or get a paper or electronic copy of your PHI.
    • You can pick up a copy of your PHI or we can mail it to you.
    • You may request in writing that we send such a copy to any person or entity you designate. Your written, signed request must clearly identify such designated person or entity and where you would like us to send the copy.
    • You must submit your request in writing; ask us how to do this.
    • We do not email or fax patient records.
    • We will provide a copy or a summary of your PHI, as expeditiously as possible, usually within 30 days of your request.
    • Presently, there is no charge for obtaining a copy of your medical record.
    • We may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, we will inform you of the reason for the denial, and how you may request a review of the denial. We will comply with the outcome of the review.
  • Ask us to correct or amend your PHI:
    • You can ask us to correct health information about you that you think is incorrect or incomplete.
    • For example, if your date of birth is incorrect, you may request that the information be corrected.
    • To request a correction or amendment to your health information, you must make your request in writing and provide a reason for your request. You have the right to request an amendment for as long as the information is kept by or for us.
    • We may say “no” to your request, but we will tell you why in writing within 60 days and how you can file a written statement of disagreement with us that will become part of your medical record.
  • Confidential communications:
    • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. For example, you may request that Dune communicate with you through alternate means or at an alternate location. You must submit your request in writing to Dune. Dune will not ask the reason for your request.
    • We will say “yes” to all reasonable requests.
  • Ask us to limit what we use or share:
    • You can ask us not to use or share certain health information for treatment, payment, or our health care operations.
    • We are not required to agree to your request, unless that restriction is regarding disclosure of health information to your health insurance company and: (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (2) the health information pertains solely to a health care item or service for which you or another person (other than your health insurance company) paid for in full.
  • A list of those with whom we have shared information:
    • You can ask for a list (accounting) of the times we have shared (disclosed) your health information for 6 years prior to the date you ask, who we shared it with, and why.
    • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked or authorized us to make), which do not need to be included in the accounting Dune provides to you. We will provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months. We will notify you of the costs involved and give you an opportunity to withdraw or modify your request before any costs have been incurred.
    • Your request must state a time period which may not go back further than six years.
  • A copy of this Privacy Policy: To obtain a paper copy of this Notice, please contact Dune by calling (650) 551-9672.
  • Choose someone to act for you:
    • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
    • We will make sure the person has this authority and can act for you before we take any action.
  • File a complaint if you feel your rights are violated:
    • You can complain if you feel we have violated your rights by contacting us using the information on the back page.
    • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696- 6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
    • We will not retaliate against you for filing a complaint.
  • For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions. In these cases, you have the choice to tell us to:
    • Share information with your family, close friends, or others involved in your care;
      • Share information in a disaster relief situation; and/or
      • Include your information in a hospital directory.

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In the following cases, we never share your information unless you give us written permission:

  • Marketing to you;
  • Sale of your information; and
  • Most sharing of psychotherapy notes.
  • In the case of fundraising: We may contact you for fundraising efforts, but you can tell us not to contact you again.

Changes to the terms of this Notice

We reserve the right to change the terms of this Notice at any time, and the changes will apply to all information we have about you. The new Notice will be available upon request by:

E-mail at hello@heydune.com or by phone at (650) 551-9672

Dune Health
Opening hours

America/Los_Angeles

Monday - Friday

9AM - 5PM

Address

555 Front St

San Francisco, CA 94111

Terms of UseNotice of Privacy PracticesPrivacy PolicyLegal NoticesContact Us