Notice of Privacy Practices
Two Gold Enterprises, LLC
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Effective Date
This Notice of Privacy Practices (“Notice”) took effect on October 1, 2022. It will remain in effect until Two Gold Enterprises, LLC, a Georgia limited liability company (“TGE”), replaces it. TGE will abide by the terms of this Notice while it is in effect.
TGE’s Commitment to Your Privacy
TGE provides a platform for patients to receive dentistry care (“Services”) from more than one dental provider. TGE respects and is committed to protecting the privacy of your medical and dental information. In performing its services, TGE will receive, create, and disclose your protected health information (‘PHI’). TGE is required by law to maintain the privacy and security of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. For information about our collection, use, and disclosure of personal information other than PHI, please see our privacy policy at www.twogold.com/privacypolicy.
In this Notice, we describe:
● Information We Collect About You
● When We Use and Share Your Information
● When We Must Share Your Information
● When We Need Your Authorization to Use or Share Your Information ● Your Rights Regarding Your Information
● How We Keep Your Information Safe
● Changes to the Terms of This Notice
● Information We Collect About You
To provide you with the Services, we collect PHI about you from a few sources including directly from you. PHI is information about you that may be used to identify you (such as your name), and that relates to your past, present or future physical or mental health or condition, the provision of healthcare to you, or your past, present, or future payment for the provision of healthcare.
Of course, as you use the Services you will need to provide TGE and the dentist(s) who treat you with information about yourself and your medical history, past treatment, and potential future treatment options. As you communicate this information, your telephone calls, emails, and other communications between you and TGE and/or service providers may be recorded and logged. As such, we will collect and maintain all information discussed during such communications including your identity, the date and time of the communication, and the contents of the communications. In connection with the Services, we may collect information about you from third parties such as past or current dental care providers, dental health insurance and pharmacy benefit management companies, or your employer or other organization(s).
When you register and log in to our secure websites and mobile apps, TGE automatically collects information about you. TGE must be able to link your activity back to your identity so that changes in our systems can be made and we can track the Services you used. As such, we automatically collect the following types of information about you when you use our secure websites: IP address; device information; general geographic information; dates and times you accessed and used the secure websites/mobile apps, features you used, and how long you use the secure websites/mobile apps
When We Use and Share Your Information
To provide you with the Services, we will need to use and disclose your PHI for the following reasons:
Treatment Activities. We will use your PHI within TGE to treat you and provide you with dental services. We may also disclose your PHI to other dentists or healthcare providers so that they can treat you and provide you with dental services. When you use our Services, to enhance the continuity and quality of care we provide to you, your PHI may be available to providers within TGE for them to provide you with treatment and medical services. For example, your past consults will be available to the provider when you seek a new consult.
Payment Activities. We can use and share your PHI to get paid and for other payment activities. For example, we may send a claim to your dental insurer to get paid. We may share PHI with other entities covered by HIPAA, such as dental plans, for their payment activities.
Dental Operations Purposes. TGE may use and disclose your PHI to run our business. For example, to improve dental services, provide customer service, conduct quality review, contact you about the Services available to you and dental benefits, monitor the qualifications of providers, and other healthcare operations activities. We may share PHI with other entities covered by HIPAA, such as dental plans, for their business operations only if they also have or had a relationship with you.
We may also use PHI to: participate in health information exchanges (HIEs) so that we can share, request, and receive electronic health information from other health care organizations for treatment, payment, and healthcare operations purposes as described above; engage third parties to assist TGE with our payment and healthcare operations, provided if any such third party needs access to PHI to perform its services on behalf of TGE, TGE will require that third party to enter a written agreement that protects the PHI, and TGE will provide only the minimal PHI to accomplish the intended purpose of the use and sharing of the PHI; communicate with family and friends who are involved in your care and payment for care; and create de-identified and aggregate information
When We Must Share Your Information
There are limited times when TGE may be permitted or required by law to use or disclose your PHI without your authorization. These include the following: for public health activities such as reporting certain diseases; to protect victims of abuse or neglect, such as child abuse and elder neglect; for judicial and administrative proceedings such as responding to subpoenas; for workers compensation claims; to prevent or lessen a serious and imminent threat of harm to a person or the public; when required by law or for law enforcement purposes; for state and federal health oversight activities such as physician licensing and disciplinary action; to coroners, medical examiners, and funeral directors in limited circumstance; for organ donation and transplantation; for research approved by an institutional review board; and for specialized government functions such as national security.
When We Need Your Authorization to Use or Share Your Information
Your written authorization is needed prior to us using and disclosing your PHI for marketing purposes, for a sale of your PHI, for fundraising purposes, or to your employer. If TGE wants to use or disclose your PHI for the purposes listed above or for any other purpose not described in this Notice, we will seek your authorization using a HIPAA Authorization to Disclose Protected Health Information Form. You have the right to revoke any authorization that you previously provided.
Your Rights Regarding Your PHI
You have the following rights regarding your PHI maintained by TGE. Your medical power of attorney or legal guardian can exercise these rights on your behalf and make choices about your health information.
Right to Access PHI. Most of your PHI that TGE maintains is available to you directly on the member portal. Simply log in to obtain your medical and consult history. To request access to information that is not available to you online, you must submit your request in writing to TGE. TGE may impose a fee for the costs related to copying and mailing. TGE may deny your request to access your PHI in certain limited circumstances. If that occurs, we will inform you of the reason for the denial.
Right to Request Amendment of PHI. You have a right to request that TGE amend your PHI if you believe it is incorrect. To request an amendment of your PHI that you cannot make yourself online, you must submit your request in writing to TGE. If TGE denies your request, you will be permitted to submit a statement of disagreement for inclusion in your records
Right to Request Restrictions on Uses and Disclosures of PHI. You have the right to request that TGE not use or disclosure your PHI for treatment, payment, or healthcare operations purposes. To request a restriction, you must submit your request in writing to TGE. TGE is not required to agree to your request unless you are requesting that we not disclose your PHI to your insurance company or health plan. In such cases, you will be required to pay for services out of pocket
Right to Request Confidential Communication. You may request that Teladoc communicate with you through alternate means or at an alternate location. To request confidential communications, you must submit your request in writing to TGE. TGE is not required to agree to your request. However we will use best efforts to agree to reasonable requests.
Right to Request an Accounting of Disclosures. You have a right to receive an accounting of disclosures TGE has made of your PHI. To request for an accounting of disclosures, you must submit your request in writing to TGE. Your right to an accounting of disclosures does not include disclosures made for treatment, payment or healthcare operations, disclosures made pursuant to an authorization, and certain other disclosures. Your first accounting will be free of charge.
You have the right to: (a) obtain a paper copy of this Notice from TGE at any time upon request; (b) file a complaint with TGE and/or the Secretary of Health and Human Services (at www.hhs.gov/ocr/privacy/hipaa/complaints/) if you believe that your privacy rights have been violated; and (c) obtain more information about TGE’s privacy practices by contacting the Privacy Officer in writing to Privacy Officer, Two Gold Enterprises LLC, Palmetto, Georgia 30268, or by email to privacy@twogold.com
How We Keep Your PHI Safe
The security of your PHI is very important to us and all the PHI you provide to TGE is protected by strict security safeguards. We use administrative, technical, and physical safeguards to keep your PHI from unauthorized access, and other threats and hazards to its security and integrity. We base our security program on complying with state and federal law, including the HIPAA Security Regulations, as well as industry best practices. We regularly validate the controls we have in place through annual assessment and audits, including SOC II, Type Two and HITRUST certification. More specifically, we protect the confidentiality of your PHI in many ways, including the following: our databases are encrypted at both the volume layer (physical) as well as within the database columns themselves; access to our databases is tightly controlled and is only allowed to a small subset of technical administrators; on a quarterly basis, access reviews are performed to certify staff roles are still appropriately assigned; and our employees are trained on an annual basis on how to maintain the privacy and security of our members’ information. If your unsecured PHI is disclosed to an unauthorized person, despite our security safeguards, we will notify you promptly if such disclosure may have compromised the privacy or security of the PHI
Changes To this Notice
TGE reserves the right to change the terms of this Notice at any time, as long as the changes are in compliance with applicable laws. If TGE changes the terms of this Notice, the new terms will apply to all PHI that it maintains. If TGE changes this Notice, it will post the new Notice on its website and will make the new Notice available upon request