Praxia Health LLC ("Praxia") provides this notice to inform healthcare provider clients and their patients about how Protected Health Information (PHI) may be used and disclosed by Praxia when acting as a Business Associate, and the rights and protections available under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the HITECH Act, and related regulations. Praxia is not a healthcare provider and does not maintain a direct treatment relationship with patients; we operate strictly as a Business Associate on behalf of Covered Entity clients.
1. Our Commitment to Your Privacy
Praxia is committed to safeguarding the privacy and security of Protected Health Information entrusted to us. We understand that medical information about patients is personal and sensitive, and we treat that information with the diligence and confidentiality it deserves. We are required by law to:
- Maintain the privacy and security of PHI we receive or create on behalf of our clients
- Provide this notice describing our legal duties and privacy practices with respect to PHI
- Follow the terms of the Business Associate Agreement (BAA) currently in effect with each client
- Notify Covered Entities of any breach of unsecured PHI in accordance with HIPAA
2. How We Use and Disclose Protected Health Information (PHI)
Praxia uses and discloses PHI only as permitted by the executed Business Associate Agreement, the HIPAA Privacy and Security Rules, and the minimum necessary standard. Typical permitted uses and disclosures include:
- Service delivery on behalf of the Covered Entity: performing patient intake, eligibility and benefits verification, prior authorization, claims preparation and submission, accounts receivable follow-up, patient billing support, and related administrative functions.
- Communication with payers and clearinghouses: submitting claims, appeals, and supporting documentation to insurance carriers and clearinghouses as required to obtain payment for services rendered by the Covered Entity.
- Communication with patients on behalf of the Covered Entity: appointment coordination, intake follow-up, and billing-related questions, in accordance with the Covered Entity's instructions.
- Internal operations: quality assurance, training, auditing, and compliance review, using the minimum information necessary and applying de-identification where feasible.
- As required by law: disclosures required by law, court order, or proper request from an authorized government oversight agency such as the U.S. Department of Health and Human Services.
We do not use or disclose PHI for marketing, do not sell PHI under any circumstance, and do not use PHI for purposes unrelated to the services contracted by our clients.
3. Your Rights Regarding PHI
HIPAA grants patients specific rights with respect to their PHI. Because Praxia is a Business Associate and not a Covered Entity, these rights are exercised through the patient's healthcare provider (the Covered Entity). Praxia will support Covered Entities in responding to patient requests, including:
- Right to access: request to inspect and obtain a copy of PHI maintained on the Covered Entity's behalf.
- Right to amend: request correction of PHI that is inaccurate or incomplete.
- Right to an accounting of disclosures: request a list of certain disclosures of PHI made by or on behalf of the Covered Entity.
- Right to request restrictions: request limits on how PHI is used or disclosed for treatment, payment, or operations.
- Right to request confidential communications: request that communications occur in a specific manner or at a specific location.
- Right to be notified of a breach: receive notification in the event of a breach of unsecured PHI affecting the patient.
- Right to a paper copy of this notice: obtain a paper copy upon request, even if previously provided electronically.
Patients should direct these requests to their healthcare provider. Providers may contact Praxia at compliance@praxiahealth.co for assistance in fulfilling such requests.
4. Our Responsibilities
As a Business Associate, Praxia is responsible for:
- Maintaining the privacy and security of PHI through administrative, physical, and technical safeguards as required by the HIPAA Security Rule
- Limiting the use and disclosure of PHI to what is permitted by the BAA and applicable law
- Applying the minimum necessary standard to all uses, disclosures, and requests for PHI
- Ensuring that any subcontractor that handles PHI on our behalf agrees in writing to the same restrictions and conditions that apply to Praxia
- Training our workforce on HIPAA, security awareness, and incident response
- Promptly reporting to the Covered Entity any use or disclosure of PHI not permitted by the BAA, including breaches of unsecured PHI
- Cooperating with audits, investigations, and inquiries by Covered Entities and government oversight agencies
- Returning or securely destroying PHI upon termination of the engagement, as specified in the BAA
If our privacy practices change in a material way, we will update this notice and make the revised version available to clients and on our website.
5. Business Associate Agreements (BAA)
Praxia signs a Business Associate Agreement with every client before any PHI is exchanged. The BAA is a legally binding contract that:
- Defines the permitted and required uses and disclosures of PHI
- Obligates Praxia to use appropriate safeguards to prevent unauthorized use or disclosure of PHI
- Establishes breach notification procedures and timelines consistent with HIPAA and the HITECH Act
- Requires Praxia to flow down these obligations to any subcontractor that may access PHI
- Specifies how PHI must be returned or destroyed upon termination of the engagement
Clients may request a copy of Praxia's standard BAA template at any time by contacting compliance@praxiahealth.co.
6. How to File a Complaint
If you believe your privacy rights have been violated, you have the right to file a complaint without fear of retaliation. Complaints may be filed in two ways:
- With Praxia: Send a written complaint to compliance@praxiahealth.co. Please include a description of the concern and any relevant details. We will acknowledge receipt and investigate the matter promptly.
- With the U.S. Department of Health and Human Services: File a complaint with the HHS Office for Civil Rights (OCR) at www.hhs.gov/ocr, by mail at 200 Independence Avenue SW, Washington, D.C. 20201, or by phone at 1-877-696-6775.
Praxia will not retaliate against any individual for filing a complaint or otherwise exercising rights under HIPAA.
7. Contact Information
For questions about this Notice, our HIPAA practices, or to request a copy of our standard Business Associate Agreement, please contact:
Praxia Health LLC
HIPAA Privacy Officer
Email: compliance@praxiahealth.co
This Notice is effective as of the date listed above and will remain in effect until replaced or amended. Material changes will be communicated to active clients in writing.