HIPAA Notice

This is not legal advice or a document, just an initial draft to be reviewed by our legal counsel.

Rehab Ranger™ HIPAA Notice of Privacy Practices

Effective Date: 03/14/2025

THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE READ IT CAREFULLY.

1. Introduction

Rehab Ranger™, Inc. (“Rehab Ranger™,” “we,” “us,” or “our”) is committed to safeguarding your health information. In the course of delivering digital and/or in-person rehabilitation, telehealth, and related services (the “Services”), we collect, create, and maintain protected health information (“PHI”), which is regulated by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). This Notice of Privacy Practices (the “Notice”) describes how we use and disclose your PHI, and it explains your rights regarding your PHI.

Please note: This Notice is incorporated into our Terms and Conditions. If you have questions, concerns, or wish to exercise any of your HIPAA rights, please see the “Contact Information and Complaints” section below.

2. Our Responsibilities

  1. We are required by law to:
    • Protect and maintain the privacy of your PHI.
    • Provide you with this Notice of our legal duties and privacy practices.
    • Follow the terms of this Notice currently in effect.
    • Notify you in a timely manner if a breach of your PHI occurs that may pose a compromise to its privacy or security.
  2. We will only use or disclose your PHI as described in this Notice unless you authorize additional uses or disclosures in writing. You can revoke any written authorization at any time (except to the extent we have already relied on it).
  3. We reserve the right to change our practices and to issue a new Notice that covers all PHI we maintain. If we change this Notice, we will post an updated version on our website or otherwise notify you.

3. Your Rights

You have the following rights regarding your PHI. To exercise these rights, contact us using the information in the “Contact Information and Complaints” section.

  1. Right to Access
    • You can request to review or get a copy (paper or electronic) of your medical records and health information that we maintain. We may charge a reasonable, cost-based fee for copies.
    • We will usually respond within 30 days. If we deny your request, we will provide a written explanation.
  2. Right to Amend
    • You can ask us to correct your PHI if you believe it is inaccurate or incomplete.
    • We may deny your request, but we will explain why in writing within 60 days.
  3. Right to Request Confidential Communications
    • You can request that we contact you through a specific phone number, email, or mailing address, or send mail to an alternate address.
    • We will accommodate reasonable requests.
  4. Right to Request Restrictions
    • You can ask us not to use or disclose certain health information for treatment, payment, or healthcare operations. We are not required to agree to these requests, but we will comply if it doesn’t interfere with your care or if you fully pay out-of-pocket for a service (in that case, you can ask us not to share that payment information with your health insurer).
  5. Right to an Accounting of Disclosures
    • You can request a list of certain disclosures we have made of your PHI over the last six (6) years.
    • This accounting excludes disclosures for treatment, payment, and healthcare operations, among others. The first list in a 12-month period is free; we may charge for additional lists.
  6. Right to a Copy of This Notice
    • You can request a paper copy of this Notice at any time, even if you agreed to receive it electronically.
  7. Right to Appoint a Personal Representative
    • If you have given someone medical power of attorney or they are your legal guardian, that person can exercise your rights and make choices about your PHI on your behalf.
  8. Right to File a Complaint
    • If you believe we have violated your privacy rights, you can complain to us at the contact information below. You can also file a complaint with the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

4. Your Choices

Certain information can be shared only with your written authorization or based on your specific preferences:

  1. Family, Friends, or Others Involved in Your Care
    • If you wish for us to share or limit sharing your PHI with family or other close contacts, please let us know. If you are unconscious or otherwise unable to express a preference, we may share information if we believe it is in your best interest.
  2. Marketing, Sale of PHI, or Psychotherapy Notes
    • We will not use or disclose your PHI for marketing purposes, sell your PHI, or disclose psychotherapy notes (if any) without your written authorization, unless exceptions outlined in HIPAA apply.
  3. Fundraising Communications
    • We may contact you to raise funds for our own use, but you can tell us not to contact you again for fundraising.

5. Information We Collect About You

When you use our Services, we may collect or maintain PHI in various ways, such as:

  • Registration and Screening: Name, address, phone number, email, date of birth, height/weight, and health information relevant to your use of our programs.
  • Requesting Care: Records or data from your past or current healthcare providers, such as diagnoses, lab results, sensor or device readings, or family medical history.
  • Using Our Services: Data about your interactions with Rehab Ranger™’s websites, apps, or hardware, including motion sensor metrics, range-of-motion data, or exercise compliance details.
  • Feedback or Communication: Phone calls, videoconferences, text/SMS conversations, or email messages with our care teams or other staff members. We may record or save some interactions for quality assurance and training.

6. Our Uses and Disclosures

We typically use or disclose your PHI in the following ways:

  1. Treatment
    • We may use or share your PHI to coordinate, manage, or provide healthcare services. For example, we might share relevant PHI with your physician, physical therapist, or other clinicians to enhance your care.
  2. Payment
    • We may use or disclose your PHI to submit claims to your health plan or process payments for the services rendered.
  3. Healthcare Operations
    • We may use your PHI to run our organization, improve quality, conduct audits, or develop new programs. This can include training staff, data analysis, or administrative tasks.
  4. Appointment Reminders
    • We may contact you (phone, email, SMS) to remind you of appointments or provide updates about your therapy.
  5. Business Associates
    • We may share PHI with external companies who perform functions on our behalf (e.g., cloud storage, billing, analytics), provided they sign contracts requiring them to protect the privacy and security of your PHI.
  6. Health Information Exchanges (HIEs)
    • If permitted by law or with your consent, we may participate in HIEs that allow for electronic sharing of your PHI among other healthcare entities to improve coordination of care.
  7. De-identified and Aggregated Data
    • We may de-identify or aggregate your PHI for internal or external uses, such as conducting research, clinical quality reviews, or evaluating new services. Once de-identified, the data is no longer subject to this Notice.

7. Other Uses and Disclosures

We may be allowed or required by law to use or disclose your PHI in additional ways without your written permission:

  1. Public Health and Safety
    • To report communicable diseases, suspected abuse or neglect, adverse medication reactions, and prevent or reduce a serious threat to health or safety.
  2. Research
    • Under certain conditions, we may use or share PHI for research purposes (e.g., IRB-approved studies).
  3. Compliance with Law
    • We will share PHI if required to do so by law or if requested by government agencies (e.g., the Department of Health and Human Services).
  4. Organ Donation
    • We can share PHI with organ procurement organizations if you are an organ donor.
  5. Medical Examiners and Funeral Directors
    • We can share PHI to identify a deceased person or determine the cause of death.
  6. Workers’ Compensation or Government Requests
    • PHI can be disclosed for workers’ compensation claims, law enforcement purposes, health oversight audits, or specialized government functions (e.g., military operations).
  7. Lawsuits and Legal Actions
    • If required by a court order or subpoena, we may disclose PHI. We will generally attempt to notify you unless prohibited by law.

8. Notice Regarding Technology

We may use various software, cloud systems, internet-based services, email, SMS, or video conferencing to share or store PHI. While we maintain reasonable administrative, physical, and technical safeguards to protect your PHI, some communications—like unencrypted email or SMS—carry inherent risks. If a breach occurs that compromises your PHI, we will notify you as required by law.

9. Contact Information and Complaints

If you have questions, wish to obtain a paper copy of this Notice, or want to exercise your rights described here, please contact:

Rehab Ranger™
 Attn: Privacy Officer
[Street Address]
[City, State, ZIP]
Phone: [xxx-xxx-xxxx]
Email: [[email protected]]

You can also file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights by calling 1-877-696-6775 or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

10. Changes and Effective Date

We reserve the right to revise or update this Notice at any time. The new notice will apply to all PHI we already have and any we receive in the future. If we make any significant changes, we will post the revised Notice on our website or otherwise notify you. The effective date at the top indicates the current version of this Notice.

Thank you for trusting Rehab Ranger™ with your healthcare information.