GoCrew Notice of Privacy Practices
Last Updated: September 18, 2021
THIS NOTICE OF PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW MEDICAL, AND OTHER HEALTHCARE INFORMATION ABOUT YOU MAY BE COLLECTED, USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Who we are:
myGoDoc, Inc. (collectively, “GoCrew”, “we”, or “us”) is a technology platform (“Platform”) that enables patients to identify, engage with, and receive health care services from Health Care Providers through the GoCrew website located at www.GoCrewHealth.com and other websites (“Website”) or our mobile application (“Application”), both controlled by myGoDoc, Inc. (collectively “Site”). GoCrew is NOT a healthcare provider NOR a “covered entity” as defined under the Health Insurance Portability and Accountability Act (HIPAA). Rather, GoCrew is a business associate, as defined under HIPAA, to and has entered into a business associates agreement with each Health Care Provider providing services via the Platform.
Health Care Providers are independent licensed, accredited, or certified health care professionals or practices, which may include medical doctor, physician assistant, nurse practitioner, nurse, or other such professionals as determined by GoCrew. Each participating Health Care Provider has entered into a contractual arrangement with GoCrew to receive certain services, including being listed as a provider on the Site and being granted access to the Platform to provide telehealth health care services to patients. Health Care Providers are “covered entities” under HIPAA.
Our commitment to protecting health information about you:
The participating Health Care Providers and their authorized agent GoCrew are committed to protecting the privacy of your health information and to ensuring your rights under the HIPAA. The Health Care Provider you selected on the Site will require you to acknowledge receipt and accept the Provider’s Notice of Privacy Practices (“Provider’s NPP”), which will govern the way the Health Care Provider manages your healthcare information exchanged via the Site. The purpose of this Notice is to inform you how GoCrew will collect, store, and disclose your health information exchanged via the Site in coordination with the Provider’s NPP.
GoCrew will collect, use, and disclose healthcare information, including PHI (as defined below) in accordance with this Notice and will coordinate with Provider’s NPP. The health information collected and exchanged may include health care information, and therefore GoCrew and Health Care Provider intend to comply with applicable federal law, specifically the Confidentiality of Alcohol and Drug Abuse Patient Records (42 U.S.C. 290dd-3, 42 U.S.C. 290ee-3, and 42 C.F.R. Part 2), and applicable State laws in the management of this information.
Prior to receiving any services from the Site, you will be required to acknowledge receipt of this Notice, and prior to receiving any Services from the Health Care Provider via the Site, you will be required to acknowledge receipt of the Provider’s NPP.
In this Notice, we describe the ways that we may use and disclose health information about you obtained via the Site. As a business associate, HIPAA requires that we protect the privacy of health information that identifies a patient, or where there is a reasonable basis to believe the information can be used to identify a patient. This information is called Protected Health Information (PHI). This Notice describes your rights and our obligations regarding the use and disclosure of PHI. We are required by law to:
- Maintain the privacy of PHI about you;
- Give you this Notice of our legal duties and privacy practices with respect to PHI; and
- Comply with the terms of our Notice and the Provider’s NPP that is currently in effect.
As permitted by the HIPAA Privacy Rule, we reserve the right to make changes to this Notice and to make such changes effective for all PHI we may already have about you. If and when this Notice is changed, we will post an updated copy on our Site. We will also provide a copy of the revised Notice to you upon request. You may request a copy of the Notice using the contact information provided below and will be asked to acknowledge and confirm that you received this Notice. Our services are conditioned upon your acknowledgement of this Notice, and the Health Care Provider’s Services are conditioned upon your acknowledgement of the Provider’s NPP.
Confidentiality of Alcohol and Drug Abuse Records
The confidentiality of alcohol and drug abuse patient records maintained by us is protected by Federal law and regulations. Generally, we may not disclose to any third-party that you are a patient or any information identifying you as an alcohol or drug abuser, unless:
- You consent in writing;
- The disclosure is allowed by a court order; or
- The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
Violation of the Federal law and regulations may be a crime. Suspected violations may be reported to appropriate authorities in accordance with Federal regulations. Federal law and regulations do not protect any information about a crime committed by you or about any threat to commit such a crime. Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under State law to appropriate State or local authorities. See for Federal laws and 42 CFR part 2 for Federal regulations.
Duty to Warn/Disclose
Certain States have laws requiring Health Care Providers to report or disclose confidential information to legal authorities and potential victims when there is a risk of bodily harm (“Duty to Warn”). As a result, the limitation on disclosure of confidential information may not apply:
- If you threaten or attempt to commit suicide or otherwise conduct yourself in a manner in which there is a substantial risk of incurring serious bodily harm.
- If you threaten grave bodily harm or death to another person.
- If the Health Care Provider has a reasonable suspicion that you or another named person is the perpetrator, observer of, or actual victim of physical, emotional or sexual abuse of children under the age of 18 years or the elderly.
- If you are in therapy or being treated by order of a court of law, or if information is obtained for the purpose of rendering an expert’s report to an attorney.
In addition, if you contact GoCrew customer service for technical support and make any threats to harm yourself or others, GoCrew may report your conduct to your local law enforcement authority.
Uses and disclosures for treatment, payment, and healthcare operations without your authorization.
Except otherwise provided, the following categories describe the different ways we may use and disclose PHI for treatment, payment, or healthcare operations without your consent or authorization.
- Treatment: As a business associate, we may use and disclose PHI about you for treatment purposes, including disclosure to your Health Care Providers and other health care professionals who provide you with services and/or are involved in the coordination of your care. In addition, we may use and disclose PHI about you when your Health Care Provider refers you to a healthcare provider other than one of Health Care Providers using our Platform for treatment. In emergencies, we may use and disclose PHI for the treatment activities of another healthcare provider.
- Payment: As a business associate, we may use and disclose PHI so that we or your Health Care Provider can bill and collect payment for the Services provided to you using our Platform. Before your receipt of treatment or services via the Site, we may share details with your health plan concerning the services you are scheduled to receive. We may use and disclose PHI to find out if your health plan will cover the cost of Services and care provided to you. We may use and disclose PHI to confirm you are receiving the appropriate amount of care to obtain payment for services. We may use and disclose PHI for billing, claims management and collection activities. We may disclose PHI to insurance companies providing you with additional coverage. We may disclose limited PHI to consumer reporting agencies relating to collection of payments owed to the Health Care Providers. We may also disclose PHI to another healthcare provider or to a company or health plan required to comply with HIPAA for the payment activities of that healthcare provider, company or health plan.
- Healthcare Operations: As a business associate, we may use and disclose PHI in performing business activities that are called healthcare operations. Healthcare operations include doing things that allow us to improve the quality of care provided to you by one of Health Care Providers using our Platform and to reduce healthcare costs. We may use and disclose PHI about you in the following healthcare operations:
We may create “de-identified” information that is not identifiable to any individual and using or disclosing such de-identified information for any lawful purpose, including research or marketing, and disclosing PHI to a business associate for the purpose of creating de-identified information, regardless of whether we will use the de-identified information.
If a Health Care Provider or another healthcare provider, company or health plan that is required to comply with HIPAA has or once had a relationship with you, we may disclose PHI about you for certain healthcare operations of that Provider, other healthcare provider, or company.
Certain uses and disclosures of your medical information require your written authorization.
- Communication from GoCrew or Health Care Provider: GoCrew and Health Care Provider may contact you to remind you of appointments, suggestions about follow up care, and to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. As agreed in your GoCrew Service Agreement, we may make these communications via email or text messaging. If you have any questions or want to request an alternate form of communication or change location of receipt, please direct your requests in writing to our Privacy Officer using the contact information provided below.
- Secondary Use of Information. As agreed in your GoCrew Patient Service Terms, we may use “de-identified” information and aggregate data for any lawful purpose, including research, marketing, and commercial purposes. With certain limited exceptions, we are not allowed to sell or receive anything of value in exchange for your de-identified information and aggregate data without your written authorization, which was obtained in the GoCrew Patient Service Terms.
If you give us Authorization as provided in the GoCrew Patient Service Terms to use or disclose health information about you, you may revoke that Authorization, in writing, at any time. If you revoke your Authorization, we will no longer use or disclose information about you for the reasons covered by your written Authorization, but we cannot take back any uses or disclosures already made with your permission. If you want to request a change, please direct your requests in writing to our Privacy Officer using the contact information provided below.
Certain uses and disclosures of your medical information require you to have an opportunity to object.
- Individuals Involved In Your Care or Payment for Your Care: If you do not object after being given the opportunity, we may make uses and disclosures of your PHI to your family member, close friend or any other person identified by you if that information is directly relevant to the person’s involvement in your care or payment for your care. If you are unable to consent or object, we may exercise professional judgment in determining whether the use or disclosure of PHI is in your best interests.
Certain other uses and disclosures we can make without your written authorization or opportunity to object
We may use and disclose PHI about you in the following circumstances without your authorization or opportunity to object, provided that we comply with certain conditions that may apply.
- Business Associates: We may disclose PHI to our business associates to perform certain business functions or provide certain business services to us. All of our business associates are required to maintain the privacy and confidentiality of your PHI. Additionally, at the request of your Health Care Providers or health insurance plan, we may disclose PHI to their business associates performing certain healthcare or business functions on their behalf.
- Required by Law: We may use and disclose PHI as required by federal, state or local law to the extent that the use or disclosure complies with the law and is limited to the requirements of the law.
- Public Health Activities: We may use and disclose PHI to public health authorities or other authorized persons to carry out certain activities related to public health.
- Abuse, Neglect or Domestic Violence: We may disclose PHI in certain cases to proper government authorities if we reasonably believe that a patient has been a victim of domestic violence, abuse or neglect.
- Military and Veterans: If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
- National Security, Intelligence Activities, and Protective Services for the President and Others: We may release PHI about you to federal officials for intelligence, counterintelligence, protection to the President, and other national security activities authorized by law.
- Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of other individuals.
- Health Oversight Activities: We may disclose PHI to a health oversight agency for oversight activities including, for example, audits, investigations, inspections, licensure and disciplinary activities and other activities conducted by health oversight agencies to monitor the healthcare system, government healthcare programs and compliance with certain laws.
- Lawsuits and Other Legal Proceedings: We may use or disclose PHI when required by a court or administrative tribunal order. We may also disclose PHI in response to subpoenas, discovery requests or other required legal process when efforts have been made to advise you of the request or to obtain an order protecting the information requested.
- Law Enforcement: Under certain conditions, we may disclose PHI to law enforcement officials, including the reporting of suspected crimes.
- To Avert a Serious Threat to Health or Safety and Duty to Warn: We may use and disclose PHI about you in limited circumstances when necessary to prevent a threat to the health or safety of you, another person or to the public, including the Duty to Warn. This disclosure can only be made to a person who is able to help prevent the threat.
- Workers’ Compensation: We may disclose PHI as authorized by workers’ compensation laws or other similar programs that provide benefits for work-related injuries or illness.
- Disclosures Required by HIPAA Privacy Rule: We are required to disclose PHI to the Secretary of the United States Department of Health and Human Services when requested by the Secretary to review our compliance with HIPAA. We are also required in certain cases to disclose PHI to you upon your request to access PHI or for an accounting of certain disclosures of PHI about you (these requests are described in the “Right to Receive Accounting Disclosure” section of this Notice).
- Incidental Disclosures: We may use or disclose PHI incident to a use or disclosure permitted by HIPAA so long as we have reasonably safeguarded against such incidental uses and disclosures and have limited them to the minimum necessary information.
- Limited Data Set Disclosures: We may use or disclose a limited data set (PHI that has certain identifying information removed) for the purposes of research, public health or healthcare operations. A limited data set does not contain any information that can directly identify you, and may include, for example, your city and zip code, but not your name or street address. The person receiving the information must sign an agreement to protect the information.
Your rights regarding protected health information about you
Under federal law, you have these rights regarding PHI about you:
- Right to Request Restrictions: You have the right to request additional restrictions on the PHI that we may use or disclose for treatment, payment and healthcare operations. You may also request additional restrictions on our disclosure of PHI to certain individuals involved in your care that otherwise are permitted by the Privacy Rule. We are not required to agree to your request unless you are asking us to restrict the use and disclosure of your PHI to a health plan for payment or healthcare operation purposes and such information you wish to restrict pertains solely to a healthcare item or service for which you have paid us “out-of-pocket” in full. If we do agree to your request, we are required to comply with our agreement except in certain cases, including where the information is needed to treat you in the case of an emergency. To request restrictions, you must make your request in writing to our Privacy Officer using the contact information provided below. In your request, please include (1) the information that you want to restrict; (2) how you want to restrict the information (for example, restricting use to this office, only restricting disclosure to persons outside this office, or restricting both); and (3) to whom you want those restrictions to apply.
Right to Receive Confidential Communications: When patients request services through our Site, we obtain their consent in the GoCrew Patient Service Terms to receive certain communications from us by email and/or text messages. However, you have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. You must specify how you would like to be contacted (for example, by regular mail to your post office box and not your home). We are required to accommodate only reasonable requests. If you want to request a change, please direct your requests in writing to our Privacy Officer using the contact information provided below.
Right to Inspect and Copy: You have the right to request the opportunity to inspect and receive a copy of PHI about you in certain records that we maintain. This includes your medical and billing records but does not include psychotherapy or mental wellness services notes or information gathered or prepared for a civil, criminal or administrative proceeding. We may deny your request to inspect and copy PHI only in limited circumstances. To inspect and copy PHI, please direct your requests in writing to our Privacy Officer using the contact information provided below. If you request a copy of PHI about you, we may charge you a reasonable fee for the copying, postage, labor and supplies used in meeting your request.
- Right to Amend: You have the right to request that we amend PHI about you as long as such information is kept by or for our office. To make this type of request, you must submit your request in writing to our Privacy Officer using the contact information provided below. You must also give us a reason for your request. We may deny your request in certain cases, including if it is not in writing or if you do not give us a reason for the request.
- Right to receive notice of a breach: You have the right to be notified if your unsecured PHI has been breached.
Right to Receive an Accounting of Disclosures: You have the right to request a list of certain disclosures that we have made of PHI about you. This is a list of disclosures made by us during a specified period of up to six years, other than disclosures made for treatment, payment and healthcare operations; to family members or friends involved in your care; to you directly; pursuant to an authorization of you or your personal representative; for certain notification purposes (including national security, intelligence, correctional and law enforcement purposes); as incidental disclosures that occur as a result of otherwise permitted disclosures; as part of a limited data set of information that does not directly identify you; six (6) years prior to the date of the request; and before April 14, 2003. If you want to request a change, please direct your requests in writing to our Privacy Officer using the contact information provided below. The first list that you request in a 12-month period will be free, but we may charge you for our reasonable costs of providing additional lists in the same 12-month period. We will tell you about these costs, and you may choose to cancel your request at any time before costs are incurred.
- Right to a Paper Copy of this Notice: You have a right to receive a paper copy of this Notice at any time, even if you have previously agreed to receive this Notice electronically. To obtain a paper copy of this Notice, please contact our Privacy Officer using the contact information provided below.
If you would like to exercise any of the above rights, please contact our Privacy Officer using the contact information provided below. You will receive a response to your request within thirty (30) days.
If you believe your privacy rights have been violated, you may file a complaint with us or the Secretary of the United States Department of Health and Human Services. To file a complaint with our office, please contact our Privacy Officer at the address and number listed below. We will not retaliate or take action against you for filing a complaint about our privacy practices.
We take your privacy seriously. If you have questions, concerns, or feedback regarding the privacy of your personal and health information, you may contact our Privacy Officer at:
GoCrew, Inc., 3323 SW Cascade Terrace, Portland OR 97205