Notice of Privacy Practices
Effective Date: May 12, 2025
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. Our Commitment
Aurea Health is required by HIPAA to maintain the privacy of your Protected Health Information (PHI), provide this Notice, and follow its terms.
2. Uses and Disclosures of PHI
We may use/disclose PHI for: Treatment (clinical care coordination), Payment (billing and insurance claims), Healthcare Operations (quality, auditing, planning — de-identified per Safe Harbor), With Your Authorization (revocable in writing), and As Required by Law (court orders, public health reporting).
3. Your Rights
- Access: Inspect and obtain copies of your PHI (within 30 days).
- Amendment: Request correction of inaccurate PHI (within 60 days).
- Accounting of Disclosures: Receive a list of disclosures made in the past 6 years.
- Restrictions: Request limits on use/disclosure for treatment, payment, or operations.
- Confidential Communications: Request specific communication methods.
- Paper Copy: Obtain a paper copy of this Notice upon request.
4. Our Responsibilities
- Maintain privacy and security of your PHI.
- Notify you within 60 days if a breach compromises your PHI (HIPAA Breach Notification Rule).
- Follow duties and practices described in this Notice.
5. Security Safeguards
- AES-256 encryption at rest, TLS 1.3 in transit
- Role-based access controls
- Immutable audit logging of all PHI access
- Biometric authentication (Face ID / Touch ID)
- Automatic session timeout
- BAAs with all vendors handling PHI
- Annual security risk assessments
6. Complaints
File complaints with us at hello@aureahealth.ai or with the HHS Office for Civil Rights. We will not retaliate.