Logo for Wholehearted Nutrition & Wellness, PLLC featuring a stylized heart with a fork and spoon inside, a leaf and a kettle

HIPAA NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW CAREFULLY.

I. OUR PLEDGE REGARDING HEALTH INFORMATION:

Wholehearted Nutrition and Wellness PLLC understands that your health and information about your health care is personal and private. We are committed to protecting your health information within the best of our abilities. We create and record the care and services you receive from us. This record is needed to provide you with high quality care, comply with certain legal requirements, and document interactions and interventions for your safety and security. This notice applies to all of the records of your care generated by our practice. This notice will tell you about the ways in which we may use and disclose health information about you within your explicitly provided rights and allowances. We also describe your rights to the health information we keep on file about you, and review obligations we have regarding the use and disclosure of your health information.

By law, we are required to:

  • Make sure that protected health information (“PHI”) that identifies you in any way is kept private and secure from outside interests.

  • Give notice of our legal duties and privacy practices with respect to health information.

  • Follow the terms of the notice that is currently in effect.

  • Notify you of updates or changes to our HIPAA Privacy Practices that will apply to all health information we have about you. The updated Notice will be available on our virtual telehealth platform, on our website, and upon written request.

II. HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU:

The following categories describe different ways that we may use and disclose health information for business purposes. For each category of uses or disclosures, we will provide explanation and examples for clarity and transparency. Please note, all every use or disclosure in a category will be listed; however, all the ways that we are permitted to use and disclose information will fall within one of the following categories.

For Treatment, Payment, or Health Care Operations: Federal and State Privacy rules (regulations) allow health care providers who have direct treatment relationship with the patient/client to use or disclose the patient/client’s personal health information without the patient’s written authorization in the effort to carry out the healthcare provider’s and/or healthcare business’ use of treatment, payment, or healthcare/business operations. We may disclose your protected health information regarding treatment activities to other licensed and qualified healthcare providers who may assist in the diagnosis and treatment of your health. For example, if a healthcare provider were to consult with another licensed and qualified healthcare provider regarding your condition, we would be permitted to use and disclose some personal health information, which is otherwise confidential, in order to assist in the proper diagnosis, treatment, and management of you and your health and condition. Disclosures for health treatment purposes are not limited to the minimum necessary standard. This is due in part as other healthcare providers need access to the full record and/or full and complete information in order to provide high quality and complete care. The word “treatment” includes, among other things, the coordination and management of health care providers with a third party, consultations between healthcare providers, and referrals of a patient for health care from one healthcare provider to another. We will always attempt, to the best of our professional ability, to minimize the amount of personal health information used and disclosed in order to guide and assist in treatment and care.

For Lawsuits and Disputes: If you are involved in a lawsuit, we may be obligated to disclose health information in response to a court or administrative order. We may also disclose health information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

III. CERTAIN USES AND DISCLOSURES REQUIRE YOUR AUTHORIZATION:

  • Session Notes: We keep “Session Notes” and any use or disclosure of such notes requires your explicit authorization unless the use or disclosure is:

    • For use in treating you

    • For use in training or supervising associates, employees, students, or other qualified entities to help them improve clinical skill and efficiency

    • For use in defending our business in legal proceedings instituted by you

    • For use by the Secretary of Health and Human Services to investigate our compliance with HIPAA

    • Required by law and the use or disclosure is limited to the requirements of such law

    • Required by law for certain health oversight activities pertaining to the originator of the session notes

    • Required by a coroner who is performing duties authorized by law

    • Required to help avert a serious treat to the health and safety of others

  • Marketing Purposes: As a healthcare company, we will never use or disclose your PHI for marketing purposes.

  • Sale of PHI: As a healthcare company, we will never sell your PHI to third-parties in the regular course of business or for financial gain.

IV. CERTAIN USES AND DISCLOSURES DO NOT REQUIRE YOUR AUTHORIZATION

Subject to certain limitations in state and federal law, we can disclose your PHI without your explicit authorization for the following reasons:

  1. When disclosure is required by state or federal law, and the use or disclosure complies with and is limited to the relevant requirements of such law.

  2. For public health activities, including reporting suspected child, elder, or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety.

  3. For health oversight activities, including audits and investigations.

  4. For judicial and administrative proceedings, including responding to a court or administrative order.

  5. For law enforcement purposes, including reporting crimes occurring on our platform or on our premises.

  6. To coroners or medical examiners, when such individuals are performing duties authorized by law.

  7. For research purposes, requiring verifiable proof of appropriate certifications and board approval upon background investigation and review.

  8. Specialized government functions.

  9. For workers’ compensation purposes in order to comply with workers’ compensation laws.

  10. Appointment reminders and health related benefits or services. We may use and disclose your PHI to contact you in effort to remind you that you have an upcoming appointment with us. We may also use and disclose your PHI to tell you about treatment alternatives or other health care services or benefits we or our affiliates offer.

V. CERTAIN USES AND DISCLOSURES REQUIRE YOU TO HAVE THE OPPORTUNITY TO OBJECT

  1. Disclosures to family, friends, or other individuals involved in the management and maintenance of you and your health care.

    • We may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment of your health care, unless you explicitly object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations.

VI. YOU HAVE THE FOLLOWING RIGHTS WITH RESPECT TO YOUR PHI:

  1. The right to request limits on use and disclosures of your PHI.

    • You have the right to ask use not to use or disclose specific PHI for treatment, payment, or healthcare operation purposes. We are not required to agree with your request. In the situation where we may say “no”, you will receive written explanation in a timely manner as to the reasoning behind why we are declining to oblige with your explicit request in effort to support your health.

  2. The right to request restrictions for out-of-pocket expenses paid for in full.

    • You have the right to request restrictions on disclosures of your PHI to health plans for payment or healthcare operations purposes if the PHI pertains solely to a healthcare item or a healthcare service that you have paid for out-of-pocket in full.

  3. The right to choose how we send PHI to you.

    • You have the right to ask us to contact you in a specific way or to send mail to a different address. We are not required to agree with your request. In the situation where we may say “no”, you will receive written explanation in a timely manner as to the reasoning behind why we are declining to oblige with your explicit request in effort to support your health.

  4. The right to see and get copies of your PHI.

    • Other than “session notes,” you have the right to get an electronic or paper copy of your medical record and other information that we have about you. We will provide you with a copy of your record, or a summary of it if you agree to receive a summary, within 30 days of receiving your written request. We may charge a reasonable cost-based fee for doing so.

  5. The right to get a list of the disclosures we have made with your PHI.

    • You have the right to request a list of instances in which we have disclosed your PHI for purposes other than treatment, payment or healthcare operations, or for which you provided us with an authorization. We will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list will include disclosures made in the last six years unless you request a shorter time. We will provide the list to you at no charge for the first request of each calendar year, but will charge you a reasonable cost-based fee for each additional request per calendar year.

  6. The Right to correct or update your PHI.

    • If you believe that there is a mistake in your PHI that we have on you, or that a piece of important information is missing from your PHI, you have the right to request that we correct the existing information or add the missing information. We are not required to agree with your request. In the situation where we may say “no”, you will receive written explanation in a timely manner as to the reasoning behind why we are declining to oblige with your explicit request in effort to support your health.

  7. The right to get a paper or electronic copy of this notice.

    • You have the right to get a paper copy of this notice, and you have the right to get a copy of this notice by electronic mail. If you have agreed to receive this notice via electronic mail, you also have the right to request a paper copy of it.

CHANGES TO THE TERMS OF THIS NOTICE

We can change the terms of this notice at any time and such changes will apply to all information we have about you upon public publishing. The new notice will be available on our website at all times or you may request paper or electronic copy, per your rights, through written communication.

EFFECTIVE DATE OF THIS NOTICE

Effective Date of Notice: 09/19/2025

Application of Notice: Wholehearted Nutrition and Wellness PLLC

Contact Person: Matthew Kokos (509)-562-2881

ACKNOWLEDGE OF RECEIPT OF PRIVACY NOTICE

Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), you have certain rights regarding the use and disclosure of your protected health information (PHI). By utilizing our services and completing and signing our HIPAA Notice of Privacy Practices, you are acknowledging that you have received, reviewed, and agree to our HIPAA Notice of Privacy Practices.