Notice of Privacy Practices
This Notice of Privacy Practices (“Notice”) describes how health information about you may be used and disclosed and how you may access that information. Please review it carefully.
Ody Health is a technology and administrative platform. Ody Health is not a medical practice and does not itself provide medical care. Independent licensed medical providers, provider networks, pharmacies, laboratories, and other health care entities may be subject to HIPAA and may provide their own notices of privacy practices.
This Notice applies to protected health information (“PHI”) that Ody Health creates, receives, maintains, or transmits on behalf of a HIPAA-regulated provider or other covered entity, or where Ody Health is otherwise required to provide notice under applicable law or contractual obligations.
Uses and disclosures for treatment, payment, and health care operations
We may use and disclose PHI to support treatment, payment, and health care operations. For treatment, PHI may be shared with independent licensed providers, provider networks, pharmacies, laboratories, or other professionals involved in your care or service coordination. For payment, PHI may be used or disclosed to process payments, determine billing status, support pharmacy or laboratory transactions, or resolve payment issues. For health care operations, PHI may be used or disclosed for quality review, compliance, security, credentialing support, vendor management, customer support, auditing, recordkeeping, and platform operations.
Ody Health does not make clinical decisions, prescribe medications, dispense medications, or operate a pharmacy. Clinical decisions are made by independent licensed providers.
Other uses and disclosures permitted or required by law
We may use or disclose PHI as permitted or required by law, including for public health activities, health oversight activities, legal proceedings, law enforcement requests, serious threats to health or safety, workers’ compensation, coroners or medical examiners, organ donation, research where legally permitted, military or national security purposes, correctional institutions, and other purposes authorized by HIPAA or applicable law.
We may also disclose PHI to business associates and service providers that perform functions for us or for covered entities, provided they agree to safeguard PHI as required by law or contract.
Your HIPAA rights
Where HIPAA applies, you may have the right to request access to inspect or receive a copy of PHI maintained about you in a designated record set, request an amendment of PHI you believe is incorrect or incomplete, request restrictions on certain uses or disclosures, request confidential communications, request an accounting of certain disclosures, and receive a paper copy of this Notice.
You also have the right to receive notice following a breach of unsecured PHI where notification is required by law.
Requests may be sent to info@odyhealth.co. We may ask you to submit certain requests in writing and may verify your identity before responding.
Access, copies, and fees
If you request copies of records, we or the applicable provider may charge a reasonable, cost-based fee where permitted by law. Certain requests may be denied or limited as permitted by HIPAA or other applicable law, including where records are maintained by an independent provider, pharmacy, laboratory, or other third party rather than Ody Health.
Our duties
Where HIPAA applies, we are required to maintain the privacy and security of PHI, provide notice of our legal duties and privacy practices, notify affected individuals following certain breaches of unsecured PHI, and follow the terms of the Notice currently in effect.
We will not use or disclose PHI other than as described in this Notice, as permitted by law, as authorized by you, or as directed by the applicable covered entity or provider.
Changes to this Notice
We may change this Notice from time to time. We reserve the right to make the revised Notice effective for PHI we already maintain as well as information we receive in the future. When we make a material change, we will post the revised Notice on odyhealth.co and update the effective date.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with us at info@odyhealth.co. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.
We will not retaliate against you for filing a complaint or exercising your privacy rights.
AI processing of de-identified information
Ody Health may use an AI-supported recommendation engine as part of its intake and clinical support workflow. Before information is processed by the AI system, personal identifiers are removed in accordance with the HIPAA Safe Harbor de-identification standard described in 45 CFR 164.514(b)(2).
Information processed by the AI system is limited to de-identified clinical information, such as age, sex, measurements, structured symptom selections, self-assessment scores, and current medications identified by name. Personal identifiers, including names, addresses, contact information, dates of birth, and payment information, are not transmitted to the AI system.
AI-generated assessments are used solely to support clinical workflow and physician efficiency. Any recommendation generated by the AI system is reviewed by a licensed physician before any treatment decision is made.
Because the AI system receives only de-identified information processed under the HIPAA Safe Harbor standard, that processing is not treated as a disclosure of protected health information under HIPAA.
Contact for this Notice
Questions about this Notice may be sent to:
Ody Health
Attn: Privacy
1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801
Email: info@odyhealth.co