THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Warby Parker takes the confidentiality of your health information very seriously. We are required by law to provide you with this Notice of Privacy Practices (“Notice”) and follow the terms of this Notice while it is in effect. This Notice is provided to you pursuant to the Health Insurance Portability and Accountability Act and its implementing regulations (collectively, “HIPAA”) and is intended to cover how Warby Parker Inc., which does business as Warby Parker, as health care provider covered by HIPAA (“Warby Parker”), and its affiliate eye practices as health care providers covered by HIPAA (“We,” “Us,” or “Our”) use and disclose your health information subject to HIPAA (“PHI”). For information about our collection, use, and disclosure of personal information other than PHI, please click this Privacy Policy Notice link.
The following categories describe different ways that We use and disclosure your PHI. For each category of uses or disclosures, We will explain what We mean and try to give a few examples of those activities (but note that not every use or disclosure that falls within each category is included!).
Treatment. Treatment includes providing, coordinating, and managing your care. We may use and disclose your PHI to provide, coordinate, and manage your treatment or other related services. For example, We may disclose your prescription information to treating providers like doctors, nurses, other optical dispensers, and other entities like laboratories so these providers can meet your healthcare needs.
Payment. Payment includes billing, coverage, and claims activities. We may use and disclose your PHI as needed to bill or obtain payment for the treatment and services We provide. For example, We may share information with your vision insurance plan about upcoming treatment or services that require prior approval by the plan.
Healthcare Operations. We may use or disclose your PHI in order to carry out Our general business activities or certain business activities. These activities include, but are not limited to improving the services and training staff, and for case management, care coordination, business management, quality improvement, performance evaluation, customer service activities, and other business planning purposes. For example, We may use your PHI to evaluate the quality of care We are providing.
Consistent with HIPAA, We may also use or disclose your PHI to:
“Marketing” means to make a communication to you that encourages you to purchase or use a product or service. We will not use or disclose your health information for marketing communications without your prior written authorization, except
If We seek to use or disclose your PHI for any purpose not set forth in this Notice, We will seek your written permission (also called an “authorization”) You may revoke your permission, in writing, at any time. If you do so, We will no longer use or disclose your PHI for the reasons covered by your written permission, but note that We are unable to take back any disclosures We have already made with your permission. Note that there is a potential that information disclosed to third parties may no longer be protected by HIPAA, and those third parties could re-disclose your information.
We’re required by HIPAA to:
Please note that some states have laws that are stricter than HIPAA regarding your health information. If a state law applies to Us and is stricter or places limits on the ways We can use or share your PHI, We will follow the state law. We will not use or disclose your PHI if state law prohibits it.
We will not use or disclose the records We receive subject to 42 C.F.R. Part 2, or testimony relaying the content of such records, in civil, criminal, administrative, or legislative proceedings against you unless We have your written consent or a court order, after notice and an opportunity to be heard in court is provided to you. Any court order We receive for a use or disclosure of these records must be accompanied by a subpoena or other legal obligation before We may use or disclose the record.
You have the following rights with respect to your PHI maintained by Us.
We may need to update this Notice, and We reserve the right to do so at any time. If We change the terms of this Notice, the new terms will apply to all PHI that We maintain about you, including PHI that was created or received before such changes were made. We will post the new Notice on Our websites and mobile applications, and will update the “Effective Date” at the top of this page so you can tell if it has changed since your last visit. We will make the new Notice available upon request.
If you believe that your privacy rights have been violated or that We have not followed Our obligations under HIPAA, you may file a complaint with Us or with the Secretary of Health and Human Services. We will not retaliate against you or penalize you for filing any such complaint.
To file a HIPAA complaint with us, email [email protected] or write to 233 Spring Street, 6th Floor East, New York City, NY 10013, Attn: Legal Department.
To file a complaint with the Secretary of Health and Human Services, call 877.696.6775 or write to 200 Independence Avenue S.W., Washington, D.C. 20201, or visit www.hhs.gov/o cr/privacy/hipaa/complaints.
To exercise any of your rights set forth in this Notice, or for more information about Our privacy practices, email [email protected], write to 233 Spring Street, 6th Floor East, New York City, NY 10013, Attn: Legal Department, or call 888.492.7297 and ask to speak with the Legal Department.