HIPAA Privacy Policy & Notice of Privacy Practices

THIS HIPAA PRIVACY POLICY & NOTICE OF PRIVACY PRACTICES DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

This HIPAA Privacy Policy and Notice of Privacy Practices (“HIPAA Privacy Policy” or “Policy”) describes the legal obligations and practices of Medela LLC (“Medela”) and your legal rights regarding the use and disclosure of your Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (“HIPPA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).  Among other things this Policy describes how your Protected Health Information may be used or disclosed to carry out treatment, payment, or health care operations, or for any other purposes that are permitted or required by law.

We are required to provide notice of this Policy to you pursuant to HIPAA.

HIPAA protects certain medical information known as “Protected Health Information.”   Generally, Protected Health Information is health information, including demographic information, collected from you or created or received by a health care provider, a health care clearing house, a health plan, or your employer on behalf of a group health plan, from which it is possible to individually identify you and that relates to:

  1. Your past, present or future physical or mental health condition;
  2. The provision of health care to you; or
  3. The past, present or future payment for the provision of health care to you.

This HIPAA Privacy Policy discloses our information gathering and dissemination practices for the sites available at www.medela.us, www.medelabreastfeedingus.com, www.medelaheathcare.us, and any related sites, services or applications owned by Medela (this ”Site”).

By clicking the “I Agree” button or by otherwise accessing any material on this Site or using any of the services provided, you agree to the terms of this HIPAA Privacy Policy.  When you submit Protected Health Information via this Site, you consent to the collection, use and disclosure of that information in accordance with this HIPAA Privacy Policy.  If you do not agree, please do not use or access this Site or our services.

Please remember that this HIPAA Privacy Policy applies only to information collected by our Site.  We are not responsible for the privacy of any protected health information you reveal or post in any public forum (e.g., message board, blog, personal page, etc.) or through any public feature available on our Site, or for the privacy practices of websites that are operated or owned by third parties. 

By visiting this Site, you accept that your visit and any dispute over privacy is subject to this HIPAA Privacy Policy, our Privacy and Cookie Policies, and our Terms and Conditions of Use

Medela reserves the right to update this Policy.  If we make any changes to this Policy, we will post these changes on our Site.  You have the opportunity to review our HIPAA Privacy Policy each time you use the Site so that you are aware of any modifications to the Policy.  Your continued use of the Site (following posting of the revised HIPAA Privacy Policy) means you accept and agree to the terms of the revised Policy. 

 

Our Responsibilities

We are required by law to:

  • Maintain the privacy of your Protected Health Information;
  • Provide you with certain rights with respect to your Protected Health Information;
  • Provide you with a copy of this Notice of our legal duties and privacy practices with respect to your Protected Health Information; and
  • Follow the terms of the HIPAA Privacy Policy that is currently in effect

How We May Use and Disclose Your Protected Health Information

Under the law, we may use or disclose your Protected Health Information under certain circumstances without your permission.  The following categories describe the different ways that we may use and disclose your Protected Health Information. 

For Treatment.  We may use or disclose your Protected Health Information to facilitate medical treatment or services by providers. 

For Payment.  We may use or disclose your Protected Health Information to determine your eligibility for benefits, to facilitate payment for the treatment and services you receive from health care providers, to determine benefit responsibility, or to coordinate coverage under benefit plans. 

For Health Care Operations.  We may use and disclose your Protected Health Information for other health care operations.   

Treatment Alternatives or Health-Related Benefits and Services.  We may use and disclose your Protected Health Information to send you information about treatment alternatives or other health-related benefits and services that might be of interest to you.

To Business Associates.  We may contract with individuals or entities known as Business Associates to perform various functions on our behalf or to provide certain types of services.  In order to perform these functions or to provide these services, Business Associates will receive, create, maintain, transmit, use and/or disclose your Protected Health Information, but only after they agree in writing to implement appropriate safeguards regarding your Protected Health Information. 

As Required by Law.  We will disclose your Protected Health Information when required to do so by federal, state, or local law.  For example, we may disclose your Protected Health Information when required by national security laws or public health disclosure laws.

To Avert a Serious Threat to Health or Safety.  We may use and disclose your Protected Health Information when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person. 

Special Situations

In addition to the above, the following categories describe other possible ways that we may use and disclose your Protected Health Information without your specific authorization. 

Military.  If you are a member of the armed forces we may release your Protected Health Information as required by military command authorities. 

Public Health Risks.  We may disclose your Protected Health Information for public health activities.  These activities generally include the following:

  • To prevent or control disease, injury or disability;
  • To report births and deaths;
  • To report child abuse or neglect;
  • To report reactions to medications or problems with products;
  • To notify people of recalls of products they may be using;
  • To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
  • To notify the appropriate government authority if we believe that a patient has been the victim of abuse, neglect, or domestic violence.  We will only make this disclosure if you agree, or when required or authorized by law.

Health Oversight Activities.  We may disclose your Protected Health Information to a health oversight agency for activities authorized by law.  These oversight activities include, for example, audits, investigations, inspections and licensure.  These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights law.

Lawsuits and Disputes.  If you are involved in a lawsuit or a dispute, we may disclose your Protected Health Information in response to a court or administrative order.  We may also disclose your Protected Health Information in response to a subpoena, discovery request, or other lawful process by someone involved in a legal dispute, but only if efforts have been made to tell you about the request or to obtain a court or administrative order protecting the information requested.

Law Enforcement.  We may disclose your Protected Health Information if asked to do so by a law-enforcement official (1) in response to a court order, subpoena, warrant, summons, or similar process; or (2) to identify or locate a suspect, fugitive, material witness, or missing person.  If asked by a law-enforcement official we may also disclose Protected Health Information about –

  • the victim of a crime if, under certain limited circumstances, we are unable to obtain the victim’s agreement;
  • a death that we believe may be the result of criminal conduct; and
  • criminal conduct.

National Security and Intelligence Activities.  We may release your Protected Health Information to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.

Inmates.  If you are an inmate of a correctional institution or are in the custody of a law-enforcement official, we may disclose your Protected Health Information to the correctional institution or law-enforcement official if necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.

Research.  We may disclose your Protected Health Information to researchers when:

  1. The individual identifiers have been removed; or
  2. When an institution review board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of the requested information, and approves the research.

Required Disclosures

The following is a description of disclosures of your Protected Health Information we are required to make.

Government Audits.  We are required to disclose your Protected Health Information to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA privacy rule.

Disclosures to You.  When you request, we are required to disclose to you the portion of your Protected Health Information that contains medical records, billing records, and any other records used to make decisions regarding your health care benefits.  We are also required, when requested, to provide you with an accounting of disclosures of your Protected Health Information if the disclosure was for reasons other than for payment, treatment, or health care operations, and if the Protected Health Information was not disclosed pursuant to your individual authorization.

Other Disclosures

Personal Representatives.  We will disclose your Protected Health Information to individuals authorized by you, or to an individual designated as your personal representative, attorney-in-fact, or similar persons, as long as you provide us with a written notice/authorization and any supporting documents. Please note, however, that under the HIPAA privacy rule, we do not have to disclose information to a personal representative if we have a reasonable belief that:

  1. You have been, or may be, subjected to domestic violence, abuse, or neglect by such person; or
  2. Treating such person as your personal representative could endanger you; and
  3. In the exercise of professional judgment, it is not in your best interest to treat the person as your personal representative.

Authorizations.  Other uses or disclosures of your Protected Health Information not described above will only be made with your written authorization.  For example, in general and subject to specific conditions, we will not use or disclose your protected health information for marketing; and we will not sell your protected health information, unless you give us a written authorization.  You may revoke written authorizations at any time, so long as the revocation is in writing.  Once we receive your written revocation, it will only be effective for future uses and disclosures.  It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation.

Your Rights

You have the following rights with respect to your Protected Health Information:

Right to Inspect and Copy.  You have the right to inspect and copy certain Protected Health Information.  If the information you request is maintained electronically, and you request an electronic copy, we will provide a copy in the electronic form and format you request, if the information can be readily produced in that form and format; if the information cannot be readily produced in that form and format, we will work with you to come to an agreement on form and format.  If we cannot agree on an electronic form and format, we will provide you with a paper copy.

To inspect and copy your Protected Health Information, you must submit your request in writing to the  Privacy Officer.  If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.

We may deny your request to inspect and copy in certain very limited circumstances.  If you are denied access to your medical information, you may request that the denial be reviewed by submitting a written request to the Privacy Officer.

Right to Amend.  If you feel that the Protected Health Information we have about you is incorrect or incomplete, you may ask us to amend the information.  You have the right to request an amendment for as long as the information is kept by or for Medela.

To request an amendment, your request must be made in writing and submitted to the Privacy Officer at 1101 Corporate Drive, McHenry, Illinois 60050In addition, you must provide a reason that supports your request.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request.  In addition, we may deny your request if you ask us to amend information that:

  • Is not part of the medical information kept by or for Medela;
  • Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
  • Is not part of the information that you would be permitted to inspect and copy; or
  • Is already accurate and complete.

If we deny your request, you have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement.

Right to an Accounting of Disclosures.  You have the right to request an “accounting” of certain disclosures of your Protected Health Information.  The accounting will not include (1) disclosures for purposes of treatment, payment, or health care operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends or family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures.

To request this list or accounting of disclosures, you must submit your request in writing to the Privacy Officer.  Your request must state the time period you want the accounting to cover, which may not be longer than six (6) years before the date of the request.  Your request should indicate in what form you want the list (for example, paper or electronic).  The first list you request within a 12-month period will be provided free of charge.  For additional lists, we may charge you for the costs of providing the list.  We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to Request Restrictions.  You have the right to request a restriction or limitation on your Protected Health Information that we use or disclose for treatment, payment, or health care operations.  You also have the right to request a limit on your Protected Health Information that we disclose to someone who is involved in your care or the payment for your care, such as a family member or friend. 

Except as provided in the next paragraph, we are not required to agree to your request.  However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you otherwise.

We will comply with any restriction request if (1) except as otherwise required by law, the disclosure is to a health plan for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (2) the Protected Health Information pertains solely to a health care item or service for which the health care provider involved has been paid in full by you or another person.

To request restrictions, you must make your request in writing to the Privacy Officer at 1101 Corporate Drive, McHenry, Illinois 60050.  In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply-for example, disclosures to your spouse.

Right to Request Confidential Communications.  You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.  For example, you can ask that we only contact you at work or by mail.

To request confidential communications, you must make your request in writing to the Privacy Officer at 1101 Corporate Drive, McHenry, Illinois 60050.  We will not ask you the reason for your request.  Your request must specify how and/or where you wish to be contacted.  We will accommodate all reasonable requests.

Right to Be Notified of a Breach.  You have the right to be notified in the event that we (or a Business Associate) discover a breach of unsecured Protected Health Information.

Right to a Paper Copy of This Notice.  You have the right to a paper copy of this notice.  You may ask us to give you a copy of this notice at any time.  Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.

Right to know name.  You have the right to know the name of the personal helping or guiding you through the process.

Right to be treated with respect.  You have the right to be treated with respect, consideration, and recognition of client/patient dignity and individuality.

Complaints

If you believe that your privacy rights have been violated, you may file a complaint with Medela or with the Office for Civil Rights of the United States Department of Health and Human Services.  To file a complaint with Medela, contact the Privacy Officer, at Medela LLC, 1101 Corporate Drive, McHenry, Illinois 60050.  All complaints must be submitted in writing.

Customers who obtain an insurance breast pump from Medela also have a right to report grievances/complaints to ACHC’s Complaints Department at (855) 937-2242. 

You will not be penalized, or in any other way retaliated against, for filing a complaint with us, the Office for Civil Rights or the ACHC’s Complaints Department.

Choice/Opt Out

If you have submitted Protected Health Information through the Site, or if someone else has submitted your Protected Health Information through the Site, and you would like to have that information deleted from our databases, please contact us via email.  We will then use reasonable efforts to remove your Protected Health Information.  However, we may maintain your Protected Health Information to the extent it relates to individual sales transactions for recordkeeping and servicing.

1.     You can send email to privacy.us@medela.com.

2.     You can send mail to the following postal address:

Medela LLC
Attn: Privacy Policy
1101 Corporate Dr.
McHenry, IL 60050

Questions About Our HIPAA Privacy policy

If you have questions about our Site and our HIPAA Privacy Policy, please feel free to contact us at privacy.us@medela.com or contact our Privacy Officer, at Medela LLC, 1101 Corporate Drive, McHenry, Illinois 60050, 815-578-2372.

Updated July 1, 2020