HIPAA Notice of Privacy Practices
Last Updated: September 2023
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The terms of this Notice of Privacy Practices (Notice) apply to Zen Leaf Cannabis Dispensary (Zen Leaf), its affiliates and its employees. Zen Leaf will share protected health information of patients as necessary to carry out treatment, payment, and health care operations as permitted by law.
We are required by law to maintain the privacy of our patients’ protected health information and to provide patients with notice of our legal duties and privacy practices with respect to protected health information. We are required to abide by the terms of this Notice for as long as it remains in effect. We reserve the right to change the terms of this Notice as necessary and to make a new notice of privacy practices effective for all protected health information maintained by Zen Leaf Medical Cannabis Dispensary. We are required to notify you in the event of a breach of your unsecured protected health information. We are also required to inform you that there may be a provision of state law that relates to the privacy of your health information that may be more stringent than a standard or requirement under the Federal Health Insurance Portability and Accountability Act (HIPAA). A copy of any revised Notice of Privacy Practices or information pertaining to a specific State law may be obtained by mailing a request to the Privacy Officer at the address shown at the bottom of this notice.
USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION
Authorization and Consent: Except as outlined below, we will not use or disclose your protected health information for any purpose other than care consultations, dispensations, or payments unless you have signed a form authorizing such use or disclosure. You have the right to revoke such authorization in writing, with such revocation being effective once we actually receive the writing; however, such revocation shall not be effective to the extent that we have taken any action in reliance on the authorization.
Uses and Disclosures for Dispensation: We will make uses and disclosures of your protected health information as necessary to facilitate your medical cannabis dispensation. Zen Leaf staff will use your doctor’s recommendations and information that you provide about your symptoms and reactions to your course of treatment that may include procedures, medications, tests, medical history, etc.
Uses and Disclosures for Payment: We will make uses and disclosures of your protected health information as necessary for payment purposes. We may also use your information to prepare a bill to send to you or to the person responsible for your payment.
Uses and Disclosures for MMTC: We will make uses and disclosures of your protected health information as necessary, and as permitted by law, for our Medical Marijuana Treatment Facilities operations, which may include facility improvements, professional peer review, business management, etc. For instance, we may use and disclose your protected health information for purposes of improving the in-store or online patient experience.
Business Associates: Certain aspects and components of our services are performed through contracts with outside persons or organizations, such as auditing, accreditation, data collection, technology, legal services, etc. At times it may be necessary for us to provide your protected health information to one or more of these outside persons or organizations who assist us with our business and technology operations. In all cases, we require these associates to appropriately safeguard the privacy of your information.
Appointments and Services: We may contact you to provide appointment updates or information about Zen Leaf benefits and services that may be of interest to you. You have the right to request that we not send you any future marketing materials and we will use our best efforts to honor such request. You must make such requests in writing, including your name and address, and send such writing to the Privacy Officer at the address below.
Research: We may use and disclose your protected health information for research purposes.
Other Uses and Disclosures: We are permitted and/or required by law to make certain other uses and disclosures of your protected health information without your consent or authorization for the following:
- Any purpose required by law;
- Public health activities such as required reporting in connection with public health investigations;
- To the Department of Health to report adverse events, product defects, or to participate in product recalls;
- To a government oversight agency conducting audits, investigations, civil or criminal proceedings;
- Court or administrative ordered subpoena or discovery request;
DISCLOSURES REQUIRING AUTHORIZATION
Marketing: We must obtain your authorization for any use or disclosure of your protected health information for marketing, except if the communication is in the form of (1) a face-to-face communication with you, or (2) a promotional gift of nominal value.
Sale of Protected Information: We must obtain your authorization prior to receiving direct or indirect remuneration in exchange for your health information; however, such authorization is not required where the purpose of the exchange is for:
- Public health activities;
- Treatment and payment purposes;
- Business operations involving the sale, transfer, merger or consolidation of all or part of our business and for related due diligence;
- Payment we provide to a business associate for activities involving the exchange of protected health information that the business associate undertakes on our behalf (or the subcontractor undertakes on behalf of a business associate) and the only remuneration provided is for the performance of such activities;
- Providing you with a copy of your health information or an accounting of disclosures;
- Disclosures required by law;
- Disclosures of your health information for any other purpose permitted by and in accordance with the Privacy Rule of HIPAA, as long as the only remuneration we receive is a reasonable, cost-based fee to cover the cost to prepare and transmit your health information for such purpose or is a fee otherwise expressly permitted by other law; or
- Any other exceptions allowed by the Department of Health and Human Services.
RIGHT THAT YOU HAVE REGARDING YOUR PROTECTED HEALTH INFORMATION
Access to Your Protected Health Information: You have the right to copy and/or inspect much of the protected health information that we retain on your behalf. For protected health information that we maintain in any electronic designated record set, you may request a copy of such health information in a reasonable electronic format, if readily producible. Requests for access must be made in writing and signed by you or your legal representative. You will be charged a reasonable copying fee and actual postage and supply costs for your protected health information. If you request additional copies you will be charged a fee for copying and postage.
Amendments to Your Protected Health Information: You have the right to request in writing that protected health information that we maintain about you be amended or corrected. We are not obligated to make requested amendments, but we will give each request careful consideration. All amendment requests must be in writing, signed by you or legal representative, and must state the reasons for the amendment/correction request. If an amendment or correction request is made, we may notify others who work with us if we believe that such notification is necessary.
Accounting for Disclosures of Your Protected Health Information: You have the right to receive an accounting of certain disclosures made by us of your protected health information. Requests must be made in writing and signed by you or your legal representative.
Restrictions on Use and Disclosure of Your Protected Health Information: You have the right to request restrictions on uses and disclosures of your protected health information. We are not required to agree to most restriction requests but will attempt to accommodate reasonable requests when appropriate. If we agree to any discretionary restrictions, we reserve the right to remove such restrictions as we appropriate. We will notify you if we remove a restriction imposed in accordance with this paragraph. You also have the right to withdraw, in writing or orally, any restriction by communicating your desire to do so to the individual responsible for medical records.
Right to Notice of Breach: We take very seriously the confidentiality of our patients; information, and we are required by law to protect the privacy and security of your protected health information through appropriate safeguards. We will notify you in the event a breach occurs involving or potentially involving your unsecured health information and inform you of what steps you may need to take to protect yourself.
Paper Copy of this Notice: You have a right, even if you have agreed to receive notices electronically, to obtain a paper copy of this Notice. To do so, please submit a request to the Privacy Officer at the address shown at the bottom of this notice.
Complaints: If you believe your privacy rights have been violated, you can file a complaint in writing with the Privacy Officer. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services at the US Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, Washington, D.C. 20201, calling 1-877-696-6775 or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. There will be no retaliation for filing a complaint.
Changes to the Terms of this Notice: We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request and on our website.
How to Contact Us
If you have any questions or concerns regarding the HIPAA Notice of Privacy Practices related to our website, please feel free to contact us at the following email or mailing address.
Email: privacy@verano.com
Mailing Address:
Verano
224 W Hill Street.
Suite 400
Chicago, Illinois 60610