HIPAA Compliance Notice
At Renew360, we are committed to protecting your health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA).
Our Commitment to Your Privacy
Renew360 understands the sensitive nature of health information. As a platform that facilitates workplace wellness benefits, we take our responsibility to protect your Protected Health Information (PHI) seriously.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
How We Protect Your Information
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
Access Controls
Role-based access control ensures only authorized personnel can access your information.
Secure Infrastructure
Our infrastructure is hosted on HIPAA-compliant cloud services with signed BAAs.
Audit Logging
Comprehensive audit trails track all access to and modifications of PHI.
Employee Training
All team members receive regular HIPAA compliance and security awareness training.
Data Backup
Regular encrypted backups with point-in-time recovery ensure data availability.
Uses and Disclosures of Your Health Information
For Treatment
We may use or disclose your health information to healthcare providers who are involved in providing your treatment or wellness services through our platform.
For Payment
We may use and disclose your health information to process payment for products and services you order through the platform, including coordination with your employer's wellness benefit program.
For Healthcare Operations
We may use and disclose health information for operational purposes such as quality assessment, employee review, and conducting or arranging for other business activities.
With Your Authorization
Other uses and disclosures of your health information will be made only with your written authorization. You may revoke this authorization at any time.
Your Rights Regarding Your Health Information
Right to Access
You have the right to inspect and obtain a copy of your health information maintained by us.
Right to Amend
You have the right to request that we amend your health information if you believe it is incorrect or incomplete.
Right to Accounting of Disclosures
You have the right to request an accounting of certain disclosures of your health information made by us.
Right to Request Restrictions
You have the right to request restrictions on certain uses and disclosures of your health information.
Right to Confidential Communications
You have the right to request that we communicate with you about health matters in a certain way or at a certain location.
Right to a Paper Copy
You have the right to obtain a paper copy of this notice upon request, even if you agreed to receive it electronically.
Our Business Associates
We work with trusted partners who may have access to your health information in order to provide our services. All business associates are required to sign Business Associate Agreements (BAAs) and maintain appropriate safeguards to protect your information.
Our primary technology partners include cloud infrastructure providers, payment processors, and healthcare service providers, all of whom maintain HIPAA compliance certifications and have signed BAAs with us.
Breach Notification
Our Commitment
In the unlikely event of a breach of unsecured protected health information, we will notify affected individuals, the Department of Health and Human Services, and in some cases, the media, as required by the HIPAA Breach Notification Rule. We will provide this notification without unreasonable delay and in no case later than 60 days following the discovery of a breach.
Filing Complaints
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, contact our Privacy Officer using the information below.
You will not be penalized or retaliated against for filing a complaint.
Contact Our Privacy Officer
If you have any questions about this notice or wish to exercise any of your rights, please contact:
Effective Date: This Notice of Privacy Practices is effective as of January 1, 2025.
Changes to This Notice: We reserve the right to change this notice at any time. Any changes will apply to health information we already have about you as well as any information we receive in the future. The revised notice will be posted on our website and will include an effective date.