Notice of Privacy Practices

Effective date: 5/9/2024

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

This Notice describes the privacy practices of Luna Care, Inc. (and its affiliates Arizona Luna Care Physical Therapy LLC, California Luna Care Physical Therapy P.C., Colorado Luna Care Physical Therapy LLC, Connecticut Luna Care Physical Therapy LLC, DC Luna Care Physical Therapy LLC, Delaware Luna Care Physical Therapy LLC, Florida Luna Care Physical Therapy LLC, Georgia Luna Care Physical Therapy LLC, Illinois Luna Care Physical Therapy LLC, Indiana Luna Care Physical Therapy LLC, Maryland Luna Care Physical Therapy LLC, Massachusetts Luna Care Physical Therapy LLC, Michigan Luna Care Physical Therapy LLC, Minnesota Luna Care Physical Therapy LLC, Missouri Luna Care Physical Therapy LLC, Nevada Luna Care Physical Therapy LLC, New York Luna Care Physical Therapy PLLC, North Carolina Luna Care Physical Therapy LLC, Ohio Luna Care Physical Therapy LLC, Oklahoma Luna Care Physical Therapy LLC, Oregon Luna Care Physical Therapy LLC, Pennsylvania Luna Care Physical Therapy LLC, Tennessee Luna Care Physical Therapy LLC, Texas Luna Care Physical Therapy LLC, Utah Luna Care Physical Therapy LLC, Virginia Luna Care Physical Therapy LLC, Washington Luna Care Physical Therapy LLC, and Wisconsin Luna Care Physical Therapy LLC, plus in certain cases, Luna may bill for our Services via our health system or PT clinic partnerships and their related entities.) (collectively, “Luna,” “we”, “us”, or “our”) in relation to health information about you (“Protected Health Information” or “PHI”), which we collect, create, and transmit when you provide you with in-person care or through our website(s), application(s), and mobile application(s).

Our privacy obligations

We understand that your health information is personal and private, and we are committed to protecting your privacy. In addition, we are required by law to maintain the privacy of your PHI, to provide you with this Notice and to notify you in the event of a breach of your unsecured PHI. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).

For more general information about our privacy practices in connection with our services, please review Luna’s Privacy Policy.

Permissible uses and disclosures without your written authorization

In certain situations, we must obtain your written authorization in order to use and/or disclose your PHI. However, we may use and disclose your PHI without your written authorization for the following purposes:

Treatment: We use and disclose your Protected Health Information to provide our Services to you, including in-person care and via our website, digital experiences, and mobile application(s). In providing our Services to you, we may share your PHI with your physical therapist(s), other clinic or hospital partner(s) that are engaged in connection with the provision of physical therapy to you, or other clinical professionals such as your primary care physician for purposes of coordinating treatment.

Payment: We may use and disclose your PHI to obtain payment for Services that we provide to you - for example, disclosures to claim and obtain payment from your health insurer or workers’ compensation provider. We may also share your PHI with your other healthcare providers as necessary for them to receive payment for services they render to you.

Healthcare operations: We may use and disclose your PHI for our healthcare operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the care that we deliver to you. For example, we may use PHI to evaluate the quality of our Services or address your complaints.

Disclosures to Business Associates: We may share your PHI with our healthcare-related “business associates,” which are service providers or other persons who use or disclose PHI to perform services for us. We enter into contracts with business associates requiring them to protect the privacy of your PHI, and we share only the minimum amount of PHI necessary for business associates to perform their duties.

Disclosure to relatives, close friends, and other caregivers: We may share your PHI with a family member, other relative, a close personal friend, or any other person identified by you if: (1) we obtain your agreement or provide you with the opportunity to object, and you do not object; or (2) we reasonably infer that you do not object.

Sometimes, you may be unavailable to object to a disclosure. In that case, we may exercise our professional judgment to determine whether a disclosure is in your best interests. If we disclose information under such circumstances, we would disclose only information that is directly relevant to the person’s involvement with your care.

As required by law: We may use and disclose your PHI when required to do so by any applicable federal, state or local law.

Public health activities: We may disclose your PHI: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report child abuse and neglect to a government authority authorized by law to receive such reports; and (3) to report information about products under the jurisdiction of the U.S. Food and Drug Administration.

Victims of abuse, neglect or domestic violence: We may disclose your PHI if we reasonably believe you are a victim of abuse, neglect or domestic violence to a government authority authorized by law to receive reports of such abuse, neglect, or domestic violence.

Health oversight activities: We may disclose your PHI to an agency that oversees the healthcare system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.

Judicial and administrative proceedings: We may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.

Law enforcement officials: We may disclose your PHI to the police or other law enforcement officials as required by law or in compliance with a court order.

Decedents: We may disclose your Protected Health Information to a coroner or medical examiner as authorized by law.

Research activities: We may use and disclose your PHI for research purposes pursuant to a valid authorization from you or when an institutional review board or privacy board has waived the authorization requirement. Under certain circumstances, your Protected Health Information may be disclosed without your authorization to researchers preparing to conduct a research project, for research or decedents or as part of a data set that omits your name and other information that can directly identify you.

Health or safety: We may use or disclose your PHI to prevent or lessen a serious and imminent threat to a person’s or the public’s health or safety.

Uses and disclosures requiring your written authorization

For any purpose other than the ones described above in section "Permissible uses and disclosures without your written authorization", we only use or disclose your Protected Health Information when you give us your written authorization.

Marketing: We must obtain your written authorization prior to using your PHI for purposes that are marketing under the HIPAA privacy rules. For example, we will not accept any financial payments from other organizations or individuals in exchange for making communications to you about treatments, healthcare providers, care coordination, products or services unless you have given us your authorization to do so or the communication is permitted by law. We may give you promotional gifts of nominal value without obtaining your written authorization.

Sale of Protected Health Information: We will not share your information as part of a sale of PHI without your written authorization.

Cancellation of your authorization: You may revoke your authorization, except to the extent that we have taken action in reliance upon it, by delivering a written cancellation to Luna’s Privacy team at privacy@getluna.com.

Your individual rights

For further information; complaints: If you would like more information about your privacy rights, are concerned that we have violated your privacy rights, or disagree with a decision that we made about access to your PHI, you may contact Luna’s Privacy team at privacy@getluna.com. You may also file a written complaint with the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services. Upon request, we will provide you with the correct address for OCR. We will not retaliate against you if you file a complaint with us or OCR.

Right to request additional restrictions: You may request additional restrictions on our use and disclosure of your PHI for following activities: (1) for treatment, payment and healthcare operations; (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care; or (3) to notify or assist in the notification of such individuals regarding your location and general condition. While we will consider all requests for additional restrictions carefully, we are not required to agree to most requested restrictions. We will honor a request to restrict our disclosure to a health plan for payment or healthcare operations purposes if the disclosure is not required by law and the information pertains solely to a healthcare item or service for which you (or someone on your behalf other than the health plan) have paid us out of pocket in full.

Right to receive alternative communications: You may request, and we will accommodate, any reasonable written request for you to receive your PHI by alternative means of communication or at alternative locations.

Right to inspect and copy your health information: You may request access to inspect and obtain a copy of your medical and billing records maintained by us. Under limited circumstances, we may deny you access to a portion of your records. If you desire access to your records, please contact Luna’s Medical Records team at records@getluna.com. If you request copies, we may charge you a reasonable fee.

Right to amend your records: You have the right to request that we amend your PHI maintained in your medical or billing records. If you desire to amend your records, please contact Luna’s Medical Records team at records@getluna.com. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply.

Right to receive an accounting of disclosures: Upon request, you may obtain an accounting of certain disclosures of your Protected Health Information made by us during any period of time prior to the date of your request provided such period does not exceed six years. If you request an accounting more than once during a twelve (12) month period, we may charge you a reasonable fee for the accounting statement.

Right to receive paper copy of this Notice: Upon request, you may obtain a paper copy of this Notice, even if you agreed to receive such notice electronically.

Right to change terms of this Notice: We may change the terms of this Notice at any time. If we change this Notice, we may make the new notice terms effective for all your PHI that we maintain, including any information created or received prior to issuing the new notice. If we change this Notice, we will post/update the latest version to Luna’s Notice of Privacy Practices.