Federal law permits the use or disclosure of your PHI without your permission for the following purposes:

1. Treatment: We may use or disclose your PHI to provide and coordinate the treatment, medications, and services you receive. For example, we may communicate with physicians, their staff, and other healthcare professionals to ensure you receive appropriate treatment. Furthermore, we may use your PHI to contact you regarding, medications, equipment, refill reminders, product recalls, or treatment alternatives.
2. Payment: We may use or disclose your PHI to facilitate billing and payment for the pharmacy services we have provided. For example, we may contact your insurer or healthcare payer to determine whether it will pay for the medications dispensed to you. The information on or accompanying the bill may include information that identifies you and the medications you have been prescribed.
3. Healthcare Operations: We may use and disclose your PHI in connection with our healthcare operations. Healthcare operations include quality assessment and improvement activities, reviewing the competence or qualifications of healthcare professionals, evaluating practitioner and provider performance, conducting training programs, and accreditation, certification, licensing or credentialing activities.

Other Special Circumstances When We may Use Your PHI Without Your Permission
While the situations addressed below may never arise, we may disclose your PHI without your permission under federal and state law as described below:

1. To Business Associates: We operate our business and provide some services with the assistance of other companies called “business associates.” We may disclose your PHI to our business associates, but we have entered into agreements with these entities to safeguard your PHI.
2. To communicate with individuals involved in your care or payment for your care: We may share information about you with your family members and friends who are involved in your care or payment for your care. Whenever possible, we will allow you to tell us who you would like to be involved in your care. However, in emergencies or other situations in which you are unable to tell us who to share information with, we will use our best judgment and share only information that others need to know. You have the right to request restrictions on disclosure to family members, other relatives, close personal friends, or any other person identified by you.
3. To parents or legal guardians: If you are a minor, we may release your PHI to your parents or legal guardians when we are permitted or required by law.
4. Worker’s Compensation: We may share your PHI with those who need it in order to provide benefits for work-related injuries or illness.
5. Law Enforcement: We may disclose your PHI for law enforcement purposes as required by law or in response to a subpoena or court order.
6. Public Health: We may disclose your PHI to the appropriate authorities charged with preventing and controlling disease, injury, or disability for public health activities.

We must also disclose your PHI without your permission as required by applicable federal or state law as described below.

1. Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the healthcare system, government programs, and compliance with civil rights laws.
2. Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order, subpoena request, discovery request, or other lawful process.
3. Research. We may disclose your PHI to researchers when the research has previously been reviewed and approved by an institutional review board or privacy board that has examined the research proposal and established protocols to ensure the privacy of your information.
4. Coroners, Medical Examiners, and Funeral Directors. We may release your PHI to a coroner or medical examiner to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
5. Organ or Tissue Procurement Organizations. Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
6. Notification. We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your general condition, status, and location.
7. Correctional Institution. If you are an inmate or become incarcerated in a correctional institution, we may disclose to the institution or its agents any PHI necessary for your health and the health and safety of others.
8. To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public.
9. Military and Veterans. If you are a member of the armed forces, we may release PHI about you as required by military authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
10. National Security, Intelligence Activities, and Protective Services for the President and Others. We may release PHI about you to federal officials for intelligence, counterintelligence, protection of the President or foreign heads of state, and other national security activities authorized by law.
11. Victims of Abuse or Neglect. We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.

Pursuant to South Carolina law, we will not disclose your prescription drug information without first obtaining your consent, except in the following circumstances: (1) the lawful transmission of a prescription drug order in accordance with all state and federal laws pertaining to the practice of pharmacy; (2) communications among licensed practitioners, licensed pharmacists, and other healthcare professionals who provide or have provided medical or therapeutic treatment, pharmacy service, or medical or therapeutic consultation service for the person who received the drug or device; (3) information gained as a result of a person requesting informational material from a prescription drug or device manufacturer or vendor; (4) information necessary to effect the recall of a defective drug or device or other information necessary to protect the health and welfare of an individual or the public generally; (5) information whereby the release or transfer is mandated by other state or federal laws, court order, or subpoena, or regulations including, but not limited to, accreditation or licensure requirements; (6) information necessary to adjudicate or process payment claims for healthcare, whether under a health insurance benefits program or other payment system, if the recipient makes no other use or further disclosure of the information; (7) information voluntarily disclosed by a patient to entities outside of the provider-patient relationship; (8) information used in clinical research monitored by an institutional review board; (9) information which does not identify patients by name, or that is encoded in a manner that information identifying a particular patient by name or address is not generally obtainable, and that is used for epidemiological studies, research, statistical analysis, medical outcomes, or pharmacoeconomic research; (10) information transferred in connection with the sale of a business or medical practice to a successor in interest; (11) information necessary to disclose to third parties in order to perform quality assurance programs, medical records review, internal audits, medical records maintenance, or similar programs, if the third party makes no other use or further disclosure of the information; (12) information that may be revealed to a party who, on behalf of the patient, obtains a dispensed prescription from a pharmacy; (13) information necessary to disclose to third parties in order for a health plan licensed by the South Carolina Department of Insurance to perform case management, utilization management, and disease management for individuals enrolled in that health plan, if the third party makes no other use or further disclosure of the information.

We will not disclose your information or the nature of the professional pharmacy services rendered to you, without your express consent or upon order of a court, except to the persons and entities listed below: (a) a patient, or patient’s agent, or another pharmacist acting on behalf of a patient; (b) the practitioner who issued the prescription drug order; (c) certified/licensed healthcare personnel who are responsible for the care of the patient; (d) an inspector, agent, or investigator of the Board of Pharmacy or any federal, state, county, or municipal officer whose duty is to enforce the laws of this State or the United States relating to drugs or devices and who is engaged in a specific investigation involving a designated person or drug; (e) an agency of government charged with the responsibility of providing medical care for the patient upon written request by an authorized representative of the agency requesting the information.

How and When We May Use or Disclose Your PHI With Your Permission
We will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). Furthermore, once your permission has been obtained, we must use or disclose your PHI in accordance with the specific terms of that permission. You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.

The following uses and disclosures specifically require written authorization:

1. Psychotherapy Notes: Most uses and disclosures of psychotherapy notes;
2. Marketing: Uses and Disclosures of PHI for marketing purposes unless (i) the communication occurs face-to-face; (ii) consists of marketing gifts of nominal value; (iii) is regarding a prescription refill reminder that is for a prescription currently prescribed or a generic equivalent; (iv) is for treatment pertaining to existing condition(s) and Demo does not receive any financial remuneration in either cash or cash equivalent; and/or (v) communication from a healthcare provider to recommend or direct alternative treatments, therapies, healthcare providers, or settings of care when Demo does not receive any financial compensation for making the communication; and
3. Sale of PHI: Disclosures that constitute a sale of PHI.

Your Rights Concerning Your PHI
The records we create and maintain using your PHI belong to Demo, but you have the following rights:

Right to Review and Get a Copy of Your PHI: You have the right to look at and get a copy of your PHI, including billing records. You must first make your request in writing to the Privacy Office (“Privacy Office”) at the address provided at the end of this notice. We may charge a fee to cover copying, mailing, and other costs and supplies used to respond to your request. In very limited situations, we may deny your request for certain information. If we deny your request, we will give you the reason for the denial in writing.

Right to Request an Amendment to Your PHI: If you think our information about you is not correct or not complete, you may ask us to correct the record by writing to our Privacy Office at the address listed at the end of this notice. Your written request must give the reason you ask for a correction. We have thirty (30) days to respond to your request, with the option for a thirty (30) day extension if we provide you with advance written notification. If we accept your request, we will tell you we agree and add the correction. We cannot remove any information out of your medical records, but we can add new information to complete or correct the existing information. If we deny your request, we will tell you in writing the reasons and you have the right to submit a written statement that outlines what information you believe is not correct or is missing. We will add your written statement to your records and include it whenever we share the part of your medical record that your written statement relates to.

Right to Ask for an Accounting of Disclosures: You have the right to request a list of when your PHI was shared without your written consent for purposes other than treatment, payment or healthcare operations. Any accounting of disclosures will not include disclosures made: (1) directly to you or your personal representative; (2) to your family members or friends who are involved in your care; (3) as required or permitted by law as described above; (4) as part of a limited data set with direct identifiers removed. Any accounting will not include any PHI released before April 14, 2003.

Any request for this list must be made in writing to the Privacy Office at the address listed at the end of this notice. The first list you request within a 12-month period will be free, but we will charge you a fee for additional requests made during the same period.

Right to Ask for Limits on the Use and Sharing of Your Medical Information: You have the right to ask that we limit our use or sharing of information about you for treatment, payment or healthcare operations. You also have the right to ask us to limit the PHI we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. We reserve the right to accept or reject your request. Generally, we will not accept restrictions on disclosures relating to treatment, payment or healthcare operations, with one exception. As a patient, you now have the right to request that we not disclose to an insurer treatment and/or services you pay for in full with your personal funds only. If you wish to make this request, please make the pharmacy staff aware prior to your prescription being filled.

You must submit your request to restrict the use and sharing of your medical information in writing to the Privacy Office at the address listed at the end of this notice. In your request, you must tell us (1) what information you want to limit (2) whether you want to limit our use, disclosure or both and (3) to whom you want the limits to apply. We will notify you if we do not agree to your request. If we do agree, our agreement must be in writing, and we will comply with the approved restriction except in some emergency situations. We are allowed to end the approved restriction if we inform you in advance. If we end the restriction, it will only affect PHI that was created or received after we notify you that the restriction has ended.

Right to Ask for Confidential Communications: You have the right to ask us to communicate with you in a certain way or at a certain location. For example, you can ask that we contact you only at your place of employment.

You must make your request in writing to our Privacy Office at the address given at the end of this notice. Your request must specify how or where you wish to be contacted. You will also be required to tell us the appropriate address to send bills for payment. If we are unable to contact you in the requested manner or at the requested locations, we may contact you using any information we have.

Right to be Notified of a Breach: You have the right to be notified in the event that we (or one of our Business Associates) discovers a breach of unsecured PHI involving your information.

Right to Get a Paper Copy of This Notice: You have the right to get a paper copy of this notice, even if you have agreed to receive this notice electronically. You may get a copy at any of our facilities, by contacting the Privacy Office as listed below, or by visiting our website at www.demopharmacy.com

Questions or Complaints about our Use of Your PHI
If you want more information about our privacy practices or have any questions or concerns, please do not hesitate to contact us.

If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI or in response to a request you made to amend or restrict the use or disclosure of your PHI or to have us communicate with you by alternative means or at alternative locations, you may send a written complaint to our office or to the Secretary of Health and Human Services. We will not retaliate against you and you will not be treated differently if you file a complaint.

Contact Information
Demo Privacy Office
Attn: Privacy Officer
PO Box 6052
Spartanburg, SC 29304
Phone: 1-800-845-7558
Fax: (864) 253-8690
Email: privacyofficer@demopharmacy.com