Velocity Health HIPAA Privacy Agreement

This HIPAA Privacy Agreement (the “Agreement”) is entered into between Velocity Health Holdings LLC and its affiliated entities (collectively referred to as “Velocity Health”) and the undersigned individual (“Patient”). This Agreement outlines the rights and responsibilities of both parties regarding the use and protection of Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations.

1. Acknowledgment of Privacy Practices

By signing this Agreement, Patient acknowledges receipt of Velocity Health’s Notice of Privacy Practices, which explains:

  • How Velocity Health may use and disclose PHI.

  • Patient’s rights regarding their PHI.

  • Velocity Health’s responsibilities in protecting PHI.

The Notice of Privacy Practices is incorporated into this Agreement by reference.

2. Use and Disclosure of PHI

Velocity Health may use and disclose Patient’s PHI for the following purposes without additional authorization:

  • Treatment: Sharing information with healthcare providers to coordinate care.

  • Payment: Billing and payment activities, including insurance verification and claims processing.

  • Healthcare Operations: Quality assessment, staff training, compliance audits, and business management.

Velocity Health may also disclose PHI as required by law or to avert a serious threat to health or safety, consistent with HIPAA regulations.

3. Authorization for Other Uses

Uses or disclosures of PHI not covered by this Agreement or the Notice of Privacy Practices will require Patient’s written authorization. Patient has the right to revoke such authorization at any time, except where Velocity Health has already relied on the authorization to act.

4. Patient Rights Regarding PHI

Patient has the following rights regarding their PHI:

  • Access: The right to review or request copies of their PHI.

  • Amendments: The right to request corrections to inaccurate or incomplete information.

  • Restrictions: The right to request restrictions on the use or disclosure of PHI.

  • Confidential Communications: The right to request that communications be made through specific channels or locations.

  • Accounting of Disclosures: The right to receive a list of disclosures of PHI made for purposes other than treatment, payment, or healthcare operations.

Requests to exercise these rights must be submitted in writing to Velocity Health at support@velocityhealth.com.

5. Security Measures and Patient Responsibilities

Velocity Health is committed to protecting the confidentiality and security of PHI through administrative, physical, and technical safeguards. These include:

  • Encryption of electronic PHI.

  • Secure storage and transmission of PHI.

  • Staff training and access controls.

Patient Responsibilities:

  • Keep contact information up to date.

  • Report any suspected breach of PHI immediately to support@velocityhealth.com.

6. Breach Notification

In the event of a breach involving Patient’s PHI, Velocity Health will:

  • Notify the Patient in writing without unreasonable delay and no later than 60 days after discovery.

  • Provide a description of the breach, including what occurred and the steps being taken to mitigate harm.

7. Complaints

Patient has the right to file a complaint if they believe their privacy rights have been violated. Complaints can be directed to Velocity Health at support@velocityhealth.com or to the U.S. Department of Health and Human Services.

8. Amendments to This Agreement

Velocity Health may revise this Agreement and its Notice of Privacy Practices as required by law or organizational policies. Patients will receive written notification of material changes and have the opportunity to review and accept updated terms.

9. Governing Law

This Agreement is governed by and construed in accordance with applicable federal and state laws.