Notice of Privacy Practices

Last updated: December 19, 2023

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. 

This Notice of Privacy Practices applies to the employees and independent providers of DCW Providers (IL) PLLC; DCW Providers, P.C.; DCW Providers NJ P.C.; and Maven Clinic Administrators. The practices and entities that are subject to this Notice are collectively known as “Maven” (“us,” “we,” or “our”). The providers who deliver services through Maven are independent professionals practicing within several groups of independently owned professional practices. 

Maven Clinic Co. operates the websites located at https://www.mavenclinic.com/ and other websites, products, services, and mobile applications with links to this Notice of Privacy Practices, including without limitation the Maven webpages and applications (collectively, the “Sites” or “Websites”, unless otherwise specified). Individuals who use the Sites and access services through the Sites are referred below as “Users”, “Members”, “you”, “your”, or “yours”.

This Notice of Privacy Practices (the “Notice”) will tell you about the ways in which we may use and disclose medical or billing records or other health information we use to make decisions about you (“Protected Health Information” or “PHI”). We also describe your rights and certain obligations we have regarding the use and disclosure of your PHI and how you can access your PHI.  

Your Information. Your Rights. Our Responsibilities.

Your Rights

We understand that information about you and your health is sensitive, and we are committed to safeguarding your PHI. By PHI, we mean protected health information as defined under federal law (the Health Insurance Portability and Accountability Act, or HIPAA, and its implementing regulations). We also strongly believe that individuals should control their own health information, and in that regard you have certain rights with respect to your health information. 

Except as described in this Notice, we will not disclose PHI without your authorization. 

Get an electronic or paper copy of your medical record.

  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this. 
  • We will provide a copy or a summary of your health information within the time required by applicable state regulations. 

Ask us to correct your medical record.

  • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this. 
  • We may say “no” to your request, but we will tell you why in writing within sixty (60) days. 

Request confidential communications.

  • You have a right to request we communicate with you confidentially about your PHI and contact you in a specific way or to send mail to a different address. All reasonable requests will be honored. 

Ask us to limit what we use or share.

  • You can ask us not to use or share certain health information for treatment, payment, or our healthcare operations. We are not required to agree to your request, and we may say “no” if it affects your care. 
  • If you pay for a healthcare service out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will honor your request unless a law requires us to share that information.

Get a list of those with whom we’ve shared information.

  • You can ask for an accounting of the times we’ve shared your health information for six (6) years prior to the date you ask, who we shared it with, when we shared it, and purpose of sharing. Ask us how to do this.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within twelve (12) months.

Get a copy of this privacy notice.  

  • If you receive this notice on our website or by e-mail, you are entitled to receive a paper copy of this Notice, even if you agreed to receive such notice electronically. 

File a complaint if you feel your rights are violated.

  • If at any time you believe we have violated your rights, you can file a complaint with us by contacting us at privacy@mavenclinic.com.  
  • You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. Upon request, we will provide the correct address to file a complaint with OCR.
  • We will not retaliate against you for filing a complaint.
Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do and we will follow your instructions.

In these cases, you have the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care
  • Share information in a disaster relief situation

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety. 

In these cases, we never share your PHI without your written authorization: 

  • Marketing purposes
  • Sale of your information
  • Most sharing of psychotherapy notes 
Uses and Disclosures Without Your Written Authorization

In certain situations, we must obtain your written authorization in order to use and/or disclose your PHI.  However, unless the PHI is Highly Confidential Information (as defined in the next sentence) and the applicable law regulating such information imposes special restrictions on us, we may use and disclose your PHI without your written authorization for the purposes described below.  “Highly Confidential Information” means certain health information that is given special privacy protection by federal and state law and may include substance use disorder treatment program records, mental health records, and other health information that is given special privacy protection under state or federal laws other than HIPAA. In order for us to disclose any Highly Confidential Information for a purpose other than those permitted by law, we must obtain your authorization. 

We may use or share your PHI without your authorization in the following ways: 

  • Treatment. We can use your PHI and share it with other professionals who are treating you and for care coordination purposes. We may also share your information with your health plan for care coordination purposes offered through their care management programs. For example, we may share your information with other healthcare providers such as doctors, nurses and laboratories, to meet your healthcare needs. 
  • Payment and Billing. We can use and share your PHI to bill and get payment from your insurance, health plan, or other entities responsible for paying for your health care. For example, we give information about you to your health insurance plan so it will pay for your services. 
  • Healthcare Operations. We can use and share your PHI for our health care operations, including to run our clinical practice, improve your care, and contact you when necessary. For example, we use PHI about you to manage your care and our services.
  • Disclosure to Relatives, Close Friends, and Other Caregivers.  We may use or disclose your PHI to a family member, other relative, a close personal friend or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if: (1) we obtain your agreement or provide you with the opportunity to object to the disclosure and you do not object; or (2) we reasonably infer that you do not object to the disclosure. If you are not present for or unavailable prior to a disclosure (e.g., when we receive a telephone call from a family member or other caregiver), we may exercise our professional judgment to determine whether a disclosure is in your best interests. If we disclose information under such circumstances, we would disclose only information that is directly relevant to the person’s involvement with your care. 
  • Public Health Activities.  We may disclose your PHI: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report child abuse and neglect to a government authority authorized by law to receive such reports; (3) to report information about products under the jurisdiction of the U.S. Food and Drug Administration; (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition; and (5) to report information to your employer as required under laws addressing work-related illnesses and injuries or workplace medical surveillance.
  • Victims of Abuse, Neglect or Domestic Violence.  We may disclose your PHI if we reasonably believe you are a victim of abuse, neglect or domestic violence to a government authority authorized by law to receive reports of such abuse, neglect, or domestic violence.
  • Health Oversight Activities.  We may disclose your PHI to an agency that oversees the healthcare system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.
  • Help with health and safety issues. We may disclose PHI to the extent necessary to avert a serious and imminent threat to your health or safety, or the health or safety of others.  
  • Law Enforcement. We may disclose PHI to a law enforcement official investigating a suspect, fugitive, material witness, crime victim or missing person, as required by law or in compliance with a court order.
  • Military and National Security. We may disclose to authorized federal officials medical information required for lawful intelligence, counterintelligence, and other national security activities. 
  • Legal Proceedings. We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process. 
  • As Required by Law.  We may use and disclose your PHI when required to do so by any applicable federal, state, or local law.
  • Research. We may use and disclose your PHI for research purposes pursuant to a valid authorization from you or when an institutional review board or privacy board has waived the authorization requirement. Under certain circumstances, your PHI may be disclosed without your authorization to researchers preparing to conduct a research project, for research on decedents, or as part of a data set that omits your name and other information that can directly identify you.
  • Decedents.  We may disclose your PHI to a coroner or medical examiner as authorized by law.
  • Workers’ Compensation.  We may disclose your PHI as authorized by and to the extent necessary to comply with state law relating to workers’ compensation or other similar programs.
  • Business Associates. Certain aspects and components of our services are performed through contracts with outside persons or organizations, such as auditing, outcomes data collection, information technology infrastructure, email communications, etc. At times it may be necessary for us to provide your protected health information to one or more of these outside persons or organizations who assist us with our health care operations. In all cases, we require these associates to appropriately safeguard the privacy of your information.
Uses and Disclosures Requiring Your Written Authorization

Except for the purposes described above, we only use or disclose your PHI when you give us your written authorization. For example:  

  • Marketing. We must obtain your written authorization prior to using your PHI or disclosing your PHI for purposes that are marketing under the HIPAA privacy rules. For example, we will not accept any payments from other organizations or individuals in exchange for making communications to you about treatments, therapies, health care providers, settings of care, case management, care coordination, products or services unless you have given us your authorization to do so or the communication is permitted by law. However, we may provide refill reminders or communicate with you about a drug or biologic that is currently prescribed to you so long as any payment we receive for making the communication is reasonably related to our cost of making the communication. In addition, we may market to you in a face-to-face encounter and give you promotional gifts of nominal value without obtaining your written authorization.
  • Sale of Protected Health Information. We will not sell your PHI without your written authorization.
Our Responsibilities
  • We are required by law to maintain the privacy and security of your PHI. 
  • We will let you know promptly if a breach occurs that has compromised the privacy or security of your information. 
  • We must follow the duties and privacy practices described in the version of this Notice currently in effect and give you a copy of it. 
  • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. 

For more information, see:  ​​www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

Changes to the Terms of This Notice

We may change the terms of this Notice at any time, and the changes will apply to all PHI that we maintain, including medical information we created or received prior to making such changes. If we change this Notice, we will post the new notice on our Websites. You also may obtain any new notice by contacting us using the contact information set forth below.

Contact Us

For all inquiries, requests for records, special requests, or to file a complaint, please send a written request to: 

 

Maven Clinic 

Attn: Privacy Officer

160 Varick Street, 6th Floor

New York, NY 10013

privacy@mavenclinic.com

  1. Customer shall complete Maven’s Wallet onboarding survey to confirm the design of its applicable benefit plan(s), including but not limited to member enrollment eligibility requirements, eligible expense types that Participants can have reimbursed, and tax treatment.
  2. Customer shall provide Maven an eligibility file on an agreed upon cadence, but at a minimum on a monthly basis
  3. Each Wallet-enrolled Participant is responsible for timely submitting valid proofs of payment, itemized invoices for services, applicable bank account information, and any requested substantiation documentation to Maven and/or its designated agent.
  4. Customer and Maven will set up payment funding instructions during the implementation process. Customer shall be responsible for providing appropriate funds in advance for Maven Wallet reimbursements in order to complete the fund transfer to reimburse Participants in a timely fashion. 
  5. Maven will collect expense reimbursement information from Wallet-enrolled Participants using its online platform.
  6. Maven will review expense reimbursement requests received from Wallet-enrolled Participants against the applicable benefit plan rules confirmed by the Customer, and will refer to the Customer any questions that arise which are not clearly determined by the applicable benefit plan rules.
  7. Customer shall promptly respond to any questions from Maven regarding clarification of applicable benefit plan rules.
  8. Customer understands, acknowledges, and agrees that any Eligible Customer Beneficiary included in the Eligibility File will be considered eligible for Wallet reimbursements unless otherwise indicated by Customer in writing.
  9. Maven will compile receipts and expenses provided by Wallet-enrolled Participants and prepare aggregated Wallet expense reports and invoices (“Wallet Invoices”), which it will send to Customer on a weekly basis for any week in which a Wallet-enrolled Participant submits a reimbursement request.
  10. Customer shall confirm which Wallet Invoice expenses are approved to be reimbursed and ensure that sufficient funds are available for Maven or its designated agent to process approved reimbursement payments within 3 business days of Customer’s receipt of a Wallet Invoice.
  11. Maven will, at its discretion, either: (1) remit Customer-provided reimbursement funds to the applicable Participant’s bank account within 5 business days of Customer approving the reimbursement, provided that sufficient Customer funds have been made available for reimbursement and the applicable Participant has provided their bank account information; or (2) provide a report of approved reimbursement amounts, type, and tax treatment to facilitate Customer’s direct reimbursement of the applicable Participant(s) via its payroll system.
  12. Customer’s obligations under this Attachment shall continue for a minimum of 90 days beyond the termination of the Agreement, to facilitate Maven’s provision of its administrative reimbursement services for Participants enrolled in Wallet prior to termination of the Agreement who wish to submit reimbursement requests for eligible expenses incurred prior to the termination of the Agreement.
  13. Customer acknowledges and agrees that it is solely responsible for any communications to members about its employer-sponsored benefit plans, including any communications necessary to inform members of alternative claim submission procedures upon the termination or expiration or this Agreement.
  14. Customer, as the fiduciary, plan sponsor, and plan administrator of its employee benefit plan(s), acknowledges that it is fully responsible, and Maven shall have no liability, for the establishment, design and administration of Customer’s employee benefit plan(s) and all tax compliance and payroll reporting associated with any such employee benefit plan(s). Customer understands, acknowledges and agrees that: (A) Maven is not a plan sponsor, plan administrator or fiduciary with respect to any Customer plan supported by Maven Wallet; (B) Maven shall have no responsibility or liability with respect to any Customer plan supported by Maven Wallet; (C) to the extent that Maven provides any administrative or other services with respect to a Customer plan, (I) all such services shall be non-discretionary, ministerial services taken on behalf of Customer and at Customer’s specific direction, (II) Maven shall not take on any fiduciary or other obligations as a result of such services under the Employee Retirement Income Security Act of 1974, as amended (ERISA), or any other law, and (III) Customer shall remain solely responsible and liable for such services and any underlying obligations; (D) Customer will defend and hold harmless Maven and its owners, employees, officers, managers and directors from and against all liability, demands, damages, costs or expenses (including reasonable attorney’s fees) (collectively, “Liabilities”) arising from any claim, action or proceeding, in each case brought by a third party (each, a “Claim”) to the extent such Claim is related to any Customer plan supported by Maven Wallet.