HIPAA Policy




The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires us to ask each of our patients to acknowledge receipt of our Notice of Privacy Practices. The Notice is published on this page. You acknowledge receipt of this notice by accepting terms and conditions for joining HICO.

HICO and it’s affiliates, together, designate themselves as a single Affiliated Covered Entity (“ACE”) for purposes of compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including without limitation: HICO HEALH, INC.  (a New York corporation). Each of the entities, sites, locations and care providers will follow the terms of this joint notice. In addition, the entities, sites, locations and care providers may share medical information with each other for consultation, advice, payment, or health care operations related to the ACE. This designation may be amended from time-to-time to add new covered entities that are under common control with HICO.

HICO Responsibilities


Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), HICO must take steps to protect the privacy of your "Protected Health Information" (PHI). PHI includes information that we have created or received regarding your health or payment for your health. It includes both your medical records and personal information such as your name, number, address, and phone number.

Under federal law, we are required to:

  • Protect the privacy of your PHI. All of our employees are required to maintain the confidentiality of PHI and receive appropriate privacy training

  • Provide you with this Notice of Privacy Practices explaining our duties and practices regarding your PHI

  • Follow the practices and procedures set forth in the Notice

Uses and Disclosures of Your Protected Health Information That Do Not Require Your Authorization


HICO uses and discloses PHI in a number of ways connected to your treatment, payment for your care, and our health care operations. Some examples of how we may use or disclose your PHI without your authorization are listed below.


  • To our Certified Diabetes Educators, Lifestyle Coaches, Health Coaches and others involved in your health care.

  • To other health care providers treating you who are not on our staff such as your medical team. For example, if you are being treated for diabetes we may share your PHI among your primary physician.


  • To administer your health benefits policy or contract.

  • To bill you for services we provide.

  • To other organizations and providers for payment activities unless disclosure is prohibited by law.


  • To administer and support our business activities or those of other health care organizations (as allowed by law) including providers and plans. For example, we may use your PHI to review and improve the care you receive and to provide training.

  • To other individuals (such as consultants and attorneys) and organizations that help us with our business activities. (Note: If we share your PHI with other organizations for this purpose, they must agree to protect your privacy.)


We may use or disclose your Protected Health Information without your authorization for legal and/or governmental purposes in the following circumstances:

  • Required by law - When we are required to do so by state and federal law, including workers' compensation laws.

  • Public health and safety - To an authorized public health authority or individual to:

    • Protect public health and safety.

    • Prevent or control disease, injury, or disability.

    • Report vital statistics such as births or deaths.

    • Investigate or track problems with prescription drugs and medical devices. (Food and Drug Administration.)

  • Abuse or neglect - To government entities authorized to receive reports regarding abuse, neglect, or domestic violence.

  • Oversight agencies - To health oversight agencies for certain activities such as audits, examinations, investigations, inspections, and licensures.

  • Legal proceedings - In the course of any legal proceeding in response to an order of a court or administrative agency and, in certain cases, in response to a subpoena, discovery request, or other lawful process.

  • Law enforcement - To law enforcement officials in limited circumstances for law enforcement purposes. For example disclosures may be made to identify or locate a suspect, witness, or missing person; to report a crime; or to provide information concerning victims of crimes.

  • Military activity and national security - To the military and to authorized federal officials for national security and intelligence purposes or in connection with providing protective services to the President of the United States.

We may also use or disclose your Protected Health Information without your authorization in the following miscellaneous circumstances:

  • Family and friends—To a member of your family, a relative, a close friend—or any other person you identify who is directly involved in your health care—when you are either not present or unable to make a health care decision for yourself and we determine that disclosure is in your best interest. For example, we may disclose PHI to a family member who is the Agent of your Healthcare Proxy.

  • De-identify information—If information is removed from your PHI so that you can’t be identified, as authorized by law.

  • Disaster relief—To an authorized public or private entity for disaster relief purposes. For example, we might disclose your PHI to help notify family members of your location or general condition.

  • Threat to health or safety—To avoid a serious threat to the health or safety of yourself and others.

  • Correctional facilities—If you are an inmate in a correctional facility we may disclose your PHI to the correctional facility for certain purposes, such as providing health care to you or protecting your health and safety or that of others.

Uses and Disclosures of Your Protected Health Information That Require Us to Obtain Your Authorization


Except in the situations listed in the sections above, we will use and disclose your PHI only with your written a

authorization. This means we will not use your Protected Health Information in the following cases, unless you give us written permission:

  • Marketing Purposes

  • Sale of your unidentifiable information

  • Most sharing of psychotherapy notes

In some situations, federal and state laws provide special protections for specific kinds of PHI and require authorization from you before we can disclose that specially protected PHI. In these situations, we will contact you for the necessary authorization. In some situations, you may revoke your authorization; instructions regarding how to do so are contained in the form authorization you obtain from us. If you have questions about these laws, please contact us at info@hico.health.

Your Rights Regarding Your Protected Health Information


You have the right to:

  • Request restrictions by asking that we limit the way we use or disclose your PHI for treatment, payment, or health care operations. You may also ask that we limit the information we give to someone who is involved in your care, such as a family or friend. Please note that we are not required to agree to your request except when a restriction has been requested regarding a disclosure to a health plan in situations where the patient has paid for services in full and where the purpose of the disclosure is for payment or healthcare operations. If we do agree, we will honor your limits unless it is an emergency situation.

  • Ask that we communicate with you by another means. For example, if you want us to communicate with you at a different address we can usually accommodate that request. We may ask that you make your request to us in writing. We will agree to reasonable requests.

  • Request an electronic or paper copy of your PHI. We may ask you to make this request in writing and we may charge a reasonable fee for the cost of producing and mailing the copies, which you will receive usually within 30 days. In certain situations we may deny your request and will tell you why we are denying it. In some cases you may have the right to ask for a review of our denial.

  • Ask usually to amend PHI about you that we use to make decisions about you. Your request for an amendment must be in writing and provide the reason for your request. In certain cases we may deny your request, in writing. You may respond by filing a written statement of disagreement with us and ask that the statement be included with your PHI.

  • Request a paper copy of this Notice.

  • Receive written notification of any breach of your unsecured PHI.

  • File a complaint if you believe your privacy rights have been violated. You can file a written complaint with us at the address below, or with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints.




By utilizing our services or replying to our emails, you acknowledge that you are aware that email is not a secure method of communication, and that you agree to the risks. If you would prefer not to exchange personal health information via email, please notify us at info@hico.health

Changes to Privacy Practices


HICO may change the terms of this Notice at any time. The revised Notice would apply to all PHI that we maintain. We will make any such changes to our website.

Communication Privacy

Please note the methods that we will be communicating with you, the levels of associated risks and what your options are.

All healthcare providers are required to use HIPAA complaint methods of communication and storage when engaging with your Personal Health Information (PHI).

By law we are obligated to take extreme precaution when transmitting your PHI and storing your PHI.

You can handle your own PHI in any manner you choose.


  • We will never text you about specific health matters.

  • We will send you reminders, where only you know what we are texting about

  • You may choose to text your own PHI to us.



  • Currently, we CAN discuss your PHI over the phone with you.



  • Currently, we CAN discuss your PHI over a video chat with you.



Email  - individual  - unencrypted

  • We will never send you an unencrypted email discussing your PHI.

  • You may send us an email containing your PHI, and if we respond back, we will omit any PHI.

  • You can allow us to discuss your PHI via unencrypted email with you if you give us written permission.



Email  - individual  - encrypted

  • Any encrypted email we send you with PHI is safe.



Email – eblast

  • This email will always be general in nature covering topics like nutrition, physical activity, well being and other general health news, so we will NEVER discuss your PHI over an eblast.




  • Any information accessed inside of our app is safe, and you can add a passcode for additional security.

Questions and Complaints


If you have any questions about this Notice or would like an additional copy, please contact the Privacy Officer at info@hico.health.

If you think that we may have violated your privacy rights or you disagree with a decision we made about access to your PHI, you may send a written complaint to the Privacy Officer at info@hico.health.


305 Broadway

Suite 712

New York NY 10007




  • Facebook Social Icon
  • Twitter Social Icon

Hico Health, Inc. 2020    

All Rights Reserved