top of page

Notice of Privacy Practices

 

This notice describes how we may use and disclose your personal health information, and how you can get access to your information. Please read it carefully! The notice is effective as of August 1, 2025.

 

Purpose

Kerry Folkman NP, LLC, which does business as Avital Healthcare, is committed to safeguarding your health information as required by law. notice details your rights and our obligations under the Health Insurance Portability and Accountability Act (HIPAA), and other applicable law.

 

Protected health information, or PHI, is health information about you that (i) someone may use to identify you, and (ii) that we keep or transmit in electronic, oral, or written form. PHI includes information such as your: name; contact information; past, present, or future physical or mental health or medical conditions; payment for health care products or services; and prescriptions.

 

This notice describes:

  • Our legal duties and privacy practices regarding your PHI, including our duty to notify you following a data breach involving PHI. 

  • Our permitted uses and disclosures of your PHI.

  • Your rights regarding your PHI. 

​

Our Duties

We are legally bound to:

  1. Maintain the privacy of your PHI.

  2. Provide you with a notice of our legal duties and privacy practices concerning your PHI.

  3. Notify you in the event of a breach of unsecured PHI related to you. 

  4. Abide by the terms of this notice. 

 

We reserve the right to modify our privacy policy, practices, and this notice, consistent with applicable law. Any new notice will apply to all PHI we maintain at that time. We will notify you of revisions:

  • Upon request, and 

  • Electronically via our website or other electronic means.

 

Additionally, we have an obligation to respond to your requests concerning your rights regarding PHI promptly and appropriately. We are committed to upholding your privacy rights and ensuring your PHI is protected.

 

Uses and Disclosures

The law permits or requires us to use and disclose PHI in various ways, which are explained in this notice. We have included some examples, but we have not listed every permissible use or disclosure. When using or disclosing PHI or requesting your PHI from another source, we will make reasonable efforts to limit our use, disclosure, or request about your PHI to the minimum extent necessary to accomplish our intended purpose. The following categories detail the different ways in which we might use and disclose your PHI:

​

1. Secretary of Health and Human Services: We are mandated to disclose PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA Privacy and Security Rules.

​

2. Business Associates: We may share your PHI with Business Associates contracted by us to perform services on our behalf which may involve the receipt, use, or disclosure of your PHI. All our Business Associates must commit to:

​

  • Protecting the privacy of our PHI.

  • Using and disclosing the information only for the purposes for which they were engaged.

  • Adhering to 42 CFR Part 2,

  • Resisting any efforts to obtain access to patient records, except as permitted by law.

 

3. Crimes on Premises: We may disclose to law enforcement officers information directly related to the commission of a crime on our premises or against our personnel, or any threats to commit such a crime.

 

4. Reports of Suspected Child Abuse and Neglect: We may disclose information required by state law about suspected child abuse and neglect to the appropriate state or local authorities. However, the original patient records may not be disclosed without consent, even for civil or criminal proceedings arising from such reports.

 

5. Court Order: We may disclose information when required by a court order, discovery request, or other lawful process, provided certain regulatory requirements are met.

 

6. Emergencies: In situations where there is a threat to your health and immediate medical intervention is required, we may disclose your records to medical personnel to ensure you receive the necessary care.

 

7. Research: Qualified personnel may access the information for the purpose of conducting scientific research, management audits, financial audits, or program evaluation. However, such personnel may not identify you in any reports or disclose your identity in any manner.

 

8. Audit and Evaluation Activities: We may disclose your information to individuals conducting audit and evaluation activities, provided they agree to certain restrictions on the disclosure of information.

 

9. Reporting of Death: We may disclose information related to the cause of death to a public health authority authorized to receive such information. For example, we may share PHI with coroners, medical examiners, or funeral directors when an individual dies.

 

10. Helping with public health and safety issues. For example, we may share your PHI to:

  • report injuries and births; 

  • prevent disease; 

  • report adverse reactions to medications or medical device product defects; 

  • report suspected domestic violence; or 

  • avert a serious threat to public health or safety.

​

11. Responding to organ and tissue donation requests. For example, we may share your PHI to arrange an authorized organ or tissue donation from you or a transplant for you.

 

12.  Other Uses and Disclosures: We may share your information in other ways, usually for public health or research purposes or to contribute to the public good. For more information on permitted uses and disclosures, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. 

 

13.  Addressing workers' compensation, law enforcement, or other government requests. For example, we may use and disclose your PHI for:

workers' compensation claims; 

  • health oversight activities by federal or state agencies;

  • law enforcement purposes or with a law enforcement official; or

  • specialized government functions, such as military and veterans' activities, national security and intelligence, presidential protective services, or medical suitability.

 

14. Authorization to Use or Disclose PHI: Except as outlined above, we will not use or disclose your PHI without your written authorization. If you or your representative authorizes us to use or disclose your PHI, you can revoke that authorization in writing at any time to prevent future uses or disclosures. We will honor oral revocations upon verifying your identity until a written revocation is obtained. Your revocation will not impact any uses or disclosures permitted by your authorization while it was in effect.

 

Your Choices 

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, please contact us and we will make reasonable efforts to follow your instructions.

 

1. You have both the right and choice to tell us whether to:

  • Share information, such as your PHI, general condition, or location, with your family, close friends, or others involved in your care.

  • Share information in a disaster relief situation, such as to a relief organization to assist with locating or notifying your family, close friends, or others involved in your care.

  • Exclude your information, such as your name, room number, or general condition from a hospital directory.

 

If you are not able to tell us your preference, for example if you are unconscious, we may share your information if we believe it is in your best interest, according to our best judgment. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

 

2. We will not share the following information unless you give us your express written permission:

  • Most sharing of a mental health care professional's notes (psychotherapy notes).

  • Other uses and disclosures not described in this notice. 

 

You may revoke your authorization at any time, but revocation will not affect information that we already used and disclosed.

 

Patient Rights

This section explains your rights and some of our responsibilities. 

 

1. Right to Notice: You have the right to be informed about how your PHI is used and shared. Specifically:

  • Information: You are entitled to a notice that explains the ways in which we may use or disclose your PHI. This notice also outlines your rights and our obligations concerning your PHI.

  • Accessibility: You can request both a paper and electronic copy of this notice at any time, and it is available on our website.

  • Updates and Changes: If we make any material changes to our policies regarding PHI, you have the right to receive an updated notice. The new notice will be available upon request, and electronically via our website or other electronic means.

  • Language and Understanding: We strive to ensure that this notice is written in clear, concise language to ensure that you fully understand your rights and our practices.

 

By providing you with comprehensive and accessible information, we aim to empower you to make informed decisions about your healthcare and the privacy of your information.

 

2. Right to Access: You have the right to access and review your PHI that is held by us. This right ensures that you can stay informed about your health information and be an active participant in your care. Specifically:

  • Requesting Access: You can request to see or get an electronic or paper copy of your medical records and other health information we have about you. This request must be made in writing to ensure proper documentation and processing.

  • Response Time: We will respond to your request in a timely manner.

  • Denials: In certain situations, we might deny your request to see or get a copy of your PHI. If we do, we will provide the reason for the denial in writing. Reasons might include concerns about patient safety or the privacy of others.

  • Fees: While you have the right to access your PHI, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.

  • Electronic Records: If your PHI is maintained electronically, you have the right to request an electronic copy be provided to you. If you don’t want an electronic format or if it’s not feasible, we will coordinate with you to provide the record in a format that meets your needs.

  • Third-Party Directives: You can also request that your PHI be sent to another entity or person, as long as you clearly state that in writing.

  • Duration of Maintenance: You have the right to access your PHI for as long as we maintain it. This duration is typically for seven years after your last date of service, or longer if mandated by state or federal laws.

 

By ensuring you have comprehensive access to your health information, we aim to promote transparency, trust, and patient empowerment in healthcare decisions.

 

4. Right to Amend: You have the right to request amendments or corrections to your PHI if you believe there are inaccuracies or if the information is incomplete. This right ensures that your health records are accurate and up-to-date. Specifically:

  • Submitting a Request: If you believe there is an error in your PHI or that important information has been left out, you can request that we amend the existing information or add the missing information. Your request must be made in writing and provide a reason that supports your request for the amendment.

  • Response Time: We will respond to your request within a time frame set by federal and state laws, ensuring timely consideration of your concerns. 

  • Acceptance or Denial: We may accept or deny your request based on certain criteria. For instance, we might deny the request if:

  • The PHI was not created by us, unless the person or entity that created the information is no longer available to make the amendment.

  • The information is accurate and complete.

  • Notification of Decision: If we accept your request, we will inform you of our decision and make the change. If we deny your request, we will provide you with a written explanation of why we denied it.

  • Statement of Disagreement: If we deny your request, you have the right to write a statement of disagreement. We may then prepare a rebuttal to your statement, and we will provide you with a copy of any such rebuttal.

  • Future Disclosures: If you don't file a statement of disagreement, you still have the right to request that your original amendment request and our denial be attached to all future disclosures of your PHI.

  • Record Keeping: All written requests, denials, and statements of disagreement will be kept as part of your medical record, ensuring a transparent history of the amendment process.

           

By providing you with the right to amend, we aim to ensure that your health records are accurate, complete, and truly reflective of your health history.

 

4. Right to an Accounting of Disclosures: You have the right to receive list of certain disclosures we have made of your PHI. This right ensures transparency in how your health information is shared. Specifically:

  • Requesting an Accounting: You can request list of disclosures made by us for a specific time period, up to six years before the date of your request. This request must be made in writing to ensure proper documentation and processing.

  • Inclusions: The accounting will include each disclosure we made, the reason for the disclosure, and the date of the disclosure. It will also provide details about the recipient of the PHI, including their name, address, and role.

  • Exclusions: Not all disclosures will be listed. For instance, disclosures made for treatment, payment, or healthcare operations; disclosures made to you; disclosures made with your authorization; and certain other exceptions will not be included in the accounting.

  • Response Time: We will respond to your request within thirty days unless the law requires a shorter time, ensuring you receive the information in a timely manner. 

  • Frequency of Requests: You can request an accounting of disclosures once every 12 months for free. If you request this accounting more frequently, we may charge a reasonable, cost-based fee for the additional requests. If there's a fee for providing the accounting, we will notify you in advance, allowing you to decide if you want to proceed or withdraw your request.

  • Electronic Format: If our records are maintained electronically, you can request an electronic copy of the accounting. If you don't want an electronic format or if it's not feasible, we will coordinate with you to provide the record in a format that meets your needs.

 

By offering you the right to an accounting of disclosures, we aim to maintain transparency and trust, ensuring you are informed about who has accessed your health information and for what purpose.

 

5. Right to Request Restrictions: You have the right to request restrictions or limitations on how we use and disclose your PHI for treatment, payment, healthcare operations, or with certain persons involved in your care.  As such, this right allows you to have more control over who sees your health information and under what circumstances. Specifically:

  • Submitting a Request: If you want certain parts of your PHI to be restricted from being disclosed to specific individuals, entities, or agencies, you can make such a request. This request must be made in writing and should clearly specify the information you want to restrict, to whom you want the restriction applied, and the nature of the restriction.

  • Response to Requests: We will carefully review your request. While we are not required to agree to all restrictions, if we believe the restriction is in your best interest and does not interfere with your care or our ability to operate effectively, we may honor it.

  • Emergencies: In certain emergencies, we may disclose restricted PHI if it's deemed necessary for your care. However, we will request that the recipient not further use or disclose the information.

  • Termination of Restrictions: You can terminate a restriction at any time upon written request. Additionally, we may also terminate a restriction if we believe it's in your best interest or if it's hindering our ability to provide care. However, any written termination of a restriction will only apply to future disclosures.

  • Notification of Changes: If we have agreed to a restriction, and there are changes in the agreed-upon circumstances, we will notify you of such changes.

  • Impact on Care: It's important to understand that restricting certain information may affect our ability to provide comprehensive care, especially if other healthcare providers do not have access to a complete medical record. 

 

By providing you with the right to request restrictions, we aim to give you more control over your health information while balancing the need for comprehensive care.

 

6. Right to Confidential Communications: You have the right to request that we communicate with you about your PHI and health matters in a specific way or at a specific location to ensure your privacy. This right is designed to provide you with added control over the confidentiality of your health information. Specifically:

  • Preferred Methods: You can ask us to contact you in a certain way, for example, at home or at work, or through a specific means like phone or mail. This ensures that we communicate with you in a manner that you feel best protects your privacy.

  • Alternate Locations: If you believe that receiving information at your primary address could compromise your safety or privacy, you can request that we send information to an alternative address.

  • Making a Request: All requests for confidential communications must be made in writing. In your request, you should describe with specificity how or where you wish to be contacted.

  • Reasonable Requests: We will accommodate all reasonable requests. You do not need to provide a reason for your request, but it can be helpful for us to understand and process your request more efficiently.

  • Emergencies: In the case of emergencies, we may use our judgment to communicate with you through the most immediate means available, but we will revert to your specified means of communication once the emergency has passed.

  • Changes to Preferences: If you wish to change your communication preferences, you can do so at any time by submitting a new written request.

 

By offering you the right to confidential communications, we aim to ensure that you feel safe and secure in how your health information is communicated to you.

 

7. Right to Breach Notification: You have the right to be notified promptly if a breach occurs that may have compromised the privacy or security of your PHI. This right ensures transparency and accountability on our part in the event of any unauthorized access or disclosure of your health information. Specifically:

  • Definition of a Breach: A breach is generally considered to be an unauthorized use or disclosure under HIPAA that compromises the privacy or security of PHI.

  • Assessment: Upon discovering a potential breach, we will conduct a thorough assessment to determine the risk level and the potential harm that might come from the unauthorized use or disclosure.

  • Timely Notification: If we determine that a breach has occurred, we will notify you without unreasonable delay, but no later than 60 days after the discovery of the breach.

  • Contents of Notification: The notification will provide a description of what happened, including the date of the breach and the date of discovery, if known. It will also describe the types of PHI involved, steps you should take to protect yourself from potential harm, what we are doing to investigate the breach, mitigate harm, and prevent further breaches, as well as contact information for further inquiries.

  • Methods of Notification: Notification will typically be provided in writing, sent to your last known address. In certain circumstances, if contact information is out of date, alternative methods of notification may be used, such as email or public postings. 

 

By ensuring you have the right to breach notification, we aim to maintain trust and transparency, ensuring you are informed and empowered in the event of any unauthorized access or disclosure of your health information.

 

8. Right to Voice Concerns: You have the right to voice concerns or file a complaint if you believe your privacy rights have been violated or if you are dissatisfied with our privacy practices. This right ensures that you have a platform to express any concerns and that those concerns are taken seriously and addressed promptly. Specifically:

  • Internal Complaints: If you have concerns about the way we handle your PHI or our privacy practices, you can file a complaint directly with us. We encourage open communication and would like the opportunity to address any issues directly and promptly.

  • External Complaints: If you believe that we have not adequately addressed your concerns or if you believe your rights have been violated, you may file a complaint with the Office for Civil Rights at the US Department of Health and Human Services. Send a letter to:

 

Centralized Case Management Operations

U.S. Department of Health and Human Services

200 Independence Avenue, S.W.

Room 509F HHH Bldg.

Washington, D.C. 20201

 

You may also use the Department’s online portal at:

https://ocrportal.hhs.gov/ocr/cp/complaint_frontpage.jsf

 

  • No Retaliation: We are committed to ensuring that you can exercise your rights without fear of retaliation. You will not be penalized, discriminated against, or treated differently for filing a complaint or voicing concerns.

  • Response to Complaints: We take all complaints seriously and will investigate each one thoroughly. We are committed to resolving any issues and will provide you with feedback or a resolution as soon as possible.

  • Continuous Improvements: We use feedback from complaints as an opportunity for continuous improvement. Addressing your concerns helps us enhance our services and ensure that we uphold the highest standards of privacy and care.

 

By providing you with the right to voice concerns, we aim to foster an environment of trust, transparency, and open communication, ensuring that your rights and privacy are always upheld.

 

9. Right to Choose Someone to Act for You: If you have appointed a health care proxy or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI.

 

Questions, Requests for Information, and Complaints

For questions, requests for information, more information on our privacy policy, complaints, and concerns, please contact us at:

 

Avital Healthcare

PO Box 320096

West Roxbury, MA 02132

admin@avitalhealthcare.com

​

Questions about whether Avital is right for you?

Contact us here

Heather Hirsch Badge
Menopause Society Certified Practitioner Badge
Menopause Society Logo

© 2026 Avital Healthcare

bottom of page