HIPAA – Notice of Privacy
LUXOTTICA OF AMERICA INC.
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT
YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET
ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY
OUR LEGAL DUTIES
Luxottica of America Inc. (“Luxottica”), including all direct and indirect subsidiaries, is committed to protecting your privacy. This Notice covers the privacy practices of Luxottica and its subsidiaries who are subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) that are treated as
covered entities under such law. This Notice tells about the uses and disclosures we make of your personal health information, including certain rights that you have, and obligations we are bound to, with respect to such information.
We are required by applicable federal and state law to do the following:
- Maintain the privacy and safeguard the security of your health information;
- Give you this Notice about our privacy practices, our legal duties, and your rights concerning your health information;
- Notify you, along with all other affected individuals, of a breach of unsecured health information;
and - Follow the privacy practices that are described in this Notice while it is in effect.
This Notice takes effect November 9, 2023, and will remain in effect until we replace it. We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law.
We reserve the right to make changes in our privacy practices and this Notice, effective for all health information that we maintain, including health information we created or received before we made the changes. In the event we make a material change in our privacy practices, we will change this Notice and provide it to you or it can be viewed on our website. You may request a copy of our Notice at any time.
For more information about our privacy practices, or for additional copies of this Notice, please contact us using the information listed at the end of this Notice.
USES AND DISCLOSURES OF HEALTH INFORMATION
We use health information about you for treatment, to obtain payment for treatment, for administrative purposes, and to evaluate the quality of care and service that you receive. Your health information is contained in a medical or optical dispensary record that is the physical property of Luxottica. Your health information consists of any information, whether in oral or recorded form, that is created or received by us and individually identifies you, and that relates to your past, present or future physical or mental health or condition; the provision of health care to you; or the past, present or future payment for the provision of health care to you.
How We May Use or Disclose Your Health Information
For Treatment. We may use or disclose your health information to an optometrist, ophthalmologist, optician or other health care providers providing treatment to you. This may include:
- the provision, coordination, or management of health care;
- consultation between health care providers relating to your care;
- referring you to another health care provider; or
- appointment reminders and recall information.
For Payment. We may use and disclose your health information to facilitate payments of benefits for treatment and services provided to you. This may include:
- billing and collection activities and related data processing;
- submitting claims to your health or vision coverage;
- disclosure to consumer reporting agencies of information relating to collection of payments.
For Health Care Operations. We may use and disclose health information about you for our health care operational purposes. For example, your health information may be used or disclosed to:
- conduct quality assessments and improvement activities;
- conduct training programs or credentialing activities;
- conduct or arrange for medical review, legal services, audit services, fraud and abuse detection and compliance programs;
- determine how to continually improve the quality and effectiveness of the products, service and care we provide, including customer satisfaction surveys and data analyses;
- properly manage our business;
- business plan and development, including acquisitions, mergers and consolidations; and
- communicate with you concerning (a) a health-related product or service that is provided by us, (b) your treatment, or (c) case management, care coordination, or to recommend alternative treatments, therapies, providers or settings for care to the extent such activities are not within your current treatment.
To You, Your Family and Friends. We must disclose your health information to you, as described in the Your Health Information Rights section of this Notice. We may disclose your health information to a family member, friend or other person to the extent necessary to help with your health care or with payment for your health care, but only if you agree that we may do so or, if you are not able to agree, if it is necessary in our professional judgment.
Location and Notification. We may use or disclose your health information to an entity assisting in a disaster relief effort to notify, or assist in the notification of (including identifying or locating) a family member, your personal representative or another person responsible for your care, of your location or your general condition. We will make this type of disclosure only if you agree that we may do so or, if you are not able to agree, if it is necessary in our professional judgment.
Required by Law. We may use and disclose information about you as required by applicable law. In addition, we may disclose information for the following purposes:
- for judicial and administrative proceedings pursuant to court order or specific legal authority;
- pursuant to a shared/joint custody and child care or support arrangement authorized by law or court order;
- to report information related to victims of abuse, neglect or domestic violence;
- to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with HIPAA;
- to assist law enforcement officials in their law enforcement duties, as permitted by HIPAA; or
- to assist public health, safety or law enforcement officials avert a serious threat to the health or safety of you or any other person.
Personal Representatives; Decedents. We may disclose your health information to your personal representatives authorized under applicable law, such as a guardian, power of attorney for health care, or court-appointed administrator. Your health information may also be disclosed to executors, legally authorized family members, funeral directors or coroners to enable them to carry out their lawful duties upon your death.
Organ/Tissue donation. Your health information may be used or disclosed for cadaveric organ, eye or tissue donation purposes, provided we follow applicable laws.
Government Functions. Specialized government functions such as protection of public officials or reporting to various branches of the armed services that may require use or disclosure of your health information.
Worker Compensation. Your health information may be used or disclosed in order to comply with laws and regulations related to Worker Compensation.
Marketing Products or Services. “Marketing” means to make a communication to you that encourages you to purchase or use a product or service. We will not use or disclose your health information for marketing communications without your prior written authorization, except in the narrow circumstances permitted by HIPAA. We may also provide you with information regarding products or services that we offer related to your health care needs, provided that we are not paid or otherwise receive compensation for such communications.
We are also permitted to communicate with you regarding, treatment, case management or care coordination (including recommending alternative treatments, providers or settings for care). However, if we will receive compensation (directly or indirectly) in return for making any such communications, we must first obtain your written authorization, unless the communication describes only a drug or biologic that is currently prescribed for you and any compensation we receive relates solely to the cost of making the communication. This requirement does not apply to any payment or compensation for providing treatment to you.
Sale of Your Health Information. We will never sell your health information without your prior authorization, except in the narrow circumstances permitted by HIPAA. Under HIPAA, we, or our business associate, may receive compensation (directly or indirectly) related to an exchange of your health information for the following purposes: (a) public health activities; (b) research purposes (if the price charged reflects the cost of preparation and transmittal of the information); (c) payment or compensation for your treatment; (d) health care operations related to the sale, merger or consolidation of all or part of our business; (e) performance of services by a business associate on our behalf; (f) providing you with a copy of your health information; or (g) other reasons determined necessary or appropriate by applicable laws or regulations.
Your Authorization. You may give us written authorization to use your health information or to disclose it to anyone for any purpose. We will not condition your current or future treatment on the basis of providing an authorization. If you give us an authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect.
Unless you give us a written authorization, we cannot use or disclose your health information for any reason except those described in this Notice.
To a Business Associate. A Business Associate is a person or entity that helps Luxottica provide its services to you. We will only disclose your health information to Business Associates who have agreed in writing to protect that information as required by HIPAA.
Organized Health Care Arrangement (“OHCA”). If we are a member of an OHCA, we may disclose your Protected Health Information to another member of the OHCA for the health care operations of the OHCA.
YOUR HEALTH INFORMATION RIGHTS
Access: You have the right to review or get copies of your health information, with limited exceptions.
You may request that we provide copies in a format other than photocopies. We will use the format you request unless we cannot practicably do so. You may be asked to make a request in writing to obtain access to your health information. You may obtain a form to request access by using the contact information listed at the end of this Notice. We may charge you a reasonable cost based fee for expenses such as copies and staff time. You may also request access by sending us a letter to the address at the end of this Notice setting forth the specific information to which you desire access. If you request an alternative format, provided that it is practicable for us to produce the information in such format, we may charge a cost-based fee for preparing and transmitting your health information in that format. If you prefer, we will prepare a summary or an explanation of your health information for a cost-based fee. If we use or maintain an electronic health record (“EHR”) with respect to your care, you have the right to request a copy of your information in electronic format, and to direct us to transmit a copy of your information to a third party designated by you; and our fee may not exceed our labor costs in responding to such request. Please contact us using the information listed at the end of this Notice for a full explanation of our fee structure.
Disclosure Accounting: You have the right to receive a list of instances in which we or our business associates disclosed your health information for purposes other than treatment, payment, health care operations, where you have provided an authorization and certain other activities, for the last 6 years (or a shorter period if our relationship with you has existed for less than 6 years).
If you request this accounting more than once in a 12 month period, we may charge you a reasonable, cost based fee for responding to these additional requests.
With respect to disclosures made by our business associates, we may choose to provide you with a list of business associates acting on our behalf, along with their contact information, who must provide you with the accounting upon a request made directly by you to such entities.
Restriction: You have the right to request that we place additional restrictions on our use or disclosure of your health information. Except as noted below, we are not required to agree to these additional restrictions, but if we do, we will abide by our agreement (except in an emergency). Upon your request, and except as otherwise required by law, we will not disclose your health information to a health plan for purposes of payment or health care operations when the information relates solely to a service/product for which you paid out-of-pocket in full.
Alternative Communication (Confidential Communications): You have the right to request in writing that we communicate with you about your health information by alternative means or to alternative locations. Your request must specify the alternative means or location, and provide satisfactory explanation how payments will be handled under the alternative means or location you request.
Amendment: You have the right to request that we amend your health information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request under certain circumstances. You may obtain a form to request an amendment to your health information by using the contact information listed at the end of this Notice.
Electronic Notice: If you receive this Notice on our website or by electronic mail (email), you are entitled to receive this Notice in written form, as well.
Breach of Unsecured Health Information: If we discover that your health information has been breached (for example, disclosed to or acquired by an unauthorized person, stolen, lost, or otherwise used or disclosed in violation of HIPAA) and the privacy or security of the information has been compromised, we must notify you of the breach without unreasonable delay and in no event later than 60 days following our discovery of the breach. We are also required to notify the U.S. Department of Health and Human Services and the media (in some cases) of the breach but your health information will not be disclosed when such entities are notified of the breach. We may use or disclose your health information when determining whether a breach has occurred. We may also use or disclose your health information in responding to a breach, as required under HIPAA. For example, if an individual hacks into our computer network, we would investigate the incident to determine the extent of the breach and if health information had been accessed, used or disclosed in violation of HIPAA.
PRIVACY QUESTIONS AND COMPLAINTS
If you want more information about our privacy practices or have privacy questions or concerns, please contact us. If you are concerned that we may have violated your privacy rights, you may complain to us using the contact information listed at the end of this Notice. You may separately choose to file a
complaint with the U.S. Department of Health and Human Services, Office of Civil Rights (OCR), by
completing a Health Information Privacy Complaint Form (available at http://www.hhs.gov/ocr/privacy/hipaa/complaints/hipcomplaintform.pdf) and sending to the applicable
OCR Regional Office listed on the form, or by calling 1-800-368-1019 for instructions and contact information. An electronic complaint may be filed at https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
You must file a complaint with OCR within 180 days (6 months) after the occurrence of the act or omission giving rise to your complaint.
We support your right to the privacy of your health information. We will not retaliate in any way if you choose to file a complaint with us or with the Office of Civil Rights.
Contact Information
If you have any questions or complaints relating to privacy, please contact:
Privacy Official
Privacy Office
Luxottica of America Inc.
4000 Luxottica Place
Mason, Ohio 45040
Phone: 513-765-4321
Email: privacyoffice@luxotticaretail.com