HIPAA Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

If you have any questions about this Notice of Privacy Practices (“Notice”), please contact:

Privacy Officer:
Email: data@3stepdiet.com

15375 Barranca Parkway, Suite B-105
Irvine, CA 92618

Section A: Who Will Follow This Notice?

This Notice describes 3 Step Diet a brand owned by Farmodietica USA, Inc. (hereafter referred to as “Provider”) Privacy Practices and that of:

Any workforce member authorized to create medical information referred to as protected health information (PHI) that may be used for purposes such as treatment, payment and healthcare operations. These workforce members may include:

All departments and units of Provider
Any member of a volunteer group
All employees, staff and other Provider personnel
Any entity providing services under Provider’s direction and control will follow the terms of this notice. In addition, these entities, sites and locations may share medical information with each other for treatment, payment or healthcare operations as described in this notice.

Section B: Our Pledge Regarding Medical Information

We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive at the Provider. We need this record to provide you with quality care and to comply with certain legal requirements. This Notice applies to all the records of your care and records related to payment for that care, generated or maintained by the Provider, whether made by Provider personnel or your personal Clinical Dietitian and/or Nutrition Consultant.

This Notice will tell you about the ways in which we may use and disclose medical information about you. We also will describe your rights and certain obligations we have regarding the use and disclosure of medical information.

We are required by law to:

Make sure that medical information that identifies you is kept private
Give you this Notice of our legal duties and privacy practices with respect to medical information about you
Follow the terms of the Notice currently in effect

Section C: How We May Use and Disclose Medical Information About You

The following categories describe different ways that we use and disclose medical information. For each category of uses or disclosures we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, we are permitted to use and disclose information that will fall within one of the categories.

Treatment. We may use medical information about you to provide you with medical care or services. We may disclose medical information about you to our employees and others who are involved in providing the care you need. For example, we may share your medical information with other physicians or other health care providers who will provide services that we do not provide. Or we may share this information with a pharmacist who needs it to dispense a prescription to you, or a laboratory that performs a test. We may also disclose medical information to members of your family or others who can help you when you are sick or injured, or after you die.
Payment. We use and disclose medical information about you to obtain payment for the services we provide, whether payment is collected from you, an insurance company, or a third party. For example, we might need to give your health plan the information it requires before it will reimburse you or us for. We may also disclose information to other health care providers to assist them in obtaining payment for services they have provided to you.
Healthcare Operations. We may use and disclose medical information about you for Provider operations, and they are necessary to make sure that all of our patients receive quality care. For example, we may use medical information to review our treatments and services and to evaluate the performance of our staff in caring for you. We also might combine medical information about many of the Provider’s patients to decide what additional services the Provider should offer, what services are not needed, and whether certain new treatments are effective. We also might disclose information to our employees and others who are involved in providing the care you need for review and learning purposes. We also may combine the medical information we have with medical information from other providers to compare how we are doing and see where we can make improvements in our care and service. We might remove information that identifies you from this set of medical information so others can use it to study healthcare and healthcare delivery without learning a patient’s identity.
Appointment Reminders. We may use and disclose medical information to contact you as a reminder that you have an appointment for medical care at the Provider.
Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
Health & Related Benefits and Services. We may use and disclose medical information to tell you about health and related benefits or services that could be of interest to you.
Authorizations Required. We will not use your PHI for any purposes not specifically allowed by federal or state laws or regulations without your written authorization. Specifically, the following types of uses and disclosures of your medical information require an authorization: 1) disclosure of psychotherapy notes; 2) disclosures for marketing purposes; and 3) disclosures that constitute a sale of PHI. Other uses and disclosures not described in the NPP will not be made unless an individual provides an authorization and that authorization may be revoked prospectively at any time by written revocation.
Emergencies. We may use or disclose your medical information if you need emergency treatment or if we are required by law to treat you but are unable to obtain your consent.
Communication Barriers. We may use and disclose your health information if we are unable to obtain your consent because of substantial communication barriers and we believe you would want us to treat you if we could communicate with you.
Provider Directory. We may include certain limited information about you in Provider’s directory while you are a patient here. This information may include your name, location, general condition (e.g., fair, stable, etc.) and religious affiliation. The directory information, except for your religious affiliation, also may be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. This is so your family, friends and clergy can visit and generally know how you are doing.
Individuals Involved in Your Care or Payment for Your Care. We may release medical information about you to a friend or family member who is involved in your medical care and we also may give information to someone who helps pay for your care, unless you object and ask us not to provide this information to specific individuals, in writing. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location.
Research. Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project could involve comparing the weight lost in patients who followed the program to those who received another. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients’ need for privacy of their medical information. All research projects are subject to an approval process involving an Institutional Review Board (IRB). The IRB evaluates proposed research projects and their use of PHI, balancing research needs and a patients’ right to privacy. We may disclose PHI about you to people preparing to conduct a research project in order to help identify patients with specific medical needs. PHI disclosed during this process never leaves our control. We might ask for specific permission from you if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care at the Provider.
As Required By Law. We will disclose medical information about you when required to do so by federal, state, or local law.
To Avert a Serious Threat to Health or Safety. We may use and disclose your medical information when necessary to prevent a serious threat to the health and safety of the public or another person.
E-mail Use E-mail will only be used for communications in accordance with this organization’s current policies and practices and with your permission. The use of secured, encrypted e-mail is encouraged.

Section D: Special Situations

Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ, eye, and tissue procurement as necessary to facilitate donation and transplantation.
Military and Veterans. If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We also might release medical information about foreign military personnel to the appropriate foreign military authority.
Workers’ Compensation. We may release medical information about you for workers’ compensation or similar programs.
Public Health Risks. We may disclose medical information about you for public health activities. These activities generally include the following:
- Preventing disease
- Helping with product recalls
- Reporting adverse reactions to medications
- Reporting suspected abuse, neglect, or domestic violence
- Preventing or reducing a serious threat to anyone’s health or safety

Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement. We may release medical information if asked to do so by a law enforcement official:
- In response to a court order, subpoena, warrant, grand jury or similar process
- To identify or locate a suspect, fugitive, material witness, or missing person
- About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement
- About criminal conduct at Provider
- In emergency circumstances, to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime
Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We also may release medical information about Provider patients to funeral directors as necessary to carry out their duties.
National Security and Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective Services for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President, foreign heads of state, or other authorized persons to conduct special investigations.
Specialized Government Functions. We may disclose your health information for military or national security purposes or to correctional institutions or law enforcement officers that have you in their lawful custody.

Section E: Your Rights Regarding Medical Information About You

You have the following rights regarding medical information we maintain about you:

Right to Access, Inspect, and Copy. You have the right to access, inspect, and copy the health information that may be used to make decisions about your care, with a few exceptions. Usually, this includes medical and billing records, but may not include psychotherapy notes.
If we maintain your information electronically you may request a copy of your records via a mutually agreed upon electronic format. If we fail to agree upon an electronic format for delivery of electronic copies we will provide you with a paper copy for your records. If you request a copy of the information in either paper or electronic format, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.
We may deny your request to inspect and copy medical information in certain very limited circumstances. If you are denied access to medical information, in some cases, you may request that the denial be reviewed. Another licensed health care professional chosen by Provider will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Amend. You have a right to request that we amend your health information that you believe is incorrect or incomplete. You must make a request to amend in writing and include the reasons you believe the information is inaccurate or incomplete.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request or for other reasons. Typical reasons for denial of an amendment request include if you ask us to amend information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment
- Is not part of the medical information kept by or for Provider
- Is not part of the information which you would be permitted to inspect and copy
- Is accurate and complete
Right to an Accounting of Disclosures. You have the right to request an “Accounting of Disclosures.”. This is a list of the disclosures we made of health information about you. Your request must state a time period which may not be longer than six years. Your request should indicate in what form you want the list (for example, on paper or electronically, if available). The first list you request within a 12-month period will be complimentary. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for payment or healthcare operations. We require that any requests for use or disclosure of medical information be made in writing. In some cases we are not required to agree to these types of requests, however, if we do agree to them we will abide by these restrictions. We will always notify you of our decisions regarding restriction requests in writing. We will not comply with any requests to restrict use or access of your medical information for treatment purposes.You have the right to request, in writing, a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a diet plan to your spouse. In your request, you must tell us what information you want to limit, whether you want to limit our use, disclosure or both, and to whom you want the limits to apply.You have the right to request a restriction on the use and disclosure of your medical information about a service or item to your health plan. This right only applies to request for restrictions to a health plan and cannot be denied. The service or item requested for restriction from the health plan must be paid in full and out of pocket by you before the restriction will be applied. We are not required to accept your request for this type of restriction until you have completely paid your bill (zero balance) for the item or service. It is your responsibility to notify other healthcare providers of these types of restrictions. We are not required to do so.
Right to Receive Notice of a Breach. We are required to notify you by first class mail or by e-mail (if we offered and you have indicated a preference to receive information by e-mail), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of the breach. “Unsecured Protected Health Information” is information that is not secured via a methodology identified by the Secretary of the U.S. Department of Health and Human Services (HHS) that renders the protected health information unusable, unreadable, and indecipherable to unauthorized users. The notice is required to include the following information:
- A brief description of the breach, including the date of the breach and the date of its discovery, if known
- A description of the type of Unsecured Protected Health Information involved in the breach
- Steps you should take to protect yourself from potential harm resulting from the breach
- A brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches
- Contact information, including a toll-free telephone number, e-mail address, website, or postal address where you can ask questions or obtain additional information.

In the event the breach involves 10 or more patients whose contact information is out of date, we will post a notice on the home page of our website or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary. We also are required to submit an annual report to the Secretary detailing a list of breaches that involve more than 500 patients during the year and maintain a written log of breaches involving less than 500 patients.

Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we send information to a particular e-mail account or to your work address. We will not ask you the reason for your request. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy. You may obtain a copy of this Notice at our website: https://3stepdiet.com/hippa-policy . To exercise the above rights, please contact data@3stepdiet.com to obtain a copy of the relevant form you will need to complete to make your request.

Section F: Changes To This Notice

We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current Notice in our organization as well as on our website. In addition, each time you register, are admitted, or receive inpatient or outpatient services from a Provider, we will offer you a copy of the most current Notice.

Section G: Complaints

If you believe your privacy rights have been violated, you may file a complaint with Provider or with the Secretary of the Department of Health and Human Services; http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html

To file a complaint about this Notice of Privacy Practices or how this medical practice handles your health information contact our Privacy Officer listed on the first page of this Notice. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

Section H: Other Uses of Medical Information

Other uses and disclosures of medical information not covered by this Notice or the laws that apply to you will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.

Section I: Organized Healthcare Arrangement (OHCA)

The Provider, the independent contractor members of its medical staff (including your dietitian), and other healthcare providers affiliated with the provider have agreed, as permitted by law, to share your health information among themselves for purposes of treatment, payment, or healthcare operations, enabling us to better address your healthcare needs. Providers participating in an Organized Healthcare Arrangement may share the same NPP.

Revised Date: March 18, 2022. Compliant with HIPAA Omnibus Privacy Rules

Original Effective Date: January 10, 2022

Ready to get started?

Book an appointment

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.