NOTICE OF PRIVACY PRACTICES FOR LACTATION CONSULTING

Carolynn Elizabeth Wimmer, RN, IBCLC, 4225 Avati Dr, San Diego, CA 92117 | carolynn@lactationlounge.co

Privacy Officer Contact: (650) 690-5094

Effective Date: March 1, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND

DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT

CAREFULLY.

We understand the importance of privacy and are committed to maintaining the confidentiality of your medical

information. We make a record of the medical care we provide and may receive such records from others. We use

these records to provide or enable other health care providers to provide quality medical care, to obtain payment for

services provided to you as allowed by your health plan and to enable us to meet our professional and legal

obligations to operate this medical practice properly. We are required by law to maintain the privacy of protected

health information, to provide individuals with notice of our legal duties and privacy practices with respect to

protected health information, and to notify affected individuals following a breach of unsecured protected health

information. This notice describes how we may use and disclose your medical information. It also describes your

rights and our legal obligations with respect to your medical information. If you have any questions about this

Notice, please contact our Privacy Officer listed above.

TABLE OF CONTENTS

A. How This Medical Practice May Use or Disclose Your Health Information p. 1

B. When This Medical Practice May Not Use or Disclose Your Health Information p. 4

C. Your Health Information Rights p. 4

1. Right to Request Special Privacy Protections

2. Right to Request Confidential Communications

3. Right to Inspect and Copy

4. Right to Amend or Supplement

5. Right to an Accounting of Disclosures

6. Right to a Paper or Electronic Copy of this Notice

D. Changes to this Notice of Privacy Practices p. 5

E. Complaints p. 5

A.

How This Medical Practice May Use or Disclose Your Health Information

This medical practice collects health information about you and stores it in a chart and on a computer. This is your

medical record. The medical record is the property of this medical practice, but the information in the medical record

belongs to you. The law permits us to use or disclose your health information for the following purposes:

1. Treatment. We use medical information about you to provide your medical care. We disclose medical

information to our employees and others who are involved in providing the care you need. For example, we

may share your medical information with other physicians or other health care providers who will provide

services that we do not provide. Or we may share this information with a pharmacist who needs it to dispense a

prescription to you, or a laboratory that performs a test. We may also disclose medical information to members

of your family or others who can help you when you are sick or injured, or after you die.

2. Payment. We use and disclose medical information about you to obtain payment for the services we provide.

For example, we give your health plan the information it requires before it will pay us. We may also disclose

information to other health care providers to assist them in obtaining payment for services they have provided to

you.

3. Health Care Operations. We may use and disclose medical information about you to operate this medical

practice. For example, we may use and disclose this information to review and improve the quality of care we

provide, or the competence and qualifications of our professional staff. Or we may use and disclose this

information to get your health plan to authorize services or referrals. We may also use and disclose this

information as necessary for medical reviews, legal services and audits, including fraud and abuse detection and

compliance programs and business planning and management. We may also share your medical information

with our "business associates," such as our billing service, that perform administrative services for us. We have

a written contract with each of these business associates that contains terms requiring them and their

subcontractors to protect the confidentiality and security of your protected health information. We may also

share your information with other health care providers, health care clearinghouses or health plans that have a

relationship with you, when they request this information to help them with their quality assessment and

improvement activities, their patient-safety activities, their population-based efforts to improve health or reduce

health care costs, their protocol development, case management or care-coordination activities, their review of

competence, qualifications and performance of health care professionals, their training programs, their

accreditation, certification or licensing activities, or their health care fraud and abuse detection and compliance

efforts.

4. Appointment Reminders. We may use and disclose medical information to contact and remind you about

appointments. If you are not home, we may leave this information on your answering machine or in a message

left with the person answering the phone.]

5. Sign In Sheet. We may use and disclose medical information about you by having you sign in when you arrive

at our office. We may also call out your name when we are ready to see you.

6. Notification and Communication With Family. We may disclose your health information to notify or assist in

notifying a family member, your personal representative or another person responsible for your care about your

location, your general condition or, unless you had instructed us otherwise, in the event of your death. In the

event of a disaster, we may disclose information to a relief organization so that they may coordinate these

notification efforts. We may also disclose information to someone who is involved with your care or helps pay

for your care. If you are able and available to agree or object, we will give you the opportunity to object prior to

making these disclosures, although we may disclose this information in a disaster even over your objection if we

believe it is necessary to respond to the emergency circumstances. If you are unable or unavailable to agree or

object, our health professionals will use their best judgment in communication with your family and others.

7. Marketing. Provided we do not receive any payment for making these communications, we may contact you to

give you information about products or services related to your treatment, case management or care

coordination, or to direct or recommend other treatments, therapies, health care providers or settings of care that

may be of interest to you. We may similarly describe products or services provided by this practice and tell you

which health plans this practice participates in. We may also encourage you to maintain a healthy lifestyle and

get recommended tests, participate in a disease management program, provide you with small gifts, tell you

about government sponsored health programs or encourage you to purchase a product or service when we see

you, for which we may be paid. Finally, we may receive compensation which covers our cost of reminding you

to take and refill your medication, or otherwise communicate about a drug or biologic that is currently prescribed

for you. We will not otherwise use or disclose your medical information for marketing purposes or accept any

payment for other marketing communications without your prior written authorization. The authorization will

disclose whether we receive any compensation for any marketing activity you authorize, and we will stop any

future marketing activity to the extent you revoke that authorization.

8. Sale of Health Information. We will not sell your health information without your prior written authorization.

The authorization will disclose that we will receive compensation for your health information if you authorize us

to sell it, and we will stop any future sales of your information to the extent that you revoke that authorization.

9. Required by Law. As required by law, we will use and disclose your health information, but we will limit our

use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or

domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will

further comply with the requirement set forth below concerning those activities.

10. Public Health. We may, and are sometimes required by law, to disclose your health information to public health

authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child, elder

or dependent adult abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration

problems with products and reactions to medications; and reporting disease or infection exposure. When we

report suspected elder or dependent adult abuse or domestic violence, we will inform you or your personal

representative promptly unless in our best professional judgment, we believe the notification would place you at

risk of serious harm or would require informing a personal representative we believe is responsible for the abuse

or harm.

11. Health Oversight Activities. We may, and are sometimes required by law, to disclose your health information to

health oversight agencies during the course of audits, investigations, inspections, licensure and other

proceedings, subject to the limitations imposed by law.

12. Judicial and Administrative Proceedings. We may, and are sometimes required by law, to disclose your health

information in the course of any administrative or judicial proceeding to the extent expressly authorized by a

court or administrative order. We may also disclose information about you in response to a subpoena, discovery

request or other lawful process if reasonable efforts have been made to notify you of the request and you have

not objected, or if your objections have been resolved by a court or administrative order.

13. Law Enforcement. We may, and are sometimes required by law, to disclose your health information to a law

enforcement official for purposes such as identifying or locating a suspect, fugitive, material witness or missing

person, complying with a court order, warrant, grand jury subpoena and other law enforcement purposes.

14. Coroners. We may, and are often required by law, to disclose your health information to coroners in connection

with their investigations of deaths.

15. Organ or Tissue Donation. We may disclose your health information to organizations involved in procuring,

banking or transplanting organs and tissues.

16. Public Safety. We may, and are sometimes required by law, to disclose your health information to appropriate

persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person

or the general public.

17. Proof of Immunization. We will disclose proof of immunization to a school that is required to have it before

admitting a student where you have agreed to the disclosure on behalf of yourself or your dependent.

18. Specialized Government Functions. We may disclose your health information for military or national security

purposes or to correctional institutions or law enforcement officers that have you in their lawful custody.

19. Workers’ Compensation. We may disclose your health information as necessary to comply with workers’

compensation laws. For example, to the extent your care is covered by workers' compensation, we will make

periodic reports to your employer about your condition. We are also required by law to report cases of

occupational injury or occupational illness to the employer or workers' compensation insurer.

20. Change of Ownership. In the event that this medical practice is sold or merged with another organization, your

health information/record will become the property of the new owner, although you will maintain the right to

request that copies of your health information be transferred to another physician or medical group.

21. Breach Notification. In the case of a breach of unsecured protected health information, we will notify you as

required by law. If you have provided us with a current e-mail address, we may use e-mail to communicate

information related to the breach. In some circumstances our business associate may provide the notification.

We may also provide notification by other methods as appropriate.

B. When This Medical Practice May Not Use or Disclose Your Health Information

Except as described in this Notice of Privacy Practices, this medical practice will, consistent with its legal

obligations, not use or disclose health information which identifies you without your written authorization. If you do

authorize this medical practice to use or disclose your health information for another purpose, you may revoke your

authorization in writing at any time.

C. Your Health Information Rights

1. Right to Request Special Privacy Protections. You have the right to request restrictions on certain uses and

disclosures of your health information by a written request specifying what information you want to limit, and

what limitations on our use or disclosure of that information you wish to have imposed. If you tell us not to

disclose information to your commercial health plan concerning health care items or services for which you paid

for in full out-of-pocket, we will abide by your request, unless we must disclose the information for treatment or

legal reasons. We reserve the right to accept or reject any other request, and will notify you of our decision.

2. Right to Request Confidential Communications. You have the right to request that you receive your health

information in a specific way or at a specific location. For example, you may ask that we send information to a

particular e-mail account or to your work address. We will comply with all reasonable requests submitted in

writing which specify how or where you wish to receive these communications.

3. Right to Inspect and Copy. You have the right to inspect and copy your health information, with limited

exceptions. To access your medical information, you must submit a written request detailing what information

you want access to, whether you want to inspect it or get a copy of it, and if you want a copy, your preferred

form and format. We will provide copies in your requested form and format if it is readily producible, or we

will provide you with an alternative format you find acceptable, or if we can’t agree and we maintain the record

in an electronic format, your choice of a readable electronic or hardcopy format. We will also send a copy to any

other person you designate in writing. We will charge a reasonable fee which covers our costs for labor,

supplies, postage, and if requested and agreed to in advance, the cost of preparing an explanation or summary.

We may deny your request under limited circumstances. If we deny your request to access your child's records

or the records of an incapacitated adult you are representing because we believe allowing access would be

reasonably likely to cause substantial harm to the patient, you will have a right to appeal our decision. If we

deny your request to access your psychotherapy notes, you will have the right to have them transferred to

another mental health professional.

4. Right to Amend or Supplement. You have a right to request that we amend your health information that you

believe is incorrect or incomplete. You must make a request to amend in writing, and include the reasons you

believe the information is inaccurate or incomplete. We are not required to change your health information, and

will provide you with information about this medical practice's denial and how you can disagree with the denial.

We may deny your request if we do not have the information, if we did not create the information (unless the

person or entity that created the information is no longer available to make the amendment), if you would not be

permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. If we

deny your request, you may submit a written statement of your disagreement with that decision, and we may, in

turn, prepare a written rebuttal. All information related to any request to amend will be maintained and disclosed

in conjunction with any subsequent disclosure of the disputed information.

5. Right to an Accounting of Disclosures. You have a right to receive an accounting of disclosures of your health

information made by this medical practice, except that this medical practice does not have to account for the

disclosures provided to you or pursuant to your written authorization, or as described in paragraphs 1

(treatment), 2 (payment), 3 (health care operations), 6 (notification and communication with family) and 18

(specialized government functions) of Section A of this Notice of Privacy Practices or disclosures for purposes

of research or public health which exclude direct patient identifiers, or which are incident to a use or disclosure

otherwise permitted or authorized by law, or the disclosures to a health oversight agency or law enforcement

official to the extent this medical practice has received notice from that agency or official that providing this

accounting would be reasonably likely to impede their activities.

6. Right to a Paper or Electronic Copy of this Notice. You have a right to notice of our legal duties and privacy

practices with respect to your health information, including a right to a paper copy of this Notice of Privacy

Practices, even if you have previously requested its receipt by e-mail.

If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of

these rights, contact our Privacy Officer listed at the top of this Notice of Privacy Practices.

D. Changes to this Notice of Privacy Practices

We reserve the right to amend this Notice of Privacy Practices at any time in the future. Until such amendment is

made, we are required by law to comply with the terms of this Notice currently in effect. After an amendment is

made, the revised Notice of Privacy Protections will apply to all protected health information that we maintain,

regardless of when it was created or received. We will keep a copy of the current notice posted in our reception area,

and a copy will be available at each appointment.

E. California Law and HIPAA

California has its own laws that protect the confidentiality of medical and mental health information. One of the most

comprehensive set of statutes is called the California Confidentiality of Medical Information Act (CMIA). It applies

to medical information held by the health care providers, health care services plans and contractors, as each is defined

in state law. The CMIA parallels HIPAA in many ways; however, in some situations, it provides greater

confidentiality protections than HIPAA. Federal privacy regulations under HIPAA usually supersede – or “preempt”

– state laws, but HIPAA states that if a state’s law is more protective of individual privacy, then providers should

follow the state law. Thus, California health providers typically follow both HIPAA and state law. There are two

other ways that California law becomes particularly important to understanding HIPAA. HIPAA grants rights to sign

authorizations and to access a minor’s protected health information based in part on who is authorized to make health

decisions for the minor. State law determines who has those consent rights in many cases. Similarly, HIPAA says a

parent’s right to access records when the parent did not consent for the child’s care will depend in part on state law.

Finally, it is important to note that in addition to state and federal statute, licensed health professionals may practice

under state ethical and licensing regulations that also include obligations related to confidentiality. These principles

may impose greater confidentiality obligations than HIPAA.

F. Complaints

Complaints about this Notice of Privacy Practices or how this medical practice handles your health information

should be directed to our Privacy Officer listed at the top of this Notice of Privacy Practices.

You may also file a complaint by sending a letter to:

Region IX, Office for Civil Rights

U.S. Department of Health and Human Services

90 7th St. Suite 4-100

San Francisco, CA 94103