HIPAA Notice of Privacy Practices

HIPAA NOTICE OF PRIVACY PRACTICES

LD Innovations LLC

8 Rocky Hill Rd.

Chadds Ford, PA 19317

support@referralhero.com

Last Updated: March 7, 2025 

  1. INTRODUCTION

This Notice of Privacy Practices (“Notice”) describes how LD Innovations LLC d/b/a Referral Hero (“we,” “us,” or “our”) may use and disclose your protected health information (“PHI”) for the purpose of running its referral programs in which you share PHI with us. This document can be printed for reference by using the print command in the settings of any browser. It also describes your rights to access and control your PHI.

We are required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”), the HIPAA Omnibus Rule of 2013, and other applicable federal and Pennsylvania state laws to maintain the privacy of your health information and to provide you with notice of our legal duties and privacy practices concerning your health information.

We are required to abide by the terms of this Notice that are currently in effect. We reserve the right to change the terms of our Notice at any time and make the new Notice provisions effective for all PHI we maintain. We will notify you of any material changes to this Notice as described below.

  1. DEFINITIONS

For the purposes of this Notice, the following definitions apply:

  1. Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form or medium, including electronic, paper, or oral communications. PHI includes demographic information that identifies you or provides a reasonable basis to believe the information could be used to identify you and relates to the provision of health care.
  2. Business Associate: A person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a covered entity.
  3. Minimum Necessary Standard: The principle that when using or disclosing PHI, we will make reasonable efforts to limit the PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.
  4. Participation: Your participation in the referral program you opted in.

OUR RESPONSIBILITIES

We are required by law to:

  1. Maintain the privacy and security of your PHI: We implement appropriate physical, technical, and administrative safeguards to protect the privacy of your PHI from unauthorized access, use, or disclosure.
  2. Provide you with this Notice: Your access to this webpage constitutes access to the Notice, which you can print for your file.
  3. Abide by the terms of this Notice: We will follow the terms of this Notice that are currently in effect. If we revise this Notice, we will provide you with the revised Notice as described herein.
  4. Notify you following a breach of unsecured PHI: We will notify you in writing within 60 days if we discover that your unsecured PHI has been breached, in accordance with HIPAA requirements and the Pennsylvania Breach of Personal Information Notification Act.
  5. Obtain your written acknowledgment: We will make a good faith effort to obtain your written acknowledgment of receipt of this Notice.
  6. Restrict uses and disclosures to the minimum necessary: We will make reasonable efforts to use, disclose, and request only the minimum amount of PHI needed to accomplish the intended purpose, in accordance with HIPAA's “minimum necessary” requirements.
  7. Accommodate reasonable requests: We will accommodate reasonable requests you may make to communicate health information by alternative means or at alternative locations.

HOW WE MAY USE AND DISCLOSE YOUR PHI

The following categories describe different ways we may use and disclose your PHI to third parties:

  1. To process financial rewards associated with your participation in the Program.
  2. To develop, manage, and general administrative activities associated with the Program.
  3. To remind you of referral reminders and health-related benefits and services.
  4. When required by federal, state, or local law, including reporting victims of abuse, neglect, or domestic violence, assisting law enforcement officials in their law enforcement duties, reporting to health oversight agencies for activities authorized by law, or responding to court or administrative orders, subpoenas, discovery requests, or other lawful process
  5. Comply with health oversight agencies' requests for activities authorized by law. 13. Coroners, Medical Examiners, and Funeral Directors

USES AND DISCLOSURES REQUIRING AUTHORIZATION

The following uses and disclosures of your PHI will be made only with your written authorization:

  1. Marketing purposes, except for face-to-face communications or promotional gifts of nominal value.
  2. Sale of your PHI.
  3. Any uses and disclosures not described in this Notice.

You may revoke such authorization at any time in writing, except to the extent that we have already taken action based on the use or disclosure indicated in the authorization.

You have the right to revoke this authorization at any time by submitting a written revocation to support@referralhero.com. The revocation will not affect any actions taken before the receipt of your written revocation.

YOUR RIGHTS

  1. Access: You have the right to look at or get copies of your health information, with limited exceptions. You may request that we provide copies in a format other than a digital copy. We will use the format you request unless we cannot practicably do so. You must make a request in writing to obtain access to your health information. We will charge you a reasonable cost-based fee for expenses such as copies. 
  2. Accounting of Disclosures: You have the right to receive a list of instances in which we or our business associates disclosed your health information for purposes other than treatment, payment, healthcare operations, and other activities for the last 6 years. If you request this accounting more than once in 12 months, we may charge you a reasonable, cost-based fee for responding to these additional requests.
  3. Restriction: You have the right to request that we place additional restrictions on our use or disclosure of your health information. We may not be required to agree to these additional restrictions, but if we do, we will abide by our agreement.
  4. Alternative Communication: You have the right to request that we communicate with you about your health information in a way other than SMS messages. You must make your request in writing, specifying the alternative means or location.
  5. Amendment: You have the right to request that we amend your health information. (Your request must be in writing, and the reason for the amendment must be explained.) We may deny your request under certain circumstances.

CHANGES TO THIS NOTICE

We reserve the right to make the revised or changed Notice effective for PHI we already have about you and any information we receive in the future. The most recent copy of the Notice appears on this webspage. The Notice will contain the effective date on the first page. We will notify you only of material changes to this Notice by email or text using the contact information you provided.

QUESTIONS AND COMPLAINTS

For questions about this Notice, to exercise your rights described in this Notice, or to file a complaint, you may contact us at the address listed at the top of this Notice. All questions, requests, and complaints must be submitted in writing. You will not be penalized or retaliated against for filing a complaint.

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. 

ELECTRONIC HEALTH RECORDS

We maintain basic electronic health records for program users. Our electronic systems are secured through various technological safeguards, and we have policies and procedures in place to protect the confidentiality and security of your information stored electronically.

These safeguards include:

  1. Encryption: We use industry-standard encryption for PHI transmitted over electronic networks and for stored data.
  2. Access Controls: We implement technical safeguards that restrict access to electronic PHI to authorized staff members who need information to perform their job functions.
  3. Audit Controls: Our systems maintain audit trails that record and examine activity in systems containing PHI.
  4. Integrity Controls: We have implemented electronic mechanisms to confirm that PHI has not been improperly altered or destroyed.
  5. Transmission Security: We have implemented technical security measures to guard against unauthorized access to PHI being transmitted over an electronic communications network.
  6. Staff Training: All staff receive regular training on properly handling electronic PHI and our security policies and procedures.

We do not currently offer a user portal for electronic access to your health information. If you wish to access your health information, you must submit a written request following the procedures set forth in this Notice.

BUSINESS ASSOCIATES

We may disclose your PHI to our business associates who perform functions on our behalf or provide us with services if the information is necessary for such functions or services. For example, we may use a business associate to assist us with billing services or data analysis. All of our business associates are obligated, under contract with us and by law, to protect the privacy and security of your PHI and can only use and disclose the information as specified in our contract and as permitted by law.

BREACH NOTIFICATION

In the event of a security breach of your PHI, we will notify you as required by HIPAA and the Pennsylvania Breach of Personal Information Notification Act. A “breach” means the unauthorized acquisition, access, use, or disclosure of PHI that compromises its security or privacy.

Our notification to you will include:

  1. A brief description of what happened, including the date of the breach and the date of discovery, if known;
  2. A description of the types of unsecured PHI involved in the breach;
  3. Steps you should take to protect yourself from potential harm resulting from the breach;
  4. A brief description of what we are doing to investigate the breach, mitigate harm, and prevent future breaches; and
  5. Contact procedures for you to ask questions or obtain additional information, including a toll-free telephone number, email address, website, or postal address.

We will notify you without unreasonable delay and in no case later than 60 calendar days after discovery of the breach. We will provide this notification by first-class mail to your last known address or, if you have agreed to electronic notice, by email. If we have insufficient or out-of-date contact information for you, we may provide substitute notice through an alternative method, such as posting on our website or in major print or broadcast media.

RECORD RETENTION

In accordance with the Pennsylvania Medical Records Act and other applicable laws, we will maintain your medical records for a minimum of seven (7) years from the date of your last service, or until you reach the age of majority plus seven years for minors, whichever is longer. We may maintain records for a longer period if required by other applicable laws or regulations.

ACKNOWLEDGMENT OF RECEIPT

By acknowledging digital access to this Notice when you opt-in to the Program, you expressly acknowledge that you have accessed and read this Notice and consent to the collection, storage, and use of your PHI. If you choose not to sign or are unable to sign, you will not be able to participate in the Program.

Product
Affiliate ProgramNet Promoter Score (NPS)Referral ProgramWaitlist & ContestProduct TOURPricingintegrationsExamples
DemoAPI
Resources
CASE STUDIESCrash CourseRH academyBlogSupport
Company
Aboutprivacy policyTerms of serviceStatusGdprPARTICIPANT HIPAA privacy policyPARTICIPANT HIPAA TERMS OF SERVICE
support@referralhero.com
Powered by ReferralHero. All rights reserved.