This Data Use Agreement (“Agreement”) is provided by Compassionate Certification Centers (“CCC”), a medical practice that offers medical marijuana certification services. This Agreement explains how CCC uses, discloses, and protects your health information in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state laws.
By proceeding with care at CCC, you acknowledge that you have reviewed and understand this Agreement.
1. Permitted Uses of Your Health Information
We may use or disclose your protected health information (“PHI”) for the following purposes:
- Treatment: To provide, coordinate, or manage your medical marijuana certification and related healthcare services.
- Payment: To bill and receive payment for services rendered, if applicable.
- Healthcare Operations: For administrative, compliance, quality improvement, and training purposes within our practice.
We will not use your PHI for any other purpose without your written authorization unless required by law.
2. Disclosures We May Make Without Authorization
We may share your PHI without your authorization only when required or permitted by law,
including but not limited to:
- Public health reporting,
- Law enforcement requests,
- Regulatory or licensing authority compliance,
- Serious threats to health or safety.
3. Minimum Necessary Standard
When using or disclosing PHI, we will make reasonable efforts to use, disclose, and request only the minimum necessary information needed to accomplish the intended purpose.
4. De-Identified and Limited Data Sets
For research, education, or healthcare operations, we may use de-identified data or a “limited data set” that excludes direct identifiers (such as your name, address, or social security number). Any recipient of a limited data set must agree not to re-identify you or use the data for unauthorized purposes.
5. Your Rights Regarding PHI
You have the right to:
- Access and obtain a copy of your medical record,
- Request corrections to your record,
- Receive an accounting of certain disclosures,
- Request restrictions on certain uses or disclosures,
- Request confidential communications,
- File a complaint if you believe your privacy rights have been violated.
6. Safeguards
We use administrative, technical, and physical safeguards to protect your PHI from unauthorized access, use, or disclosure.
7. Patient Acknowledgment
By proceeding with an appointment with our practice, you acknowledge that you have reviewed and understand this Agreement, and you consent to the permitted uses and disclosures of your health information as outlined herein.
