top of page

PRIVACY POLICY

OUR PRIVACY POLICY


DanDaniella Pharmacy would need your information such as Name;
Address; Date of Birth; Gender; Telephone Number, Allergy and
Medication history; as well as any other information deemed necessary
to accurately provide you the best pharmacy services we offer to our
patients. We may ask for your photo ID; Power of Attorney; Police
Report; or sometimes letter of authorization if needed. We collect your
information from you, your caregiver/agent/authorized representative,
or your medical team. Sometimes we may verify your personal
information from public records. We use your personal information to
process your orders, and prescriptions. Your payment information is
required at our secured POS to complete your transaction. We also
need your current mailing address to fulfill your medication orders. We
are HIPAA compliant. We strictly protect and maintain your privacy
within the confines of the law. We can share some of your Personal
information with your Doctor’s Office. For instance, we do not need any
authorization from you to let your Doctor’s Office know the last time
you filled or picked up your medication. During the transfer of your
prescriptions, some of your private information are required to be
verified.
We are very committed to protecting your Personal Health Information
(PHI). We would not share your personal Health information without
your consent unless you are subpoenaed.

​

THE GENERAL PRIVACY RULE

 

The Privacy Rule provides that an individual has a right to adequate notice
of how a covered entity may use and disclose protected health information
about the individual, as well as his or her rights and the covered entity’s
obligations with respect to that information. Most covered entities must
develop and provide individuals with this notice of their privacy practices.

 

The Privacy Rule does not require the following covered entities to develop
a notice: 


o  Health care clearinghouses, if the only protected health information they
create or receive is as a business associate of another covered entity. See
45 CFR 164.500(b)(1). 
o  A correctional institution that is a covered entity (e.g., that has a covered
health care provider component). 
o A group health plan that provides benefits only through one or more
contracts of insurance with health insurance issuers or HMOs, and that
does not create or receive protected health information other than summary
health information or enrollment or dis-enrollment information. See 45 CFR
164.520(a). 

 

Content of the Notice. 

 

Covered entities are required to provide a notice in
plain language that describes:  
o How the covered entity may use and disclose protected health information
about an individual. 
o The individual’s rights with respect to the information and how the individual
may exercise these rights, including how the individual may complain to the
covered entity. 
o The covered entity’s legal duties with respect to the information, including a
statement that the covered entity is required by law to maintain the privacy
of protected health information. 
o Whom individuals can contact for further information about the covered
entity’s privacy policies. 
The notice must include an effective date. See 45 CFR 164.520(b) for the
specific requirements for developing the content of the notice. A covered
entity is required to promptly revise and distribute its notice whenever it
makes material changes to any of its privacy practices. See 45 CFR
164.520(b)(3), 164.520(c)(1)(i)(C) for health plans, and 164.520(c)(2)(iv) for
covered health care providers with direct treatment relationships with
individuals. 

 

Providing the Notice.


o A covered entity must make its notice available to any person who asks for
it. 
o A covered entity must prominently post and make available its notice on
any web site it maintains that provides information about its customer
services or benefits. 

 

Health Plans must also:
o Provide the notice to individuals then covered by the plan no later than April
14, 2003 (April 14, 2004, for small health plans) and to new enrollees at the
time of enrollment. 
o Provide a revised notice to individuals then covered by the plan within 60
days of a material revision. 
o Notify individuals then covered by the plan of the availability of and how to
obtain the notice at least once every three years.

 

Covered Direct Treatment Providers must also:


o Provide the notice to the individual no later than the date of first service
delivery (after the April 14, 2003 compliance date of the Privacy Rule) and,
except in an emergency treatment situation, make a good faith effort to
obtain the individual’s written acknowledgment of receipt of the notice. If an
acknowledgment cannot be obtained, the provider must document his or
her efforts to obtain the acknowledgment and the reason why it was not
obtained. 


o When first service delivery to an individual is provided over the Internet,
through e-mail, or otherwise electronically, the provider must send an
electronic notice automatically and contemporaneously in response to the
individual’s first request for service. The provider must make a good faith
effort to obtain a return receipt or other transmission from the individual in
response to receiving the notice. 

​

o In an emergency treatment situation, provide the notice as soon as it is
reasonably practicable to do so after the emergency situation has ended. In
these situations, providers are not required to make a good faith effort to
obtain a written acknowledgment from individuals. 


o Make the latest notice (i.e., the one that reflects any changes in privacy
policies) available at the provider’s office or facility for individuals to request
to take with them, and post it in a clear and prominent location at the
facility. 


o A covered entity may e-mail the notice to an individual if the individual
agrees to receive an electronic notice. See 45 CFR 164.520(c) for the
specific requirements for providing the notice. 
Organizational Options.


o Any covered entity, including a hybrid entity or an affiliated covered entity,
may choose to develop more than one notice, such as when an entity
performs different types of covered functions (i.e., the functions that make it
a health plan, a health care provider, or a health care clearinghouse) and
there are variations in its privacy practices among these covered functions.
Covered entities are encouraged to provide individuals with the most
specific notice possible. 


o Covered entities that participate in an organized health care arrangement
may choose to produce a single, joint notice if certain requirements are
met. For example, the joint notice must describe the covered entities and
the service delivery sites to which it applies. If any one of the participating
covered entities provides the joint notice to an individual, the notice
distribution requirement with respect to that individual is met for all of the
covered entities. See 45 CFR 164.520(d).

​

Our Contact Information

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at info@dandaniella.com.

bottom of page