empass

Privacy Policy

Last Updated: July 2, 2025 – 8:00 AM ET
1. HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
Your healthcare provider will use or disclose your protected health information as described in this section. Your protected health information may be used and disclosed by your healthcare provider, our office staff, and others outside of our hospital who are involved in your care and treatment for the purpose of providing healthcare services to you. Your protected health information may also be used and disclosed to pay your healthcare bills and to support the operation of Empass Healthcare. Following are examples of the types of uses and disclosures of your protected healthcare information that Empass Healthcare is permitted to make. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by our hospital.
Treatment
We will use protected health information about you to provide you with medical treatment or services. We will disclose medical information about you to doctors, nurses, technicians, medical students, or other personnel who are involved in your care. Different departments of our hospital also may share protected health information about you in order to coordinate your needs such as prescriptions, lab work, and X-rays. We may also disclose protected health information about you to individuals outside of Empass Healthcare who may be involved in your medical care, such as family members or others we use to provide services that are part of your care. When required, we will obtain your authorization before disclosing any of your information.
Payment
Your protected health information will be used or disclosed, as needed, to obtain payment for your healthcare services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the healthcare services we recommend for you, such as: making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities. For example, obtaining approval for a hospital stay may require that your relevant protected health information be disclosed to the health plan.
Healthcare Operations
We may use or disclose, as needed, your protected health information to support the business activities of your healthcare provider and Empass Healthcare. These activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, and conducting or arranging for other healthcare operations. Examples include:
  • Evaluating the performance of our staff
  • Assessing the quality of care and outcomes in your case and similar cases
  • Learning how to improve our facilities and services
  • Determining how to continually improve the quality and effectiveness of the healthcare we provide
In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician or therapist. We may also call you by name in the waiting room when your healthcare provider is ready to see you. We may use or disclose your protected health information, as necessary, to contact you to remind you of your appointment. We will share your protected health information with third-party "business associates" that may perform various activities (e.g., billing, transcription services) for Empass Healthcare. Whenever an arrangement between our hospital and a business associate involves the use or disclosure of your protected health information, we will have a written contract that contains terms that will protect the privacy of your protected health information. We may use or disclose your protected health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you.

Other Permitted and Required Uses and Disclosures with Your Agreement or Opportunity to Object
You have the opportunity to agree or object to the use or disclosure of all or part of your protected health information for the following purposes. If you are not present or able to agree or object, then your healthcare provider may, using professional judgment, determine whether the disclosure is in your best interest. Only the relevant protected health information will be disclosed.
Hospital Directories
Unless you object, we will use and disclose in our hospital directory your name, the location where you are receiving care, your condition (in general terms), and your religious affiliation. All of this information, except religious affiliation, will be disclosed to people that ask for you by name. Members of the clergy will also be told of your religious affiliation.
Others Involved in Your Healthcare
Unless you object, we may disclose to a family member, relative, close friend, or any other person you identify, your protected health information that directly relates to that person's involvement in your healthcare. If you are unable to agree or object, we may disclose such information if we determine it is in your best interest. We may also disclose information to notify or assist in notifying a family member, personal representative, or anyone responsible for your care about your location, general condition, or death. This may also include disclosures to disaster relief organizations.
Participation in a Health Information Exchange (HIE)
If your Empass Healthcare facility participates in a HIE, we may use or disclose your protected health information to an electronic HIE for your treatment and to improve the quality of medical care we provide. Other healthcare providers involved in your care may also access your information via the HIE. You have the right to opt out of HIE participation. If you do so, we will not use or disclose your information through the HIE.
Other Permitted and Required Uses and Disclosures Without Your Authorization
We may use or disclose your protected health information in the following situations without your authorization:
  • Required by Law
  • Public Health Activities
  • Communicable Disease Exposure
  • Health Oversight
  • Abuse
  • Neglect
  • or Domestic Violence Reporting
  • FDA-Regulated Products and Activities
  • Legal Proceedings
  • Law Enforcement Purposes
  • Coroners
  • Medical Examiners
  • and Funeral Directors
  • Organ and Tissue Donation
  • Research (with IRB/Privacy Board approval)
  • To Avert a Serious Threat to Health or Safety
  • Military and National Security Activities
  • Correctional Institutions or Law Enforcement Custody
  • Workers' Compensation Programs

Required Disclosures
By law, we must disclose your PHI:
  • To you or your personal representative upon request
  • To the Secretary of the Department of Health and Human Services (HHS) when investigating our compliance with HIPAA

Authorization Required for Other Uses and Disclosures
Other uses and disclosures not described in this Notice will be made only with your written authorization. You may revoke any such authorization by submitting a written request to the Empass Healthcare Privacy Officer.
Notification of Breach
If there is a breach of your unsecured protected health information, your healthcare provider must notify you as required by the HIPAA Breach Notification Rule.
2. YOUR RIGHTS
You have the following rights regarding your protected health information:
Right to Access and Copy
You may inspect and obtain a copy of protected health information maintained in a designated record set for as long as we maintain that information. If your records are maintained electronically, you may request an electronic copy in a readily producible format. Requests will be fulfilled within 30 days (or 15 days in some states like California). Reasonable fees may apply for copying, mailing, or supplies.
Right to Request Restrictions
You may request that we not use or disclose any part of your protected health information for treatment, payment, or healthcare operations. While we are not required to agree to a requested restriction, we must comply if:
  • The disclosure is to a health plan for payment or operations; and
  • The service has been paid for in full out-of-pocket
Requests must be in writing, and we will inform you in writing of our decision.

Right to Confidential Communications
You may request to receive communications from us at an alternate address or phone number, or by a specific method. We will accommodate all reasonable requests and will not ask for the reason.
Right to Amend
If you believe the health information we have about you is incorrect or incomplete, you may request an amendment. We may deny your request if:
  • The record was not created by us
  • The information is accurate and complete
  • You do not have a legal right to access it
If denied, you have the right to file a written statement of disagreement.

Right to an Accounting of Disclosures
You may request a list (accounting) of disclosures of your PHI made by us in the past six years, excluding those for treatment, payment, or healthcare operations, and certain other disclosures. The first request in a 12-month period is free; subsequent requests may result in a reasonable fee.
Right to a Paper Copy of This Notice
You have the right to receive a paper copy of this Notice, even if you previously agreed to receive it electronically.
Right to Revoke Authorization
You may revoke your authorization for uses and disclosures not otherwise permitted by law at any time in writing, except to the extent that we have already acted on the authorization.
3. COMPLAINTS
If you believe your privacy rights have been violated, you may file a complaint with:
Empass Privacy Officer privacy@empass.com 1-888-EMPASS-1 Empass Healthcare, 609 Greenwich Street, New York, NY 10014
You may also file a complaint with the U.S. Department of Health and Human Services at www.hhs.gov/ocr. We will not retaliate against you for filing a complaint.

4. CHANGES TO THIS NOTICE
We reserve the right to change this Notice and make the revised or changed Notice effective for health information we already have, as well as any information we receive in the future. The new Notice will:
  • Be posted prominently at all Empass Healthcare locations
  • Be posted on our website at www.empass.com
  • Be made available to you upon request

5. ORGANIZATIONAL STRUCTURE DISCLOSURE
Empass Healthcare, Inc. is operated with a Management Services Organization (MSO). It does not employ physicians or deliver medical care. All clinical services available through Empass are provided by independent professional entities or licensed healthcare providers.
Empass Healthcare's role includes:
  • Administrative and technical support
  • Scheduling and logistics
  • Claims processing and billing
  • Data infrastructure and mobile routing
This MSO structure is compliant with Corporate Practice of Medicine (CPOM) laws, including those in California and New York, which restrict corporations from directly providing clinical care.

6. STATE-SPECIFIC PRIVACY RIGHTS – CCPA/CPRA & SHIELD ACT
Information We Collect
We may collect the following categories of data:
  • Identifiers: Name, email, address, phone, IP address
  • Health Data: Diagnoses, treatment history, provider information
  • Technical Data: Device, geolocation, browser, cookies
  • Financial Data: Loan application history, EmpassPay activity, billing

California Residents – CCPA/CPRA Rights
You have the right to:
  • Know what personal data is collected, used, shared
  • Request deletion or correction of personal information
  • Limit the use of sensitive information
  • Opt out of sale or sharing (Empass does not sell your information)

  • You have the right to:
    privacy@empass.com 1-888-EMPASS-1

    New York Residents – SHIELD Act
    Empass implements safeguards per the New York SHIELD Act. In the event of a data breach involving personal information, you will be notified as required under NY GBL § 899-aa.
    Disclosure Statement
    Empass Healthcare, Inc. is a technology platform and Management Services Organization (MSO). It does not practice medicine and does not employ providers. In states like California and New York, we comply with Corporate Practice of Medicine (CPOM) laws.

    Care is rendered through independent licensed provider entities. Empass provides administrative support including:
    • Scheduling
    • Mobile routing
    • Telehealth infrastructure
    • Billing support
    • Software and data services

    EmpassPay financial products are provided via third-party licensed financial institutions.

    Right to a Good Faith Estimate
    You have the right to receive a Good Faith Estimate (GFE) under the No Surprises Act, New York Public Health Law, and California AB 72 if:
  • You are uninsured or self-pay
  • You request a scheduled service

  • GFE must be:
    • Provided in writing
    • Available at least 3 days in advance (or 1 day for next-day services)
    To request: support@empass.com | 1-888-EMPASS-1 If your bill is $400+ higher than the estimate, you may use the HHS Dispute Resolution Process.

    No Surprises Act Notice (with NY & CA Addendum)
    You are protected from unexpected out-of-network charges under:
    • Federal No Surprises Act
    • New York Surprise Bill Law
    • California AB 72 & SB 137
    These protections ensure:
    • You are not billed more than in-network costs for emergency services
    • You may not be balance billed by out-of-network providers in in-network settings
    • You have access to a GFE and dispute resolution

    Nondiscrimination Statement
    Empass complies with:
    • Section 1557 of the ACA
    • Title VI of the Civil Rights Act
    • NY Human Rights Law
    • California Unruh Civil Rights Act
    We do not discriminate based on:
    • Race, color, national origin
    • Age, disability, sex or gender identity
    • Sexual orientation, language, income level, or immigration status
    Free services offered include:
    • Language interpretation
    • Alternate formats for those with disabilities
    To request assistance or report discrimination: access@empass.com