Now accepting new patients & referrals across Greater Boston Cambridge, MA (617) 555-0140
Hartwell Health Cardiology · Cambridge, MA
(617) 555-0140 Request appointment

Home / Patient Resources / Notice of Privacy Practices

Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed, and how you can get access to that information. Please review it carefully.

Effective date: January 1, 2026

Hartwell Health is required by law to protect the privacy of your health information, to provide you with this notice of our legal duties and privacy practices, and to follow the terms of the notice currently in effect. "Protected health information" (PHI) is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or mental health and related health-care services.

Our commitment to your privacy

Your health information is personal, and we are committed to keeping it confidential. We create a record of the care and services you receive at our practice so that we can provide you with quality care and meet certain legal requirements. This notice applies to all of the records of your care generated by Hartwell Health, whether made by our staff or by other clinicians involved in your care.

We understand that medical information about you and your health is sensitive. We use reasonable administrative, technical, and physical safeguards to protect your information against unauthorized access, use, or disclosure, and we limit access to those who need it to do their jobs.

How we may use and disclose your health information

The following describes the ways we may use and disclose your protected health information. Not every use or disclosure is listed, but the ways we are permitted to use and disclose information fall within one of the categories below.

Treatment

We may use your health information to provide, coordinate, or manage your medical care. For example, your cardiologist may share information with our nurses, sonographer, or cardiovascular technician who are involved in your care, and we may disclose information to your primary-care physician, a referring physician, a hospital, or another specialist to whom you are referred so that they may treat you.

Payment

We may use and disclose your health information so that the care you receive may be billed to and payment collected from you, an insurance company, or a third party. For example, we may give your health plan information about a diagnostic study you received so that the plan will pay us or reimburse you. We may also share information to confirm coverage and benefits before your visit.

Health care operations

We may use and disclose your health information for the operations of our practice. These uses and disclosures are necessary to run the practice and to make sure that our patients receive quality care. For example, we may use your information to review and improve the quality of care we provide, to train staff and students, for licensing and accreditation activities, or for business planning and administration.

Appointment reminders and care-related communications

We may use and disclose your health information to contact you with a reminder that you have an appointment, to follow up on test results or after a visit, or to tell you about treatment options or health-related services that may be of interest to you. We may leave a message on your voicemail, send a text message or email, or mail a reminder, using the contact information you provide. Please let us know if you prefer that we contact you in a specific way.

Other uses and disclosures permitted or required by law

We may use or disclose your health information without your authorization in certain other situations, including:

  • When required by federal, state, or local law.
  • For public health activities, such as reporting disease, injury, or vital events, and reporting to the Food and Drug Administration regarding the safety of medical products.
  • To report suspected abuse, neglect, or domestic violence to authorities permitted by law to receive such reports.
  • For health oversight activities authorized by law, such as audits, investigations, and inspections.
  • In response to a court or administrative order, subpoena, discovery request, or other lawful process.
  • For law-enforcement purposes as permitted or required by law.
  • To coroners, medical examiners, and funeral directors as necessary to carry out their duties.
  • For organ, eye, or tissue donation purposes.
  • For approved research, subject to required privacy protections and oversight.
  • To avert a serious and imminent threat to the health or safety of a person or the public.
  • For specialized government functions, such as military and veterans' activities and national security.
  • For workers' compensation claims as authorized by and to the extent necessary to comply with applicable law.

We may also share information with a family member, friend, or other person you involve in your care or payment for your care, but only the information directly relevant to that person's involvement, and only when you do not object or when, in an emergency, we determine that doing so is in your best interest.

Uses and disclosures that require your written authorization

Other than the uses and disclosures described above, we will not use or disclose your health information without your written authorization. In particular, the following uses and disclosures require your prior written authorization:

  • Marketing. Most uses and disclosures of your health information for marketing purposes require your written authorization.
  • Sale of protected health information. We will not sell your health information without your written authorization.
  • Psychotherapy notes. Most uses and disclosures of psychotherapy notes, where such notes exist, require your written authorization.

If you give us authorization to use or disclose your health information, you may revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose your information for the reasons covered by it, except to the extent we have already relied on it.

Your privacy rights

You have the following rights regarding the health information we maintain about you:

  • Right to inspect and copy. You have the right to inspect and obtain a copy of the health information that may be used to make decisions about your care, in the form and format you request if it is readily producible. We may charge a reasonable, cost-based fee for copies as permitted by law.
  • Right to request an amendment. If you believe the health information we have about you is incorrect or incomplete, you may ask us to amend it. We may deny your request in certain circumstances, and if we do, we will tell you why in writing and explain how you may respond.
  • Right to an accounting of disclosures. You have the right to request a list of certain disclosures we made of your health information, other than disclosures for treatment, payment, health-care operations, and certain other exceptions.
  • Right to request restrictions. You have the right to request a restriction or limitation on the health information we use or disclose for treatment, payment, or health-care operations, or to a person involved in your care. We are not required to agree to your request, except that we will agree to your request to restrict disclosure to a health plan for a service you paid for in full out of pocket, where the disclosure is for payment or operations and is not otherwise required by law.
  • Right to confidential communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location — for example, by contacting you only at work or only by mail. We will accommodate reasonable requests.
  • Right to a paper copy of this notice. You have the right to a paper copy of this notice at any time, even if you have agreed to receive it electronically. You may request a copy from our front desk or by contacting us.
  • Right to be notified of a breach. You have the right to be notified in the event of a breach of your unsecured protected health information.

To exercise any of these rights, please contact our Compliance & Privacy Officer using the information at the end of this notice. Some requests must be made in writing.

Our responsibilities

Hartwell Health is required by law to:

  • Maintain the privacy and security of your protected health information.
  • Provide you with this notice of our legal duties and privacy practices with respect to your health information.
  • Notify you promptly if a breach occurs that may have compromised the privacy or security of your information.
  • Follow the terms of the notice currently in effect.

We will not use or disclose your health information other than as described in this notice unless you tell us we can in writing. We will honor a written revocation of any authorization you have given.

Changes to this notice

We reserve the right to change this notice and to make the revised notice effective for health information we already have about you as well as any information we receive in the future. We will post a copy of the current notice in our office and on this website. The notice will contain the effective date shown above. You may request a paper copy of the most current notice at any time.

Questions or complaints

If you have questions about this notice or would like more information about our privacy practices, or if you believe your privacy rights have been violated, please contact our Compliance & Privacy Officer:

Nadia Haddad, Compliance & Privacy Officer
Hartwell Health
245 Binney Street, Suite 310, Cambridge, MA 02142
Phone: (617) 555-0140
Email: privacy@hartwell-health.com

You may also file a complaint with the U.S. Department of Health & Human Services, Office for Civil Rights, by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, by calling 1-877-696-6775, or by visiting www.hhs.gov/ocr/privacy/hipaa/complaints.

We will not retaliate against you for filing a complaint. Filing a complaint will not affect the care you receive at our practice.