A. Xeomin Challenge is responsible for personal data that you share with us or that we receive about you.
Xeomin Challenge (“Xeomin Challenge”), including its parent and affiliated companies, is responsible for processing personal data about you that is collected or otherwise used as you use this website (“Site”). Trust is an important Xeomin Challenge value, and we aim to earn your trust by responsibly managing your personal data.
Please note that this site is intended for United States residents only.
B. Why we process your personal data
Like most companies, we process your personal data for several legitimate, lawful reasons related to providing our goods and services to you. We describe the data we process and the reasons for doing so below.
Xeomin Challenge complies with the California Consumer Privacy Act (“CCPA”), the European Union General Data Protection Regulation (“GDPR”), and all European Union and Member state laws to the extent required by the law. Xeomin Challenge also complies with local and regional privacy laws in other countries where we do business.
C. What data we collect, why we collect it, and with whom we share it
Personal data, sometimes called Personal Information, is information relating to an identified or identifiable person. The following table describes the personal data we collect, the reasons we collect it, and how we use and share it.
All categories of personal data may be collected for our General Business Use, which includes the following:
To complete a sales transaction;
To honor an agreement or contract between you and Xeomin Challenge;
To protect the security and integrity of our websites, mobile services, and our business;
To comply with legal and/or regulatory requirements;
To respond to reviews, requests, comments, or other feedback you provide us;
To process an employment application; and
To, if necessary, prosecute or defend a legal claim.
Notice of Privacy Practices
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
Covered Entities Duties:
Xeomin Challenge is a Covered Entity as defined and regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Xeomin Challenge is required by law to keep the privacy of your protected health information (PHI). We must give you this Notice. It includes our legal duties and privacy practices related to your PHI. We must follow the terms of the current notice. We must let you know if there is a breach of your unsecured PHI.
This Notice describes how we may use and disclose your PHI. It describes your rights to access, change and manage your PHI. It also says how to use rights.
Xeomin Challenge can change this Notice. We reserve the right to make the revised or changed Notice effective for your PHI we already have. We can also make it effective for any of your PHI we get in the future. Xeomin Challenge will promptly update and get you this Notice whenever there is a material change to the following stated in the notice:
- The Uses and Disclosures
- Your Rights
- Our Legal Duties
- other privacy practices stated in the notice
Updated notices will be on our website and in our Member Handbook. We will also mail you or email you a copy on request.
Permissible Uses and Disclosures of Your PHI:
The following is a list of how we may use or disclose your PHI without your permission or authorization:
- Treatment. We may use or disclose your PHI to a physician or other healthcare provider providing treatment to you. We do this to coordinate your treatment among providers. We also do this to help us with prior authorization decisions related to your benefits.
- Payment. We may use and disclose your PHI to make benefit payments for the healthcare services you received. We may disclose your PHI for payment purposes to another health plan, a healthcare provider, or other entity. This is subject to the federal Privacy Rules. Payment activities may include:
- processing claims
- determining eligibility or coverage for claims
- issuing premium billings
- reviewing services for medical necessity
- performing utilization review of claims
- HealthCare Operations. We may use and disclose your PHI to perform our healthcare operations. These activities may include:
- providing customer services
- responding to complaints and appeals
- providing case management and care coordination
- conducting medical review of claims and other quality assessment
- improvement activities
In our healthcare operations, we may disclose PHI to business associates. We will have written agreements to protect the privacy of your PHI with these associates. We may disclose your PHI to another entity that is subject to the federal Privacy Rules. The entity must also have a relationship with you for its healthcare operations. This includes the following:
- quality assessment and improvement activities
- reviewing the competence or qualifications of healthcare professionals
- case management and care coordination
- detecting or preventing healthcare fraud and abuse
- Appointment Reminders/Treatment Alternatives. We may use and disclose your PHI to remind you of an appointment for treatment and medical care with us. We may also use or disclose it to give you information about treatment alternatives. We may also use or disclose it for other health-related benefits and services. For example, information on how to stop smoking or lose weight.
- As Required by Law. If federal, state, and/or local law requires a use or disclosure of your PHI, we may use or disclose your PHI information. We do this when the use or disclosure complies with the law. The use or disclosure is limited to the requirements of the law. There could other laws or regulations that conflict. If this happens, we will comply with the more restrictive laws or regulations.
- Public Health Activities. We may disclose your PHI to a public health authority to prevent or control disease, injury, or disability. We may disclosure your PHI to the Food and Drug Administration (FDA). We can do this to ensure the quality, safety or effectiveness products or services under the control of the FDA.
- Victims of Abuse and Neglect. We may disclose your PHI to a local, state, or federal government authority. This includes social services or a protective services agency authorized by law to have these reports. We will do this if we have a reasonable belief of abuse, neglect or domestic violence.
- Judicial and Administrative Proceedings. We may disclose your PHI in judicial and administrative proceedings. We may also disclose it in response to the following:
- an order of a court
- administrative tribunal
- discovery request
- similar legal request
- Law Enforcement. We may disclose your relevant PHI to law enforcement when required to do so. For example, in response to a:
- court order
- court-ordered warrant
- summons issued by a judicial officer
- grand jury subpoena
We may also disclose your relevant PHI to identify or locate a suspect, fugitive, material witness, or missing person.
- Coroners, Medical Examiners and Funeral Directors. We may disclose your PHI to a coroner or medical examiner. This may be needed, for example, to determine a cause of death. We may also disclose your PHI to funeral directors, as needed, to carry out their duties.
- Organ, Eye and Tissue Donation. We may disclose your PHI to organ procurement organizations. We may also disclose your PHI to those who work in procurement, banking or transplantation of:
- cadaveric organs
- Threats to Health and Safety. We may use or disclose your PHI if we believe, in good faith, that it is needed to prevent or lessen a serious or imminent threat. This includes threats to the health or safety of a person or the public.
- Specialized Government Functions. If you are a member of U.S. Armed Forces, we may disclose your PHI as required by military command authorities. We may also disclose your PHI:
- to authorized federal officials for national security
- to intelligence activities
- the Department of State for medical suitability determinations
- for protective services of the President or other authorized persons
- Workers’ Compensation. We may disclose your PHI to comply with laws relating to workers’ compensation or other similar programs, established by law. These are programs that provide benefits for work-related injuries or illness without regard to fault.
- Emergency Situations. We may disclose your PHI in an emergency situation, or if you are unable to respond or not present. This includes to a family member, close personal friend, authorized disaster relief agency, or any other person you told us about. We will use professional judgment and experience to decide if the disclosure is in your best interests. If it is in your best interest, we will only disclose the PHI that is directly relevant to the person’s involvement in your care.
- Research. In some cases, we may disclose your PHI to researchers when their clinical research study has been approved. They must have safeguards in place to ensure the privacy and protection of your PHI.
Verbal Agreement to Uses and Disclosure Your PHI:
We can take your verbal agreement to use and disclose your PHI to other people. This includes family members, close personal friends or any other person you identify. You can object to the use or disclosure of your PHI at the time of the request. You can give us your verbal agreement or objection in advance. You can also give it to us at the time of the use or disclosure. We will limit the use or disclosure of your PHI in these cases. We limit the information to what is directly relevant to that person’s involvement in your healthcare treatment or payment.
We can take your verbal agreement or objection to use and disclose your PHI in a disaster situation. We can give it to an authorized disaster relief entity. We will limit the use or disclosure of your PHI in these cases. It will be limited to notifying a family member, personal representative or other person responsible for you care of your location and general condition. You can give us your verbal agreement or objection in advance. You can also give it to us at the time of the use or disclosure of your PHI.
Uses and Disclosures of Your PHI That Require Your Written Authorization:
We are required to obtain your written authorization to use or disclose your PHI, with limited exceptions, for the following reasons:
- Sale of PHI. We will request your written approval before we make any disclosure that is deemed a sale of your PHI. A sale of your PHI means we are getting paid for disclosing the PHI in this manner.
- Marketing. We will request your written approval to use or disclose your PHI for marketing purposed with limited exceptions. For examples, when we have face-to-face marketing communications with you. Or, when we give promotional gifts of nominal value.
- Psychotherapy Notes. We will request your written approval to use or disclose any of you psychotherapy notes that we may have on file with limited exception. For example, for certain treatment, payment or healthcare operation functions.
All other uses and disclosures of your PHI not described in this Notice will be made only with your written approval. You may take back your approval at any time. The request to take back approval must be in writing. Your request to take back approval will go into effect as soon as you request it. There are two cases it won’t take effect as soon as you request it. The first case is when we have already taken actions based on past approval. The second case is before we received your written request to stop.
The following are your rights concerning your PHI. If you would like to use any of the following rights, please contact us. Our contact information is at the end of this Notice.
- Right to Request Restrictions. You have the right to ask for restrictions on the use and disclosure of your PHI for treatment, payment or healthcare operations. You can also ask for disclosures to persons involved in your care or payment of your care. This includes family members or close friends. Your request should state the restrictions you are asking for. It should also say to whom the restriction applies. We are not required to agree to this request. If we agree, we will comply with your restriction request. We will not comply if the information is needed to provide you with emergency treatment. However, we will restrict the use or disclosure of PHI for payment or healthcare operations to a health plan when you have paid for the service or item out of pocket in full.
- Right to Request Confidential Communications. You have the right to ask that we communicate with you about your PHI in other ways or locations. This right only applies if the information could endanger you if it is not communicated in other ways or locations. You do not have to explain the reason for your request. However, you must state that the information could endanger you if the change is not made. We must work with your request if it is reasonable and states the other way or location where you PHI should be delivered.
- Right to Access and Received Copy of your PHI. You have the right, with limited exceptions, to look at or get copies of your PHI contained in a designated record set. You may ask that we give copies in a format other than photocopies. We will use the format you ask for unless we cannot practicably do so. You must ask in writing to get access to your PHI. If we deny your request, we will give you a written explanation. We will tell you if the reasons for the denial can be reviewed. We will also let you know how to ask for a review or if the denial cannot be reviewed.
- Right to Change your PHI. You have the right to ask that we change your PHI if you believe it has wrong information. You must ask in writing. You must explain why the information should be changed. We may deny your request for certain reasons. For example, if we did not create the information you want changed and the creator of the PHI is able to perform the change. If we deny your request, we will provide you a written explanation. You may respond with a statement that you disagree with our decision. We will attach your statement to the PHI you ask that we change. If we accept your request to change the information, we will make reasonable efforts to inform others of the change. This includes people you name. We will also make the effort to include the changes in any future disclosures of that information.
- Right to Receive an Accounting of Disclosures. You have the right to get a list of times within the last 6 year period in which we or our business associates disclosed your PHI. This would not apply to disclosures for purposes of treatment, payment, healthcare operations, or disclosures you authorized and certain other activities. If you ask for this more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. We will give you more information on our fees at the time of your request.
- Right to File a Complaint. If you feel your privacy rights have been violated or that we have violated our own privacy practices, you can file a complaint with us. You can also file a complaint with the Department of Health Care Services (DHCS) Privacy Officer. You can do this in writing. You can also do this by phone. Use the contact information at the end of this Notice. You can also submit a written complaint to the U.S. Department of Health and Human Services (HHS). See the contact information on the HHS website at www.hhs.gov/ocr. If you request, we will provide you with the address to file a written complaint with HHS. WE WILL NOT TAKE ANY ACTION AGAINST YOU FOR FILING A COMPLAINT.
- Right to Receive a Copy of this Notice. You may ask for a copy of our Notice at any time. Use the contact information listed at the end of the Notice. If you get this Notice on our website or by email, you can request a paper copy of the Notice.
If you have any questions about this Notice, our privacy practices related to your PHI or how to exercise your rights you can contact us in writing. You can also contact us by phone. Use the contact information listed below.
Attn: Privacy Official
1700 Aviara Parkway #131262
Carlsbad, CA 92013