PEARL INC. PRIVACY SHIELD POLICY

Pearl Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks, as applicable, as set forth by the U.S. Department ofCommerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland, as applicable to theUnited States.  Pearl Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, thePrivacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Pearl Inc.commits to resolve complaints about our collection or use of your personal information.  Swiss individuals with inquiries or complaints regarding ourPrivacy Shield policy should first contact Pearl Inc. at: 

ATTN: Chief Compliance Officer
Pearl Inc.  
750 N. San Vicente Blvd.
PDC Red Bldg. #800
West Hollywood, CA 90069
info@hellopearl.com

Pearl Inc. has further committed to refer unresolved Privacy Shield complaints to binding arbitration conducted by JAMS ADR, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit JAMS Cybersecurity and Privacy Practice Group - www.jamsadr.com/cybersecurity, for more information or to file a complaint.  The services of JAMS ADR are provided at no cost to you

Pearl Inc. has further committed to cooperate with the panel established by the EU data protection authorities(DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

The purpose of this document is to provide policies and procedures to safeguard and protect the privacy of private personal data and Protected Health Information (“PHI”) and assure Pearl’s compliance with The Health Insurance Portability and Accountability Act (HIPAA) and EU Privacy Shield Principles.  This policy contains Pearl’s guidelines and procedures for protecting the security of individually identifiable electronic health information by:

1.    Providing a Training to all employees of the Pearl that have access to PHI.
2.    Implementing formal documents and controls for the Pearl to protect and  safeguard PHI.
3.    Training of a compliance officer.

It is the policy of Pearl Inc. to honor a patient's right of access to inspect and obtain a copy of their personal data and/or protected health information (PHI)in Pearl's designated record set, for as long as the PHI is maintained in compliance with HIPAA and Pearl's retention policy.

Procedures

1.    A patient must make a request to a staff member to access and inspect their protected health information. Whenever possible, this request shall be made in writing and documented on either the "Authorization for Disclosure" form or in the notes of the patient's health record.

2.    Determination of accessibility of the information shall be based on:

       a.    Availability of protected patient information (i.e., final completion of information, long term storage, retention practices, etc.).

3.    Pearl must take action within a reasonable period of time or within 30 days after receipt of the request when the PHI is on-site, and within 60 days when the PHI is off-site. One 30-day extension is permitted, if Pearl provides the patient with a written statement of the reasons for the delay and the date by which the access request will be processed.

4.    Pearl must document and retain the designated record set subject to access and the titles of persons or offices responsible for receiving and processing requests for access.

Access, Inspection and/or Copy Request is Granted

5.    The patient and Pearl will arrange a mutually convenient time and place for the patient to inspect and/or obtain a copy of the requested PHI.  Inspection and/or copying of PHI will be carried out within Pearl with staff assistance.

6.    The patient may choose to inspect the PHI, copy it, or both in the form or format requested. If the PHI is not readily producible in the requested form or format, Pearl must provide the patient with a readable hard copy form, or other form as agreed to by the Pearl and the patient.

       a.    If the patient chooses to receive a copy of the PHI, Pearl may offer to provide copying services.The patient may request that this copy be mailed.

       b.    If the patient chooses to copy their own information, Pearl may supervise the process to ensure that the integrity of the patient record is maintained.

7.    Upon prior approval by the patient, Pearl may provide a summary of the requestedPHI.

8.    Pearl may charge a reasonable fee for the production of copies or a summary of PHI if the patient has been informed of such charge and is willing to pay the charge.

9.    If, upon inspection of the PHI, the patient feels it is inaccurate or incomplete, the patient has the right to request an amendment to the PHI. Pearl shall process requests for amendment as outlined in additional Pearl policy/procedures addressing this patient right.

Access, Inspection, and/orCopy Request is Denied in Whole or in Part

10.    Pearl must provide a written denial to the patient. The denial must be in plain language and must contain:

         a.   The basis for the denial;

         b.   A statement, if applicable, of the patient's review rights; and

         c.   A description of how the patient may complain to Pearl or to the Secretary of Health andHuman Services (HHS).

11.    If access is denied because Pearl does not maintain the PHI that is the subject of the request, and Pearl knows where that PHI is maintained, Pearl must inform the patient where to direct the request for access.

12.    Pearl must, to the extent possible, give the patient access to any other PHI requested, after excluding the PHI as to which Pearl has grounds to deny access.

13.    If access is denied as permitted under §164.524, the individual has the right to have the denial reviewed by a licensed health care professional who is designated by Pearl to act as a reviewing official and who did not participate in the original decision to deny.

14.    The patient must initiate the review of a denial by making a request for review to Pearl. If the patient has requested a review, Pearl must provide or deny access in accordance with the determination of the reviewing professional, who will make the determination within a reasonable period of time.

15.    Pearl must promptly provide written notice to the patient of the determination of the reviewing professional. See paragraph 10 above for denial requirements.

It is the policy of Pearl to honor a patient or a patient's legal representative right to request restrictions on how his or her personal data and protected health information (PHI) is used and/or disclosed for the purposes of treatment, payment, and/or healthcare operations and for disclosures permitted under §164.522(a).                                                                                                                            

NOTE: Although not required by law, some Pearls may wish to implement a formal denial process. The final rule requires all covered entities to permit individuals to make the request but does not require a covered entity to agree to a restriction.

Procedures

General:

1.    Pearl will inform patients of their right to request restrictions on how their PHI is used and/or disclosed for treatment, payment, and healthcare operations in their published, "Notice of Privacy Practices."

2.    The patient has the right to request restrictions. Pearl may require the request to be in writing. Pearl's Privacy Officer (or designee) reviews each request and makes a determination of final actions. Effective September 23rd 2013, the American Recovery and Reinvestment Act (ARRA) allows a patient the right to request that a healthcare provider must comply with the patient's request for restriction of disclosure to a health plan for purposes of payment or healthcare operations when the patient health information pertains to a service for which the healthcare provider has been paid in full by the patient "out of pocket."

3.    Pearl may agree to a patient's request for restrictions on the use and disclosure of their PHI if the request is determined to be reasonable and, in the     patient’s, best interests.

When a Request for Restriction(s) Is Accepted:

4.    Pearl will notify the patient of the approval of the request.

5.    Pearl will inform the  patient of any potential consequences of the restriction.  

6.    Pearl will inform the patient that Pearl will comply with the agreed restriction with the following exceptions:

       a.   In an emergency treatment situation where Pearl may use or disclose information to a health care provider for providing treatment. Pearl will request the emergency treatment provider not further use or disclose the information;

       b.   The restrictions are terminated by either Pearl or the patient; and

       c.    If restrictions prevent uses or disclosures permitted or required under §164.502(a)(2)(ii), §164.510(a) or §164.512.

7.    If  the agreed upon restriction hampers treatment, Pearl may ask the patient to modify or revoke the restriction. Pearl may require written agreement to the modification/revocation or document the patient's oral agreement.

8.    A  notice of restriction will be made in writing in the patient's medical record and/or identified in an appropriate field in the computerized patient information system.

9.    Pearl will notify separately any other departments to which the restriction may apply (e.g., marketing, public relations, administration, foundation, etc.) and if necessary, ensure that the patient's name is removed from all applicable mailing lists.

10.    Pearl will notify separately any other business associates to which the restriction may apply.

11.    Pearl will not use or disclose PHI inconsistent with the agreed upon restriction, nor will its business associates, until the restriction is terminated either by Pearl or the individual.

12.    Pearl will restrict  use and/or disclosure of PHI consistent with the status of the restriction in effect on the date it is used or disclosed.

When a Request for Restriction Is Denied:

13.    If the request for restriction is denied, Pearl must notify the patient.

Termination:

14.    The patient must request in writing to terminate the restriction.

15.     If Pearl wants to terminate the agreement, the patient must agree to the termination in writing or an oral agreement must be documented. The termination will be effective with respect to PHI created or received after the patient was notified by Pearl.

Record Retention:

16.    All documentation associated with this procedure will be maintained in writing or in electronic format for at least six (6) years from the date of its creation or the date when it was last in effect, whichever is later.

Any claim, dispute or other matter in question of any kind relating to this Privacy Shield Security Policy which is not resolved by the claims procedures under this Plan shall be settled by arbitration.  The arbitration shall be administered by JAMS pursuant to its Streamlined Arbitration Rules. Notice of demand for arbitration shall be made in writing. In no event shall a demand for arbitration be made after the date when the applicable statute of limitations would bar the institution of a legal or equitable proceeding based on such claim, dispute or other matter in question. The decision of the arbitrators shall be final and may be enforced in any court of competent jurisdiction. The arbitrators may award reasonable fees and expenses to the prevailing party in any dispute hereunder and shall award reasonable fees and expenses in the event that the arbitrators find that the losing party

Notwithstanding the foregoing, upon the mutual agreement of the parties, the parties may submit any such dispute, claim or controversy to non-binding mediation prior to the commencement of arbitration