This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. Electronic and paper copies are available upon request.

If you have any questions about this Notice or would like to file a privacy related complaint, please contact our Privacy Office:

Corewell Health Urgent Care privacy office

Address: 3350 Riverwood Pkwy SE, Suite 1550 Atlanta, GA 30339

Telephone: (404) 996-0125

E-Mail Address: compliancews@wellstreet.com

State and federal laws require us to protect the privacy of your health information and inform you about our privacy practices through this notice. We must adhere to the privacy practices outlined below for health information governed by HIPAA (Health Insurance Portability and Accountability Act). This notice takes effect on February 11, 2025, and will remain in effect until amended or replaced.

Please note that Corewell Health Urgent Care is a HIPPA hybrid entity, meaning HIPAA only applies to certain types of health information we handle, such as urgent care. Examples of health information not covered by HIPAA include occupational health, workers’ compensation, work injuries, employment-related testing, and forensic testing requested by your employer or potential employer.

We reserve the right to change our privacy practices as permitted by law. Before making significant changes, we will amend this notice to reflect the updates and make the new notice available upon request. Any changes in our privacy practices will apply to all health information we maintain, create, and/or receive, including information from before the changes were made. We are only required to follow the terms of the notice currently in effect.

This Notice outlines the various ways we may use or disclose your health information under HIPAA, including for online check-in, easy pay, and medical visits to our urgent care centers. We use an electronic medical record system and participate in electronic health information exchanges with health information organizations. Please note that HIPAA does not apply to all health information we handle, such as occupational medicine or workers’ compensation visits.

HIPAA permits the use and disclosure of health information for specific purposes. The following sections outline how we utilize and share medical information. Each section provides an explanation and a few examples. (Please note that these examples are not exhaustive.)

Treatment: We may use your health information to provide you with our professional services. For example, we may coordinate with other healthcare providers about your care or refer you for further treatment. We may share your healthcare information with other healthcare professionals who provide treatment and/or services to you, either by fax or electronically, such as through electronic medical records.

We have established "need to know" standards that limit staff members' access to your health information per their primary job functions.

Payment: We may use and disclose your health information to seek payment for services we provide to you. For example, our business office staff may contact your insurance company to obtain payment for your care or work with other businesses to assist us in mailing statements and/or collecting unpaid balances.

Health care operations: We may use and disclose medical information for healthcare operations purposes. These uses and disclosures are necessary to ensure that all of our patients receive quality care and for management purposes. For example, we may use medical information to evaluate how well our staff cared for you. We may also disclose information to students for educational purposes. The entities and individuals covered by this Notice may share information with each other for their joint healthcare operations.

Audio and video recording: Audio and video recording is permitted in the waiting room and may be used for training, safety, and quality purposes.

Individuals involved in Your care or payment: We may disclose medical information to a person involved in your medical care or who helps pay for your care, such as a family member or friend. We may also notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort.

Emergencies/disaster relief: We may use or disclose your health information to notify, or assist in the notification of, a family member or anyone responsible for your care in case of an emergency involving your care, your location, your general condition, or death. If possible, we will provide you with an opportunity to object to this use or disclosure. Under emergency conditions or if you are incapacitated, we will use our professional judgment to disclose only information directly relevant to your care.

Required by law: We will disclose health information about you when required by federal, state, or local law or regulation. For instance, we are required to report certain injuries or illnesses for public health purposes.

National security, intelligence, and other state and federal officials: We may use and disclose your information as permitted by HIPAA when requested by national security, intelligence, and other state and federal officials, and/or if you are an inmate or otherwise under the custody of law enforcement.

Military/veterans: The health information of Armed Forces personnel and veterans may be disclosed under certain circumstances. For example, if the information is required for lawful intelligence, counterintelligence, or other national security activities, we may disclose it to authorized federal officials.

Abuse, neglect, or domestic violence: We may disclose your health information to appropriate authorities if we reasonably believe you are a possible victim of abuse, neglect, domestic violence, or other crimes. This information will be disclosed only to the extent required by law, if you agree, or if we determine it is necessary to prevent serious harm.

Prevent serious threat: We may use or disclose health information to prevent or lessen a serious and imminent threat to your health or safety or that of others.

Public health activities: We may disclose your health information for public health purposes, including reporting problems with products, reactions to medications, product recalls, disease/infection exposure, vaccinations/immunizations, and to prevent and control disease, injury, and/or disability. We may electronically report as permitted by law for tracking and quality/payment purposes.

Health oversight activities: We may disclose health information to a health oversight agency for activities authorized by law.These activities include audits, investigations, inspections, and licensure.

Educational and training purposes: As part of our dedication to medical education, students and trainees may participate in your care under the supervision of licensed healthcare professionals. Your health information may be used and disclosed to these individuals to facilitate their learning and skill development. Before any examination or procedure is conducted by a student or trainee, you will be informed, and your verbal consent will be obtained. You have the right to decline participation in educational activities without any impact on your care.

Marketing: We may use your information to contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you. From time to time, we may contact you to request your permission to take part in health education and/or promotion. We will never sell your information without your consent.

Appointment reminders: We may use or disclose your health information to provide you with appointment reminders, including voicemail messages, postcards, or letters.

Business associates: We may disclose your medical information to business associates, which are other companies or individuals that provide services to us or assist us in providing services to you. Business associates have agreements with us requiring them to maintain the privacy and security of health information under HIPAA.

Lawsuits and disputes: If you are involved in a lawsuit or dispute, we may disclose health information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone involved in the dispute, but only if you have agreed to such a release. However, your permission will not be required if the disclosure request has been signed by a judge or ordered by a court of law.

Email and text messaging: To help coordinate your care, you may receive email and text messages that include reminders for appointments, recommended tests, and other information to help you manage your health.

Incidental uses and disclosures: We may use or disclose your health information when it is associated with another use or disclosure that is permitted or required by law. For example, conversations between doctors, nurses or other Corewell Health Urgent Care personnel regarding your medical condition may, at times, be overheard. Please be assured that we have appropriate safeguards to avoid such situations as much as possible.

Health information exchange: Corewell Health Urgent Care records and sends health information, including prescription information, electronically. Health information is shared electronically for the purposes outlined in this notice and is protected through local, state, and national health information exchanges.

Epic’s care everywhere: Your medical record is stored electronically in Epic, a computer software program. To improve the care that you receive, Corewell Health Urgent Care shares your health records electronically with other providers using Epic’s care everywhere. We do this to allow other health care providers who use Epic and who are treating you to immediately see your medical information. Sharing your health information in this way would allow the doctor to make more informed treatment decisions. There are safeguards in place to ensure that you are currently receiving care at the requesting hospital or health care provider. The health care providers must have enough information about you to validate that they are providing care to you and you must be registered as a patient in their electronic medical record. Your health information may include sensitive diagnoses such as HIV/AIDS, sexually transmitted diseases, genetic information, mental health, substance abuse, genetic testing, etc. Psychotherapy notes are not included in your medical record or our health information exchange. If you wish to “opt-out” of Epic’s care everywhere, please contact our privacy office.

Telemedicine: Healthcare services may be provided via telemedicine, which means an image, video recording and/or audio of you may be used to allow healthcare providers at different locations to see you on a computer screen or view your medical records. Telemedicine may be used for diagnosis, follow-up and/or education, and may include: your medical records, medical images, live two-way audio and video, output data from medical devices, and sound and video files. Electronic systems used will incorporate network and software security protocols to help protect the confidentiality and integrity of your identity and imaging data.

The above list is a summary of our typical uses and disclosures of health information.

HIPAA permits other uses and disclosures, and we may use and disclose health information as permitted by HIPAA, including as to lawsuits and administrative proceedings, law enforcement, research, fundraising, deceased individuals, personal representatives, HIPAA compliance, organ/tissue donation, psychotherapy notes, limited data sets, and de-identification of health information. Please contact our Privacy Officer for further information. Incidental uses and disclosures of health information sometimes occur and are not considered to be a violation of your rights; these are by-products of otherwise permitted uses or disclosures which are limited in nature and cannot be reasonably prevented. Certain health information may have additional protections under state law, which may be more restrictive than HIPAA; if these state laws apply to us, our disclosure may be subject to additional protections. Other uses and disclosures not described in the notice will be made only with authorization from the individual, and an individual can revoke an authorization as permitted by HIPAA.

Access: You can request inspection and get copies of your HIPAA-covered health information (and that of an individual for whom you are a parent or legal guardian.) There will be some limited exceptions. Your request must be in writing. If you wish to examine your health information, you will need to complete and submit an appropriate request form. Contact our Privacy Office for a copy of the Request Form. You may also request access by sending the Privacy Office a letter. If your request is approved, an appointment can be made to review your records. Medical records can also be requested online at https://www.swellbox.com/beaumont-uc-wizard.html.

Amendment: You have the right to request amendment of your health care information, if you feel it is inaccurate or incomplete. Your request must be in writing and must include an explanation of why you believe the information should be amended. We may say “no” to your request, but we’ll tell you why in writing within 60 days. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. We also may deny your request if you ask us to amend information that:

• Was not created by us, unless the person or entity that created the information is no longer available to make the amendment.


• Is not part of the health information kept by or for a Corewell Health Urgent Care entity.


• Is not part of the information that you would be permitted to inspect and copy.


• Is accurate and complete.

Non-routine disclosures:You have the right to request a list of non-routine disclosures we have made of your health care information. This is also called an “accounting.” consistent with HIPAA, you have the right to request a list of certain instances for the past 6 years in which we, or our business associates, disclosed information for reasons other than treatment, payment, or health care operations, disclosures to you, or disclosures based on your authorization. Other limited exceptions also apply.

Request restrictions/confidential communications: You have the right to request that we place additional restrictions on our use or disclosure of your health information and for you to receive confidential communications from us at alternative locations or by alternative means. We do not have to agree to most of these requests, but if we do, we will abide by our agreement (except, for example, in emergencies). This request must be submitted in writing. If you or someone on your behalf has paid us in full, you have the right to ask us not to submit that health care item or service to a health plan for payment; we must generally agree to your request unless the disclosure is required by law.

Breach: In the event of a breach involving unsecured PHI, as defined by HIPAA, we will follow HIPAA to notify affected individuals..

Complaints: You may file a written or verbal complaint with us if you believe your privacy rights have been violated. If you have any privacy-related questions or complaints, please contact our Privacy Office using one of the methods listed above. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. We support your right to privacy of your Medical Information, and you will not be penalized for filing a complaint.

Access to care: You have the right to access, and request for, and an amendment of your medical records.

Safety: You have a right to receive safe, high-quality care.

Respect: You have a right to be shown respect, dignity, and consideration regarding your healthcare.

Communication: You have a right to be informed about services, treatment options, and costs in a clear and susceptible way.

Participation: You have a right to be included in decisions and choices regarding your care.

Privacy: You have a right to privacy and confidentiality of your personal information.

Comment: You have a right to comment on your care and to have your concerns addressed.

Health records: You have the right to refuse the release of your personal health information (except when required by law).

Interpreter: You have the right to have clinic personnel or a language line available for patient/family members with a language barrier. Please let us know if you have such a request.

Advance care directive / Power of attorney / Guardianship: Please inform your health care professional if you have a current Advance Care Directive or Power of Attorney for any health or personal matters, or if you are subject to a guardianship order.

Safety: Tell us your safety concerns.

Respect: Consider the wellbeing and rights of others. Patients, family members, friends, and team members are expected to demonstrate peaceful and respectful behaviors by avoiding all intimidating, threatening, disruptive, and violent actions and word choices that prevent our care team from maintaining a safe, secure, and healing environment.

Communication: Provide accurate and complete information regarding your medical history and ask questions.

Participation: Follow your treatment plan, cooperate, and participate where able.

Services: You have the right to refuse care or services.

Complaint / feedback: You should direct any complaint to a staff member or member of management so that we can review your complaint and assess appropriate steps to remedy your concern.