Notice of Privacy Practices
Effective Date: December 20, 2018
THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED, AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Warby Parker takes the confidentiality of your health information very seriously. We are required by law to provide you with this Notice of Privacy Practices (“Notice”) and follow the terms of this Notice while it is in effect. This Notice is a summary of your privacy rights, and your use of Warby Parker’s Services evidences your acceptance of the terms of this Notice. “Services” means any of the services we offer, including eye exams, refraction testing through our Prescription Check mobile application and/or in-store service (collectively, “Prescription Check”), and the prescribing and dispensing of prescription eyeglasses. Warby Parker also operates the website warbyparker.com, an e-commerce mobile application, and other related websites and mobile applications that contain links to this Notice. In this Notice, “health information”, “protected health information”, and “PHI” refer to individually identifiable health information that we obtain from you in connection with the Services.
1. Warby Parker’s use and disclosure of PHI
Generally, Warby Parker uses and discloses your PHI for the normal business activities that fall in the categories of treatment, payment, and healthcare operations, in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Below are a few examples of those activities (but note that not every use or disclosure that falls within each category is included!).
Treatment. Warby Parker keeps a record of the PHI you provide to us in the course of using the Services. This record may include the results of your eye exam, information we receive in connection with your use of Prescription Check, your prescription information, the prescription products that you purchase, information related to your vision insurance plan, and other information we learn about your health or vision through our provision of the Services. We may disclose this information so that doctors, nurses, other optical dispensers, and other entities like laboratories can meet your healthcare needs.
Payment. Warby Parker documents the Services that you receive when we provide care to you so that you (or, if applicable, your vision insurance plan or another third party) can pay us for the Services. If applicable, we may share information with your vision insurance plan about upcoming treatment or Services that require prior approval by the plan.
Healthcare Operations. Warby Parker uses PHI to improve the Services and train staff, and for business management, quality improvement, performance evaluation, marketing activities permitted under HIPAA, customer service activities, and other internal business purposes.
Warby Parker may also use or disclose your PHI to:
- Comply with federal, state, or local laws.
- Assist in public health activities, such as tracking diseases or medical devices.
- Inform authorities in order to protect victims of abuse or neglect.
- Comply with federal and state health oversight activities, such as fraud investigations.
- Respond to law enforcement officials or to judicial orders, subpoenas, or other process.
- Inform coroners, medical examiners, and funeral directors of information necessary for them to fulfill their duties.
- Facilitate organ and tissue donation or procurement.
- Conduct research (following internal review protocols to ensure the balancing of privacy and research needs).
- Avert a serious threat to health or safety.
- Assist in specialized government functions, such as national security, intelligence, and protective services.
- Inform military and veteran authorities if you are an armed forces member.
- Inform a correctional institution if you are an inmate.
- Inform workers’ compensation carriers or your employer if you are injured at work, as authorized by and as necessary to comply with relevant laws.
- Tell you about health-related products and services.
- Send appointment reminders.
- Communicate with individuals, such as friends and family, who are involved in your care or involved in the payment for that care.
- Communicate within our organization for treatment, payment, or healthcare operations.
- Communicate with other providers, health plans, or their related entities for their treatment, payment, or healthcare operations activities.
- Provide information to other third parties with whom we do business in order to allow those third parties to provide services to us or on our behalf. (Don’t worry—in these situations, we require third parties to provide us with assurances that they will safeguard your information.)
Any other uses or disclosures not set forth in this Notice may only be performed with your written permission. We will also obtain your written permission before we use or disclose your PHI for any marketing purposes that are unrelated to the Services we provide. You may revoke your permission, in writing, at any time. If you do so, we will no longer use or disclose your PHI for the reasons covered by your written permission, but note that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we’ve provided to you.
2. Warby Parker’s responsibilities with respect to your PHI
Warby Parker is required by HIPAA to:
- Maintain the privacy of your PHI.
- Provide this Notice setting forth our duties and privacy practices.
- Abide by the terms of the version of this Notice currently in effect.
- Tell you if there has been a security breach that compromises your PHI.
Please note that some states have laws that may require that we apply extra protections to some of your health information.
3. Your rights with respect to your PHI
You have the following rights with respect to your PHI maintained by Warby Parker.
- Inspect and copy. You have the right to inspect and copy certain portions of your PHI. We may, in certain limited circumstances, deny your request to inspect or copy your PHI. If we do so, we will inform you of the reason for the denial.
- Amend. You have the right to amend your PHI if you feel that it is incorrect or incomplete. We may, in certain limited circumstances, deny your request to amend your PHI. If we do so, you may submit a statement of disagreement for inclusion in your records.
- Accounting of disclosures. You have the right to an accounting of our disclosures of your PHI made over the past six years. This right does not apply to disclosures made for treatment, payment, or healthcare operations; disclosures made to you about your treatment; disclosures made pursuant to an authorization; and certain other disclosures.
- Restrictions on disclosure. You have the right to request restrictions on how we use or disclose your PHI. We’re not required to comply with such requests except for requests pertaining to disclosure to a vision insurance plan or other payor for payment or certain care operations that relate to an item or service for which you have paid out of pocket in full. If we agree to any such request, we will comply with your request except in certain emergency situations or as required by law.
- Communication. You have the right to request that we communicate with you at a specific telephone number or address.
- Paper copy. You have the right to obtain a paper copy of this Notice (even if you’re currently reading it electronically!).
4. Changes to this Notice
We occasionally review this Notice to make sure it complies with applicable laws and conforms to changes in our business. We may need to update this Notice, and we reserve the right to do so at any time. If we change the terms of this Notice, the new terms will apply to all PHI that we maintain, including PHI that you provided to us before such changes were made. We will post the new Notice on our websites and mobile applications, and will update the “Effective Date” at the top of this page so you can tell if it has changed since your last visit. We will make the new Notice available upon request. Your continued use of the Services constitutes your acceptance of the terms of such revised Notice.
If you believe that your privacy has been violated or that Warby Parker has not followed its obligations under HIPAA, you may file a complaint with us or with the Secretary of Health and Human Services. We will not retaliate against you or penalize you for filing any such complaint.
To file a complaint with us, email [email protected] or write to 233 Spring Street, 6th floor East, New York City, NY 10013, Attn: Legal Department.
To file a complaint with the Secretary of Health and Human Services, call 877.696.6775 or write to 200 Independence Avenue S.W., Washington, D.C. 20201.
6. Contacting Warby Parker
To exercise any of your rights set forth in this Notice, or for more information about Warby Parker’s privacy practices, email [email protected], write to 233 Spring Street, 6th floor East, New York City, NY 10013, Attn: Legal Department, or call 888.492.7297 and ask to speak with the Legal Department.