icons8-delete_sign_filledCreated with Sketch.

HIPAA Policy for Daye

1. Introduction

1.1 Purpose and Application

Daye is committed to maintaining the privacy and confidentiality of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and the regulations promulgated pursuant thereto (hereinafter referred to as the “Privacy Rule”). This HIPAA Privacy Policy (the “Policy”) sets forth the privacy policies and procedures applicable to Daye to the extent that it provides services involving the collection, use, and disclosure of PHI.

1.2 Scope

This Policy applies to all employees, volunteers, contractors, and agents of Daye who handle PHI. All workforce members are expected to comply with the policies and procedures set forth herein.

1.3 Maintenance and Amendment

This Policy is the responsibility of the HIPAA Privacy Officer. The HIPAA Privacy Officer may amend this Policy as necessary to ensure continued compliance with HIPAA, subject to the approval of Daye’s management. The HIPAA Privacy Officer appointed by Daye is Valentina Milanova, Daye’s Chief Executive and Chief Information Officer. Valentina’s work in ensuring compliance with the HIPAA Policy will be supported by the company’s Chief Technology Officer, Head of Medical Innovation, Quality Manager and Operations Director.

2. Definitions

Protected Health Information (PHI): Individually identifiable health information that relates to the past, present, or future physical or mental condition of an individual, provision of health care to an individual, or payment for such health care.

HIPAA Privacy Officer: The designated individual responsible for implementing and updating this Policy and for ensuring compliance with HIPAA.

3. HIPAA Privacy Officer

3.1 Duties of HIPAA Privacy Officer

  • Implementing, updating, and interpreting this Policy.
  • Providing and documenting appropriate privacy training for workforce members.
  • Investigating and responding to complaints regarding possible HIPAA violations.
  • Ensuring that Business Associate Agreements are entered into with appropriate parties.
  • Maintaining documentation pursuant to the record-keeping requirements.

4. Minimum Necessary Rule

Daye will limit the use, disclosure, and request of PHI to the minimum necessary to accomplish the intended purpose. This includes ensuring that only individuals who need access to PHI for their job functions are granted such access.

5. Permitted Uses and Disclosures of PHI

5.1 Uses and Disclosures for Treatment, Payment, or Health Care Operations

Daye may use and disclose PHI for treatment, payment, or health care operations without an individual’s authorization. This includes:

  • Treatment: Providing, coordinating, or managing health care and related services.
  • Payment: Activities to obtain premiums or reimbursement for the provision of health care.
  • Health Care Operations: Activities related to quality assessment, case management, and business planning.

5.2 Disclosures to Business Associates

Daye may disclose PHI to business associates who perform services on its behalf, provided that there is a Business Associate Agreement in place to ensure the protection of PHI.

5.3 Uses and Disclosures for Legal and Law Enforcement Purposes

Daye may disclose PHI as required by law or in response to a court order, subpoena, or other legal processes, provided that the disclosure complies with HIPAA requirements.

6. Individual Rights Regarding PHI

6.1 Right to Inspect and Copy

Individuals have the right to inspect and copy their PHI maintained by Daye. Requests must be made in writing via email to hello@yourdaye.com, and Daye will respond within 30 days. Fees may be charged for the costs of copying and mailing.

6.2 Right to Amend

Individuals may request an amendment to their PHI if they believe it is incorrect or incomplete. Requests must be made in writing via email to hello@yourdaye.com, and Daye will respond within 60 days. Daye may deny the request if it is not supported by a valid reason.

6.3 Right to an Accounting of Disclosures

Individuals have the right to request an accounting of disclosures of their PHI made by Daye in the past six years, excluding disclosures made for treatment, payment, or health care operations.

6.4 Right to Request Restrictions

Individuals may request restrictions on the use or disclosure of their PHI. Daye is not required to agree to the request, but if it does, it will comply with the restriction.

6.5 Right to Request Confidential Communications

Individuals have the right to request that communications regarding their PHI be sent to a specific location or by a specific method. Daye will accommodate reasonable requests.

7. Notice of Privacy Practices

Daye will provide a Notice of Privacy Practices to individuals upon their first visit to Daye’s website via the terms and conditions section on yourdaye.com. The notice will inform individuals of their rights and Daye’s legal duties regarding PHI.

8. Training Requirements

All workforce members will receive HIPAA training during orientation and periodic retraining as necessary. Training will cover the specifics of Daye’s HIPAA policies and procedures and how they apply to daily job functions.

9. Privacy Breaches and Notification

9.1 Identifying and Investigating Breaches

Daye’s team members must report any suspected breaches of PHI to the HIPAA Privacy Officer. The HIPAA Privacy Officer will investigate and determine if a breach occurred and take appropriate action.

9.2 Notification of Breaches

If a breach occurs, Daye will notify affected individuals, relevant regulatory authorities, and, if necessary, the media, as required by HIPAA.

10. Record Retention

Daye will retain documentation related to HIPAA compliance, including policies, procedures, and records of disclosures, for at least six years.

11. Disposal of PHI

Daye will dispose of PHI in a manner that ensures it cannot be accessed by unauthorized individuals. This includes shredding paper records and securely wiping electronic media. This HIPAA policy for Daye ensures compliance with HIPAA regulations and protects the privacy and confidentiality of PHI. It is essential for all workforce members to understand and adhere to these policies and procedures.

Daye tampons are manufactured in accordance with medical device standards, including ISO13485 and GMP. In order for a diagnosis to be confirmed, test results from the Diagnostic Tampon should be considered by a licensed healthcare provider alongside a patient's symptoms and medical history. Like every other diagnostic test, lab results are not sufficient for a diagnosis. Daye offers customers the option to connect with independent CQC-regulated healthcare providers virtually and in-person for a confirmed diagnosis. All prescriptions and treatments provided through the Daye platform are issued by third-party, independent pharmacists, who are also regulated under CQC and GPhC.