Back to top

HIPAA Notice of Privacy Practices


This notice describes how health information about you may be used and disclosed by Mahalo, Inc. and how you can get access to this information. Please review it carefully.

Information Subject to This Notice

This notice applies to information about you that is protected under a federal law called HIPAA (the Health Insurance Portability and Accountability Act), called “protected health information.” Protected health information includes health-related information that we collect, create, receive or maintain in connection with your unique Mahalo User account and that reasonably could be used to identify you, such as:

  • Demographic or contact information such as your name, age and gender;
  • Information related to your health condition or status, such as the condition or procedure search terms you use to find a doctor or health facility; and
  • Information about your health insurance and benefits (such as your insurance co-pay or remaining deductible).

Mahalo may receive your health information directly from you or from a third party, such as your employer-sponsored health plan, that has contracted with us to provide services to you. The ways in which we can use and share health information with this third party are established by our contract with the third party, as well as HIPAA and other privacy laws.

How We Typically Use and Share Health Information

We may and typically do use and share your protected health information in the following ways without first asking for your written permission as permitted by HIPAA:

  • Treatment
    • We may use and share your health information to help you get treatment.
      • Example: When you use our services to search for providers, we give you options for healthcare providers in your area based on, among other things, your gender, age and location.
    • We may use your health information to contact you about your Mahalo user account or provide services.
      • Example: When you request that we make an appointment for you, we may communicate with you to schedule the appointment.
    • We may share your health information with other professionals who are treating you.
      • Example: We share your health information with the doctor’s office when we make an appointment for you.
  • Business Operations
    • We may use and share your health information to improve our service, manage our business, and contact you when necessary.
      • Example: We may use your health information to provide customer service to you.
  • Payment
    • We can use and share your health information for payment purposes.
      • Example: If we charged you for our services, we would be allowed to share your health information so that we could receive payment for them.
  • Contractors
    • Third-party contractors provide certain services to us or you on our behalf. These contractors are required by law and our contracts with them to protect your health information the same way we do.
      • Example: We may use a contractor to help us make a doctor’s appointment for you. They are required to protect any information they receive about you.
  • Your Employer-Sponsored Health Plan
    • When we provide our services to you as a benefit offered by your health plan, we may use and share your health information with your health plan administrator or its other service providers as permitted by our contract with those organizations and HIPAA as a "business associate".
      • Example: We may use your health information to analyze use of our services and share statistics with the administrator of your health plan.

Other Ways We May Use or Share Health Information

We may and sometimes are required, to use or share your health information in the following special circumstances without first asking for your written permission. We have to meet many conditions in the law before we can share your information for these purposes.

  • Comply with the law
    • We will share your health information if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
  • Respond to lawsuits and legal actions
    • We may share your health information in response to a court or administrative order, or in response to a subpoena.
  • Do Research
    • We may use or share your health information for certain research purposes.
  • Help with public health and safety issues
    • We may use or share your health information for public health-related reasons such as:
      • Preventing disease
      • Helping with product recalls
      • Reporting adverse reactions to medications
      • Reporting suspected abuse, neglect, or domestic violence
      • Preventing or reducing a serious threat to anyone’s health or safety
  • Responding to organ and tissue donation requests
    • We may share your health information about you with organ procurement organizations.
  • Work with a medical examiner or funeral director
    • We may share health information with a coroner, medical examiner, or funeral director when an individual dies.
  • Address workers’ compensation, law enforcement, and other government requests
    • We may use or share your health information:
      • For workers’ compensation claims;
      • For law enforcement purposes or with a law enforcement official;
      • With health oversight agencies for activities authorized by law; and
      • For special government functions such as military, national security, and presidential protective services.

How We May Use and Share Your Health Information with Individuals Involved in Your Care or Payment for Care

Generally, we will not share your health information or communicate with someone other than you about your Mahalo user account.

If you are represented by legally appointed personal representative, we will communicate with your representative in the same manner we would communicate with you.

In special circumstances, we may share your health information or communicate with individuals identified as family, close friends, or others involved in your care, with your permission; or, if you are unable to give permission, only if we believe it is necessary and in your best interest.

To protect your privacy and the security of your Mahalo user account, we strongly recommend that you never share your Mahalo account password or other sign–in information with anyone else. When someone signs into your Mahalo user account, we will assume that you gave your permission to that person to access the Mahalo services and the information in your Mahalo user account.

Use and Sharing Not Described Above in This Notice

Any use or sharing of your health information not described elsewhere in this Notice will be made only with your prior written permission. We will never sell your health information or use or share it to market products and services in ways not permitted by HIPAA.

Certain state laws impose additional, more stringent restrictions on how we can use or share your health information. Typically, these laws apply to certain, sensitive types of health information, such as information about mental health, substance abuse, or HIV status. Mahalo will comply with these additional laws when applicable.

Your Rights

You have certain rights with respect to your health information. These rights and our responsibilities to help you exercise these are below.

Where your health plan has contracted with us to provide our services to you as a health plan benefit, we may forward some of your requests to the health plan for response or input as required by our contract.

  • Get an electronic copy of your health information
    • You may see the health information we have about you by signing into your Mahalo user account. If you would like a paper copy of this information, you can print your account page through your browser.
  • Ask us to correct your health information
    • If you believe the health information that we maintain about you is incorrect or incomplete, you may:
      • Correct some of your health information (e.g., name and age) yourself by signing-in to your Mahalo user account and updating your profile, or
      • Send us an email at info@mahalo.health describing the change you are requesting. We may say “no” to your request, but we will tell you why in writing within 60 days.
  • Ask us to communicate with you differently
    • You may ask us to contact you in a specific or different way (for example, using your office phone number instead of your home phone number) by:
      • Signing-in to your Mahalo user account and updating your profile or settings, or
      • Sending us an email at info@mahalo.health describing the change you are requesting. We will say “yes” to all reasonable requests, but in some cases, this may affect whether or how you can receive services from us.
    • To provide services to you, Mahalo may communicate with you using email, phone, SMS text message, or interactive features (such as secure chat).

Communications via email or SMS text message are not considered secure and should not be used to share sensitive information with us. Others may be able to access messages or your account information if you allow them to use the device you use to receive messages or have not logged out of your account on that device.

  • Ask us to limit what health information we use or share
    • You may ask us not to use or share certain health information for treatment, payment, or our business operations by emailing us at info@mahalo.health. We may say “no” to your request, unless you request that we not share with your health plan your health information about services for which you have wholly paid out-of-pocket. We will say “yes” to those requests unless we are required by law to share that information.
  • Get an accounting of those with whom we have shared information
    • You may ask us for an accounting (list) of when, with whom, and why we have shared your health information in the period up to 6 years from the date of your request by sending us an email at info@mahalo.health.
    • We will not include times when we shared your health information for treatment, payment, and healthcare operations, and certain other purposes (such as disclosures you asked us to make). We’ll provide one accounting per year for free but will charge a reasonable, cost-based fee if you ask for another one within the next year.
  • Get a copy of this privacy notice
    • You may ask us for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically, by emailing us at info@mahalo.health. We will provide you with a paper copy promptly.
  • Ask us questions or file a complaint
    • If you have questions about this notice or believe your privacy rights have been please contact us at info@mahalo.health and include “Complaint” in the subject line. You can also file a complaint with the US Department of Health & Human Services.
    • We will not retaliate against you for filing a complaint.

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We must follow the duties and privacy practices described in this notice. You can print a copy of this notice or send an email to info@mahalo.health to request a paper copy.
  • If you have given us permission to use or share your protected health information in a certain way, you may change your mind at any time. Let us know by emailing us at info@mahalo.health. In some cases, we may not be able to provide you with services if you withdraw your permission
  • We will let you know if a breach occurs that compromises the privacy or security of your information subject to this notice.

Changes to the terms of this notice. We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be on our Web Site.

Effective date: 1/26/2021