Last Updated: 2025-12-01
This Notice of Privacy Practices (“Notice”) describes how [ LEGAL BUSINESS NAME ] (“we,” “us,” “our”) may use and disclose your protected health information (“PHI”) and how you can access your PHI, in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and applicable law.
This Notice applies to PHI created, received, maintained, or transmitted by us in connection with healthcare services. This Notice does not replace our website Privacy Policy, which addresses general website and marketing information.
1) Our Responsibilities
We are required by law to:
- Maintain the privacy and security of your PHI
- Provide you with this Notice of our legal duties and privacy practices regarding PHI
- Follow the terms of the Notice currently in effect
- Notify you following a breach of unsecured PHI, as required by law
2) How We May Use and Disclose Your PHI (Without Your Written Authorization)
HIPAA permits us to use and disclose your PHI for certain purposes, including:
A) Treatment
We may use and share your PHI to provide, coordinate, or manage your healthcare and related services. We may share PHI with other healthcare providers involved in your care.
B) Payment
We may use and disclose your PHI to obtain payment for healthcare services, including billing, claims management, eligibility, and collection activities.
C) Healthcare Operations
We may use and disclose your PHI for healthcare operations, such as:
- Quality assessment and improvement activities
- Training and credentialing
- Care coordination and case management
- Business planning and administrative activities
- Compliance, auditing, and legal services
D) Required by Law
We may disclose PHI when required by federal, state, or local law, including to the U.S. Department of Health and Human Services for compliance investigations.
E) Public Health and Safety
We may disclose PHI for public health activities (such as reporting diseases, adverse events, or product recalls) and to prevent or reduce a serious threat to health or safety, as permitted by law.
F) Health Oversight Activities
We may disclose PHI to health oversight agencies for authorized activities such as audits, inspections, investigations, and licensure actions.
G) Judicial and Administrative Proceedings
We may disclose PHI in response to a court order, subpoena, discovery request, or other lawful process, as permitted by law.
H) Law Enforcement
We may disclose PHI to law enforcement as permitted by law, such as in response to a court order, subpoena, or to report certain types of injuries.
I) Coroners, Medical Examiners, and Funeral Directors
We may disclose PHI to a coroner or medical examiner for identification, cause of death, or other duties, and to funeral directors as necessary.
J) Organ and Tissue Donation
We may disclose PHI to organizations involved in organ procurement and transplantation, as permitted by law.
K) Research
We may use or disclose PHI for research purposes as permitted by law, including with your authorization when required or under an Institutional Review Board (IRB) waiver, where applicable.
L) Workers’ Compensation
We may disclose PHI for workers’ compensation or similar programs as permitted by law.
3) Uses and Disclosures That Require Your Written Authorization
We will generally obtain your written authorization for uses and disclosures of PHI that are not described in this Notice, including (as applicable):
- Most uses and disclosures for marketing purposes
- Sale of PHI
- Certain disclosures of psychotherapy notes (if applicable)
You may revoke an authorization in writing at any time, except to the extent we have already acted in reliance on it.
4) Your Rights Regarding Your PHI
You have the following rights, subject to certain limitations under HIPAA and applicable law:
A) Right to Inspect and Obtain a Copy
You may request access to inspect and obtain a copy of your PHI. We may charge a reasonable, cost-based fee as permitted by law.
B) Right to Request an Amendment
You may request that we amend your PHI if you believe it is incorrect or incomplete. We may deny your request under certain circumstances.
C) Right to an Accounting of Disclosures
You may request a list (“accounting”) of certain disclosures of your PHI made in the last six (6) years, as permitted by law.
D) Right to Request Restrictions
You may request restrictions on how we use or disclose your PHI for treatment, payment, or operations. We are not required to agree to your request, except in certain limited circumstances (for example, where you paid out of pocket in full for a specific item or service and request we not disclose it to your health plan, where applicable).
E) Right to Request Confidential Communications
You may request that we communicate with you in a specific way or at a specific location (for example, by contacting you at a different phone number or mailing address). We will accommodate reasonable requests.
F) Right to Receive a Paper Copy of This Notice
You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
G) Right to Be Notified of a Breach
You have the right to be notified in the event of a breach of unsecured PHI, as required by law.
5) Complaints
If you believe your privacy rights have been violated, you may file a complaint with us and/or with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). You will not be retaliated against for filing a complaint.
6) Changes to This Notice
We may change the terms of this Notice at any time. Any changes will apply to all PHI we maintain. The updated Notice will be posted on our website with the updated “Last Updated” date.
7) Contact
Questions about this HIPAA Notice of Privacy Practices may be directed to:
Name : [ LEGAL BUSINESS NAME ]
Address : [ PRIMARY BUSINESS ADDRESS ]
Email : [ PUBLIC FACING EMAIL ]
