Herd Healthcare Notice of Privacy Practices

This Notice of Privacy Practices explains how Herd Healthcare may use and disclose your protected health information (PHI) and your rights regarding that information. We are required by the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy of your health information and to provide you with this notice. If you have questions, please contact our Privacy Officer, James Alan Herd, at jaherdmd@herdhealthcare.com or P O Box 20669 Houston,TX 77025.

Our Commitment to Your Privacy

Herd Healthcare is dedicated to safeguarding your health information. We use secure, HIPAA-compliant systems, such as Zoho Forms, Zoho Creator, Google Workspace (Gmail), and Google Cloud Storage, with encryption and access controls to protect your data. We will notify you promptly if a breach occurs that may compromise the privacy or security of your PHI.

What is Protected Health Information (PHI)?

PHI is any information we create or receive about your health, healthcare, or payment for healthcare that can identify you. This includes medical records, billing information, and information you provide through forms or applications, such as those collected via Zoho Forms or Zoho Creator.

How We May Use and Disclose Your PHI

We may use or disclose your PHI for the following purposes, as permitted or required by HIPAA:

• Treatment: We may use your PHI to provide medical care, such as sharing your medical history with a specialist or coordinating care with other providers.
• Payment: We may use or disclose your PHI to bill for services, process insurance claims, or verify coverage with your health plan.
• Healthcare Operations: We may use your PHI to improve our services, train staff, or conduct quality reviews. For example, we may review records to ensure high-quality care.
• Disclosures to Business Associates: We may share your PHI with third parties, such as Zoho (for Zoho Forms and Zoho Creator) or Google (for Gmail and Google Cloud Storage), that provide services to us. These business associates are required to sign a Business Associate Agreement (BAA) to protect your PHI in accordance with HIPAA.
• Other Permitted Uses and Disclosures: We may disclose your PHI without your permission in certain situations, such as:
  • As required by law (e.g., reporting abuse or responding to a court order).
  • For public health activities (e.g., reporting diseases to health authorities).
  • To prevent a serious threat to health or safety.
  • For workers’ compensation claims.
  • To a coroner, medical examiner, or funeral director as needed.
• Uses and Disclosures Requiring Your Authorization: We will not use or disclose your PHI for purposes not listed above (e.g., marketing or selling your information) without your written authorization. You may revoke an authorization in writing at any time, except to the extent we have already acted on it.

Your Rights Regarding Your PHI

Under HIPAA, you have the following rights concerning your PHI:

• Right to Access: You may request to inspect or obtain a copy of your PHI in our records. We may charge a reasonable fee for copying or mailing. Contact our Privacy Officer to make a request.
• Right to Amend: If you believe your PHI is incorrect or incomplete, you may request an amendment. We may deny the request in certain cases, such as if the information is accurate or was created by another provider.
• Right to an Accounting of Disclosures: You may request a list of disclosures we made of your PHI, except for disclosures for treatment, payment, healthcare operations, or those you authorized. The list covers disclosures made in the past six years.
• Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree, except for disclosures to your health plan for services you paid out-of-pocket in full.
• Right to Request Confidential Communications: You may request that we contact you in a specific way (e.g., at a different address or phone number). We will accommodate reasonable requests.
• Right to a Copy of This Notice: You may request a paper or electronic copy of this notice at any time, even if you agreed to receive it electronically.

How We Protect Your PHI

We implement safeguards to protect your PHI, including:

• Encryption: Data stored and transmitted through systems like Zoho Forms, Zoho Creator, Gmail, and Google Cloud Storage is encrypted to prevent unauthorized access.
• Access Controls: Only authorized staff with a need to know can access your PHI.
• Audit Logs: We track access and changes to your PHI to ensure accountability.
• Staff Training: Our team is trained on HIPAA compliance to protect your privacy.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

• Herd Healthcare Privacy Officer: James Alan Herd, jaherdmd@herdhealthcare.com, P O Box 20669 Houston,TX 77025.
• U.S. Department of Health and Human Services: Office for Civil Rights, 200 Independence Avenue, S.W., Washington, D.C. 20201, or online at www.hhs.gov/ocr.

We will not retaliate against you for filing a complaint.

Changes to This Notice

We may update this Notice of Privacy Practices to reflect changes in our policies or legal requirements. The updated notice will apply to all PHI we maintain. We will post the revised notice in our office and on our website, if applicable, and provide copies upon request.

Contact Information

For questions, requests, or complaints about your PHI or this notice, contact:

• Privacy Officer: James Alan Herd
• Email: jaherdmd@herdhealthcare.com
• Address: P O Box 20669 Houston,TX 77025