Notice of Privacy Practices

Effective Date: January 1, 2026

Your Information. Your Rights. Our Responsibilities.

This Notice of Privacy Practices describes how medical information about you may be used and disclosed by PrimaryCareIM and how you can get access to this information. Please review it carefully.

PrimaryCareIMunderstands that your health information is personal. We are committed to protecting the privacy of your medical information and to following applicable privacy laws, including the Health Insurance Portability and Accountability Act, commonly known as HIPAA. This Notice explains the ways in which we may use and disclose your protected health information, also called PHI, and it explains the rights you have with respect to that information.

Protected health information generally includes information that identifies you and relates to your past, present, or future physical or mental health, the healthcare services you receive, or payment for those services. Your medical information may exist in paper records, electronic records, photographs, recordings, billing records, laboratory information, or other forms that are maintained as part of your care.

Our Responsibilities

By law, we are required to maintain the privacy and security of your protected health information. We are also required to provide you with this Notice, to follow the duties and privacy practices described in it, and to notify you if a breach occurs that may have compromised the privacy or security of your information. HHS explains that providers must give patients a notice describing how health information may be used and shared and what privacy rights patients have.

We may change the terms of this Notice from time to time. If we do, the revised notice will apply to all protected health information we maintain, not just information created or received after the revision date. The updated Notice will be made available in our office and on our website, and we will include an updated effective date.

How we may use and disclose your medical information

In the ordinary course of caring for patients, we may use and disclose protected health information for treatment, payment, and healthcare operations. HIPAA permits these core uses and disclosures without requiring a separate written authorization in many situations.

For treatment purposes, we may use and share your information to provide, coordinate, or manage your care. This may include reviewing your health history, discussing your care with physicians, nurses, specialists, pharmacies, laboratories, imaging centers, or other providers involved in your treatment. It may also include sharing information between clinic locations or staff members who are participating in your care.

For payment purposes, we may use and disclose your information to bill and collect payment for the care and services you receive. This may include sending information to your health plan, insurance company, billing service, or other payors to verify coverage, obtain payment, process claims, determine medical necessity, or review benefits.

For healthcare operations, we may use and disclose your information for activities necessary to run the clinic and ensure quality care. This may include quality assessment, staff review, licensing, credentialing, training, customer service, compliance activities, audits, legal review, business planning, and administrative management.

Other ways we may use or disclose information without your written authorization

HIPAA also permits or requires certain other uses and disclosures in specific circumstances. For example, we may disclose your information when required by federal or state law, in response to a court order, subpoena, or other lawful process, or for certain public health activities. Public health disclosures may include reporting information to prevent or control disease, report adverse events, or comply with government reporting requirements.

We may disclose information to health oversight agencies for audits, inspections, investigations, or licensure activities. We may also disclose information for law enforcement purposes in limited circumstances allowed by law, such as responding to a warrant or reporting certain injuries or crimes where required.

In certain situations, we may disclose information to coroners, medical examiners, or funeral directors, or for organ and tissue donation purposes. We may also use or disclose information for approved research where legal requirements have been met. In limited cases, we may disclose information to avert a serious threat to health or safety when permitted by law.

If you are involved in a workers’ compensation claim, we may disclose information as necessary to comply with workers’ compensation laws. If a member of the armed forces, correctional institution, or certain government programs requires access as permitted by law, we may disclose information as required in those contexts.

Uses and disclosures that typically require your written authorization

There are certain situations where we generally will not use or disclose your protected health information unless you give us written authorization. In most cases, this includes uses or disclosures of psychotherapy notes if applicable, most uses and disclosures of PHI for marketing purposes, and disclosures that constitute the sale of PHI. HHS’s model notice for providers specifically highlights these categories.

If we ask for your authorization, you may revoke it later in writing, except to the extent we have already acted based on it. Revoking your authorization will not affect prior uses or disclosures that were already made in reliance on your written permission.

Uses and disclosures where you may have a choice

In some situations, you have the right to tell us your preferences about how we share your information. For example, if family members, close friends, or others are involved in your care or payment for your care, we may share relevant information with them if you agree, if you are given an opportunity to object and do not object, or if professional judgment indicates it is in your best interest when you are unable to speak for yourself.

You may also tell us how you want us to handle appointment reminders, follow-up communications, or messages left at your home, voicemail, or another contact point. If you want a more confidential communication method, such as using a different mailing address or phone number, you may request that, and we will consider your request in accordance with applicable law.

Your rights regarding your medical information

You have important rights regarding your protected health information.

You have the right to inspect and obtain a copy of certain health and billing records that we maintain about you. In many cases, this includes the right to request an electronic copy if the information is maintained electronically. We may charge a reasonable, cost-based fee where allowed by law.

You have the right to ask us to correct or amend information in your records if you believe it is incorrect or incomplete. If we deny your request, we will tell you why in writing and explain how you may submit a statement of disagreement.

You have the right to request restrictions on certain uses or disclosures of your information. We are not always required to agree to every requested restriction, but we will consider it carefully. In some cases, if you pay for a service out of pocket in full, you may request that we not disclose that information to your health plan for payment or healthcare operations, and if the request meets legal requirements, we must honor it.

You have the right to request confidential communications. This means you may ask us to contact you in a specific way or at a specific location, such as sending mail to a different address or calling a different number. We will accommodate reasonable requests.

You have the right to receive an accounting of certain disclosures of your protected health information. This is a list of certain disclosures we have made, excluding disclosures for treatment, payment, healthcare operations, and certain other exceptions permitted by law.

You have the right to obtain a paper copy of this Notice at any time, even if you agreed to receive it electronically. You also have the right to be notified following a breach of unsecured protected health information when notification is required by law.

HHS’s model provider notice includes these same core rights, and this draft follows that standard structure.

Special considerations for minors, personal representatives, and others acting on your behalf

In some cases, a parent, guardian, executor, health care surrogate, power of attorney, or other legally authorized representative may exercise privacy rights on your behalf. We will verify the person’s authority before allowing access or action where appropriate.

There may also be situations under state or federal law where a minor has privacy rights relating to certain services, or where disclosure to a parent or representative is limited. We will handle those situations in accordance with applicable law.

Communications, reminders, and operational outreach

As part of providing care and managing clinic operations, we may contact you with appointment reminders, follow-up messages, information about treatment alternatives, health-related benefits or services that may be relevant to your care, or billing-related communications. These communications are generally permitted under HIPAA as part of treatment or healthcare operations, depending on the context.

If you have concerns about how or where we communicate with you, you may request confidential communications as described above.

Business associates

We may work with third-party vendors that help us perform services involving protected health information. These vendors are often called business associates under HIPAA. They may help with functions such as billing, practice management, transcription, information technology support, secure communications, record storage, or other operational services. When required by law, these vendors must agree to safeguard protected health information and handle it only as permitted.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with PrimaryCareIM by contacting us using the information below. You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

HHS specifically states that individuals may complain to their provider or directly to HHS if they believe their HIPAA rights have been violated.

Changes to this Notice

We reserve the right to change this Notice and to make the revised or changed notice effective for medical information we already have about you, as well as any information we receive in the future. If we make a material change to our privacy practices, we will revise this Notice and make the updated version available as required. HHS notes that covered entities must promptly revise and redistribute their notice when there is a material change to privacy practices.