EZ Care Telehealth Notice of Privacy Practices

EZ Care Telehealth (“we,” “us,” or “our”) is committed to protecting the privacy of your health information. As a healthcare provider offering both telemedicine services and in-person clinic visits in the state of Texas, we are required by federal and state laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Texas Medical Records Privacy Act (Texas HB 300), and other applicable regulations, to maintain the confidentiality of your Protected Health Information (PHI). PHI includes any information about your health, healthcare services provided to you, or payment for your healthcare that can be linked to you as an individual.

This Notice of Privacy Practices (NPP) explains our privacy practices, your rights regarding your PHI, and how we may use or disclose your PHI for treatment, payment, healthcare operations, and other purposes permitted or required by law. It applies to all records of your care generated by EZ Care Telehealth, whether in electronic or paper form, including those created during telemedicine consultations (via secure video, audio, or other electronic means) or in-person visits at our clinics.

We are required to abide by the terms of this Notice currently in effect. However, we reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. If we make a material change, we will provide you with a revised Notice on our website (www.ezcaretelehealth.com, if applicable), at our facilities, or upon request. The revised Notice will apply to all PHI we maintain, regardless of when it was created or received.

Uses and Disclosures of Your PHI Without Your Authorization

We may use or disclose your PHI without your written authorization for the following purposes:

1. For Treatment

We may use or disclose your PHI to provide, coordinate, or manage your healthcare and related services. This includes sharing information with physicians, nurses, technicians, or other healthcare professionals involved in your care, whether through in-person visits or telemedicine platforms.

• Examples: A doctor may share your medical history with a specialist during a telemedicine referral. During an in-person visit, we may consult with pharmacists or labs. For telemedicine, we use secure, HIPAA-compliant platforms to transmit PHI electronically, such as video conferencing or secure messaging, to facilitate remote consultations.

2. For Payment

We may use or disclose your PHI to obtain payment for services we provide or to determine eligibility or coverage.

• Examples: Submitting claims to your insurance company, including details of your diagnosis and treatment, or verifying benefits for telemedicine or in-person services. We may also disclose PHI to billing companies or collection agencies if necessary.

3. For Healthcare Operations

We may use or disclose your PHI for our internal operations to ensure quality care.

• Examples: Quality assessments, auditing, staff training, compliance reviews, or business planning. This may include de-identified data for research or population health management. For telemedicine, this could involve evaluating the effectiveness of our remote care platforms.

Under Texas law (including HB 300), permissible disclosures without authorization are limited to treatment, payment, healthcare operations, and certain insurance activities. We comply with these stricter standards, which may prohibit some uses allowed under federal HIPAA, such as certain public health or research disclosures without your consent.

Other Permitted Uses and Disclosures

We may also use or disclose your PHI without authorization in the following situations, as permitted by HIPAA and Texas law:

• Appointment Reminders and Health-Related Services: To contact you about appointments, treatment alternatives, or other health benefits (e.g., via phone, email, or text, with your prior agreement where required).
• To Individuals Involved in Your Care: To family members, friends, or others involved in your care or payment, if you agree or do not object (or in emergencies based on professional judgment).
• Public Health Activities: For disease reporting, abuse/neglect notifications, or FDA-regulated product issues.
• Health Oversight Activities: To government agencies for audits, investigations, or licensing.
• Judicial and Administrative Proceedings: In response to court orders or subpoenas.
• Law Enforcement: For limited purposes, such as identifying suspects or reporting crimes.
• Coroners, Medical Examiners, and Funeral Directors: To identify deceased persons or determine cause of death.
• Organ Donation: To organ procurement organizations.
• Research: Under certain conditions, such as with Institutional Review Board approval.
• Serious Threats to Health or Safety: To prevent harm to you or others.
• Specialized Government Functions: For military, national security, or correctional purposes.
• Workers’ Compensation: As required by law.
• Disaster Relief: To organizations like the Red Cross for coordination.
• Business Associates: To contractors who assist us (e.g., IT vendors for telemedicine platforms), under agreements requiring them to protect your PHI.
• Required by Law: Any other use or disclosure mandated by federal, state, or local law.

For telemedicine services, we ensure all electronic transmissions comply with HIPAA Security Rules, using encrypted platforms. However, unencrypted communications (e.g., standard email or text) carry risks, and we recommend secure methods. Under Texas Senate Bill 1188 (effective 2025), all electronic health records are stored within the United States to enhance security.

Special protections apply to certain sensitive information, such as mental health records, HIV/AIDS test results, or substance use disorder records, which may require your authorization or a court order for disclosure, per federal (42 CFR Part 2) and Texas laws.

We apply the “minimum necessary” standard, disclosing only the information needed for the purpose.

Uses and Disclosures Requiring Your Authorization

For any use or disclosure not described above, we must obtain your written authorization. This includes:

• Most uses and disclosures of psychotherapy notes.
• Uses and disclosures for marketing purposes.
• Disclosures that constitute a sale of PHI.
• Reidentification of de-identified PHI (prohibited without authorization under Texas HB 300).

You may revoke an authorization in writing at any time, except to the extent we have already relied on it. Authorizations must comply with HIPAA and Texas requirements, including the use of standard forms where applicable.

Your Rights Regarding Your PHI

You have the following rights regarding your PHI:

1. Right to Inspect and Copy: You may request access to your PHI in our designated record sets (e.g., medical and billing records). We must respond within 30 days (or 15 days for electronic records under Texas HB 300). We may charge a reasonable fee. Access may be denied in limited cases (e.g., psychotherapy notes), but you can request a review of the denial.
2. Right to Amend: If you believe your PHI is incorrect or incomplete, you may request an amendment. We must respond within 60 days and may deny the request if the information is accurate or not created by us. Denied amendments will be appended to your record.
3. Right to an Accounting of Disclosures: You may request a list of disclosures made in the past 6 years (not including those for treatment, payment, operations, or with your authorization). The first request in a 12-month period is free.
4. Right to Request Restrictions: You may request restrictions on uses or disclosures (e.g., to your insurer if you pay out-of-pocket in full). We are not required to agree, except for certain restrictions under HIPAA.
5. Right to Request Confidential Communications: You may request alternative means or locations for receiving PHI (e.g., a specific email for telemedicine follow-ups). We will accommodate reasonable requests.
6. Right to a Paper Copy of This Notice: Available upon request, even if you agreed to receive it electronically.
7. Right to Breach Notification: We will notify you of any unsecured breach of your PHI, as required by HIPAA and Texas law (including notifications to the Texas Attorney General for breaches affecting 250 or more residents).

Our Legal Duties

• We are required by law to maintain the privacy and security of your PHI.
• We must notify you following a breach of unsecured PHI.
• We must abide by this Notice and provide it to you.
• Under Texas HB 300, we provide enhanced protections, including limitations on electronic disclosures and mandatory staff training on privacy laws.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. Contact our Privacy Officer for details. There will be no retaliation for filing a complaint.

Privacy Officer Contact Information:

Privacy Officer

EZ Care Telehealth

1333 W. McDermott Dr. Suite 200 Allen, TX 75013. 

Phone: 972-818-5560

Email: privacy@ezcaretelehealth.com

For HHS complaints:

U.S. Department of Health and Human Services

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, D.C. 20201

Phone: (800) 368-1019

Website: www.hhs.gov/ocr

This Notice complies with current 2025 standards for HIPAA, Texas telemedicine regulations (e.g., Texas Occupations Code Chapter 111 requiring secure platforms and informed consent), and the Texas Medical Records Privacy Act. For telemedicine, we obtain your informed consent (verbal or written, documented in records) before services, explaining potential privacy risks of electronic delivery.