HIPAA Compliance Statement For Pure IV New Mexico
Effective Date: 01/21/2025 | Last Updated: 01/21/2025
1. Introduction
At Pure IV New Mexico ("we," "our," or "us"), we are committed to protecting the privacy, security, and confidentiality of our clients' Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and all applicable federal and state privacy laws.
This HIPAA Compliance Statement explains how we collect, use, store, and protect your health-related data and outlines your privacy rights regarding your medical information.
By using our website, booking an appointment, or receiving IV therapy services, you acknowledge and accept the terms outlined in this policy.
2. What is Protected Health Information (PHI)?
Under HIPAA, Protected Health Information (PHI) refers to any individually identifiable health information related to
- Your physical or mental health condition (past, present, or future).
- Healthcare services you have received or will receive.
- Payment details related to your healthcare services.
PHI includes, but is not limited to:
- Your full name, address, phone number, and date of birth.
- Your medical history, treatments, and health records.
- Your insurance and billing information.
- Any other data that
can be used to identify you in a medical or healthcare context.
We follow HIPAA guidelines to ensure that this information remains private and secure
3. How We Use and Disclose Your PHI
3.1 Permitted Uses of PHI
Pure IV New Mexico may use and disclose your PHI only as permitted under HIPAA regulations, including:
- For Treatment: To provide IV therapy, coordinate care with medical professionals, and ensure the safest and most effective treatment.
- For Payment: To process payments for services rendered, submit insurance claims, and handle billing inquiries.
- For Healthcare Operations: To evaluate service quality, train staff, and improve our IV therapy offerings.
3.2 Limited Disclosures Without Patient Consent
We do not sell or share your PHI for marketing purposes. However, under certain circumstances, we may be required to disclose your PHI without your explicit consent, such as:
- Legal Requirements: If mandated by law, court order, or government agency.
- Public Health Reporting: To report communicable diseases, infections, or public health concerns.
- Medical Emergencies: If disclosure is necessary to prevent a serious and immediate health risk.
- Law Enforcement Requests: In cases of criminal investigations, fraud prevention, or threats to public safety.
Outside of these permitted scenarios, we will not disclose your PHI without your written authorization.
4. Your HIPAA Privacy Rights
Under HIPAA, you have specific rights regarding your PHI, including:
4.1 Right to Access Your PHI
- You have the right to inspect, review, and obtain a copy of your medical records.
- Requests must be submitted
in writing, and we will provide access within the legally required timeframe.
4.2 Right to Request Amendments
- If you believe your medical records contain inaccurate or incomplete information, you may request a correction or amendment.
- We will evaluate your request and make necessary updates, unless restricted by law.
4.3 Right to Restrict Disclosures
- You may request limitations on how we use or disclose your PHI.
- While we strive to accommodate reasonable requests, certain legal and operational requirements may override these restrictions.
4.4 Right to Confidential Communications
- You may request that we communicate with you in a specific way (e.g., only via phone, only via email).
- We will honor reasonable requests that do not interfere with our ability to provide care.
4.5 Right to an Accounting of Disclosures
- You have the right to request a list of certain disclosures of your PHI, excluding those made for treatment, payment, and healthcare operations.
4.6 Right to File a Complaint
- If you believe your privacy rights have been violated, you may file a complaint with:
- Pure IV New Mexico’s Privacy Officer
- The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)
- We
do not tolerate retaliation against individuals who file HIPAA-related complaints.
To exercise any of these rights, please contact us using the information in
Section 10.
5. How We Protect Your PHI
We implement stringent administrative, technical, and physical safeguards to ensure the confidentiality and security of your PHI.
5.1 Administrative Safeguards
- Employee Training: All staff members undergo regular HIPAA compliance training.
- Access Controls: Only authorized personnel have access to PHI.
- Policies & Procedures: Strict internal policies regulate PHI handling and security.
5.2 Physical Safeguards
- Secure Storage: Paper records are kept in locked, access-restricted locations.
- Access Restrictions: Only designated personnel can enter secure areas where PHI is stored.
5.3 Technical Safeguards
- Data Encryption: Electronic PHI (ePHI) is encrypted during storage and transmission.
- Secure Networks: Firewalls and security protocols protect against unauthorized access.
- HIPAA-Compliant Communication: PHI is shared only through
secure, encrypted channels.
While we implement these safeguards, no system is 100% secure. In the event of a security breach, we will notify affected individuals as required by HIPAA’s Breach Notification Rule.
6. Third-Party Service Providers
We may work with third-party vendors (e.g., payment processors, scheduling platforms) who require limited access to PHI. These vendors must:
- Sign a Business Associate Agreement (BAA) ensuring HIPAA compliance.
- Follow strict
confidentiality and security protocols.
7. HIPAA Breach Notification Policy
7.1 What Constitutes a HIPAA Breach?
A breach occurs when unauthorized access, use, or disclosure of PHI compromises its security or privacy.
7.2 Breach Response Protocol
If a breach occurs, we will:
- Investigate the incident and determine the extent of unauthorized access.
- Notify affected individuals as required by HIPAA within 60 days.
- Report the breach to the U.S. Department of Health and Human Services (HHS) if necessary.
- Implement corrective actions to prevent future occurrences.
Clients will be informed via email, phone, or written notification about the nature of the breach and any protective steps they should take.
8. Retention of Health Records
We retain medical records and PHI for the legally required period, after which they are securely disposed of in compliance with HIPAA regulations.
9. Changes to This HIPAA Compliance Statement
We reserve the right to update this HIPAA Compliance Statement as needed. Changes will be reflected on our website, and continued use of our services constitutes acceptance of the updated policy.
10. Contact Information
For HIPAA-related inquiries, requests, or concerns, please contact:
Pure IV New Mexico
📞 Phone: (833) 688-1299
If you believe your privacy rights have been violated, you may also file a complaint with:
Office for Civil Rights (OCR), U.S. Department of Health & Human Services
🌐 Website: www.hhs.gov/ocr/
Contact Us
New Mexico, United States
8AM - 8PM (Mobile Only)
Quick Links
Payment Method
We accept cash and all major credit cards. Our services are also HSA & FSA (Health/Flexible Savings Account) approved!
©2024 Pureivnewmexico.com | All rights reserved | Powered by OMG Marketing
