top of page

Privacy Policy 

Privacy Policy for [Your Health Consulting Business Name]

Effective Date:  May 26, 2025

At Genesis Health ("we," "us," or "our"), we are committed to protecting the privacy and security of your personal information, including Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in compliance with HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act, and other applicable federal and state laws.

1. Scope of This Policy

This Privacy Policy applies to all personal information and PHI we collect from or about you when you engage with our health consulting services, including through our website (www.genesis4pd.com), in-person consultations, telehealth services, or other interactions. We are a covered entity under HIPAA, as we provide health consulting services and transmit health information electronically in connection with certain transactions.

2. Information We Collect

We may collect the following types of information:

  • Protected Health Information (PHI): Information about your health, medical conditions, treatments, or payment for healthcare services that can be linked to you (e.g., name, address, date of birth, medical history, diagnosis, treatment plans, billing information).

  • Personal Information: Contact details (e.g., email, phone number), demographic information, and payment information.

  • Non-Personal Information: De-identified or aggregated data that cannot be linked to an individual, such as statistical data used for research or quality improvement.

  • Usage Data: Information about how you interact with our website or digital platforms, such as IP addresses, browser type, or pages visited, as permitted by law.

3. How We Collect Information

We collect information:

  • Directly from You: When you provide it during consultations, through forms, or via email, phone, or our website.

  • From Third Parties: From healthcare providers, insurers, or business associates with your consent or as permitted by law.

  • Automatically: Through website analytics tools (e.g., cookies) that collect non-PHI usage data, as described in our Cookie Policy (if applicable).

4. How We Use Your Information

We use your information, including PHI, for the following purposes as permitted or required by HIPAA and other laws:

  • Treatment: To provide, coordinate, or manage your healthcare, including consultations and referrals to other providers.

  • Payment: To process billing, insurance claims, or other payment-related activities.

  • Healthcare Operations: For activities such as quality improvement, staff training, audits, or business management.

  • Legal Compliance: To comply with federal, state, or local laws, including reporting requirements (e.g., public health reporting, court orders).

  • With Your Consent: For purposes not covered by HIPAA exemptions, such as marketing or sharing with third parties outside our business associates, where you provide explicit authorization.

  • De-Identified Data: For research, analytics, or other purposes where information cannot be linked to you.

We adhere to the Minimum Necessary Standard, using or disclosing only the minimum amount of PHI needed to accomplish the intended purpose, except in cases exempt under HIPAA (e.g., treatment, disclosures to you, or disclosures required by law).

5. How We Disclose Your Information

We may disclose your PHI or personal information in the following circumstances:

  • To You or Your Representative: Upon your request or to your authorized personal representative.

  • For Treatment, Payment, or Healthcare Operations: As described above, without additional authorization.

  • To Business Associates: To third parties (e.g., billing services, IT providers) under a Business Associate Agreement (BAA) that ensures they protect your PHI in compliance with HIPAA.

  • As Required by Law: For public health reporting, court orders, or law enforcement requests, as permitted by HIPAA or other laws.

  • With Authorization: For disclosures not covered by HIPAA exemptions, we will obtain your written authorization, which you may revoke at any time in writing.

  • De-Identified Data: We may share data that has been de-identified in accordance with HIPAA standards, ensuring it cannot be linked to you.

We do not sell or rent your PHI or personal information to third parties for marketing or other purposes without your explicit consent.

6. Your Rights Under HIPAA

Under the HIPAA Privacy Rule, you have the following rights regarding your PHI:

  • Access: You may request access to or a copy of your PHI. We may charge a reasonable fee for copying or mailing.

  • Amendment: You may request corrections to your PHI if you believe it is inaccurate or incomplete.

  • Accounting of Disclosures: You may request a list of disclosures of your PHI made by us in the past six years, excluding disclosures for treatment, payment, healthcare operations, or those made with your authorization.

  • Restriction: You may request restrictions on how we use or disclose your PHI, though we are not required to agree to all requests.

  • Confidential Communications: You may request that we communicate with you in a specific way (e.g., at a different address or phone number).

  • Breach Notification: We will notify you, the Department of Health and Human Services (HHS), and, if applicable, the media in case of a breach of your unsecured PHI, as required by the HITECH Act.

To exercise these rights, contact our Privacy Officer at [Insert Contact Information].

7. Safeguards for Protecting Your Information

We implement administrative, technical, and physical safeguards to protect your PHI and personal information, as required by the HIPAA Security Rule:

  • Administrative Safeguards: Workforce training, policies, and procedures to prevent unauthorized access or disclosure.

  • Technical Safeguards: Encryption, secure messaging, and access controls to protect electronic PHI (ePHI).

  • Physical Safeguards: Secure storage and access controls for physical records and facilities.

We mitigate any harmful effects from improper use or disclosure of PHI and apply sanctions against workforce members who violate our policies or HIPAA.

8. Business Associates

We engage business associates (e.g., billing services, IT vendors) who perform functions involving PHI. All business associates sign a Business Associate Agreement to ensure they comply with HIPAA privacy and security standards.

9. State and Other Federal Laws

In addition to HIPAA, we comply with state laws that provide greater privacy protections or additional rights regarding your health information. For example, some states have specific requirements for mental health records, HIV/AIDS information, or minors’ health information. Where state laws are more stringent, they take precedence over HIPAA.

We also comply with other federal laws, such as the Federal Trade Commission Act (FTC Act) for non-PHI consumer data and the Privacy Act of 1974 for certain federal records, if applicable.

10. Data Retention and Destruction

We retain your PHI and personal information only as long as necessary to fulfill the purposes outlined in this policy or as required by law. When no longer needed, we securely destroy or de-identify information in accordance with HIPAA and our data retention policies.

11. Website and Digital Platforms

If you interact with our website or digital platforms, we may collect non-PHI usage data (e.g., IP addresses, browser types) as described in our Cookie Policy (if applicable). We do not collect PHI through our website unless you voluntarily provide it (e.g., through a contact form). Any PHI transmitted electronically is protected with encryption and secure channels.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website or through other appropriate means. The updated policy will take effect on the date specified.

13. Complaints and Contact Information

If you believe your privacy rights have been violated, you may file a complaint with us or the U.S. Department of Health and Human Services Office for Civil Rights (OCR):

  • Our Privacy Officer: [Insert Name, Address, Phone, Email]

  • HHS OCR: Visit www.hhs.gov/hipaa or call (800) 368-1019.

We will not retaliate against you for filing a complaint.

14. Additional Information

For more details on your health information privacy rights or HIPAA, visit the HHS Office for Civil Rights website at www.hhs.gov/hipaa.[](https://www.hhs.gov/foia/privacy/index.html)

1008 Manhattan Dr. Denton Tx 76209

Tel: 1 250 486 2097

  • White Facebook Icon
  • White Twitter Icon
bottom of page