HIPAA Notice of Privacy Practices

Effective Date: November 1, 2025

Last Updated: November 2, 2025

⚠️ Important Notice

This Notice describes how Diaspora Health and our healthcare providers may use and disclose your protected health information (PHI) and your rights concerning that information. Please read it carefully.

1. Who Must Follow This Notice

This Notice applies to Diaspora Health and all members of our workforce, including employees, contractors, and medical staff. We are required to follow the privacy practices described in this Notice, which are mandated by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

2. Definitions

Protected Health Information (PHI)

Any information in your medical record or health plan that can be used to identify you, including your name, address, phone number, date of birth, Social Security number, health conditions, medications, and healthcare provider information.

Psychotherapy Notes

Notes recorded (in any medium) by a mental health professional documenting conversations during a private, individual session that are segregated from the medical record.

Minimum Necessary

The principle that we use, request, and disclose only the amount of PHI reasonably necessary to accomplish the intended purpose.

3. How We May Use and Disclose Your PHI

3.1 Treatment

We may use and disclose your PHI to provide, coordinate, and manage your healthcare treatment and related services. This includes:

  • Diagnosing and treating medical conditions
  • Consulting with other healthcare providers
  • Coordinating care with specialists
  • Obtaining referrals

3.2 Payment

We may use and disclose your PHI to obtain payment for healthcare services and to track insurance coverage. This includes:

  • Verifying insurance coverage and eligibility
  • Processing claims and billing inquiries
  • Contacting your insurance company
  • Obtaining prior authorization

3.3 Healthcare Operations

We may use and disclose your PHI to support our business operations, including:

  • Quality improvement and performance evaluation
  • Training and education
  • Accreditation and licensing
  • Medical review and legal services
  • Compliance with federal and state laws
  • Fraud and abuse detection

3.4 Other Uses and Disclosures Requiring Your Authorization

We will not use or disclose your PHI for purposes not described in this Notice without your written authorization. Authorized uses include:

  • Marketing purposes
  • Psychotherapy notes
  • Fundraising activities
  • Research (beyond minimal-risk research)
  • Sale of PHI

3.5 Uses and Disclosures Without Authorization or Opportunity to Agree or Object

We may use and disclose your PHI without your authorization when required by law, including:

  • Public health activities (disease reporting)
  • Abuse, neglect, or domestic violence reporting
  • Health oversight activities
  • Judicial and administrative proceedings
  • Law enforcement purposes
  • Coroners and medical examiners
  • Funeral directors and cadaver donation
  • Research with appropriate authorization or waiver
  • Military and national security
  • Correctional institutions
  • Workers' compensation
  • Serious threat to health or safety

4. Your Rights Under HIPAA

4.1 Right to Access Your PHI

You have the right to inspect and obtain a copy of your medical records and health information. We will provide access within 30 days of your written request. You may request records in electronic format. We may charge a reasonable fee for copying and mailing costs.

4.2 Right to Request Amendment

You may request that we amend your medical records if you believe the information is inaccurate or incomplete. We will respond to your request within 60 days. We may deny your request if the information is accurate, was not created by us, or if other conditions apply. If denied, you may file a statement of disagreement.

4.3 Right to an Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your PHI made within the past six years. The accounting will include the date, recipient, and purpose of each disclosure. You are entitled to one accounting per year at no charge. Additional accountings may be subject to a fee.

4.4 Right to Request Restrictions

You may request restrictions on how we use and disclose your PHI. We are not required to agree to all requests, but we will consider your request. We will notify you of any restrictions we agree to and will comply with such restrictions.

4.5 Right to Request Confidential Communications

You may request that we communicate with you about your PHI using alternative means or locations (e.g., sending statements to a different address). We will accommodate reasonable requests at no additional cost.

4.6 Right to Receive Notice

You have the right to receive this Notice of Privacy Practices and to be notified of any changes to our privacy policies.

4.7 Right to Receive Breach Notification

If there is an unauthorized acquisition, access, use, or disclosure of your unsecured PHI that compromises your privacy or security, we will notify you of the breach without unreasonable delay and in no case later than 60 calendar days after discovery of the breach.

4.8 Right to File a Complaint

You may file a complaint with us or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights if you believe your privacy rights have been violated.

5. How We Protect Your PHI

We have implemented comprehensive physical, technical, and administrative safeguards to protect your PHI from unauthorized access, use, disclosure, modification, and destruction:

  • Physical Safeguards: Limited facility access, surveillance systems, and secure storage
  • Technical Safeguards: Encryption, secure passwords, firewalls, and intrusion detection systems
  • Administrative Safeguards: Workforce training, access controls, security policies, and incident response procedures
  • Risk Assessment: Regular security audits and vulnerability assessments
  • Vendor Management: Business Associate Agreements requiring contractor compliance

6. Minimum Necessary Standard

We follow the principle of "minimum necessary" when using, requesting, or disclosing your PHI. We use, request, and disclose only the amount of information reasonably necessary to accomplish the intended purpose. This includes:

  • Reviewing access requests and limiting disclosures
  • Training our workforce on minimum necessary practices
  • Implementing role-based access controls
  • Regularly reviewing disclosure practices

7. Business Associates

We work with business associates who have access to your PHI. We have Business Associate Agreements with all vendors that require them to maintain the confidentiality and security of your information and to use it only for the purposes specified.

8. Requesting Your Rights or Filing a Complaint

To exercise any of your rights under this Notice or to file a complaint about our privacy practices:

Diaspora Health

HIPAA Privacy Officer

Email: info@diasporahealth.com

Address: 4357 Demedici Ave, Jacksonville FL 32210

Phone: 415 843 1702

Response time: Within 30 days of receiving your request

File a Complaint with HHS

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights:

U.S. Department of Health and Human Services

Office for Civil Rights

Website: www.hhs.gov/ocr

Phone: 1-800-368-1019

Email: OCRComplaint@hhs.gov

9. Changes to This Notice

We reserve the right to change this Notice. We will provide you with a new Notice at your next appointment or upon request. We will also post changes on our website and notify you of material changes as required by law.

© 2025 Diaspora Health. All rights reserved. This Notice complies with HIPAA Privacy Rule (45 CFR §§ 164.500-164.534) and HITECH Act requirements.