Last Updated: January 2025HIPAA CompliantEffective Date: January 1, 2025
Our Commitment to Privacy
Garcia Family Medicine is committed to protecting the privacy and security of your personal health information. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with HIPAA (Health Insurance Portability and Accountability Act) and other applicable laws.
We understand that your health information is personal and sensitive. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to protect your personal health information. Your privacy is our priority, and we are committed to maintaining the highest standards of confidentiality.
HIPAA Compliance Statement
This Notice of Privacy Practices describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Information We Collect
We collect the following types of information to provide you with quality healthcare services:
Personal Information
Name, address, and contact information
Date of birth and Social Security number
Emergency contact information
Photo identification
Employment information
Medical Information
Medical history and current conditions
Diagnoses and treatment records
Laboratory and test results
Prescription and medication history
Immunization records
Financial Information
Insurance policy information
Billing and payment records
Credit card information for payments
Financial assistance documentation
Workers' compensation claims
Communications
Email and phone communications
Patient portal messages
Appointment scheduling information
Feedback and survey responses
Consent and authorization forms
How We Use Your Information
We use your personal health information for the following purposes:
Treatment Purposes
Provide comprehensive medical treatment and healthcare services
Coordinate care with other healthcare providers
Prescribe medications and order laboratory tests
Maintain accurate medical records
Contact you about appointments and health matters
Provide health education and preventive care information
Payment Purposes
Process membership payments and manage your account
Bill insurance companies when applicable
Verify insurance coverage and benefits
Collect copayments and deductibles
Process refunds when appropriate
Manage financial assistance programs
Healthcare Operations
Improve our services and patient care quality
Conduct quality assessment and improvement activities
Train staff and healthcare professionals
Comply with legal and regulatory requirements
Perform business planning and development
Conduct audits and compliance reviews
Information Sharing and Disclosure
We do not sell, rent, or share your personal health information with third parties except as required or permitted by law. Information may be disclosed in the following circumstances:
Authorized Disclosures
With Your Consent
Written authorization from you
Family members you designate
Personal representatives
Other healthcare providers for treatment
Health information exchanges
Required by Law
Court orders and subpoenas
Law enforcement investigations
Public health reporting
Abuse or neglect reporting
FDA adverse event reporting
Permitted Uses
Healthcare oversight activities
Research with proper safeguards
Organ donation coordination
Workers' compensation claims
Coroners and medical examiners
Emergency Situations
Medical emergencies
Disaster relief efforts
Serious threats to health/safety
National security activities
Protective services
Your Rights Under HIPAA
Under HIPAA, you have important rights regarding your personal health information:
Right to Access
Request copies of your medical records
Review your health information
Receive electronic copies when available
Designate third parties to receive copies
Response within 30 days of request
Right to Amend
Request corrections to your records
Add statements to your file
Dispute inaccurate information
Receive written response to requests
Appeal denied amendment requests
Right to Restrict
Limit uses and disclosures
Restrict information shared with family
Opt out of facility directories
Request confidential communications
Choose communication methods
Right to Account
List of disclosures made
Six-year disclosure history
Purpose of each disclosure
Recipients of information
First request free annually
Exercising Your Rights
To exercise any of these rights, please contact our Privacy Officer. We will respond to your request within 30 days as required by law. Some requests may require written documentation.
Data Security Measures
We implement comprehensive safeguards to protect your health information:
Physical Safeguards
Locked file cabinets and storage areas
Restricted access to patient records
Visitor management and identification
Secure disposal and shredding services
Facility security and monitoring
Workstation security protocols
Technical Safeguards
Encryption of electronic health records
Secure servers and firewalls
Access controls and user authentication
Automatic logoff and screen locks
Regular security updates and patches
Audit logs and monitoring systems
Administrative Safeguards
Staff training on privacy and security
Business associate agreements
Minimum necessary access policies
Incident response procedures
Regular risk assessments
Workforce confidentiality agreements
Website Privacy
Our website collects certain information to improve your experience and our services:
Information Collection
Automatically Collected
IP addresses and browser information
Pages visited and time spent
Referring websites
Device and operating system
Geographic location (general)
Voluntarily Provided
Contact form submissions
Newsletter subscriptions
Appointment requests
Survey responses
Email communications
Cookies and Tracking
We use cookies and similar technologies to enhance your website experience. You can control cookie settings through your browser preferences. Essential cookies are required for website functionality, while optional cookies help us improve our services.
Third-Party Services
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing personal information.
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date.
Notification of Changes
Material changes posted on website
Notice provided at next appointment
Email notification for significant changes
60-day notice for material changes affecting PHI use
Right to receive paper copy of revised notice
Contact Information
If you have questions about this Privacy Policy or how we handle your information, please contact our Privacy Officer:
Privacy Officer
Organization: Garcia Family Medicine
Address: 801 NW St. Mary Drive, Blue Springs, MO 64015
If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. We will not retaliate against you for filing a complaint.
Filing Options
With Our Practice
Contact our Privacy Officer
Submit written complaint
Include date and details of concern
Response within 30 days
No retaliation for complaints
With HHS Office for Civil Rights
Address: 200 Independence Ave SW, Washington, DC 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr
Portal: ocrportal.hhs.gov
File within 180 days of violation
Your Rights Are Protected
Federal law prohibits retaliation against individuals who file complaints about privacy violations. We are committed to addressing your concerns promptly and professionally.
Effective Date: January 1, 2025 Last Revised: January 2025 Version: 2.0