Skip to main content


In accordance with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the organization is required to inform you of its practices in relation to the protected health information that it maintains about you. HIPAA mandates minimum standards that a covered entity such as the organization must maintain in relation to your protected health information. This Notice of Uses is being provided to help you understand how the organization meets these minimum standards. It is also meant to inform you of the ways that the organization may use the personal information it collects about you and how it may disclose it. 


When you receive care from a healthcare provider, a record of that treatment is made. This record will typically contain information on your diagnosis, treatment, and future plan of treatment and is often collectively referred to as your medical record. This medical record includes protected health information and lays the foundation for determining your plan of care and treatment and allows for a successful means of communication between all healthcare professionals that contribute to your care. 

HIPAA protects information found in your medical record from disclosure without your authorization. The information protected by HIPAA includes: 

1. Any information related to your past, present or future physical or mental health; 2. The past, present or future payment for health services you have received; 3. The specific care that you have received, are receiving or will receive; 4. Any information that identifies you as the individual receiving the care; and 5. Any information that someone could reasonably use to identify you as receiving the care. 6. Any genetic information about an individual for underwriting purposes. 

This information is referred to as Protected Health Information throughout this Notice. 


As a Covered Entity, the organization is required to inform you of how it may use your protected health information. In providing treatment to you, the organization will use your protected health information for the purposes of treatment, payment and healthcare operations. 

Treatment – As it pertains to the organization, treatment means providing to you drugs, medications, supplies and durable medical equipment services as ordered by your physician. Treatment also includes coordination and consultation with your physician and other health care providers. As the organization provides these services to you, information obtained during this process will be recorded in your medical record. the organization will use this information, in coordination with your physician, to determine the best course of treatment for you. 

Payment – Payment purposes consist of activities required to obtain reimbursement from your insurance carrier for the services ordered by your physician and provided to you by the organization. This includes, but is not limited to, copay assistance, eligibility determination, pre-certification, billing and collection activities, obtaining documentation required by your insurer, and when applicable, disclosure of limited information to consumer reporting agencies. 

Healthcare operations – Operations can include, but are not limited to, review of your protected health information by members of the organization’s professional healthcare staff to ensure compliance with all federal and state regulations. This information will then be utilized to continually improve the quality and effectiveness of the services provided to you by the organization. Healthcare operations also include the organization’s business management and general administrative activities. 


In order to release information contained in your medical record for purposes other than treatment, payment or healthcare operations, the organization must obtain a specific signed authorization from you. You may revoke such authorization at any time, except to the extent the organization has taken action in reliance on the authorization. 

There are a limited number of other uses and disclosures of protected health information that do not require a specific authorization from you. the organization may in the following circumstances disclose your protected health information. 

1. the organization may disclose limited health information about you to notify local agencies (i.e. power, gas, phone company, and emergency medical services), in the event of an emergency (i.e. flood, hurricanes, etc.), of your need for life sustaining equipment or assistance in evacuation due to your medical condition. 2. the organization may disclose to a member of your family, other relative, or a close personal friend, or any other person identified by you, the protected health information directly relevant to such person’s involvement with your care or payment related to your health care. 3. the organization may disclose protected health information to others as required by law. 4. the organization may disclose protected health information for certain public health activities and purposes. 5. the organization may disclose protected health information to a legally-authorized government authority, such as a social service or protective services agency, if we reasonably believe you are a victim of abuse, neglect or domestic violence. 6. the organization may disclose protected health information for law enforcement purposes and in response to court orders or NOTICE OF USES – PROTECTED HEALTH INFORMATION (CONTINUED) 

subpoenas. 7. the organization may disclose protected health information to agencies authorized by law to conduct health oversight activities, including audits, investigations, licensing and similar activities. 8. the organization may disclose protected health information to attorneys, accountants, and others acting on behalf of the organization, provided they have signed written contracts agreeing to safeguard the confidentiality of the information. 


In accordance with HIPAA you have the following rights in relation to your protected health information. 

1. You may request, in writing, additional restrictions to the use or disclosure of your protected health information; however, the organization is not required to agree to the requested restrictions. 2. You have the right to request amendments to your medical record. 3. You have the right to obtain a copy of this Notice of Uses. 4. You have the right of access to inspect and obtain a copy of your medical record, subject to certain limitations. 5. You have the right to obtain an accounting of disclosures of your medical record for purposes other than treatment, payment and healthcare operations. 6. You have the right to request communications of your medical record by alternative means (i.e. electronically) or at alternative locations. 7. You have the right to revoke authorization to use or disclose your protected health information except to the extent that action has already occurred. 


In accordance with HIPAA, the organization is required to: 

1. Maintain the confidentiality of your protected health information. Your state laws may provide more protection than the federal laws and, in that case, we will abide by the more restrictive statute. 2. Provide you with notice of our legal obligations and privacy practices regarding information it may accumulate about you and is obligated to abide by the terms of this notice. 3. Notify you if it is unable to agree to a requested restriction, and make every effort to accommodate reasonable requests for communication of health information by alternative means. 4. Post its Notice of Uses on its website. 5. Notification of Breach of PHI to affected individuals of any unauthorized acquisition, access, use, or disclosure of unsecured PHI without unreasonable delay but not later than 60 calendar days after discovery. 

Please be advised that in addition to these responsibilities, the organization reserves the right to change the terms of its Notice of Uses and make those changes applicable to all protected health information maintained at that time. If there is a change to its Notice of Uses, it will provide you with a revised notice to the most recent address you have supplied to the organization. 

the organization will not use or disclose your protected health information without your authorization, except as described in this notice. 


If you have questions, would like additional information or, if you suspect misuse of your protected health information and believe that your rights have been violated, you may, without fear of retaliation, contact: 

Privacy Officer 
320 South Polk Street, Suite 900 Amarillo, TX 79101
1 (800) 658-6146 


The Office of Civil Rights 
U.S. Department of Health & Human Services 200 Independence Avenue SW Room 509F HHH Building Washington D.C. 20201 
1 (800) 368-1019 

Document Metadata 

Document Name: Enterprise Information Privacy and Security – Notice of Uses.doc 

Policy Number: 1013A 

Original Location: /Maxor 

Created on: 08/01/2017 

Published on: 09/10/2019 

Last Review on: 02/01/2019 

Next Review on: 02/01/2020 

Effective on: 02/01/2019 


Killgore-Lannan, Chris 
Director of Privacy and Compliance 

Committee / Policy Team: Compliance 

Owner/SME: Killgore-Lannan, Chris 
Director of Privacy and Compliance 

Manager: Killgore-Lannan, Chris 
Director of Privacy and Compliance 

Approver(s): Killgore-Lannan, Chris 
Director of Privacy and Compliance