HIPAA Compliance Statement For Pure IV Colorado

1. Introduction

At Pure IV Colorado ("we," "our," or "us"), we are dedicated to protecting the privacy, security, and confidentiality of all client Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and all applicable federal and state laws.

This HIPAA Compliance Statement explains how we collect, use, store, and protect your health-related information, as well as your rights regarding your PHI. By using our website (https://www.pureivcolorado.com/), scheduling an appointment, or receiving IV therapy services, you acknowledge and agree to the terms outlined in this policy.

2. What is Protected Health Information (PHI)?

PHI refers to any individually identifiable health information created, received, stored, or transmitted by Pure IV Colorado in relation to your healthcare services. This includes but is not limited to:

• Your full name, address, phone number, and date of birth
• Your medical history, treatment plans, and healthcare services received
• Your insurance and billing details
• Any other information that can identify you in a medical or healthcare context

We are required by law to maintain the privacy of your PHI and provide you with this statement outlining our legal duties and privacy practices.

3. How We Use and Disclose Your PHI

Pure IV Colorado may use or disclose PHI only as permitted under HIPAA, including:

3.1 Permitted Uses of PHI

• For Treatment: We use PHI to provide IV therapy services, assess medical history, coordinate care, and ensure safe administration of treatments.
• For Payment: We use PHI to process payments, verify insurance coverage, and manage billing for our services.
• For Healthcare Operations: We use PHI for quality assurance, staff training, compliance monitoring, and administrative record-keeping.
  

3.2 Limited Disclosures Without Client Consent

• For Treatment: We use PHI to provide IV therapy services, assess medical history, coordinate care, and ensure safe administration of treatments.
• For Payment: We use PHI to process payments, verify insurance coverage, and manage billing for our services.
• For Healthcare Operations: We use PHI for quality assurance, staff training, compliance monitoring, and administrative record-keeping.
  

3.3 Disclosures Requiring Written Authorization

For any PHI disclosures not covered under permitted uses, we will obtain your written authorization before sharing your information. Examples include:

• Marketing or promotional communications involving PHI
• Disclosure of PHI to third-party researchers
• Sharing PHI with individuals or organizations not involved in treatment, payment, or healthcare operations

You may revoke your authorization at any time by submitting a written request to Pure IV Colorado.

4. Your HIPAA Privacy Rights

As a client of Pure IV Colorado, you have the following rights under HIPAA:

4.1 Right to Access Your PHI

• You may request a copy of your medical records or treatment history.
• We will provide access within the legally required timeframe.
• A reasonable fee may apply for copies or record retrieval.
  

4.2 Right to Request Amendments

• If you believe your PHI is incorrect or incomplete, you may request an amendment.
• We will review your request and make necessary changes when appropriate.
  

4.3 Right to Restrict Disclosures

• You may request restrictions on how we use or disclose your PHI.
• We will accommodate reasonable requests unless legally required to disclose information.
  

4.4 Right to Confidential Communications

• You may request that we contact you via a specific method (e.g., phone, email, mail).
• We will honor reasonable requests to maintain privacy.
  

4.5 Right to an Accounting of Disclosures

• You may request a list of instances where your PHI was disclosed for non-routine purposes.
  

4.6 Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

• Pure IV Colorado’s Privacy Officer
• The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)

We do not tolerate retaliation against individuals who file HIPAA-related complaints. To exercise any of these rights, contact us using the information in Section 10.

5. How We Protect Your PHI

We have implemented multiple security measures to protect PHI from unauthorized access, use, or disclosure, including:

5.1 Administrative Safeguards

• HIPAA training for all employees handling PHI.
• Access controls to ensure only authorized personnel can view PHI.
• Policies and procedures regulating PHI storage, usage, and disposal.
  

5.2 Physical Safeguards

• Locked file storage for paper records containing PHI.
• Restricted access areas for medical and administrative personnel.
  

5.3 Technical Safeguards

• Encryption technology to protect digital PHI.
• Secure electronic health record (EHR) systems.
• Firewalls and security protocols to prevent unauthorized access.

If a data breach occurs, we will notify affected individuals as required by HIPAA’s Breach Notification Rule.

6. Third-Party Business Associates

Pure IV Colorado may contract with third-party Business Associates (e.g., payment processors, scheduling platforms) that require access to PHI.

All Business Associates must:

• Sign a Business Associate Agreement (BAA) ensuring HIPAA compliance.
• Follow strict confidentiality and security protocols.
  

7. HIPAA Breach Notification Policy

7.1 What Constitutes a HIPAA Breach?

A breach occurs when unauthorized access, use, or disclosure of PHI compromises its security or privacy.

7.2 Breach Response Protocol

If a breach occurs, we will:

• Investigate the incident and determine the extent of unauthorized access.
• Notify affected individuals as required by HIPAA within 60 days.
• Report the breach to the U.S. Department of Health and Human Services (HHS) if necessary.
• Implement corrective actions to prevent future occurrences.

Clients will be informed via email, phone, or written notification about the nature of the breach and any protective steps they should take.

8. Retention of Health Records

We retain medical records and PHI for the legally required period, after which they are securely disposed of in compliance with HIPAA regulations.

9. Changes to This HIPAA Compliance Statement

We reserve the right to update this HIPAA Compliance Statement as needed. Changes will be reflected on our website, and continued use of our services constitutes acceptance of the updated policy.

10. Contact Information

If you have any questions about this HIPAA Compliance Statement, need to exercise your rights regarding your Protected Health Information (PHI), or wish to file a complaint, please contact us:

• 📞 Phone: (833) 688-1299
• 🌐 Website: https://www.pureivcolorado.com/