Your Information. Your Rights. Our Responsibilities. (Available to U.S. residents while physically located in the United States.)
Effective Date: November 21, 2025
Last Updated: November 21, 2025
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
This Notice of Privacy Practices should be read in conjunction with our Terms of Service. In case of any conflict between these documents, this Privacy Policy controls for health information privacy matters.
Texas Residents: Separate Electronic Disclosure Notice
If you are a Texas resident, you have additional rights under Texas law regarding electronic health information. Please review our comprehensive Texas Electronic Disclosure Notice for complete details.
This notice describes the privacy practices of the entities participating in the HealthyDoc Affiliated Covered Entity, including HealthyDoc Healthcare Partners PC, OpenLoop Healthcare Partners PC, Rezilient OLH, PA, and OpenLoop Healthcare Partners California, PC. For purposes of complying with HIPAA, the above-designated entities, which are under common ownership and control, have designated themselves an affiliated covered entity.
Your Rights
You have the right to:
Get a copy of your paper or electronic medical record
Correct your paper or electronic medical record
Request confidential communication
Ask us to limit the information we share
Get a list of those with whom we've shared your information
Get a copy of this privacy notice
Choose someone to act for you
File a complaint if you believe your privacy rights have been violated
Your Choices
You have some choices in the way that we use and share information as we:
Tell family and friends about your condition
Provide disaster relief
Include you in a hospital directory
Provide mental health care
Market our services and sell your information
Raise funds
Our Uses and Disclosures
We may use and share your information as we:
Treat you
Run our organization
Bill for your services
Help with public health and safety issues
Do research
Comply with the law
Respond to organ and tissue donation requests
Work with a medical examiner or funeral director
Address workers' compensation, law enforcement, and other government requests
Respond to lawsuits and legal actions
Your Rights (Detailed)
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
Response Timeframes:
Texas residents requesting electronic records: 15 business days (Texas HB 300 requirement)
All other requests: 30 days (HIPAA standard)
We may extend this deadline by 30 days with written notice if we need more time
What is a Designated Record Set?
Your "designated record set" includes all the health and billing records that we use to make decisions about your care. This is what you have the right to access under HIPAA.
Included in your designated record set:
Medical records and clinical notes
Prescription records and medication history
Lab results and diagnostic reports
Billing and payment records
Consultation summaries and treatment plans
Electronic health records (EHR) data
NOT included (exceptions):
Psychotherapy notes kept separate from medical records
Information compiled in anticipation of litigation
Certain research records
Information obtained from someone other than a healthcare provider under a promise of confidentiality
Ask us to correct your medical record
You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
We may say "no" to your request, but we'll tell you why in writing within 60 days.
Request confidential communications
You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
We will say "yes" to all reasonable requests.
Ask us to limit what we use or share
You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say "no" if it would affect your care.
If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say "yes" unless a law requires us to share that information.
Get a list of those with whom we've shared information
You can ask for a list (accounting) of the times we've shared your health information for six years prior to the date you ask, who we shared it with, and why.
We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We'll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
You can complain if you feel we have violated your rights by contacting us using the information below.
You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
We will not retaliate against you for filing a complaint.
Your Choices (Detailed)
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
Share information with your family, close friends, or others involved in your care
Share information in a disaster relief situation
Include your information in a hospital directory
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
In these cases we never share your information unless you give us written permission:
Marketing purposes
Sale of your information
Most sharing of psychotherapy notes
In the case of fundraising:
We may contact you for fundraising efforts, but you can tell us not to contact you again.
Our Uses and Disclosures (Detailed)
How do we typically use or share your health information?
We typically use or share your health information in the following ways:
Treat you
We can use your health information and share it with other professionals who are treating you.
Example: A doctor treating you for an injury asks another doctor about your overall health condition.
Run our organization
We can use and share your health information to run our practice, improve your care, and contact you when necessary. We might send you appointment reminders by email or text, or leave messages on an answering machine.
Example: We use health information about you to manage your treatment and services.
Bill for your services
We can use and share your health information to bill and get payment from health plans or other entities.
Example: We give information about you to your health insurance plan so it will pay for your services.
How else can we use or share your health information?
We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
Help with public health and safety issues
We can share health information about you for certain situations such as:
Preventing disease
Helping with product recalls
Reporting adverse reactions to medications
Reporting suspected abuse, neglect, or domestic violence
Preventing or reducing a serious threat to anyone's health or safety
Do research
We can use or share your information for health research.
Comply with the law
We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we're complying with federal privacy law.
Respond to organ and tissue donation requests
We can share health information about you with organ procurement organizations.
Work with a medical examiner or funeral director
We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
Address workers' compensation, law enforcement, and other government requests
We can use or share health information about you:
For workers' compensation claims
For law enforcement purposes or with a law enforcement official
With health oversight agencies for activities authorized by law
For special government functions such as military, national security, and presidential protective services
Respond to lawsuits and legal actions
We can share health information about you in response to a court or administrative order, or in response to a subpoena.
Artificial Intelligence Use Disclosure
Artificial Intelligence (AI) Use Disclosure
Required by Texas Law: This notice discloses our use of artificial intelligence systems in healthcare services as required by Texas TRAIGA and SB 1188.
AI Does NOT Replace Your Healthcare Provider
Important: All artificial intelligence systems used in this platform serve as decision support tools only. AI does not make final clinical decisions.
Every diagnosis is made by a licensed healthcare provider
Every prescription is authorized by a licensed physician
Every treatment plan is reviewed and approved by qualified medical professionals
Every clinical decision involves human medical expertise and judgment
Last Updated: November 18, 2024 | Effective Date: January 1, 2026 (TRAIGA) / September 1, 2025 (SB 1188)
This disclosure may be updated to reflect changes in our AI systems or regulatory requirements. Material changes will be communicated to users via email and prominent notice on our platform.
AI Responsible Use & Governance Framework
Our commitment to safe, ethical, and effective AI use in healthcare delivery, as required by Texas TRAIGA.
Our AI Governance Commitment
HealthyDoc operates under a comprehensive AI governance framework designed to ensure our artificial intelligence systems enhance patient care while maintaining the highest standards of safety, equity, and accountability. This framework is overseen by our AI Governance Committee, which includes clinical leadership, technology experts, legal counsel, and patient advocates.
AI Governance Committee
Our AI Governance Committee meets quarterly to review AI system performance, address concerns, and ensure ongoing compliance with regulatory requirements. The committee includes:
Chief Medical Officer: Ensures clinical safety and effectiveness
Chief Technology Officer: Oversees technical implementation and security
Patient Advocate: Represents patient interests and concerns
AI Ethics Advisor: Provides guidance on ethical AI use in healthcare
Committee Responsibilities:
Review quarterly AI performance metrics and bias audits
Evaluate and approve new AI systems or significant updates
Investigate AI-related incidents or patient concerns
Update AI governance policies based on emerging best practices
Ensure compliance with evolving regulatory requirements
Continuous Improvement Process
We continuously improve our AI systems through systematic evaluation and feedback:
Monthly Performance Reviews: Analysis of AI accuracy, provider agreement rates, and patient outcomes
Quarterly Bias Audits: Statistical analysis of AI recommendations across demographic groups
Provider Feedback Integration: Regular surveys and feedback sessions with clinical staff using AI tools
Patient Feedback Monitoring: Analysis of patient satisfaction and concerns related to AI use
Industry Best Practice Updates: Continuous monitoring of emerging AI safety standards and guidelines
Model Updates & Testing: Rigorous testing of AI model updates before deployment to production
Report AI Concerns or Questions
We take all concerns about AI performance, bias, or safety seriously. If you experience or observe any of the following, please report it to our AI Governance team:
AI recommendations that appear biased or discriminatory
AI output that contradicts medical knowledge or clinical guidelines
Concerns about privacy or security of AI data processing
AI errors that affected your care or consultation experience
Questions about how AI is used in your specific case
Mail: HealthyDoc AI Governance Committee, [Address]
All reports are reviewed within 5 business days. Serious safety concerns receive immediate attention.
Policy Version: 1.0 | Last Updated: November 18, 2024 | Effective Date: January 1, 2026 (TRAIGA)
This AI Responsible Use Policy is maintained in compliance with Texas TRAIGA requirements for AI governance transparency. Updates to this policy will be communicated to users and made available on our website.
Electronic Health Information Access (Texas Residents)
Texas Electronic Health Information Access Rights
Notice Required Under Texas Health and Safety Code Chapter 181
Texas residents have the right to access their electronic health information.
Response Timeframe: Under Texas law, we will provide access to your electronic health information within 15 business days of receiving your written request.
What You Can Request:
Electronic copies of your medical records
Laboratory test results and imaging reports
Treatment plans and clinical notes
Prescription and medication history
Any other protected health information we maintain
Mail: My Healthy Doc, 625 Kenmoor Ave SE Ste 350, PMB 49440, Grand Rapids, MI 49546-2395
Fees: We may charge a reasonable, cost-based fee for copies of your records. You will be notified of any fees before we fulfill your request.
Legal Reference: This notice is provided in compliance with Texas Health and Safety Code Chapter 181, as amended by House Bill 300. For questions about your Texas privacy rights, please contact our Privacy Officer using the information above.
Our Responsibilities
We are required by law to maintain the privacy and security of your protected health information.
We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
We must follow the duties and privacy practices described in this notice and give you a copy of it.
We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Security Safeguards
How We Protect Your Health Information
We implement comprehensive administrative, physical, and technical safeguards to protect your protected health information (PHI) in compliance with HIPAA Security Rule requirements.
Administrative Safeguards
Security Training: All workforce members receive HIPAA security awareness and training before accessing PHI
Access Controls: Role-based access ensures employees only access PHI necessary for their job functions
Policies and Procedures: Comprehensive privacy and security policies govern all PHI handling
Business Associate Agreements: All vendors with PHI access sign HIPAA-compliant BAAs
Incident Response: Formal breach notification and incident response procedures
Risk Assessments: Regular security risk assessments to identify and mitigate vulnerabilities
Physical Safeguards
Secure Data Centers: All PHI stored in SOC 2 Type II certified data centers with physical access controls
Facility Security: 24/7 monitoring, biometric access controls, and video surveillance
Workstation Security: Locked screens, password protection, and device encryption requirements
Device Management: Mobile device management (MDM) for all devices accessing PHI
Disposal Procedures: Secure destruction of PHI-containing devices and media
Technical Safeguards
Encryption: AES-256 encryption at rest and TLS 1.3 encryption in transit for all PHI
Multi-Factor Authentication (MFA): Required for all system access
Audit Controls: Comprehensive logging and monitoring of all PHI access and modifications
Automatic Logoff: Sessions automatically terminate after inactivity periods
Integrity Controls: Digital signatures and checksums verify data has not been altered
Network Security: Firewalls, intrusion detection systems, and network segmentation
Vulnerability Management: Regular security patching and vulnerability scanning
Third-Party Security Audits
SOC 2 Type II Certification: Annual third-party audits verify our security controls
Business Associate Audits: Regular reviews of vendor security practices
Penetration Testing: Periodic security testing to identify vulnerabilities
Your Responsibility
While we implement extensive safeguards, protecting your health information is a shared responsibility. Please:
Keep your account credentials confidential and use strong, unique passwords
Enable multi-factor authentication when available
Log out of your account when using shared or public devices
Report any suspicious activity or potential security incidents immediately
Keep your contact information current so we can reach you about security matters
Data Storage and Localization
Texas Patient Data Storage and Localization
Required Disclosure Under Texas SB 1188 (Effective September 1, 2025)
Texas law requires us to disclose where your health data is stored and processed.
Primary Data Storage Locations:
United States: Primary database servers located in AWS US-East-1 (Virginia) and US-West-2 (Oregon)
Database Provider: Amazon Web Services (AWS) - SOC 2 Type II and HIPAA compliant
Backup Storage: Encrypted backups stored in AWS US-East-2 (Ohio)
Application Hosting: Vercel Edge Network (United States nodes only)
Data Processing Locations:
All Texas patient data is processed exclusively within United States data centers
AI consultation processing: AWS Bedrock US regions (Virginia, Oregon)
Analytics processing: United States-based infrastructure only
Payment processing: Stripe (United States servers)
Texas Data Residency Commitment:
All health information of Texas residents is stored and processed exclusively within the United States. We do not transfer Texas patient health data outside the United States for any purpose, including storage, processing, or analytics.
Third-Party Service Providers:
The following service providers may have access to Texas patient data:
Electronic Health Records: OpenLoop Healthcare Partners (US-based)
Cloud Infrastructure: Amazon Web Services (US regions only)
All service providers are contractually bound by Business Associate Agreements (BAAs) and HIPAA compliance requirements.
Cross-Border Data Transfers:
None. We do not transfer Texas patient health information outside the United States. All data storage, processing, and backups occur within U.S. data centers that comply with HIPAA security standards and Texas data residency requirements.
Your Rights Under Texas Law:
Right to know where your data is stored and processed
Right to request deletion of your data (subject to legal retention requirements)
Right to opt-out of certain data processing activities
Right to receive notice of any changes to data storage locations
Opt-Out Information:
While we maintain all Texas patient data within the United States, you may request additional restrictions on data processing by contacting our Privacy Officer. Please note that certain restrictions may limit our ability to provide clinical services.
Questions or Concerns: If you have questions about where your data is stored or wish to exercise your Texas privacy rights, please contact:
Legal Reference: This disclosure is provided in compliance with Texas Senate Bill 1188, effective September 1, 2025. We will update this disclosure if our data storage locations or processing practices change.
Breach Notification Procedures
Your Right to Know About Breaches
Under HIPAA and Texas state law, you have the right to be notified promptly if a breach of your protected health information occurs. This section explains our breach notification procedures and your rights.
Federal HIPAA Breach Notification Requirements
Under the HIPAA Breach Notification Rule (45 CFR §§ 164.400-414), we are required to notify affected individuals, the U.S. Department of Health and Human Services (HHS), and in some cases, the media, following a breach of unsecured protected health information.
What is a Breach?
A breach is the unauthorized acquisition, access, use, or disclosure of protected health information (PHI) that compromises the security or privacy of the information. This includes situations where PHI is:
Accessed by unauthorized individuals
Disclosed without proper authorization
Lost or stolen in an unsecured form
Improperly disposed of
Notification Timeframes
Individual Notification
Within 60 days of discovering a breach, we will notify affected individuals by first-class mail to their last known address, or by email if the individual has agreed to electronic notice. If we do not have sufficient contact information for 10 or more individuals, we will post a notice on our website for at least 90 days.
HHS Notification
• Breaches affecting 500+ individuals: We will notify HHS immediately, within 60 days of discovery • Breaches affecting fewer than 500 individuals: We will notify HHS annually within 60 days of the end of the calendar year
Media Notification
For breaches affecting more than 500 residents of a state or jurisdiction, we will notify prominent media outlets in that area within 60 days of discovering the breach.
Texas State Law Requirements
Under Texas Business and Commerce Code § 521.053, if a breach involves Texas residents' sensitive personal information, we will comply with additional state notification requirements, which may include notification without unreasonable delay.
What We Will Tell You If a Breach Occurs
Our breach notification will include:
What happened: A brief description of the breach, including the date (or estimated date) of the breach and the date the breach was discovered
What information was involved: The types of unsecured PHI that were involved (e.g., name, Social Security number, medical record number, diagnosis, treatment information)
What we are doing: Steps we are taking to investigate the breach, mitigate harm, and protect against future breaches
What you can do: Steps you can take to protect yourself from potential harm
Contact information: How to contact us for more information and ask questions
Our Response Process If a Breach Occurs
1
Immediate Investigation
We immediately investigate all suspected security incidents to determine if a breach occurred, assess the scope, and identify affected individuals.
2
Containment and Mitigation
We take immediate steps to contain the breach, prevent further unauthorized access, and mitigate potential harm to affected individuals.
3
Required Notifications
We provide timely notification to affected individuals, HHS, and when required, the media and state authorities, in accordance with all applicable laws.
4
Prevention and Improvement
We analyze the breach to identify root causes and implement additional safeguards to prevent similar incidents in the future.
How to Report a Suspected Breach
If you believe your protected health information has been compromised or used inappropriately, please report it immediately:
Identity Theft Resources: If your information is compromised, visit www.identitytheft.gov for guidance
Business Associates
In order to provide you with quality healthcare services, we work with various business associates who may have access to your protected health information (PHI). All business associates are required to maintain HIPAA-compliant Business Associate Agreements (BAAs) that obligate them to protect your health information.
This list is updated periodically. All business associates are contractually required to maintain HIPAA-compliant Business Associate Agreements (BAAs). You may request a copy of any BAA by contacting our Privacy Officer at privacy@myhealthydoc.com.
You may request a copy of any Business Associate Agreement by contacting our Privacy Officer.
All business associates are contractually required to implement appropriate safeguards to protect your PHI.
Business associates may only use and disclose your PHI as permitted by their agreement with us and as required by law.
If you believe a business associate has violated your privacy rights, you may file a complaint with our Privacy Officer or with the U.S. Department of Health and Human Services.
Your opt-in preferences and consent data are protected and never shared for marketing purposes.
Protection of Opt-In Data
No marketing or promotional sharing: We will never share your opt-in data, including SMS/text message consent, email preferences, or communication choices, with third parties for marketing or promotional purposes.
Your consent is sacred: Any opt-in preferences you provide, including consent to receive communications, are used solely to deliver the services you requested from us.
Control over your data: You maintain full control over your opt-in preferences and can modify or revoke consent at any time.
Limited Sharing with Service Providers
We may share your opt-in data with carefully selected subcontractors or outsourced service providers, but only under these strict conditions:
Service fulfillment only: Any sharing of your opt-in data with subcontractors or outsourced service providers is solely for the purpose of fulfilling the services we provide to you.
Contractual obligations: All service providers are contractually bound to protect your data and are prohibited from using it for any purpose other than providing services on our behalf.
Examples of service providers: This may include SMS gateway providers (like Twilio), email service providers, appointment scheduling systems, or technical support services - all bound by strict data protection agreements.
Your Communication Rights
You can opt out of any communications at any time by replying STOP to text messages or clicking unsubscribe in emails.
Opting out of communications does not affect our ability to send you important service-related messages, such as appointment confirmations or health alerts.
You can update your communication preferences at any time through your account settings or by contacting us directly.
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.
Substance Use Disorder Records (42 CFR Part 2)
Federal Part 2: Substance Use Disorder Records Protection
42 CFR Part 2 - Enhanced Privacy for Substance Use Disorder Patient Records
Federal Compliance Deadline: February 16, 2026
Critical Notice: Federal Criminal Penalties Apply
Substance use disorder patient records are protected by federal law under 42 CFR Part 2. These protections are stricter than regular HIPAA and carry federal criminal penalties for unauthorized disclosure. This notice explains your enhanced rights regarding SUD treatment information.
Notice Last Updated: January 18, 2025 Federal Compliance Deadline: February 16, 2026 Regulations: 42 CFR Part 2 - Confidentiality of Substance Use Disorder Patient Records
Do Not Sell My Personal Information
California residents have the right to opt-out of the sale of their personal information. My Healthy Doc does not sell personal information for monetary consideration. However, we may share information with service providers and business partners as described in this privacy policy.
To exercise your right to opt-out of any potential future sharing that could be considered a "sale" under California law:
Email us with "Do Not Sell My Information" in the subject line
We will process your request within 15 days of verification of your identity.
Your California Privacy Rights
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information.
Right to Know
You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you specifically over the past 12 months.
Right to Delete
You have the right to request deletion of personal information we have collected from you, subject to certain exceptions under HIPAA for medical records.
Right to Correct
You have the right to request correction of inaccurate personal information, including medical information through our standard medical records correction process.
Right to Limit Sensitive Processing
California law recognizes health data as sensitive personal information. We limit processing of health information consistent with HIPAA and clinical care requirements.
How to Exercise Your Rights
To exercise your California privacy rights:
Email us at support@myhealthydoc.com
Call us at (840) 465-2530
Submit a written request to our Privacy Officer at the address listed below
We will verify your identity before processing your request. For health information requests, we may need additional verification under HIPAA.
Your Texas Privacy Rights
Your Texas-Specific Privacy Rights
Enhanced Privacy Protections for Texas Residents
Texas law provides additional privacy rights beyond federal HIPAA protections. If you are a Texas resident, you have the following rights regarding your health information:
1. Right to Access Electronic Health Information (HB 300)
15 Business Day Guarantee: We will provide access to your electronic health information within 15 business days of your written request
Access to complete medical records, lab results, imaging reports, and clinical notes
Right to receive records in commonly used electronic format (PDF, HL7, FHIR)
Right to designate a third party to receive your records on your behalf
2. Right to Correct Inaccurate Health Information
Request correction of any inaccurate or incomplete health information in your records
We will respond to correction requests within 60 days
If we deny your request, we will provide written explanation and allow you to submit a statement of disagreement
Your statement will become a permanent part of your medical record
3. Right to Request Restrictions on Disclosures
Request limitations on how we use or disclose your health information
Restrict disclosures to health plans if you pay out-of-pocket in full
Request that we not share certain information with family members or others involved in your care
We will accommodate all reasonable restriction requests
4. Right to Opt-Out of AI Processing (TRAIGA)
AI Transparency: We use artificial intelligence to provide health consultations and clinical decision support
You have the right to opt-out of AI-based processing of your health information
Opting out may limit certain services, such as our AI consultation feature
We will provide clear notice when AI is used and explain how AI decisions are made
You may request human review of any AI-generated health recommendations
To Opt-Out: Contact our Privacy Officer and specify "AI Opt-Out Request"
5. Right to Know Data Storage Locations (SB 1188)
Right to know where your health data is stored and processed
Right to receive notice of any changes to data storage locations
Our Commitment: All Texas patient data is stored and processed exclusively within the United States
See our "Texas Data Localization Disclosure" above for complete details
6. Right to Confidential Communications
Request that we contact you at a specific phone number, email, or address
Request that we not leave messages with certain individuals or at certain locations
We will honor all reasonable confidential communication requests without requiring explanation
7. Right to Accounting of Disclosures
Request a list of all disclosures of your health information we have made
Accounting covers the previous 6 years from your request date
One free accounting per 12-month period; reasonable fee for additional requests
We will provide the accounting within 60 days of your request
8. Right to Breach Notification
You will be notified within 60 days if your health information is subject to an unauthorized access or disclosure
Notification will include what information was compromised and steps we are taking
We will provide resources to help protect your information and identity
9. Right to File Complaints Without Retaliation
File complaints with us or with regulatory authorities if you believe your rights were violated
File complaints with Texas Health and Human Services Commission (HHSC) or the U.S. Department of Health and Human Services Office for Civil Rights (OCR)
We will not retaliate against you for filing a complaint
How to Exercise Your Texas Privacy Rights
To exercise any of the rights described above, please contact our Privacy Officer:
Mail: My Healthy Doc, Privacy Officer, 625 Kenmoor Ave SE Ste 350, PMB 49440, Grand Rapids, MI 49546-2395
Note: We may require verification of your identity before processing your request to protect your privacy and security.
Response Timelines
Access Requests: 15 business days (Texas HB 300 requirement)
Correction Requests: 60 days
Restriction Requests: Promptly, typically within 10 business days
Accounting Requests: 60 days
AI Opt-Out Requests: Effective immediately upon confirmation
Legal References: Texas Health and Safety Code Chapter 181, Texas HB 300 (2023), Texas TRAIGA, Texas SB 1188 (effective September 1, 2025). These rights are in addition to your federal HIPAA privacy rights. For questions, contact our Privacy Officer.
Contact Information
Privacy Officer Contact Information:
Email: support@myhealthydoc.com
Phone: (840) 465-2530
Mailing Address: My Healthy Doc 625 Kenmoor Ave SE Ste 350, PMB 49440 Grand Rapids, Michigan 49546-2395
Version History
We maintain a complete history of changes to this Notice of Privacy Practices. Below is a summary of our version history:
Note: If you received care before the effective date of this notice, a prior version of this notice may have applied to your care. You may request a copy of any prior version by contacting our Privacy Officer at privacy@myhealthydoc.com or (840) 465-2530.