Texas Electronic Health Records Disclosure Notice

Texas law requires healthcare providers who maintain electronic health records to provide this disclosure to all Texas residents. This notice describes:

• How we create, maintain, and use electronic health records
• Your rights to access your electronic health information
• Security measures we implement to protect your data
• Our obligations under Texas law regarding electronic health information

By providing this disclosure electronically (on our website), we are required to inform you of the following:

Your Right to a Paper Copy

You have the right to receive a paper copy of this disclosure at no charge. To request a paper copy:

• Call us at: (840) 465-2530
• Email us at: support@myhealthydoc.com
• Write to us at: My Healthy Doc, 625 Kenmoor Ave SE Ste 350, PMB 49440, Grand Rapids, Michigan 49546-2395

We will mail you a paper copy within 15 business days of your request.

Electronic Access Requirements

To access this electronic disclosure, you need:

• A device with internet access (computer, tablet, or smartphone)
• A modern web browser (Chrome, Safari, Firefox, or Edge - updated within the last 2 years)
• PDF reader software (such as Adobe Acrobat Reader, Preview, or your browser's built-in PDF viewer)
• Ability to print or save documents electronically

Right to Withdraw Electronic Consent

You may withdraw your consent to receive this disclosure electronically at any time by requesting a paper copy using the contact information above. Withdrawing consent will not affect the validity of your previous electronic consent or any actions taken based on that consent.

What You Can Request

You have the right to request and receive:

• Electronic copy: Your complete health record in electronic format (PDF, HL7, or other standard format)
• Paper copy: Printed copies of your health records
• Specific records: Only certain portions of your health record (e.g., lab results, visit notes, prescriptions)
• Date range: Records from a specific time period
• Inspection: The ability to review your records in person or via secure online portal

Format Options

We will provide your electronic health records in the format you request, if readily producible:

• PDF (most common)
• HL7 C-CDA (Consolidated Clinical Document Architecture)
• FHIR (Fast Healthcare Interoperability Resources)
• Secure email attachment
• Secure patient portal access
• Direct transmission to another healthcare provider

If your requested format is not readily producible, we will work with you to provide the records in an alternative mutually agreeable format.

Fees for Copies

Texas law allows us to charge reasonable, cost-based fees for providing copies of your records:

* Fees are in accordance with Texas Health & Safety Code § 181.154 and may be updated to reflect changes in law.

Timeline for Providing Records

• 15 business days: Standard timeline for Texas residents to receive electronic health records
• Extensions: In rare circumstances, we may need up to 30 additional days if we notify you of the reason for the delay
• Denial: If we deny your request (rare), we will provide written explanation of the denial and your appeal rights within 15 business days

Step-by-Step Request Process

Contact Information for Record Requests

Authorized Representatives

If someone else is requesting records on your behalf, they must provide:

• Written authorization signed by you (unless they have legal authority)
• Copy of power of attorney, guardianship papers, or other legal documentation
• Valid photo ID of the authorized representative

How We Protect Your Electronic Health Records

We implement comprehensive security measures to protect your electronic health information:

Breach Notification Requirements

Under Texas law and HIPAA, if there is a breach of your electronic health information, we will notify you:

What Our Breach Notification Will Include

• Brief description of what happened and when
• Types of information that were involved in the breach
• Steps we are taking to investigate and mitigate harm
• Steps you can take to protect yourself
• Contact information for questions and further information

Reporting Suspected Breaches

If you suspect unauthorized access to your electronic health records, please contact us immediately:

Texas law requires all workforce members who access electronic health records to receive training on:

• Federal and Texas privacy and security laws (HIPAA and Texas Health & Safety Code Chapter 181)
• Proper handling of electronic protected health information (ePHI)
• Security practices and procedures
• Patient rights under Texas law
• Breach identification and reporting
• System security features and access controls

Our Training Program

The Texas Attorney General has exclusive authority to enforce violations of Texas Health & Safety Code Chapter 181 (electronic health records privacy). This is separate from federal HIPAA enforcement.

Your Right to File a Complaint

If you believe your electronic health information rights under Texas law have been violated, you have the right to file a complaint with the Texas Attorney General:

Federal HIPAA Complaints

You may also file a complaint with the U.S. Department of Health & Human Services (HHS):

No Retaliation

We will not retaliate against you for filing a complaint with the Texas Attorney General, HHS, or our Privacy Officer. Filing a complaint will not affect your care or our services to you.

Potential Penalties for Violations

Texas law provides for significant penalties for violations of electronic health records privacy:

• Civil penalties: Up to $25,000 per violation, up to $250,000 per calendar year
• Criminal penalties: For knowing or intentional violations, criminal prosecution may result
• Injunctive relief: The Attorney General may seek court orders to stop violations
• Corrective action: Required remediation and implementation of corrective measures

Beyond the specific electronic health records rights described above, Texas law provides additional privacy protections:

Consent for Disclosure

We will not disclose your electronic health records without your written authorization, except as permitted or required by law. Valid authorization must:

• Be in writing and signed by you or your authorized representative
• Specify what information may be disclosed
• Identify to whom the information may be disclosed
• State the purpose of the disclosure
• Include an expiration date or event
• Include a statement of your right to revoke the authorization

Right to Amend Records

You have the right to request amendments to your electronic health records if you believe they are inaccurate or incomplete. We will respond to amendment requests within 60 days.

Accounting of Disclosures

You have the right to receive an accounting of disclosures of your electronic health information made by us for the six years prior to your request, with certain exceptions.

Restriction Requests

You may request restrictions on how we use or disclose your electronic health information. While we are not required to agree to all restriction requests, we must agree if:

• The disclosure is for payment or healthcare operations purposes
• The disclosure is not otherwise required by law
• The information pertains solely to a healthcare item or service for which you paid out-of-pocket in full

Confidential Communications

You have the right to request that we communicate with you about your health matters in a specific manner or at a specific location. For example, you may ask that we:

• Contact you only at a specific phone number
• Send mail to an alternative address
• Use secure email or patient portal instead of phone calls
• Use a specific method when leaving messages

Minimum Necessary Standard

When we use or disclose your electronic health information, or request such information from others, we will make reasonable efforts to limit the information to the minimum necessary to accomplish the intended purpose.

Questions or Concerns?