Primary Care Clinic in Sherman TX | Highland Primary Care

NOW ACCEPTING NEW PATIENTS!

FOLLOW US:

Privacy Policy

1. INTRODUCTION

Highland Primary Care (“Company,” “we,” “us,” “our,” or “Provider”) is committed to protecting your privacy and ensuring you have a positive experience on our website and through our healthcare services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our healthcare services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services.

This Privacy Policy is subject to and incorporates by reference the provisions of our Terms & Conditions, which govern the use of our website and services.

2. INFORMATION WE COLLECT

2.1 Personal Health Information (PHI)

In accordance with the Health Insurance Portability and Accountability Act (HIPAA), we collect Protected Health Information (PHI) necessary to provide healthcare services:

  • Medical History: Symptoms, medications, allergies, past medical conditions, family history, and relevant lifestyle factors
  • Appointment Information: Consultation dates, times, duration, and clinical notes
  • Test Results: Laboratory values, imaging results, and diagnostic findings
  • Treatment Plans: Prescribed medications, dosages, delivery methods, and therapeutic protocols
  • Ongoing Monitoring Data: Follow-up assessments, symptom tracking, and treatment response information
  • Payment/Insurance Information: Billing address, payment method, insurance carrier details, and claim information

2.2 Personal Identification Information

  • Legal name and date of birth
  • Social Security Number (for billing and tax purposes only)
  • Address (residential and/or mailing)
  • Email address
  • Telephone number(s)
  • Emergency contact information

2.3 Technology and Usage Information

  • IP address and device identifiers
  • Browser type and operating system
  • Pages visited and time spent on website
  • Links clicked and features used
  • Referral source and site navigation patterns
  • Cookies and similar tracking technologies (described in Section 8)

2.4 Communications Information

  • Email correspondence with our clinical and administrative staff
  • Text message (SMS) communications (see Section 7 for SMS-specific terms)
  • Phone call recordings (when applicable and with prior consent)
  • Voicemail messages
  • Patient portal messages and notes

2.5 Information Collected from Third Parties

We may obtain health information from:

  • Previous healthcare providers (with written authorization)
  • Laboratory facilities where your tests are processed
  • Pharmacy partners fulfilling your prescriptions
  • Insurance carriers for billing verification
  • Business associates who support our operations under HIPAA Business Associate Agreements (BAAs)

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses of PHI

Your Protected Health Information is used exclusively for:

A. Treatment: Diagnosing your condition, providing consultations, prescribing medications, monitoring treatment response, and managing your ongoing care

B. Payment: Processing insurance claims, billing statements, payment collection, and verifying coverage

C. Healthcare Operations: Scheduling appointments, communicating treatment information, ensuring continuity of care, quality improvement, and staff training (all in de-identified or limited format)

3.2 Limited Uses of Personal Information

  • Service Improvement: Analyzing patient feedback to improve clinical protocols and service delivery
  • Compliance: Meeting legal obligations, regulatory requirements, and accreditation standards
  • Security: Detecting fraudulent activity and protecting against unauthorized access or data breaches
  • Administrative: Account maintenance, password reset, billing inquiries, and appointment reminders

3.3 Communication Uses

We may use your contact information to:

  • Confirm appointments and send appointment reminders
  • Provide test results and treatment updates
  • Send prescription refill notifications
  • Deliver important clinical or administrative communications
  • Respond to your inquiries or requests

We will NEVER use your health information for marketing, advertising, or sale to third parties without your explicit written consent.

3.4 De-Identified Data

We may use de-identified health information (data from which all personally identifiable information has been removed) for:

  • Clinical research (with IRB approval)
  • Statistical analysis and quality reporting
  • Educational purposes
  • Operational improvements
  • Public health surveillance (when required by law)

4. HIPAA COMPLIANCE AND YOUR RIGHTS

4.1 HIPAA Privacy Rule

As a HIPAA-covered entity, Highland Primary Care maintains all Protected Health Information in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Your PHI is protected under the HIPAA Privacy Rule (45 CFR §§ 164.100-164.534).

You have the following rights regarding your PHI:

A. Access Your Medical Records – Request a copy of your medical records within 30 days, access records in electronic format, and request records be sent to another healthcare provider.

B. Request Corrections – Amend inaccurate or incomplete information in your medical record by submitting corrections in writing with supporting documentation.

C. Request Restrictions on Use and Disclosure – Request limitations on how your PHI is used or disclosed, including requesting that we not disclose information to your health insurance plan for services you pay out-of-pocket.

D. Receive Confidential Communications – Request that we contact you only at specific addresses or phone numbers, or in alternative formats.

E. Request an Accounting of Disclosures – Receive a detailed list of all disclosures of your PHI made for non-treatment purposes within 60 days of request.

F. File a Privacy Complaint – Contact us with privacy concerns or file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights without penalty or retaliation.

To exercise any of these rights, submit a written request to our Privacy Officer (contact information in Section 12).

5. DISCLOSURE OF YOUR INFORMATION

5.1 Permitted Disclosures WITHOUT Authorization

Your PHI may be disclosed without your authorization only in the following circumstances:

  • Treatment: To healthcare providers involved in your care
  • Payment: To insurance companies, billing agencies, and healthcare clearinghouses for claims processing
  • Healthcare Operations: To staff members who need information to provide services, conduct quality assurance, or meet accreditation requirements
  • Legal Requirement: When disclosure is required by law, regulation, or court order (public health authorities, law enforcement with proper legal process, emergency circumstances)
  • Business Associates: To contractors and service providers who have signed a Business Associate Agreement (BAA) requiring HIPAA compliance

5.2 Disclosures WITH Your Authorization

Except as permitted above, we will ONLY disclose your PHI if you provide written authorization. Authorization must be in writing, clearly signed by you, specify what information may be disclosed, identify the recipient, include an expiration date, and may be revoked at any time in writing.

5.3 Conditions Where We Will NOT Disclose

We will NOT disclose your PHI to marketing companies, data brokers, for sale or commercial purposes, to your employer without authorization, or for any purpose unrelated to your treatment, payment, or healthcare operations.

6. DATA SECURITY AND PROTECTION

6.1 Administrative Safeguards

  • Role-based access controls limiting staff access to minimum necessary information
  • Employee training on HIPAA and privacy practices (required annually)
  • Background checks for all personnel with access to PHI
  • Written policies and procedures governing information security
  • Access logs and audit trails monitoring information access
  • Secure email communication using encryption for PHI

6.2 Physical Safeguards

  • Secure facilities with controlled access
  • Secure document storage and destruction protocols
  • Workstation security standards
  • Proper disposal of equipment containing PHI (certified data destruction)

6.3 Technical Safeguards

  • Encryption of all data in transit and at rest
  • Firewalls and intrusion detection/prevention systems
  • Regular vulnerability assessments
  • Secure authentication requiring strong passwords and multi-factor authentication
  • Regular security patches and software updates
  • Data backup and disaster recovery systems
  • Regular security audits

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of any information transmitted over the internet. However, we are committed to continuous improvement of our security infrastructure.

7. SMS MESSAGING AND TCPA COMPLIANCE

7.1 SMS Communication Purpose and Consent

Highland Primary Care uses SMS (text messaging) to communicate with patients regarding appointment scheduling, confirmation, and reminders; test result notifications; prescription refill reminders; important clinical updates; and general account or appointment-related administrative information.

IMPORTANT: You are consenting to receive text messages only for healthcare-related communications directly related to your treatment. We will NOT use SMS for marketing, promotional, or unsolicited commercial purposes without separate explicit written consent.

Your mobile data will not be shared or sold to any third party.

7.2 TCPA Compliance

Our SMS practices comply fully with the Telephone Consumer Protection Act (47 U.S.C. § 227) and FCC regulations. Messages are sent only during reasonable hours (8:00 AM – 9:00 PM recipient’s local time) and only for healthcare treatment, appointment-related communications, or patient-requested information.

Opt-Out: You may opt-out of receiving text messages at any time by replying “STOP” to any text message, contacting us directly, or updating your communication preferences. Standard message and data rates from your wireless carrier may apply.

8. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies to remember your login information, track browsing patterns to improve site functionality, analyze website traffic, personalize your experience, and enable security and fraud detection. We may use third-party analytics services (such as Google Analytics) that collect information about your website usage.

9. CHILDREN’S PRIVACY

Our website is not intended for individuals under 18 years of age. We do not knowingly collect information from minors through our website. If we become aware that we have collected information from a minor without proper consent, we will take appropriate steps. Parents or guardians who believe we have collected information from a minor should contact us immediately.

10. TEXAS AND STATE-SPECIFIC PRIVACY

As a healthcare provider in Texas, we comply with all requirements under the Texas Medical Practice Act and Texas Board of Medicine rules. Patient information is maintained in confidential medical records, records are retained for a minimum of 7 years from last patient encounter, and records are securely destroyed and not resold.

We comply with all applicable state privacy laws including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and other state-specific privacy regulations as applicable.

11. DATA RETENTION AND DELETION

  • Medical Records: Maintained for minimum of 7 years from final patient encounter per Texas Medical Board requirements and HIPAA standards
  • Billing Records: Retained for minimum of 7 years for tax and audit purposes
  • Email Communications: Archived for minimum of 6 years per compliance requirements

When retention periods expire, paper records are shredded and electronic records are securely deleted using certified data destruction methods. Subject to legal retention requirements, you may request deletion of your records by submitting a written request to our Privacy Officer.

12. BREACH NOTIFICATION

If a breach occurs affecting your PHI, you will be notified within 60 days of discovery. Notification will include a description of the breach, types of information involved, steps you should take to protect yourself, what Highland Primary Care is doing to investigate and prevent recurrence, and contact information for questions.

13. BUSINESS ASSOCIATES AND THIRD PARTIES

Any third party that handles your PHI is required to sign a Business Associate Agreement (BAA) committing to the same privacy and security protections required of us. Sharing is limited to minimum necessary information, business associates agree to HIPAA compliance, and they may not use your information for their own purposes.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of third-party sites. We encourage you to review their privacy policies before providing any information.

14. AMENDMENTS TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. Changes will be posted on our website with an updated “Last Updated” date and effective immediately upon posting. Material changes affecting patient rights will be communicated directly to you. Continued use of our services after policy changes constitutes your acceptance of the updated Privacy Policy.

15. CONTACT INFORMATION

Questions, Requests, or Concerns?

Highland Primary Care Privacy Officer
Mailing Address: Highland Primary Care, 300 N Highland Ave Suite 455, Sherman, TX 75092
Email: info@highlandprimarycare.net
Phone: 903-871-5671

Response Time: We will respond to privacy inquiries within 30 business days.

File a HIPAA Complaint:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: (202) 619-0257
Website: https://www.hhs.gov/ocr/privacy/hipaa/complaints/

You may file a privacy complaint with HHS without fear of retaliation.

16. ACKNOWLEDGMENT

By using Highland Primary Care services and/or accessing our website, you acknowledge that you have read and understood this Privacy Policy, you consent to collection and use of your information as described, you consent to receive SMS messages as described in Section 7, you understand your HIPAA rights as outlined in Section 4, and you understand our privacy and security practices.

Last Updated: March 13, 2026