1. Introduction

Oasis Medical Center of GA, Dallas (“we,” “us,” “our”) is committed to protecting the privacy and security of your personal and health-related information. This Privacy Policy describes how we collect, use, disclose, and safeguard your protected health information (PHI), and other personal data, in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Texas Medical Records Privacy Act, the Texas Identity Theft Enforcement and Protection Act, and other applicable federal, state, and local laws.

2. Scope

This Privacy Policy applies to all PHI and personal data that we collect or receive regarding patients, clients, visitors, website users, and others, in any form (oral, written, electronic). It governs our practices in relation to health care services, billing, operations, and our website and digital systems.

3. Definitions

• Protected Health Information (PHI): Individually identifiable health information created, received, stored, or transmitted by us, in any form, that relates to past, present, or future physical or mental health, provision of health care, or payment for health care.

• Personal Data: Data that identifies or can identify an individual, apart from PHI, such as name, address, phone number, email.

• Covered Entity: As defined under HIPAA, including us, as a health care provider, and any business associate we engage.

• Business Associate: A person or entity that performs certain functions or activities on our behalf, involving use or disclosure of PHI.

4. Information We Collect

• Health Information: Medical history, diagnoses, treatment plans, test results, prescriptions, insurance information.

• Billing and Payment Data: Insurance details, billing records, payment history.

• Contact and Identification Data: Name, address, phone number, email, date of birth, Social Security number (if required), other identifiers.

• Digital and Website Data: IP addresses, device type, browser, cookies, usage logs, if visiting our website or using our digital services.

5. How We Use Information

We may use PHI and Personal Data for the following purposes:
a) Treatment, Payment, and Health Care Operations: To provide medical care, process payments, insurance claims, coordinate care, maintain quality.
b) Administrative Purposes: Scheduling, communication about appointments, billing, internal auditing, compliance.
c) Legal and Regulatory Compliance: As required by law (e.g. reporting certain communicable diseases, complying with court orders, mandatory disclosures).
d) Research: With your authorization or in de-identified form, where permitted by law.
e) Marketing and Communications: Only with your explicit written authorization; information about our services, appointment reminders, etc.; you may opt-out.

6. Disclosure of Information

We will not disclose your PHI except as permitted under HIPAA and state law. Possible disclosures include:

• To other health care providers involved in your care.

• To health insurance companies for claims or coverage.

• To business associates under contracts ensuring confidentiality.

• To legal/ regulatory authorities when required.

• With your written authorization for all other purposes not otherwise permitted.

7. Patient Rights

You have certain rights regarding your information:

• Right to Access: You may inspect and obtain a copy of your PHI held by us (with limited exceptions) within timelines required by law.

• Right to Amend: If you believe your PHI is incorrect or incomplete, you may request amendment; if we deny, you may submit a statement of disagreement.

• Right to Accounting of Disclosures: You may request a list of disclosures of your PHI for purposes other than treatment, payment, or health operations.

• Right to Restrict Uses/Disclosures: You may request restrictions on certain uses/disclosures; we are not always required to agree, but if you paid out-of-pocket in full for a service, for example, we must honor your request to restrict disclosure to health plan.

• Right to Confidential Communications: You may ask that we communicate with you in a certain way or at a certain location (e.g. via mail, phone, email); we will accommodate reasonable requests.

• Right to Withdraw Authorization: If you have authorized certain uses/disclosures, you may revoke that authorization in writing, except to the extent action has already been taken in reliance on it.

• Right to Receive Notice of Breach: If there is a breach of your unsecured PHI, we will provide notification as required under HIPAA and state law.

8. Security Measures

We maintain administrative, physical, and technical safeguards to protect PHI and Personal Data against unauthorized access, use, disclosure, alteration, and destruction. This includes:

• Secure facilities and access controls

• Encryption of data in transit and at rest when required

• Employee training and confidentiality agreements

• Regular risk assessments and audits

9. Retention and Disposal

We will retain your PHI for the period required by applicable law. When PHI is no longer required, we will dispose of it in a secure manner (e.g., shredding physical documents, secure deletion of electronic files).

10. Changes to Policy

We reserve the right to amend this Privacy Policy. Any material changes will be posted on our website and in our facilities, and where required, you will be notified directly. The revised policy shall apply to all PHI we maintain, including that collected prior to the change.

11. Complaints and Contact Information

If you believe your privacy rights have been violated, or you have questions about this Privacy Policy, you may contact:

Privacy Officer
Oasis Medical Center of GA, Dallas
Phone: (678) 398-9758
Email: hello@oasismedicalofga.com