HIPAA Privacy Notice
Effective Date: June 22, 2025
This Privacy Notice describes how we protect and manage your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Our organization provides services to healthcare institutions and research organizations, and in doing so, may access, receive, or maintain PHI. We are committed to using and disclosing PHI responsibly and in compliance with the law.
1. Our HIPAA Responsibilities
We are required by law to maintain the privacy of your PHI, provide you with notice of our legal duties and privacy practices, and abide by the terms of this notice. We must also notify you if a breach of your unsecured PHI occurs.
2. Permitted Uses and Disclosures of PHI
We may use or disclose your PHI without your written authorization for the following purposes:
-
Treatment: Coordinating and managing your healthcare services.
-
Payment: Billing and receiving payment for services provided.
-
Healthcare Operations: Quality assessment, internal audits, training, and compliance monitoring.
-
As Required by Law: When disclosure is mandated by federal or state laws, court orders, or government regulations.
-
Public Health and Safety: To prevent or control disease, report abuse, or avert serious threats.
-
Business Associates: To third-party service providers who are bound by HIPAA obligations through signed agreements.
Other uses and disclosures not described in this notice will be made only with your written authorization, which you may revoke at any time.
3. Your Rights Regarding Your PHI
You have the following rights:
-
Right to Access: You may request a copy of your PHI. We will respond within 30 days.
-
Right to Amend: You may request corrections if you believe your records are incorrect or incomplete.
-
Right to an Accounting of Disclosures: You may request a list of certain disclosures of your PHI made in the past six years.
-
Right to Request Restrictions: You may ask us to limit how your information is used or disclosed. While we are not required to agree to all requests, we will consider them.
-
Right to Confidential Communications: You may request to receive communications by alternative means or at different locations.
-
Right to Receive a Copy of This Notice: You may request a printed copy of this notice at any time.
-
All requests should be made in writing to our Privacy Officer at: nahi_n@dragonflowsystems.com
-
4. Our Internal Privacy and Security Practices
We implement appropriate administrative, technical, and physical safeguards to protect your PHI. Access to PHI is limited to authorized personnel based on role and necessity. Our staff is trained on HIPAA requirements and privacy procedures. All vendors handling PHI are contractually obligated to follow HIPAA rules.
5. Breach Notification
If your PHI is compromised, we will notify you in writing without unreasonable delay and no later than 60 days after discovery. The notification will include the nature of the breach, the information involved, steps you should take to protect yourself, and our actions to investigate and prevent future breaches.
6. Changes to This Notice
We reserve the right to revise this notice at any time. Any changes will apply to all PHI we maintain, including information obtained before the changes. You may request a current version of this notice at any time.
7. Questions and Complaints
If you have questions about this notice or believe your rights have been violated, you may contact our Privacy Officer at nahi_n@dragonflowsystems.com. You may also file a complaint with the U.S. Department of Health and Human Services at www.hhs.gov/ocr/privacy/hipaa/complaints.
This HIPAA Privacy Notice is a simplified summary of our obligations and your rights. We are committed to safeguarding your health information and honoring your privacy.