HIPAA Notice of Privacy Practices (Business Associate Services)
Effective Date: March 17, 2026
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
HealthCura provides services to healthcare providers and operates as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").
This Notice applies to how we handle Protected Health Information (PHI) on behalf of healthcare providers. Your healthcare provider is responsible for providing you with their own Notice of Privacy Practices, which describes how they use and disclose your PHI and your rights with respect to your health information.
1. Our Duty to Protect Health Information
HealthCura processes Protected Health Information (PHI) on behalf of healthcare providers as a Business Associate. PHI is information that identifies you and relates to your past, present, or future health condition, the provision of healthcare to you, or payment for healthcare services.
We are required by law to maintain appropriate safeguards to protect the privacy and security of PHI and to comply with applicable provisions of HIPAA. We operate under contractual obligations with healthcare providers, including Business Associate Agreements (BAAs), which govern how we may use and disclose PHI.
2. How We May Use and Disclose Your PHI
We may use and disclose PHI on behalf of healthcare providers for the following purposes without your written authorization:
Treatment: We may use or disclose your PHI to facilitate medical treatment or services provided by your healthcare provider. For example, information may be shared between your providers to coordinate your care, including prescriptions, lab work, and referrals.
Payment: We may use or disclose your PHI to bill and collect payment for services provided to you. For example, we may share information with your health insurance plan to obtain prior authorization for a procedure or to verify your eligibility for benefits.
Healthcare Operations: We may use or disclose your PHI for operational purposes, such as quality assessment, staff training, compliance activities, auditing, and business planning to support the delivery of healthcare services.
Other Permitted Disclosures: We may also disclose your PHI without your authorization in the following circumstances:
- As required by federal, state, or local law
- For public health activities (e.g., reporting diseases, injuries, or vital events)
- To report victims of abuse, neglect, or domestic violence
- For health oversight activities (e.g., audits, investigations)
- In response to court orders or legal proceedings
- To law enforcement officials under certain circumstances
- To coroners, funeral directors, and organ procurement organizations
- For research purposes under specific conditions
- To avert a serious threat to health or safety
- For specialized government functions (e.g., military, national security)
- For workers' compensation purposes
All uses and disclosures of PHI are performed in accordance with our contractual obligations with healthcare providers and applicable law.
3. Uses Requiring Your Authorization
Except as described above, we will not use or disclose your PHI without your written authorization. Uses and disclosures that require your authorization include:
- Marketing communications
- Sale of your PHI
- Most uses of psychotherapy notes
- Other uses and disclosures not described in this Notice
You may revoke your authorization in writing at any time, except to the extent that action has already been taken in reliance on your authorization.
4. Your Rights Regarding Your PHI
As a Business Associate, HealthCura maintains PHI on behalf of healthcare providers. In most cases, requests to exercise your rights regarding PHI should be directed to your healthcare provider, who is the Covered Entity under HIPAA. We will assist healthcare providers in responding to such requests as required under applicable agreements and law.
You have the following rights with respect to your PHI:
Right to Access: You have the right to inspect and obtain a copy of your PHI maintained by us. We may charge a reasonable fee for copying and mailing costs. We will respond to your request within 30 days.
Right to Amendment: You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. We may deny your request under certain circumstances, but we will provide you with a written explanation of the denial.
Right to an Accounting of Disclosures: You have the right to request a list of disclosures of your PHI that we have made, except for disclosures made for treatment, payment, healthcare operations, and certain other purposes. Your request must specify the time period, which may not exceed six years.
Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except that we must agree to restrict disclosures to a health plan if you pay for a service in full out of pocket.
Right to Confidential Communications: You have the right to request that we communicate with you about your health information in a particular way or at a certain location. For example, you may ask that we contact you only by mail or at a specific phone number.
Right to a Copy of This Notice: You have the right to obtain a paper copy of this Notice at any time, even if you have previously agreed to receive it electronically.
5. Our Responsibilities
- We are required by law to maintain the privacy and security of your PHI.
- We will notify the applicable healthcare provider in accordance with HIPAA Breach Notification Rules. The healthcare provider is responsible for notifying affected individuals where required by law.
- We will not use or disclose your PHI for marketing or fundraising purposes without your authorization.
- We will not sell your PHI without your authorization.
- We limit our use and disclosure of PHI to the minimum necessary to perform our services.
- We are required to abide by the terms of this Notice.
6. Business Associate Role
HealthCura does not provide medical care and does not make decisions about how your PHI is used or disclosed beyond what is necessary to provide services to healthcare providers.
Healthcare providers determine the purposes and means of processing PHI, and HealthCura processes PHI solely on their behalf and in accordance with applicable agreements and law.
7. How to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS). You will not be penalized or retaliated against for filing a complaint.
To file a complaint with HealthCura:
HealthCura Privacy Officer
Email: privacy@healthcura.ai
To file a complaint with HHS:
U.S. Department of Health and Human Services
Office for Civil Rights
Website: www.hhs.gov/ocr/complaints
Phone: 1-877-696-6775
8. Changes to This Notice
We reserve the right to change the terms of this Notice at any time. Any changes will apply to all PHI we maintain. The revised Notice will be posted on our website and made available upon request.
9. Contact Information
For more information about our privacy practices or to exercise your rights, please contact:
HealthCura Privacy Officer
Email: privacy@healthcura.ai