Katy Family Physicians (“we,” “our,” “us”) is committed to protecting your privacy and the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, use our online services (including patient portal), or receive clinical care from us. It also explains your rights and how to contact us.
Notice of Privacy Practices (HIPAA) explains how we collect, use, disclose, and safeguard your Protected Health Information (PHI) created or maintained in connection with your treatment and health care operations. This notice meets the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
Website & Online Privacy explains how we collect and use information when you interact with our website, forms, cookies, analytics, and third-party services (separate from PHI used in your medical record).
A. Information collected in clinical care (PHI)
When you become a patient, we collect information necessary for diagnosis, treatment, billing, and care coordination, including: name, address, birth date, social security number (if needed), insurance details, medical history, medications, lab results, and clinical notes. We may also collect demographic information and emergency contacts. This information is protected by HIPAA.
B. Information collected via the website and online tools
When you visit our website or use online services, we may collect:
A. PHI uses (treatment, payment, operations)
We use PHI to provide and coordinate your medical care, submit claims to insurers, manage billing, contact you about appointments or results, conduct quality improvement and required reporting, and other treatment/payment/healthcare operations permitted by HIPAA. We may also use PHI with your written authorization for marketing or most disclosures of psychotherapy notes.
B. Website & marketing uses
We use non-health website data to operate and improve the site, respond to inquiries, send appointment reminders, and analyze site traffic. Where required by law, we will obtain consent before sending promotional emails. We do not sell your personal information.
We may offer a secure patient portal for appointment scheduling, messaging, viewing test results, and accessing portions of your medical record. Portal messages may contain PHI; use of the portal is subject to its own terms. Email and standard text messaging are not fully secure; we will use patient-preferred communication methods and obtain any required consents for texting or automated messages.
A. For treatment, payment, and operations
We may share PHI with:
B. When required or permitted by law
We may disclose PHI when required by law (public health reporting, law enforcement requests, court orders) and to avert a serious threat to health or safety. We will follow legal requirements for mandatory disclosures.
C. Aggregated or de-identified information
We may use or share de-identified or aggregated information that cannot reasonably identify you for research, analytics, or business purposes.
Under HIPAA, you have rights, including (subject to certain limitations):
To exercise these rights, contact our Privacy Officer (contact info below). We will respond within the timeframes required by law.
We maintain administrative, technical, and physical safeguards designed to protect PHI and personal data against unauthorized access, loss, or misuse. These measures include access controls, encryption for certain electronic records and transmissions, employee training, and secure data centers. However, no system is completely secure; we will notify you and regulators as required by law if a breach occurs.
We retain medical records and related PHI as required by federal and Texas law and as necessary for legal, tax, or business purposes. Retention periods vary by record type; inactive or archived records are stored securely. Non-PHI website logs and analytics are kept for a period consistent with operational needs and legal requirements.
For patients who are minors, parental access to medical records may be allowed as required by law, except where state law permits minors to consent to care without parental involvement (e.g., certain reproductive or mental health services). We follow Texas law on minors’ rights and confidentiality.
Our site uses cookies and third-party analytics to improve user experience and measure traffic. Third-party services (e.g., analytics, payment processors) may collect information when you use their features. Their use is governed by their privacy policies. You can disable some cookies via your browser, though disabling may limit functionality.
Our website may contain links to third-party sites. We are not responsible for the privacy practices or content of those sites. Review the privacy policy of each site you visit.
We may update this Privacy Policy to reflect changes in law or our practices. If there is a material change, we will post the updated policy on our website with a revised “Effective date.” Continued use of our services after the effective date constitutes acceptance of the revised policy.
