Tejas Clinic

Legal

Privacy Policy

Effective Date: March 13, 2026

1. Overview

Tejas Clinic ("we," "us," or "our") is committed to protecting the privacy of our patients, website visitors, and anyone who interacts with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our clinic, use our website, schedule appointments, communicate with us via phone, email, text message, or patient portal, or receive healthcare services.

This policy applies to all interactions with Tejas Clinic, whether in person, by phone, through our website, via telehealth, or through any digital communication channel.

2. Information We Collect

We may collect the following categories of information:

Personal Identifiers

  • Full name, date of birth, gender, and Social Security Number (when required for billing or insurance)
  • Home address, phone number(s), and email address
  • Emergency contact information
  • Preferred language and communication preferences

Health & Medical Information

  • Medical history, diagnoses, treatment plans, and clinical notes
  • Medications, allergies, immunization records, and lab results
  • Vital signs, imaging reports, and referral information
  • Behavioral health and substance use information (with additional protections under 42 CFR Part 2)
  • Information provided during telehealth consultations

Insurance & Financial Information

  • Insurance plan details, policy and group numbers, subscriber information
  • Copayment, deductible, and out-of-pocket amounts
  • Credit/debit card or bank account information for payment processing
  • Billing history and account balances

Appointment & Scheduling Data

  • Preferred dates, times, and service type for requested appointments
  • Patient type (new or returning), appointment history
  • Cancellation and no-show records

Communication Data

  • Messages sent and received through our patient portal
  • Text messages (SMS/MMS) related to appointment reminders, follow-ups, or care coordination
  • Emails related to your care, billing, or account
  • Voicemail recordings and phone call logs
  • Telehealth video consultation recordings (when applicable and with consent)

Technical & Website Data

  • IP address, browser type and version, operating system, and device information
  • Pages visited, time spent on our website, and referral sources
  • Cookies, pixels, and similar tracking technologies (see Section 12)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Treatment: To provide, coordinate, and manage your medical care, including consultations, diagnoses, prescriptions, referrals, and follow-up care.
  • Payment: To submit claims to your insurance provider, process copayments and payments, and manage your billing account.
  • Healthcare Operations: To improve quality of care, train staff, conduct audits, and manage clinic operations.
  • Appointment Management: To process appointment requests, send confirmations, reminders, and follow-up communications via your preferred channel (phone, email, or text).
  • Patient Communications: To send health-related messages, test results, medication reminders, wellness tips, and clinic updates through secure channels.
  • Telehealth: To facilitate virtual consultations and securely transmit health information during telehealth visits.
  • Patient Portal: To provide access to your health records, lab results, appointment history, and secure messaging with your care team.
  • Legal Compliance: To comply with federal and state laws, including HIPAA, Texas Medical Practice Act, and other healthcare regulations.
  • Quality & Safety: To report adverse events, participate in public health activities, and respond to health emergencies.
  • Research: To use de-identified data for internal quality improvement. We will never use your identifiable information for research without your written consent.

4. Patient Communications & Messaging

Text Messages (SMS/MMS)

We may send text messages for appointment reminders, follow-up instructions, medication reminders, and billing notifications. By providing your mobile number and opting in, you consent to receive these messages. You may opt out at any time by replying STOP or contacting our office. Standard messaging rates may apply.

Important: Text messages are not fully encrypted and may be stored by your mobile carrier. We will never send detailed medical information, diagnoses, or test results via standard SMS. Sensitive health information is only shared through our secure patient portal or encrypted communication channels.

Email Communications

We may send emails regarding appointment confirmations, billing statements, clinic updates, and wellness information. Unencrypted email is not a fully secure communication method. We recommend using our patient portal for sharing sensitive health information. You may opt out of non-essential emails at any time.

Patient Portal Messaging

Our patient portal provides a secure, encrypted channel for communication between you and your care team. Messages sent through the portal are part of your medical record. Response times are typically within 1-2 business days during normal business hours. The portal should not be used for medical emergencies — call 911 for emergencies.

Phone Communications

We may contact you by phone for appointment reminders, test results, care coordination, and billing inquiries. Calls may be recorded for quality assurance and training purposes with prior notice. You may designate an authorized representative to receive calls on your behalf.

Automated Communications

We use automated systems for appointment reminders, prescription refill notifications, and wellness check-ins. These systems comply with the Telephone Consumer Protection Act (TCPA) and Texas Health & Safety Code requirements. You may opt out of automated communications at any time without affecting your care.

5. How We Share Your Information

We do not sell your personal information or Protected Health Information (PHI) under any circumstances.

We may share your information with:

  • Other Healthcare Providers: Physicians, specialists, hospitals, and laboratories involved in your care, as permitted by HIPAA or with your consent.
  • Insurance Companies: For claims processing, pre-authorization, eligibility verification, and payment.
  • Business Associates: Third-party vendors who perform services involving PHI on our behalf (e.g., billing companies, IT providers, email/SMS platforms, cloud storage). All business associates are bound by HIPAA Business Associate Agreements (BAAs).
  • Pharmacies: To transmit prescriptions electronically and coordinate medication management.
  • Health Information Exchanges (HIEs): To facilitate secure exchange of health information with other providers involved in your care, with your consent or as permitted by law.
  • Legal Authorities: When required by law, court order, subpoena, or to protect the safety of patients, staff, or the public.
  • Public Health Agencies: For disease reporting, vital statistics, and public health surveillance as required by law.
  • Workers' Compensation: When required for work-related injury or illness claims.
  • Family & Caregivers: With your verbal or written authorization, or when you are incapacitated and disclosure is in your best interest.

6. HIPAA Compliance

Tejas Clinic is a HIPAA-covered entity. We comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, Security Rule, and Breach Notification Rule. We maintain:

  • A designated Privacy Officer responsible for policy compliance
  • Workforce training on HIPAA requirements (upon hire and annually)
  • Administrative, technical, and physical safeguards for all PHI
  • Business Associate Agreements with all vendors that handle PHI
  • Procedures for breach identification, reporting, and notification
  • A formal complaint process for privacy concerns

You have the right to request a copy of our Notice of Privacy Practices (NPP) at any time by contacting our office or downloading it from our website.

7. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Controls: Role-based access ensures staff can only view information necessary for their job function.
  • Authentication: Multi-factor authentication is required for all systems containing PHI.
  • Monitoring: Continuous logging and monitoring of all system access and activities.
  • Physical Security: Clinic facilities are secured with access controls, surveillance, and visitor management.
  • Incident Response: Documented procedures for identifying, responding to, and reporting security incidents.
  • Vendor Security: Regular security assessments of all third-party service providers.
  • Backup & Recovery: Regular data backups with tested disaster recovery procedures.

While no system is 100% secure, we take every reasonable measure to protect your data from unauthorized access, disclosure, alteration, or destruction.

8. Data Retention

We retain your information in accordance with applicable laws:

  • Medical Records: Retained for a minimum of seven (7) years from the date of last treatment, or longer as required by Texas state law and federal regulations. Records of minors are retained until the patient reaches age 21 or for seven years from the last treatment, whichever is later.
  • Billing Records: Retained for a minimum of seven (7) years per IRS requirements and insurance regulations.
  • Communication Records: Appointment-related messages retained for three (3) years. Patient portal messages are part of the medical record and follow medical record retention policies.
  • Website Data: Analytics and cookie data retained for up to twenty-four (24) months.

You may request deletion of non-medical, non-billing data by contacting our office. Some data cannot be deleted due to legal retention requirements.

9. Your Rights

Under HIPAA, Texas law, and other applicable regulations, you have the right to:

  • Access: Obtain a copy of your medical records in your preferred format (paper or electronic) within 30 days of request.
  • Amendment: Request corrections to inaccurate or incomplete information in your records.
  • Restriction: Request restrictions on certain uses or disclosures of your PHI, including disclosures to your health plan for services you pay for out of pocket in full.
  • Accounting of Disclosures: Receive a list of certain disclosures we have made of your PHI in the past six years.
  • Confidential Communications: Request that we communicate with you through specific means or at specific locations (e.g., only call your cell phone, send mail to a P.O. box).
  • Breach Notification: Be notified within 60 days if a breach of your unsecured PHI occurs.
  • Complaint: File a complaint with our Privacy Officer or the U.S. Department of Health & Human Services Office for Civil Rights if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.
  • Opt-Out: Opt out of non-essential communications, fundraising materials, and marketing messages at any time.

To exercise any of these rights, contact our office in writing or via our patient portal.

10. Telehealth Privacy

When using our telehealth services, the following additional privacy measures apply:

  • Telehealth sessions are conducted through HIPAA-compliant, encrypted video platforms.
  • We do not record telehealth sessions without your explicit consent.
  • You are responsible for ensuring your own environment is private during telehealth visits.
  • Telehealth session metadata (date, time, duration) is part of your medical record.
  • If a telehealth platform experiences a security incident, you will be notified as required by law.

11. Minors & Dependent Privacy

  • For patients under 18, a parent or legal guardian must provide consent for treatment and access to records, except as permitted by Texas law for certain services (e.g., mental health, substance abuse, reproductive health for minors meeting legal criteria).
  • Parents/guardians may access their minor child's records unless restricted by law or a court order.
  • When a minor reaches age 18, control of their medical records transfers to the patient.

12. Cookies & Website Tracking

Our website uses cookies and similar technologies for:

  • Essential Cookies: Required for website functionality (e.g., form submissions, navigation).
  • Analytics Cookies: To understand how visitors use our website and improve performance. We use privacy-respecting analytics that do not track users across websites.

We do not use advertising cookies, retargeting pixels, or sell browsing data to third parties. You may disable cookies in your browser settings, though some website features may not function properly.

13. Third-Party Links & Services

Our website may link to third-party services such as insurance portals, pharmacy websites, lab result portals, or health information resources. We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies before sharing personal information.

14. State-Specific Rights

Texas Residents

Under the Texas Medical Records Privacy Act and Texas Identity Theft Enforcement and Protection Act, you have additional rights including the right to receive notice of a data breach involving your personal information and the right to place a security freeze on your credit report.

Additional State Rights

If you are a resident of a state with additional health data privacy laws (e.g., California CCPA/CPRA, Washington My Health My Data Act), you may have additional rights. Contact our Privacy Officer for state-specific information.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or regulatory guidance. Changes will be posted on this page with an updated effective date. Material changes will be communicated via our patient portal, email, or posted notice in our clinic. Continued use of our services after changes constitutes acceptance.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have a privacy concern:

Tejas Clinic — Privacy Officer 12500 Lebanon Rd., Suite 102, Frisco, TX 75035 Phone: (469) 819-0623 Email: admin@tejasclinic.com