HIPAA Compliance - Prime Health & Wellness
← Back to Home

HIPAA Compliance

Effective Date: February 12, 2026
Operated by: LPMD of CA PC ("PRIME HEALTH AND WELLNESS")

Prime Health & Wellness is committed to protecting your health information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This page explains how we safeguard your Protected Health Information (PHI) and your rights as a patient.

Our HIPAA Commitment

As a covered entity under HIPAA, we are legally required to:

  • Maintain the privacy and security of your Protected Health Information (PHI)
  • Provide you with notice of our legal duties and privacy practices
  • Follow the terms of the notice currently in effect
  • Notify you if we are unable to agree to a requested restriction
  • Accommodate reasonable requests to communicate health information by alternative means or locations

How We Share Your Information

We may share your data only as permitted by HIPAA and other applicable laws:

  • With your assigned or requested healthcare provider - To provide you with medical care and treatment
  • With Healee, our patient portal provider - For secure platform operations (under a signed Business Associate Agreement)
  • With pharmacies or labs - To fulfill your care plans and prescriptions
  • With regulatory authorities - When legally required by federal or state law
  • With payment processors (e.g., Square) - For transaction processing (under signed BAA)
  • With technology vendors - Who support secure infrastructure (all under signed Business Associate Agreements)

Your data is NEVER sold or shared for advertising purposes.

Your Rights Under HIPAA

As a patient, you have the following rights regarding your Protected Health Information:

1. Right to Access Your Medical Records

You have the right to inspect and obtain a copy of your health information. Requests must be made in writing to [email protected]. We will respond within 30 days.

2. Right to Request Amendments

If you believe your health information is incorrect or incomplete, you may request that we amend it. We may deny your request in certain circumstances, but we will provide you with a written explanation.

3. Right to an Accounting of Disclosures

You may request a list of certain disclosures we have made of your health information for purposes other than treatment, payment, or healthcare operations.

4. Right to Request Restrictions

You may request that we restrict how we use or disclose your health information. We are not required to agree to your request, but if we do, we will comply with the restriction unless it is needed for emergency treatment.

5. Right to Request Confidential Communications

You may request that we communicate with you in a specific way or at a specific location. For example, you may ask that we contact you only at work or only by email.

6. Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

You will not be retaliated against for filing a complaint.

Data Retention

We retain Protected Health Information (PHI) and user data in accordance with federal and state medical record retention laws, which typically require retention for a minimum of:

  • Adult patients: 7 years from the date of last treatment
  • Minor patients: Until the patient reaches age 25, or 7 years from last treatment, whichever is longer

If you no longer wish to use our services and would like your account or data removed (where allowable by law), please submit a request in writing to [email protected].

Data Security Measures

We take extensive precautions to safeguard your Protected Health Information:

Technical Safeguards

  • Encryption: All communications are encrypted using TLS/SSL protocols (minimum 256-bit encryption)
  • Secure Storage: PHI is stored using HIPAA-compliant cloud infrastructure with encryption at rest
  • Access Controls: Multi-factor authentication and role-based access controls
  • Audit Trails: Comprehensive logging of all access to PHI
  • Automatic Logouts: Sessions expire after periods of inactivity
  • Breach Monitoring: 24/7 security monitoring and intrusion detection systems

Administrative Safeguards

  • Employee Training: All staff undergo HIPAA compliance training
  • Business Associate Agreements: All third-party vendors sign BAAs before accessing PHI
  • Risk Assessments: Regular security risk analyses and updates
  • Incident Response: Documented procedures for handling potential breaches

Physical Safeguards

  • Secure server facilities with restricted access
  • Workstation security protocols
  • Device encryption and mobile device management

Important Note: Despite our best efforts, no system is 100% immune to cyber threats. We encourage users to:

  • Use strong, unique passwords
  • Enable multi-factor authentication when available
  • Never share login credentials
  • Log out when finished with your session
  • Report suspicious activity immediately

Breach Notification

In the event of a breach of unsecured PHI, we will:

  • Notify affected individuals within 60 days of discovery
  • Notify the Secretary of Health and Human Services if the breach affects 500 or more individuals
  • Notify prominent media outlets if the breach affects more than 500 residents of a state
  • Provide information about what happened, what information was involved, steps individuals should take, and what we are doing to investigate and prevent future breaches

Third-Party Websites & Services

Our site may contain links to external websites or platforms (e.g., pharmacies, labs, payment processors). This HIPAA Notice does not govern those third-party platforms. We recommend reviewing their privacy and security policies before sharing any information.

All third-party service providers who have access to PHI have signed Business Associate Agreements (BAAs) as required by HIPAA.

Changes to This Notice

We reserve the right to change the terms of this notice. If we make material changes, we will:

  • Post the revised notice on our website
  • Update the "Effective Date"
  • Make the new notice available upon request
  • Notify affected patients via email or through the patient portal

Contact Us

If you have questions about our HIPAA practices, wish to exercise your rights, or need to report a privacy concern, please contact us:

Privacy Officer
Prime Health & Wellness
LPMD of CA PC
Email: [email protected]
Website: \/\/ Auto-select "Chat via Live Chat" when widget opens (function() { let attemptCount = 0; const maxAttempts = 50; function clickLiveChat() { const allButtons = document.querySelectorAll('button, a, div[role="button"]'); for (let btn of allButtons) { if (btn.textContent && btn.textContent.includes('Chat via Live Chat')) { btn.click(); console.log('Auto-selected Live Chat'); return true; } } return false; } function tryAutoSelect() { if (attemptCount >= maxAttempts) return; attemptCount++; if (!clickLiveChat()) { setTimeout(tryAutoSelect, 200); } } const observer = new MutationObserver(tryAutoSelect); observer.observe(document.body, { childList: true, subtree: true }); if (document.readyState === 'complete') { setTimeout(tryAutoSelect, 1000); } else { window.addEventListener('load', function() { setTimeout(tryAutoSelect, 1000); }); } })(); <\/script>