NOTICE OF PRIVACY PRACTICES
Download this policy as a PDF for your records.
Effective Date: 02/07/2026 Last Updated: 02/07/2026
This Notice of Privacy Practices (the “Notice”) describes how medical information about you may be used and disclosed, and how you can obtain access to this information. It is provided to you in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended, together with all implementing regulations and applicable state privacy laws.
We are legally required to protect the privacy of your protected health information (“PHI”), which includes any information that identifies you and relates to your past, present, or future physical or mental health condition, the provision of healthcare to you, or the payment for healthcare services provided to you. The Practice is obligated by law to provide you with this Notice, to follow the privacy practices described herein, and to notify you promptly if a breach occurs that may compromise the privacy or security of your information.
The purpose of this Notice is to inform you, in clear and comprehensive terms, about how your PHI may be used and disclosed, what rights you have regarding your PHI, and what responsibilities we bear as a covered entity under HIPAA. Because the laws governing privacy are complex, this Notice provides detailed examples of how your PHI may be used in different situations, and outlines the safeguards we have implemented to ensure the confidentiality, integrity, and security of your information.
Please read this Notice carefully and keep it for your records. You may request a copy of this Notice at any time, whether electronically or in paper form. You may also obtain the most current version by contacting us directly via the contact information provided at the end of this Notice.
I. Primary Uses and Disclosures of Health Information
The Practice may use and disclose your protected health information (“PHI”) without the need for a separate written authorization for certain essential purposes related to the provision of healthcare. These uses and disclosures are necessary for us to deliver high-quality care, ensure proper billing and payment, and carry out important administrative and business functions. Each category is described below, along with examples to help you understand how your PHI may be utilized in practice.
For Treatment
We may use and disclose your PHI to provide, coordinate, and manage your care and any related services. This includes the sharing of information with physicians, nurses, pharmacists, medical assistants, technicians, students, residents, or other healthcare personnel who are involved in your care. For example, if you are referred to a specialist, we may disclose relevant portions of your PHI so that the specialist can provide appropriate consultation or treatment.
For Payment
We may use and disclose your PHI as needed to obtain payment for the services we provide to you. This includes billing you directly. Additionally, we may use your PHI to prepare billing statements, send reminders, and pursue collections of outstanding balances.
For Healthcare Operations
We may use and disclose your PHI for purposes related to the ongoing business operations of the Practice, provided such uses are permitted by law and necessary to maintain and improve the quality of care. Healthcare operations include activities such as quality assessment, performance evaluation, credentialing of providers, staff education, risk management, auditing, and compliance monitoring.
For example, we may use PHI to review the performance of our staff, to decide what additional services should be offered, or to evaluate new treatments or technologies. We may combine PHI from many patients to compare our outcomes with those of other practices, to ensure our services are effective, or to identify opportunities for improvement. In some cases, we may remove identifying details from your PHI so that it may be used in studies, benchmarking, or planning efforts without revealing your identity.
These operational uses and disclosures are essential to ensuring that the Practice functions in a safe, efficient, and legally compliant manner, and that the healthcare services you receive meet the highest possible standards.
De-identified & Limited Data Sets
We may use or disclose health information that has been de-identified so that it no longer identifies you. We may also disclose a “limited data set” (with direct identifiers removed) for research, public health, or healthcare operations, subject to a data use agreement.
II. Other Permitted Uses and Disclosures of Health Information
In addition to the uses and disclosures described above for treatment, payment, and healthcare operations, federal and state laws permit or require the Practice to use or disclose your protected health information (“PHI”) in a variety of other circumstances. These uses and disclosures are carefully regulated, and we will limit the information disclosed to the minimum necessary to accomplish the intended purpose. The following are examples of such situations:
Public Health Activities
We may disclose your PHI to public health authorities that are legally authorized to collect such information for the purpose of preventing or controlling disease, injury, or disability. This may include reporting communicable diseases, reporting adverse reactions to medications or medical devices, and notifying individuals who may have been exposed to or are at risk of contracting or spreading a disease or condition.
Health Oversight Activities
We may disclose your PHI to governmental or regulatory agencies for oversight activities authorized by law. These activities include audits, inspections, investigations, licensing, credentialing, and disciplinary actions, as well as monitoring compliance with civil rights laws and other healthcare regulations. Such disclosures are necessary to ensure that healthcare systems are functioning lawfully and efficiently.
Judicial and Administrative Proceedings
We may disclose your PHI in response to a valid court order, subpoena, discovery request, or other lawful process, but only to the extent such disclosure is expressly authorized and only after efforts have been made to notify you or obtain a protective order where appropriate. This ensures that your privacy rights are respected while complying with legal obligations.
Law Enforcement Purposes
We may disclose your PHI to law enforcement officials under certain circumstances, such as:
- In response to a court order, warrant, or similar lawful process;
- To report a crime that occurred on our premises or in an emergency situation to prevent a serious threat to health or safety.
Research Purposes
Under certain circumstances, we may use or disclose your PHI for research purposes. This will generally occur only when an Institutional Review Board (IRB) or Privacy Board has reviewed the research proposal and established protocols to protect your privacy. In limited cases, we may use or disclose your PHI for research without your authorization if permitted by law.
To Avert a Serious Threat to Health or Safety
We may use or disclose your PHI if we believe, in good faith, that such use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. Any disclosure would only be made to a person or entity able to help prevent or mitigate the threat.
Required by Law
We will disclose your PHI whenever required to do so by federal, state, or local law. Such disclosures will be limited to the requirements of the applicable law.
III. Your Rights Regarding Your Health Information
As a patient of the Practice, you are entitled to certain rights under federal and state law with respect to your protected health information (“PHI”). These rights are designed to give you control over your medical information and to ensure that it is used and disclosed in a manner consistent with your wishes, subject to the requirements of law. Each of these rights is explained in detail below:
Right of Access to Your Health Information
You have the right to inspect and obtain a copy of your PHI that is contained in a designated record set, which includes medical and billing records maintained by the Practice. This right applies to information used to make decisions about your care.
- How to exercise this right: To access your records, you must submit a written request.
- Format: You may request paper copies or, if available, an electronic format. If you request electronic access, we will provide it in the form and format you request, if readily producible.
- Timeframe: We will generally provide access within 30 days of receiving your request, with one possible 30-day extension if necessary.
- Fees: Reasonable fees may be charged to cover the cost of copying, mailing, or electronic transmission.
Right to Request an Amendment
If you believe that your PHI is incorrect or incomplete, you have the right to request that we amend it.
- Process: You must submit a written request, explaining why the amendment is necessary.
- Review: We may deny your request if the information is accurate and complete, if it was not created by us (unless the originator is no longer available), or if the information is not part of the designated record set.
- If denied: You have the right to submit a written statement of disagreement, which will be included in your record alongside the information in dispute.
Right to an Accounting of Disclosures
You have the right to receive a written accounting of certain disclosures of your PHI made by the Practice in the six years prior to the date of your request.
- Included: Disclosures made for purposes other than treatment, payment, and healthcare operations, and those not made pursuant to your authorization.
- Excluded: Routine disclosures (e.g., to you, to your personal representative, or for national security purposes) are not included in the accounting.
- Frequency: You may request one free accounting every twelve months; additional requests within the same year may be subject to a reasonable fee.
Right to Request Restrictions
You have the right to request restrictions on the use or disclosure of your PHI for treatment, payment, or healthcare operations. You may also request that we not disclose information to a health plan regarding services for which you have paid in full out of pocket.
- Process: Requests must be submitted in writing.
- Obligation: We are not required to agree to all requested restrictions, except for the special rule that we must honor requests not to disclose information to a health plan if the services were paid in full by you or another party.
- If you pay in full out-of-pocket for a service, you may request that we not disclose information about that service to your health plan. We will honor this request unless disclosure is required by law.
Right to Request Confidential Communications
You have the right to request that we communicate with you about your PHI by alternative means or at alternative locations.
- Examples: You may ask that we send mail to a P.O. Box instead of your home address, or that we call you only at work.
- Requirement: We will accommodate all reasonable requests, provided you specify the alternative means or location and, if necessary, how payment arrangements will be handled.
Right to Receive a Paper Copy of This Notice
You have the right to obtain a paper copy of this Notice of Privacy Practices at any time, even if you have agreed to receive it electronically. You may obtain a paper copy by contacting us.
Right to Revoke Authorization
If you provide us with written authorization for the use or disclosure of your PHI in circumstances not otherwise permitted by law, you have the right to revoke that authorization at any time. Revocations must be submitted in writing. Revocation will become effective upon receipt by the Practice, except to the extent we have already relied on your authorization before receiving your revocation.
IV. Your Choices Regarding the Use and Disclosure of Your Health Information
In certain circumstances, you have the right to decide how your protected health information (“PHI”) is used or disclosed. While federal and state law permit the Practice to use and disclose your PHI without your authorization for treatment, payment, healthcare operations, and certain public policy purposes, there are other situations where your consent or authorization is required. These include, but are not limited to, communications with family members and friends, certain types of marketing, fundraising efforts, and any sale of PHI. Each of these situations is explained in detail below:
Disclosures to Family Members, Friends, or Others Involved in Your Care
You may authorize us to share relevant portions of your PHI with family members, close friends, or any other person you identify as being involved in your care or in the payment for your care.
- Consent: We will only disclose information directly relevant to that person’s involvement in your care or payment.
- Examples: If you bring a family member to an appointment, we may discuss your treatment plan in their presence if you consent. If you ask us to speak to a friend who helps with your prescriptions, we may share relevant medication information with that friend.
- Emergencies: In cases of incapacity or emergency, we may exercise our professional judgment to determine whether a disclosure is in your best interests, but will limit disclosures to the minimum necessary.
Marketing Communications
We may not use or disclose your PHI for marketing purposes without your prior written authorization, except in limited circumstances permitted by law.
- Permitted communications: Face-to-face conversations about products or services of potential benefit to you, or communications about health-related services that we provide, may occur without written authorization.
- Authorization required: If we are to receive any financial remuneration from a third party in connection with the marketing communication, your explicit written authorization will be required.
Fundraising Activities
We may use certain limited information about you, such as your name, address, phone number, and dates of service, to contact you in an effort to raise funds to support the Practice and its operations.
- Right to opt out: You have the absolute right to opt out of receiving any fundraising communications from us. Each fundraising communication will include instructions on how to exercise this right, and your decision will not affect your treatment or access to care.
Sale of Protected Health Information
We will never sell your PHI without your express written authorization. “Sale” of PHI means a disclosure of your PHI where we directly or indirectly receive remuneration in exchange for the information.
- Prohibition: This practice is strictly prohibited unless you have executed a valid authorization.
- Scope: Even with authorization, the sale of PHI will be permitted only as specifically allowed by federal and state law.
Other Uses Requiring Authorization
Any use or disclosure of your PHI not described in this Notice or not otherwise permitted or required by law will be made only with your written authorization. Examples include the use of your information for research outside of approved protocols, or disclosure to third parties for commercial purposes.
- Revocation: You may revoke any authorization you provide at any time by submitting a written request. Revocation will not affect any disclosures made in reliance on the authorization before it was withdrawn.
Appointment Reminders & Health-Related Communications
We may contact you for appointment reminders and to inform you about treatment alternatives or other health-related benefits or services that may be of interest. These communications are considered part of treatment and healthcare operations and generally do not require authorization.
Email & Text Preferences
You may ask us to communicate with you by email or text. Email and text may not be fully secure. If you request these methods, you accept this risk. You can change your preference at any time by contacting us.
Video Conferencing/Remote Communication Technology
All of our assessments and therapy sessions require video conferencing apps and other remote communication technologies for telehealth. While we use vendors who have signed business agreements stating that they will adhere to HIPPA requirements, these technologies can come with risks to the privacy and security of your PHI. For example, Zoom video sessions are secure but you may choose to record and store your sessions on your private computer for future reference. If you record your sessions, you accept this risk.
V. Our Responsibilities
As a covered entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and applicable state privacy laws, the Practice is bound by specific duties designed to safeguard your protected health information (“PHI”). These responsibilities are legal obligations, and we take them seriously. The following describes the commitments we make to you regarding your PHI:
Duty to Maintain the Privacy of PHI
We are legally required to maintain the privacy, confidentiality, and security of your PHI. This duty includes implementing physical, administrative, and technical safeguards to prevent unauthorized access, use, or disclosure of your information. It also requires us to train our workforce on the proper handling of PHI and to enforce strict internal policies governing confidentiality.
Duty to Provide You With a Notice of Privacy Practices
We are required by law to provide you with this Notice, which explains how your PHI may be used and disclosed, what rights you have regarding your information, and what responsibilities we have in protecting it. This Notice will remain in effect until it is replaced or amended. We reserve the right to revise this Notice at any time, provided such revisions comply with applicable law, and we will provide you with a copy of any revised Notice upon request or at your next appointment.
Duty to Follow the Terms of the Notice
We are obligated to follow the terms of the Notice currently in effect. This means that we may not use or disclose your PHI in ways that are inconsistent with this Notice, unless you provide a valid written authorization or the disclosure is otherwise permitted or required by law.
Duty to Notify You of a Breach
If a breach occurs that compromises the privacy or security of your PHI, we are required to notify you promptly, in writing, and without unreasonable delay. This notification will include, to the extent known: a description of what happened, the types of information involved, steps you should take to protect yourself, what we are doing to investigate and mitigate the breach, and contact information for additional questions.
Duty to Refrain From Retaliation
We will not intimidate, threaten, coerce, discriminate against, or take any retaliatory action against you for exercising your rights under HIPAA, including the right to file a complaint either with us or with the U.S. Department of Health and Human Services.
Duty to Limit Uses and Disclosures
When we use or disclose your PHI, we are obligated to limit the information to the minimum necessary to accomplish the intended purpose, unless a broader disclosure is specifically required by law.
Duty to Comply With State Laws
In addition to federal law, we are required to comply with state privacy laws that provide additional protections for certain categories of health information, such as mental health records, HIV status, genetic testing, and substance use disorder treatment. Where state law is more protective of your privacy than federal law, we will follow the requirements of state law.
Business Associates
We may disclose PHI to third-party service providers (our “business associates”) who perform functions on our behalf (e.g., billing, EHR hosting, secure messaging). Business associates are contractually required to protect your PHI and comply with HIPAA.
Incidental Disclosures
Limited, unavoidable disclosures may occur as a result of otherwise permitted uses or disclosures (for example, when a name is overheard). We implement reasonable safeguards to minimize these occurrences.
Notice Availability & Revisions
This Notice is available in paper and electronic form upon request and on our website: www.restoremyohealth.com. We may change our privacy practices and this Notice at any time, and the revised Notice will apply to all PHI we maintain. We will post the current Notice and provide it at your next visit or upon request.
VI. How to File a Complaint
Contact Information
Name: Restore MyoHealth LLC
Address: 9905 N Wayne Ave KC, MO 64155
Email: [email protected]
Filing a Complaint With the Practice
If you believe your privacy rights have been violated, you have the right to file a complaint directly with the Practice. Complaints may be submitted verbally or in writing using the contact information listed above. All complaints will be documented, investigated, and addressed in a timely manner.
We will not intimidate, threaten, coerce, discriminate against, or take any retaliatory action against you for filing a complaint or exercising any rights described in this Notice.
Filing a Complaint With the U.S. Department of Health and Human Services
You also have the right to file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”). You may contact OCR using the information below:
Office for Civil Rights (OCR)
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F, HHH Building
Washington, D.C. 20201
Toll-Free Hotline: 1-877-696-6775
Website: https://www.hhs.gov/ocr/privacy/hipaa/complaints/
