Privacy Policy

Your Privacy is Our Priority

Last Updated: November 4, 2025

Effective Date: January 1, 2025

1. Introduction

ining the confidentiality, integrity, and security of your personal information and Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information in full compliance with HIPAA (Privacy, Security, and Breach Notification Rules, 45 C.F.R. Parts 160 & 164), the Texas Medical Records Privacy Act (Texas Health & Safety Code § 181), the Texas Data Privacy and Security Act (TDPSA, effective July 1, 2024), Texas House Bill 300 (HB 300), and applicable Texas Health and Human Services Commission (HHSC) regulations for Home and Community Support Services Agencies (HCSSAs). By using our website or receiving our services, you agree to the practices described in this Privacy Policy.

2. Scope

This Policy applies to information collected through our website (www.epic-hhc.com), by phone, email, text, forms, and during the provision of home healthcare services. It does not apply to third‑party websites linked from our Site.

3. Defintions

-Protected Health Information (PHI): Individually identifiable health information relating to your condition, care, or payment.

-Personal Data: Information that identifies, relates to, or can reasonably identify an individual (TDPSA).

-Sensitive Data: Health, biometric identifiers, precise geolocation, or information about a child under 13 (TDPSA).

Covered Entity / Business Associate: Terms defined by HIPAA. EPIC is a Covered Entity and engages Business Associates under BAAs.

- Minimum Necessary Rule: We access, use, disclose, and request PHI only to the minimum extent necessary to accomplish the intended purpose.

4. Information We Collect

A. Information You Provide

-Name, address, phone, email.

-Demographics (date of birth, age, gender).

-Medical history, diagnoses, medications, allergies, physician details, treatment and care plans.

-Insurance, billing, and payment information.

-Authorized representative/guardian and emergency contacts.

-Employment information for staff/contractors.

B. Information Collected Automatically (Website)

- IP address, device and browser details, operating system.

-Pages visited, time on page, referring URLs.

-Cookies and similar technologies for security, functionality, and analytics (see Cookies & Tracking).

C. Information from Third Parties

-Referrals from physicians, hospitals, or facilities.

-Insurers/payors for eligibility, authorization, and claims.

-Government/oversight agencies as required by law.

5. How We Use Information

-Treatment: Provide, coordinate, and manage home healthcare and related services; communicate with you, your representatives, and providers.

- Payment: Verify eligibility, process claims, bill and collect payment.

-Healthcare Operations: Quality assessment and improvement, training, accreditation, audits, compliance with HHSC and other regulators.

-Communications: Appointment reminders, care updates, and service notices.

- Legal/Regulatory: Meet federal and state reporting, recordkeeping, safety, and licensure obligations.

-Website/IT: Operate, secure, troubleshoot, and improve our Site and systems; prevent fraud and misuse.

6. Legal Bases/Authorities

-HIPAA for PHI (TPO without authorization as permitted by law).

-TDPSA for non‑PHI personal data collected in Texas.

- Consent where you authorize additional uses/disclosures.

- Legal obligations and vital/public interest where applicable.

7. Disclosures of Information

We may disclose PHI and personal data as follows:

- Treatment: To providers, pharmacies, labs, and other caregivers.

-Payment: To insurers, payors, and clearinghouses for billing and reimbursement.

-Healthcare Operations: For quality, compliance, audits, and management.

-Service Providers/Business Associates: IT, EHR, billing, communications, analytics—bound by contracts (e.g., BAAs) to safeguard PHI and personal data.

-Required by Law: To public health authorities, licensing/oversight bodies, law enforcement, courts, or as otherwise legally mandated.

-Corporate Transactions: In a merger, acquisition, or sale, subject to confidentiality and legal safeguards.

- With Authorization: For uses/disclosures not otherwise permitted by HIPAA or state law. You may revoke authorizations at any time (prospectively).

EPIC does not sell personal data or PHI and does not engage in targeted advertising.

8. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tools to enable secure sessions, analyze performance, and enhance user experience. You can control cookies via browser settings; some features may be limited if disabled. We do not store PHI in cookies.

9. Data Security

We employ administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of personal data and PHI, including access controls, encryption where appropriate, secure hosting, workforce training, auditing, risk assessments, and incident response. No system is completely secure; however, we maintain reasonable and appropriate security practices for a compliance‑first healthcare organization.

10. Data Retention

We retain information only as long as necessary for care delivery, legal/regulatory obligations (including HHSC and Texas Health & Safety Code § 181), operations, and dispute resolution. Thereafter, we securely destroy or de‑identify data in accordance with our policies, HIPAA, and Texas rules.

11. Texas Data Privacy and Security Act (TDPSA) Rights (Non‑PHI)

Texas residents have the following rights regarding personal (non‑PHI) data:

- Right to Access: Confirm and obtain a copy of personal data we process.

-Right to Correct: Request correction of inaccuracies.

-Right to Delete: Request deletion of personal data collected from or about you.

-Right to Data Portability: Receive a portable, machine‑readable copy.

- Right to Opt Out: Object to processing for targeted advertising, sale, or profiling producing legal or similarly significant effects.

-Right to Opt In for Sensitive Data: We do not process sensitive personal data without your express consent.

-Right Against Discrimination: No retaliation for exercising TDPSA rights.

-Right to Appeal: Appeal denials and, if unresolved, complain to the Texas Attorney General.

Submitting Requests: Email info@epic-hhc.com or write to our Privacy Officer (see Contact Us). We respond within 45 days (with one 45 day extension if reasonably necessary). Beginning January 1, 2025, we honor recognized Universal Opt Out Mechanisms (UOOMs) where required.

12. Texas HB 300 – Breach Notification

We comply with HIPAA and Texas breach‑notification rules, including:

-Notice to affected individuals without unreasonable delay and no later than 60 days after discovery of a breach of unsecured PHI.

-Notice to the Texas Attorney General if a breach affects 250 or more Texas residents within 30 days of discovery.

-Notices will include required elements and mitigation steps.

13. Your HIPAA Rights (PHI)

Subject to certain exceptions, you have the right to:

-Access and obtain copies of your PHI.

-Request amendments to incorrect/incomplete PHI.

-Request restrictions on certain uses/disclosures (we will consider and accommodate where feasible).

-Request confidential communications (alternate means or locations).

-Receive an accounting of certain disclosures.

-Revoke authorizations at any time to the extent permitted by law.

-Receive notice of breaches of unsecured PHI when required.

Requests must be submitted in writing to our Privacy Officer. We generally respond within 30 days under HIPAA (and 15 days under Texas law for certain records).

14. Employee and Contractor Compliance

All EPIC workforce members and contractors complete HIPAA and Texas privacy training within 90 days of hire and at regular intervals thereafter, consistent with HB 300. Confidentiality agreements and disciplinary processes support compliance.

15. Children's Privacy

We do not knowingly collect information from children under 13 without verified parental/guardian consent. If we learn such data was collected inadvertently, we will promptly delete it.

16. Links to Other Websites

Our Site may link to external websites. EPIC is not responsible for their content or privacy practices. Please review third‑party privacy policies before providing personal information.

17. Changes to This Policy

st revision. Continued use of our Site or services after changes constitutes acceptance.

18. Contact Us

Privacy Officer: Faisal Malik

Address: 4740 14th St T-320, Plano, TX 75074

Phone: (469) 540-0266

Email: info@epic-hhc.com

For unresolved privacy concerns, you may contact:

U.S. Department of Health and Human Services Office for Civil Rights

200 Independence Avenue SW, Washington, DC 20201

https://www.hhs.gov/ocr/privacy/hipaa/complaints

19. Non Discrimination

EPIC Home Healthcare complies with Section 1557 of the Affordable Care Act and does not discriminate based on race, color, national origin, age, disability, or sex in its programs or activities.

20. Acknowledgment

By using our website or receiving our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

EPIC HOME HEALTHCARE

Your Privacy is Our Priority

Website: www.epic-hhc.com
Last Updated: [Insert Date]
Effective Date: [Insert Date]

1. Introduction

At EPIC Home Healthcare (“EPIC,” “we,” “us,” or “our”), your privacy is our priority. We are dedicated to maintaining the confidentiality, integrity, and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with:

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA);
  • The Texas Medical Records Privacy Act (Texas Health & Safety Code §181);
  • The Texas Data Privacy and Security Act (TDPSA) (effective July 1, 2024);
  • Texas House Bill 300 (HB 300);
  • And all Texas Health and Human Services Commission (HHSC) regulations for Home and Community Support Services Agencies (HCSSAs).

By using our website or receiving our services, you consent to this Privacy Policy.

2. Scope

This Policy applies to all data collected through our website, phone, email, text, forms, and in-person during home-health services. It does not apply to third-party websites linked from our site.

3. Definitions

  • Protected Health Information (PHI): Health information that identifies you and relates to your condition, treatment, or payment.
  • Personal Data: Data that identifies or can reasonably identify an individual under TDPSA.
  • Sensitive Data: Includes health, biometric, geolocation, and children’s data.
  • Covered Entity: A healthcare provider like EPIC subject to HIPAA.
  • Business Associate: A vendor who performs functions involving PHI under a signed Business Associate Agreement (BAA).
  • Minimum Necessary Rule: We only access or disclose PHI as minimally necessary for legitimate purposes.

4. Information We Collect

A. Information You Provide

  • Name, contact details, address, and email;
  • Demographic data (date of birth, gender, age);
  • Health information, medications, physician data, treatment plans;
  • Insurance and billing details;
  • Authorized representative contacts;
  • Employment or contractor details for staff.

B. Information Collected Automatically

  • IP address, device identifiers, browser type, operating system;
  • Pages visited, time spent, and referral URLs;
  • Cookies and analytics data to improve security and usability.

C. Information from Third Parties

  • Referrals from physicians, hospitals, or facilities;
  • Insurance payors or government health agencies as required by law.

5. Purpose of Use

  • Provide, coordinate, and manage healthcare;
  • Process billing and insurance claims;
  • Perform quality assurance, compliance audits, and accreditation;
  • Communicate appointment and service updates;
  • Comply with HHSC and legal requirements;
  • Maintain website security and operations.

6. Legal Bases

  • HIPAA: Treatment, Payment, and Healthcare Operations (TPO);
  • TDPSA: Consumer privacy for non-HIPAA data;
  • Consent: When you authorize specific use;
  • Legal Obligation: When required by law or court order.

7. Disclosures of Information

  • To physicians, providers, pharmacies, and labs for coordinated care;
  • To insurers or payors for billing;
  • To business associates under BAA contracts;
  • To law enforcement or regulators when required by law;
  • To public health authorities for mandated reporting;
  • With your authorization for disclosures not otherwise permitted.

We do not sell or lease any personal or health information.

8. Data Security

EPIC employs industry-standard administrative, technical, and physical safeguards to protect data integrity and confidentiality. Measures include encryption, secure servers, access controls, privacy training, audits, and incident-response planning.

9. Data Retention

Information is retained only as long as required for treatment, legal, or compliance purposes. After retention expires, records are securely destroyed or de-identified according to HHSC and HIPAA regulations.

10. Cookies & Tracking

We use cookies to operate securely, analyze performance, and enhance usability. You can disable cookies in your browser, though some features may not work properly. We never store PHI in cookies.

11. Texas Data Privacy and Security Act (TDPSA)

Effective July 1, 2024, Texas residents have these rights concerning personal (non-PHI) data:

  • Right to Access – Obtain confirmation and copies of your data.
  • Right to Correct – Correct inaccurate personal data.
  • Right to Delete – Request deletion of personal data collected from or about you.
  • Right to Data Portability – Receive data in a portable, machine-readable format.
  • Right to Opt-Out – Object to processing for targeted ads, sale, or profiling.
  • Right to Opt-In – Provide explicit consent for processing sensitive data.
  • Right Against Discrimination – No retaliation for exercising your rights.

Submit TDPSA requests to privacy@epic-hhc.com or by mail (see Section 18). We will respond within 45 days (plus one 45-day extension if necessary).

We will recognize browser-based Universal Opt-Out Mechanisms (UOOMs) beginning January 1, 2025, as required by TDPSA.

12. Texas HB 300 – Breach Notification

EPIC follows Texas HB 300 and HIPAA breach rules:

  • Notify affected individuals within 60 days of discovery;
  • Notify the Texas Attorney General within 30 days if 250 or more Texans are affected;
  • Include details on the breach nature, data affected, and corrective measures.

13. Your HIPAA Rights

  • Access and obtain copies of your PHI;
  • Request corrections or amendments;
  • Request restrictions on disclosure;
  • Request confidential communications;
  • Receive an accounting of disclosures;
  • Revoke prior authorizations;
  • Receive notice of any breach of unsecured PHI.

14. Employee & Contractor Compliance

All EPIC staff and contractors complete HIPAA and Texas HB 300 privacy training within 90 days of hire and regular refresher sessions. Each is bound by strict confidentiality agreements.

15. Children’s Privacy

We do not knowingly collect data from children under 13 without verified parental consent. If inadvertently collected, we will promptly delete it.

16. Links to Other Websites

Our site may link to other sites. EPIC is not responsible for their content or privacy practices. Review their policies before sharing personal data.

17. Policy Updates

This Privacy Policy may change to reflect legal or operational updates. The “Last Updated” date above indicates the most recent version. Continued use of our site or services constitutes acceptance.

18. Contact Us

Privacy Officer – EPIC Home Healthcare
[Insert Full Address]
Plano, Texas [ZIP Code]
Phone: [Insert Phone Number]
Email: privacy@epic-hhc.com

For unresolved privacy issues, contact the U.S. Department of Health and Human Services – Office for Civil Rights
200 Independence Avenue SW, Washington DC 20201
www.hhs.gov/ocr/privacy/hipaa/complaints

19. Non-Discrimination Notice

EPIC Home Healthcare complies with Section 1557 of the Affordable Care Act and does not discriminate based on race, color, national origin, age, disability, or sex in its programs or activities.

20. Acknowledgment

By using this website or our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

EPIC HOME HEALTHCARE
Your Privacy is Our Priority.

Epic Suites, 4740 14th St T-320,
Plano, Texas, 75074E-mail: info@epic-hhc.comDirect Line: (469) 991-2920
Admin Line: (469) 540-0266
Fax Number: (469) 409-4060
FacebookInstagramLinkedIn
HomeAboutServicesTeamFAQPaying For CareBlogCareersContact Privacy Policy
Epic Home Healthcare connects families and individuals with compassionate, high-quality home care services and the resources they need to make informed decisions about their loved ones’ care. The material on this website is provided for informational purposes only. Epic Home Healthcare does not provide medical advice, diagnosis, or treatment; or legal, financial, or any other professional services advice.
© Epic Home Healthcare. All Rights Reserved.
Powered by Pinn.Media