Privacy Policy

Your Privacy is Our Priority

Last Updated: November 4, 2025

Effective Date: January 1, 2025

1. Introduction

ining the confidentiality, integrity, and security of your personal information and Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information in full compliance with HIPAA (Privacy, Security, and Breach Notification Rules, 45 C.F.R. Parts 160 & 164), the Texas Medical Records Privacy Act (Texas Health & Safety Code § 181), the Texas Data Privacy and Security Act (TDPSA, effective July 1, 2024), Texas House Bill 300 (HB 300), and applicable Texas Health and Human Services Commission (HHSC) regulations for Home and Community Support Services Agencies (HCSSAs). By using our website or receiving our services, you agree to the practices described in this Privacy Policy.

2. Scope

This Policy applies to information collected through our website (www.epic-hhc.com), by phone, email, text, forms, and during the provision of home healthcare services. It does not apply to third‑party websites linked from our Site.

3. Defintions

-Protected Health Information (PHI): Individually identifiable health information relating to your condition, care, or payment.

-Personal Data: Information that identifies, relates to, or can reasonably identify an individual (TDPSA).

-Sensitive Data: Health, biometric identifiers, precise geolocation, or information about a child under 13 (TDPSA).

Covered Entity / Business Associate: Terms defined by HIPAA. EPIC is a Covered Entity and engages Business Associates under BAAs.

- Minimum Necessary Rule: We access, use, disclose, and request PHI only to the minimum extent necessary to accomplish the intended purpose.

4. Information We Collect

A. Information You Provide

-Name, address, phone, email.

-Demographics (date of birth, age, gender).

-Medical history, diagnoses, medications, allergies, physician details, treatment and care plans.

-Insurance, billing, and payment information.

-Authorized representative/guardian and emergency contacts.

-Employment information for staff/contractors.

B. Information Collected Automatically (Website)

- IP address, device and browser details, operating system.

-Pages visited, time on page, referring URLs.

-Cookies and similar technologies for security, functionality, and analytics (see Cookies & Tracking).

C. Information from Third Parties

-Referrals from physicians, hospitals, or facilities.

-Insurers/payors for eligibility, authorization, and claims.

-Government/oversight agencies as required by law.

5. How We Use Information

-Treatment: Provide, coordinate, and manage home healthcare and related services; communicate with you, your representatives, and providers.

- Payment: Verify eligibility, process claims, bill and collect payment.

-Healthcare Operations: Quality assessment and improvement, training, accreditation, audits, compliance with HHSC and other regulators.

-Communications: Appointment reminders, care updates, and service notices.

- Legal/Regulatory: Meet federal and state reporting, recordkeeping, safety, and licensure obligations.

-Website/IT: Operate, secure, troubleshoot, and improve our Site and systems; prevent fraud and misuse.

6. Legal Bases/Authorities

-HIPAA for PHI (TPO without authorization as permitted by law).

-TDPSA for non‑PHI personal data collected in Texas.

- Consent where you authorize additional uses/disclosures.

- Legal obligations and vital/public interest where applicable.

7. Disclosures of Information

We may disclose PHI and personal data as follows:

- Treatment: To providers, pharmacies, labs, and other caregivers.

-Payment: To insurers, payors, and clearinghouses for billing and reimbursement.

-Healthcare Operations: For quality, compliance, audits, and management.

-Service Providers/Business Associates: IT, EHR, billing, communications, analytics—bound by contracts (e.g., BAAs) to safeguard PHI and personal data.

-Required by Law: To public health authorities, licensing/oversight bodies, law enforcement, courts, or as otherwise legally mandated.

-Corporate Transactions: In a merger, acquisition, or sale, subject to confidentiality and legal safeguards.

- With Authorization: For uses/disclosures not otherwise permitted by HIPAA or state law. You may revoke authorizations at any time (prospectively).

EPIC does not sell personal data or PHI and does not engage in targeted advertising.

8. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tools to enable secure sessions, analyze performance, and enhance user experience. You can control cookies via browser settings; some features may be limited if disabled. We do not store PHI in cookies.

9. Data Security

We employ administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of personal data and PHI, including access controls, encryption where appropriate, secure hosting, workforce training, auditing, risk assessments, and incident response. No system is completely secure; however, we maintain reasonable and appropriate security practices for a compliance‑first healthcare organization.

10. Data Retention

We retain information only as long as necessary for care delivery, legal/regulatory obligations (including HHSC and Texas Health & Safety Code § 181), operations, and dispute resolution. Thereafter, we securely destroy or de‑identify data in accordance with our policies, HIPAA, and Texas rules.

11. Texas Data Privacy and Security Act (TDPSA) Rights (Non‑PHI)

Texas residents have the following rights regarding personal (non‑PHI) data:

- Right to Access: Confirm and obtain a copy of personal data we process.

-Right to Correct: Request correction of inaccuracies.

-Right to Delete: Request deletion of personal data collected from or about you.

-Right to Data Portability: Receive a portable, machine‑readable copy.

- Right to Opt Out: Object to processing for targeted advertising, sale, or profiling producing legal or similarly significant effects.

-Right to Opt In for Sensitive Data: We do not process sensitive personal data without your express consent.

-Right Against Discrimination: No retaliation for exercising TDPSA rights.

-Right to Appeal: Appeal denials and, if unresolved, complain to the Texas Attorney General.

Submitting Requests: Email info@epic-hhc.com or write to our Privacy Officer (see Contact Us). We respond within 45 days (with one 45 day extension if reasonably necessary). Beginning January 1, 2025, we honor recognized Universal Opt Out Mechanisms (UOOMs) where required.

12. Texas HB 300 – Breach Notification

We comply with HIPAA and Texas breach‑notification rules, including:

-Notice to affected individuals without unreasonable delay and no later than 60 days after discovery of a breach of unsecured PHI.

-Notice to the Texas Attorney General if a breach affects 250 or more Texas residents within 30 days of discovery.

-Notices will include required elements and mitigation steps.

13. Your HIPAA Rights (PHI)

Subject to certain exceptions, you have the right to:

-Access and obtain copies of your PHI.

-Request amendments to incorrect/incomplete PHI.

-Request restrictions on certain uses/disclosures (we will consider and accommodate where feasible).

-Request confidential communications (alternate means or locations).

-Receive an accounting of certain disclosures.

-Revoke authorizations at any time to the extent permitted by law.

-Receive notice of breaches of unsecured PHI when required.

Requests must be submitted in writing to our Privacy Officer. We generally respond within 30 days under HIPAA (and 15 days under Texas law for certain records).

14. Employee and Contractor Compliance

All EPIC workforce members and contractors complete HIPAA and Texas privacy training within 90 days of hire and at regular intervals thereafter, consistent with HB 300. Confidentiality agreements and disciplinary processes support compliance.

15. Children's Privacy

We do not knowingly collect information from children under 13 without verified parental/guardian consent. If we learn such data was collected inadvertently, we will promptly delete it.

16. Links to Other Websites

Our Site may link to external websites. EPIC is not responsible for their content or privacy practices. Please review third‑party privacy policies before providing personal information.

17. Changes to This Policy

st revision. Continued use of our Site or services after changes constitutes acceptance.

18. Contact Us

Privacy Officer: Faisal Malik

Address: 4740 14th St T-320, Plano, TX 75074

Phone: (469) 540-0266

Email: info@epic-hhc.com

For unresolved privacy concerns, you may contact:

U.S. Department of Health and Human Services Office for Civil Rights

200 Independence Avenue SW, Washington, DC 20201

https://www.hhs.gov/ocr/privacy/hipaa/complaints

19. Non Discrimination

EPIC Home Healthcare complies with Section 1557 of the Affordable Care Act and does not discriminate based on race, color, national origin, age, disability, or sex in its programs or activities.

20. Acknowledgment

By using our website or receiving our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

FacebookInstagramLinkedIn

Your Care, Our Passion.

Epic Suites, 4740 14th St T-320,
Plano, Texas, 75074E-mail: info@epic-hhc.comDirect Line: (469) 540-0266
Fax Number: (469) 409-4060
HomeAboutServicesTeamFAQBlogCareersContact Privacy Policy
Epic Home Healthcare connects families and individuals with compassionate, high-quality home care services and the resources they need to make informed decisions about their loved ones’ care. The material on this website is provided for informational purposes only. Epic Home Healthcare does not provide medical advice, diagnosis, or treatment; or legal, financial, or any other professional services advice.
© Epic Home Healthcare. All Rights Reserved.
Powered by Pinn.Media