Uptown Pharmacy – HIPAA Compliance

At Uptown Pharmacy, we are fully committed to protecting the confidentiality, integrity, and security of your Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

This page outlines our HIPAA compliance practices, patient rights, and how we safeguard your health information.

1. Our HIPAA Responsibilities

As a covered entity under HIPAA, Uptown Pharmacy is legally required to:

• Maintain the privacy and security of your PHI.
• Provide you with a Notice of Privacy Practices (NPP) describing how your PHI is used and disclosed.
• Comply with all HIPAA Privacy, Security, Breach Notification, and Enforcement Rules.
• Limit the use and disclosure of PHI to the minimum necessary to accomplish the intended purpose.
• Ensure that all business associates (vendors, contractors, and partners) who access PHI also comply with HIPAA through Business Associate Agreements (BAAs).
• Provide timely notification to affected individuals and regulators if a data breach involving unsecured PHI occurs.

2. Safeguards to Protect Your PHI

We use a combination of administrative, technical, and physical safeguards to protect PHI, including:

Administrative Safeguards

• Workforce HIPAA training and ongoing compliance education.
• Policies for PHI access, disclosure, and handling.
• Role-based access controls for staff.
• Risk assessments and audits to identify and address vulnerabilities.

Technical Safeguards

• Secure pharmacy management systems with encryption.
• Multi-factor authentication and password protections.
• Firewalls, intrusion detection, and secure messaging platforms.
• Encrypted data transmission for electronic PHI (ePHI).

Physical Safeguards

• Secure areas for storing PHI.
• Locked storage for paper records.
• Controlled facility access and surveillance.
• Disposal and destruction of PHI using secure shredding and data-wipe processes.

3. How We Use and Disclose PHI

Your PHI may be used or disclosed without your authorization in limited situations, such as:

• Treatment (e.g., filling prescriptions, coordinating care with your doctor).
• Payment (e.g., billing insurance, processing claims).
• Healthcare Operations (e.g., quality improvement, pharmacy audits).
• Public Health and Safety (e.g., reporting adverse drug reactions, preventing disease).
• Legal Compliance (e.g., court orders, audits by regulators).

For all other uses, we will obtain your written authorization.

4. Patient Rights Under HIPAA

You have important rights regarding your PHI, including:

• Access: You can request copies of your PHI in paper or electronic form.
• Correction: You may ask us to correct PHI you believe is inaccurate or incomplete.
• Restrictions: You may request that we limit certain uses or disclosures.
• Confidential Communications: You may request that we contact you by alternative means (e.g., only at work or by mail).
• Accounting of Disclosures: You can request a list of certain disclosures we’ve made of your PHI.
• Notice Copy: You may obtain a copy of our Notice of Privacy Practices at any time.

5. Business Associate Compliance

Any third-party service provider (such as technology vendors, billing companies, or labs) that requires access to PHI is considered a Business Associate under HIPAA. Uptown Pharmacy ensures compliance by:

• Executing Business Associate Agreements (BAAs) with all vendors handling PHI.
• Requiring HIPAA-compliant safeguards from our partners.
• Monitoring vendors for compliance.

6. Breach Notification

If your unsecured PHI is ever compromised, Uptown Pharmacy will:

• Notify you promptly, in accordance with HIPAA’s Breach Notification Rule.
• Provide details about the breach, what information was involved, and steps you can take to protect yourself.
• Notify the U.S. Department of Health & Human Services (HHS) and, if required, local media outlets.

7. Workforce Training & Accountability

• All employees, contractors, and interns at Uptown Pharmacy receive HIPAA training.
• Staff are educated on safeguarding PHI, avoiding unauthorized disclosures, and reporting incidents.
• Employees who violate HIPAA or Uptown Pharmacy’s privacy policies are subject to disciplinary action.

8. Questions, Concerns, or Complaints

If you have questions about our HIPAA compliance, or if you believe your privacy rights have been violated, you may contact:

Uptown Pharmacy
Address: 2920 Oak Lawn Ave, Dallas, TX 75219
Phone: (214) 935-9092
Email: hello@uptownrxpharmacy.com

You may also file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights (OCR):

Phone: 1-877-696-6775

Website: www.hhs.gov/ocr/privacy

You will not face retaliation for filing a complaint.

9. Updates to This HIPAA Compliance Statement

We may update this HIPAA Compliance page from time to time. Any updates will be posted here with a revised effective date.