NOTICE OF PRIVACY PRACTICES – Coastal Family Urgent Care


The Health Insurance Portability and Accountability Act (HIPAA) provides safeguards to protect your privacy.  Implementation of HIPAA requirements officially began on April 14, 2003.  This is a friendly user explanation; however, more information is available from the US Department of Health and Human Services at:
What is “Protected Health Information”?
  • Your protected health information (PHI) is individually identifiable health information, including demographic information, about your past, present or future physical or mental health or condition, health care services you receive, and past, present, or future payment for your health care. Demographic information means information such as your name, social security number, address, and date of birth.
  • PHI may be in oral, written, or electronic form. Examples of PHI include your medical record, claims record, enrollment or disenrollment information, and communications between you and your health care provider about your care.
  • There are rules and restrictions on who may see or be notified of your Protected Health Information (PHI). These restrictions do not include the normal interchange of information necessary to provide you with office services.  HIPAA provides certain rights and protections to you as the patient.  This is balanced with the needs of providing quality professional services and care.
  • Under federal law, we are required to: (i) protect the privacy of your PHI; (ii) tell you about your rights and our legal duties with respect to your PHI; (iii) notify you if there is a breach of your unsecured PHI; and (iv) tell you about our privacy practices and follow our notice currently in effect.
  • We agree to provide patients with access to their records in accordance with state and federal laws.

 Email Communication

  • Electronic communication may be used to communicate highly sensitive medical information. Precautions are taken at our facility when using e-mail to avoid unintentional disclosures. Communications via email over the internet are not secure. Although it is unlikely, there is a possibility information included in an email can be intercepted and read by other parties besides the person to whom it is addressed.  You understand you must take reasonable steps to protect the unauthorized use of electronic communications by others, and Coastal Family Urgent Care is not responsible for breaches of confidentiality caused by you or an independent third party.
  • If you initiate communications using e-mail, we can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual.


  • Telemedicine involves the exchange of medical health information in a technology-assisted format to provide remote clinical services to patients. Telephone consultation, videoconferencing, transmission of still images, e-health technologies, patient portals, and remote patient monitoring are all considered telemedicine services. Information exchanged during your telemedicine visit will be maintained under the privacy rules and regulations required.
  • Telemedicine communications carries some level of risk of breach of confidentiality, and it is important to use a secure network with any electronic exchange. Our telemedicine visits are typically performed through our HIPAA compliant electronic medical record platform.  During certain public health emergencies, regulatory agencies may allow for telephone visits and telemedicine visits through platforms such as Skype to allow for greater access to medical care but may not provide a secure HIPAA-compliant platform. 

 Uses and Disclosure of Your PHI

  • Patient information will be kept confidential except as is necessary to provide services or to ensure all administrative matters related to your care are handled appropriately. This specifically includes, but is not limited to, the sharing of information with other healthcare providers, laboratories, and health insurance payers as is necessary and appropriate for your care, obtaining payment, quality assessment and improvement, and training and evaluation of health care professionals. Methods of exchange includes transmission via fax and electronic communication.
  • As part of your healthcare, our facility originates and maintains paper and electronic records which contain your PHI. The normal course of providing care means that such records may be left, at least temporarily, in administrative areas such as the front office, examination room, etc. Those records will not be available to persons other than office staff. 
  • You understand it may be necessary to disclose your PHI to other entities or vendors which are utilized in the conduct of business. These entities or vendors may have access to PHI but must agree to abide by the confidentiality rules of HIPAA.
  • Your healthcare provider may choose to forward or request your information to an authorized third party such as your prescription medication history or insurance carrier for billing and treatment purposes.
  • It is the policy of this office to remind patients of their appointments. We may do this by telephone, email, US mail, or by any means convenient for the practice and/or as requested by you.  We may send you other communications informing you of changes to office policies and new technologies you might find valuable or informative.
  • Your confidential information will not be used for the purpose of marketing or advertising of products, goods, or services without your prior consent.

 Additional Circumstances

In some circumstances federal or state law requires we disclose your PHI to others, in which cases, uses and disclosures for which an authorization or opportunity to agree or object is not required.
  • We may disclose PHI to authorized officials for law enforcement purposes.
  • We may use and disclose your PHI if we believe it is necessary to avoid a serious threat to your health or safety or to someone else’s.
  • We may disclose PHI to the appropriate authority to report suspected child abuse or neglect or to identify victims of abuse, neglect, or domestic violence.
  • Communicable disease reporting is part of permitted disclosures for public health activities. A covered entity may use or disclose protected health information for the public health activities and purposes described to: (i) a public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability; or (ii) at the direction of a public health authority, to an official of a foreign government agency that is acting in collaboration with a public health authority; or (iii) A person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition, if the covered entity or public health authority is authorized by law to notify such person as necessary in the conduct of a public health intervention or investigation; or (iv) An employer, about an individual who is a member of the workforce of the employer, if the covered entity is a covered health care provider who provides health care to the individual at the request of the employer to conduct an evaluation relating to medical surveillance of the workplace or to evaluate whether the individual has a work-related illness or injury; or (v) The protected health information that is disclosed consists of findings concerning a work-related illness or injury or a workplace-related medical surveillance; or (vi) the employer needs such findings in order to comply with its obligations, to record such illness or injury or to carry out responsibilities for workplace medical surveillance
  • A covered entity may disclose protected health information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs, established by law, that provide benefits for work-related injuries or illness without regard to fault.
  • We may disclose your protected health information to a person or company required by the Food and Drug Administration for the purpose of quality, safety, or effectiveness of FDA-regulated products or activities including, to report adverse events, product defects or problems, biologic product deviations, to track products; to enable product recalls; to make repairs or replacements, or to conduct post marketing surveillance, as required.
  • We may disclose protected health information in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), or in certain conditions in response to a subpoena, discovery request or other lawful process.
  • When the appropriate conditions apply, we may use or disclose protected health information of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits, or (3) to foreign military authority if you are a member of that foreign military services. We may also disclose your protected health information to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
  • We may use or disclose your protected health information if you are an inmate of a correctional facility and your physician created or received your protected health information in the course of providing care to you.

 Your Privacy Rights

  • You have the right to request restrictions in the use of your protected health information and to request change in certain policies used within the office concerning your PHI. We are not, however, obligated to alter internal policies to conform to your request.
  • You understand you have the right to revoke this authorization, in writing, at any time, except where uses or disclosures have already been made based upon your original permission. You may not be able to revoke this authorization if its purpose was to obtain insurance. To revoke this authorization, you must do so in writing and send it to the appropriate disclosing party.
  • You understand treatment by any party may not be conditioned upon your signing of this authorization, and you have the right to refuse to sign this authorization.

Questions or Complaints

  • If you have any questions or concerns about this notice, or complaints regarding privacy, please contact our office manager at 760.448.6650 or write us at 6260 El Camino Real, Suite 101, Carlsbad, CA 92009. You also have the option to notify the secretary of the US Department of Health and Human Services.
  • We may change, add, delete, or modify any of these provisions consistent with state and federal law, to better serve the needs of both the practice and patient.
  • A copy of this information may be provided to you upon request. A copy is also available on our website at
Updated: June 2020