MEDMATRIX

Privacy Policy for Protected Health Information (PHI)

Effective Date: January 2025
Last Updated: October 2025


Introduction

Med Matrix (“we,” “us,” or “our”) is committed to protecting the privacy and security of individuals’ Protected Health Information (“PHI”) in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, including the HIPAA Privacy Rule (45 CFR Parts 160 and 164).

This Privacy Policy explains how we collect, use, disclose, and safeguard PHI, as well as the rights you have regarding your health information.

Scope & Definitions

a. Covered Entity / Business Associate

Med Matrix may operate as a “covered entity” or “business associate” as defined under HIPAA. Regardless of our classification, we maintain HIPAA-level safeguards for all PHI handled through our systems, website, and operations.

b. Protected Health Information (PHI)

“PHI” means individually identifiable health information that relates to your past, present, or future physical or mental health condition, the provision of health care, or payment for health care services, and that identifies you or could reasonably be used to identify you.

c. Minimum Necessary

We limit our use and disclosure of PHI to the minimum necessary to achieve the intended purpose.

How We Use and Disclose PHI

We may use or disclose your PHI as permitted or required by law, including the following purposes:

a. Treatment, Payment, and Health Care Operations

  • Treatment: To coordinate or manage your care and communicate with other providers involved in your care.

  • Payment: To bill and obtain payment for services rendered.

  • Health Care Operations: For quality improvement, training, credentialing, auditing, and other operational purposes.

b. As Required by Law

We may disclose PHI when required by applicable federal, state, or local law, including to public health authorities or law enforcement when legally obligated.

c. With Your Authorization

We will not use or disclose your PHI for any purpose not described in this policy without your written authorization. You may revoke this authorization at any time, in writing, unless we have already acted on it.

d. Business Associates

We may share PHI with trusted third parties (business associates) that perform services for us, such as billing, IT support, or data storage. These entities are bound by written agreements requiring them to protect PHI in accordance with HIPAA.

e. De-identified Information

We may use or disclose health information that has been de-identified so that it no longer identifies you. Such information is not considered PHI under HIPAA.

Safeguards

Med Matrix employs administrative, technical, and physical safeguards designed to protect PHI from unauthorized access, use, or disclosure, including:

  • Role-based access controls and authentication;

  • Encryption for electronic PHI (ePHI) where applicable;

  • Workforce training on HIPAA compliance and data protection;

  • Secure facilities and data backup systems; and

  • Regular security risk assessments and updates.

Individual Rights

Under HIPAA, you have the following rights regarding your PHI:

  • Right to Access: Request to inspect or obtain copies of your PHI.

  • Right to Amend: Request corrections to your PHI if inaccurate or incomplete.

  • Right to an Accounting of Disclosures: Request a list of certain disclosures made of your PHI.

  • Right to Request Restrictions: Ask for restrictions on how we use or disclose your PHI for treatment, payment, or operations.

  • Right to Confidential Communications: Request that we communicate with you in a specific way (e.g., to a different address or phone number).

  • Right to Receive a Copy of this Policy: Obtain a paper or electronic copy of this Privacy Policy at any time.

Requests to exercise these rights should be submitted in writing to our Privacy Officer using the contact details below.

Changes to This Policy

We reserve the right to revise this Privacy Policy at any time. Updates will be posted on our website with a new effective date. Significant changes will be communicated to affected individuals as required by law.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

Med Matrix Privacy Officer
South Portland, Maine
207-544-4643
privacy@medmatrixusa.com

or with the Office for Civil Rights (OCR), U.S. Department of Health & Human Services.
We will not retaliate against anyone for filing a complaint.

Contact Information

For questions or concerns about this Privacy Policy or our handling of PHI, please contact:

Med Matrix Privacy Officer
Med Matrix Privacy Officer
South Portland, Maine
207-544-4643
privacy@medmatrixusa.com