Electronic HIPAA Policy

Effective Date: January 2026

Website: https://diamondhealth.us

Practice: Diamond Medical Clinic

Provider: Dr. Kachi Nwabuko, MD

Florida Medical License: ME140953

Diamond Medical Clinic is committed to protecting the privacy, confidentiality, integrity, and security of patient health information, including electronic protected health information (“ePHI”).

This Electronic HIPAA Privacy & Security Policy explains how Diamond Medical Clinic handles electronic communications, digital health records, website forms, telemedicine platforms, patient portals, email, text messaging, online scheduling, and other electronic systems that may involve patient information.

This Policy is intended to supplement, not replace, our Notice of Privacy Practices, Privacy Policy, Terms of Use, Cookie Policy, and Telemedicine Policy.

HIPAA and Protected Health Information

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and related regulations establish federal privacy and security standards for certain health information.

Protected Health Information (“PHI”) generally includes individually identifiable health information related to a patient’s:

• Past, present, or future physical or mental health condition
• Healthcare services received
• Payment for healthcare services
• Identifying information connected to healthcare

Electronic Protected Health Information (“ePHI”) means PHI that is created, received, maintained, or transmitted electronically.

Examples of ePHI may include:

• Electronic medical records
• Patient portal messages
• Telemedicine visit records
• Lab results
• Prescription information
• Digital intake forms
• Billing information
• Secure email communications
• Electronic appointment records

Our HIPAA Privacy Commitment

Diamond Medical Clinic uses and discloses PHI only as permitted or required by law, including for:

• Treatment
• Payment
• Healthcare operations
• Patient-authorized disclosures
• Public health reporting where required
• Legal or regulatory compliance
• Other uses permitted or required by HIPAA

We do not sell patient medical records.

We do not disclose PHI for marketing purposes without required authorization when HIPAA requires authorization.

Patients should review our Notice of Privacy Practices for a more complete explanation of how PHI may be used and disclosed.

Electronic Systems Covered by This Policy

This Policy may apply to electronic information collected, used, stored, or transmitted through:

• Website forms
• Online appointment requests
• Patient portal systems
• Telemedicine platforms
• Electronic health record systems
• Email communications
• SMS/text messaging systems
• Phone and voicemail systems
• Electronic billing systems
• Laboratory ordering platforms
• E-prescribing systems
• Cloud-based storage or practice management systems
• Secure document upload tools
• Authorized third-party healthcare vendors

Administrative Safeguards

Diamond Medical Clinic maintains reasonable administrative safeguards designed to protect ePHI.

Administrative safeguards may include:

• Privacy and security policies
• Workforce privacy expectations
• Staff access controls
• Training on patient confidentiality
• Vendor review procedures
• Business Associate Agreements where required
• Incident response procedures
• Periodic review of privacy and security practices
• Limiting access to patient information based on role and need

Only authorized personnel should access patient information when needed for treatment, payment, healthcare operations, or other permitted purposes.

Physical Safeguards

Diamond Medical Clinic uses reasonable physical safeguards to help protect electronic systems and patient information.

Physical safeguards may include:

• Secure office areas
• Device security practices
• Workstation access controls
• Protection against unauthorized viewing
• Secure disposal of records and devices when appropriate
• Limiting access to equipment containing patient information

Technical Safeguards

Diamond Medical Clinic uses reasonable technical safeguards designed to protect ePHI.

Technical safeguards may include:

• Password-protected systems
• User authentication
• Access controls
• Encryption where appropriate
• Secure transmission methods where available
• Audit logs where supported by systems
• Anti-malware protections
• Secure hosting or vendor-managed systems
• Backup and recovery procedures
• Role-based access permissions where available

No electronic system can be guaranteed to be completely secure, but Diamond Medical Clinic takes reasonable steps to protect patient information from unauthorized access, use, or disclosure.

Patient Portal Use

When a patient portal is available, patients are encouraged to use the portal for secure communication involving medical information.

Patients are responsible for:

• Keeping usernames and passwords confidential
• Using secure devices when accessing the portal
• Logging out after portal use
• Not sharing portal access with unauthorized individuals
• Notifying the Clinic if account access may be compromised

The patient portal should not be used for emergencies.

Email Communications

Email may not always be a fully secure method of communication.

Patients who choose to communicate with Diamond Medical Clinic by email acknowledge that email may carry privacy risks, including:

• Misaddressed messages
• Unauthorized access
• Forwarding without permission
• Storage on third-party servers
• Device compromise

Whenever possible, sensitive medical information should be exchanged through secure systems such as a patient portal.

By initiating email communication with Diamond Medical Clinic, patients may be understood to consent to reasonable email responses unless they request otherwise.

Text Messaging and SMS Communications

Diamond Medical Clinic may use SMS/text messaging for limited administrative communications, such as:

• Appointment reminders
• Scheduling follow-ups
• General office notifications
• Basic billing or administrative reminders

Text messages may not be encrypted and should not be used for detailed medical discussions, urgent symptoms, emergencies, or highly sensitive health information.

Patients may opt out of non-essential text messaging where applicable.

Telemedicine and Electronic Visits

Telemedicine visits may involve electronic transmission of health information.

Diamond Medical Clinic uses reasonable safeguards to protect privacy during telemedicine services, but patients should also take steps to protect their privacy by:

• Joining visits from a private location
• Using a secure internet connection when possible
• Avoiding public Wi-Fi for sensitive visits when possible
• Preventing unauthorized individuals from viewing or hearing the visit
• Using a personal device when possible

Telemedicine encounters may become part of the patient’s medical record.

Website Forms and Online Requests

Website forms may be used for appointment requests, contact requests, or general inquiries.

Patients should avoid submitting urgent medical concerns or highly sensitive medical information through general website forms unless the form is specifically designed for secure medical intake.

Submitting information through a website form does not guarantee acceptance as a patient or establish a physician-patient relationship.

Online Tracking, Cookies, and Healthcare Privacy

Diamond Medical Clinic may use cookies, analytics tools, advertising tools, review widgets, and other website technologies.

These tools may include Google, Meta/Facebook, Trustindex, or similar platforms.

Because healthcare websites may involve sensitive user interactions, Diamond Medical Clinic strives to limit unnecessary disclosure of health-related information through tracking technologies and to manage website tools in a manner consistent with applicable privacy obligations.

Patients and website visitors may review our Cookie Policy for more information about website tracking technologies and user choices.

Business Associates and Third-Party Vendors

Diamond Medical Clinic may work with third-party vendors that support healthcare operations, such as:

• Electronic health record providers
• Billing vendors
• Telemedicine platforms
• Cloud hosting providers
• Laboratory systems
• E-prescribing services
• Scheduling platforms
• IT support providers
• Secure communication vendors

When required by HIPAA, Diamond Medical Clinic seeks to maintain Business Associate Agreements with vendors that create, receive, maintain, or transmit PHI on behalf of the Clinic.

Minimum Necessary Standard

When using, disclosing, or requesting PHI, Diamond Medical Clinic follows the HIPAA minimum necessary standard where applicable.

This means we make reasonable efforts to limit PHI to the minimum amount necessary to accomplish the intended purpose, except where exceptions apply, such as treatment-related disclosures.

Patient Rights

Patients may have rights under HIPAA, including the right to:

• Request access to medical records
• Request corrections to medical records
• Request restrictions on certain uses or disclosures
• Request confidential communications
• Receive an accounting of certain disclosures
• Receive a copy of the Notice of Privacy Practices
• File a privacy complaint without retaliation

Requests may need to be submitted in writing and may be subject to verification requirements.

Breach Notification

Diamond Medical Clinic maintains procedures for evaluating and responding to potential privacy or security incidents.

If a breach of unsecured PHI occurs, Diamond Medical Clinic will provide notifications as required by applicable federal and state law.

Notification requirements may vary depending on the nature of the information, the number of individuals affected, and applicable law.

Patient Responsibilities for Electronic Privacy

Patients can help protect their own electronic health information by:

• Using strong passwords
• Avoiding shared devices for portal access
• Logging out of patient portals
• Keeping personal email accounts secure
• Updating contact information promptly
• Not sending sensitive information over unsecured channels when avoidable
• Notifying the Clinic if they believe their information has been compromised

Medical Emergencies

Electronic communications are not appropriate for emergency medical situations.

If you are experiencing a medical emergency, call 911 immediately or go to the nearest emergency department.

Do not use email, text messaging, patient portal messages, website forms, or voicemail for emergency medical needs.

No Guarantee of Absolute Security

Diamond Medical Clinic uses reasonable safeguards to protect electronic patient information.

However, no electronic communication system, website, server, device, or internet transmission can be guaranteed to be completely secure.

Patients understand that electronic communications carry some inherent risk.

Relationship to Other Policies

This Policy should be read together with:

• Notice of Privacy Practices
• Privacy Policy
• Terms of Use
• Cookie Policy
• Telemedicine Policy

If there is a conflict between this Policy and the Notice of Privacy Practices, the Notice of Privacy Practices will control with respect to HIPAA-regulated PHI.

Complaints and Questions

Patients may contact Diamond Medical Clinic with questions or concerns about privacy, security, or electronic communications.

Patients may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

Diamond Medical Clinic will not retaliate against any patient for filing a privacy complaint.

Updates to This Policy

Diamond Medical Clinic may update this Electronic HIPAA Privacy & Security Policy periodically to reflect:

• Changes in law
• Changes in technology
• Updated privacy practices
• Updated security practices
• Changes in services or vendors

Updated versions become effective when posted on this Website.

Contact Information

Diamond Medical Clinic
30941 Mirada Blvd
San Antonio, FL 33576

Phone: (352) 668-4018
Email: admin@diamondmedicalclinic.com
Website: https://diamondhealth.us

Provider: Dr. Kachi Nwabuko, MD
Florida Medical License: ME140953