top of page

Notice of Privacy Practices (HIPAA)

 

Effective Date: January 9, 2026

Last Updated: January 9, 2026

 

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
MHMD has provided services since June 2020. This Notice describes our current privacy practices and legal duties regarding PHI as of the Effective Date.

​

A. Our Duties

MHMD is required by law to maintain the privacy and security of your PHI, provide you this Notice of our legal duties and privacy practices, notify you following a breach of unsecured PHI as required by law, and follow the terms of this Notice currently in effect.


B. How We May Use and Disclose Your PHI Without Your Written Authorization
Treatment: providing, coordinating, or managing your care.
Care Team: As part of treatment and care coordination, MHMD may share relevant PHI with members of your care team, which may include a health coach working under MHMD’s direction, as permitted by law.
Payment: billing, eligibility, collections, and related activities.
Health Care Operations: quality assessment, training, auditing, licensing/compliance, and business management.
We may also disclose PHI as permitted or required by law, including for public health activities, health oversight, certain law enforcement purposes, judicial/administrative proceedings, and to prevent or lessen a serious threat to health or safety.

​​

​C. Uses and Disclosures That Require Your Written Authorization
We will obtain your written authorization for uses/disclosures not described in this Notice unless permitted or required by law. You may revoke an authorization in writing at any time, except to the extent we already relied on it.


D. Your Rights Regarding Your PHI
• Get a copy of your medical record (paper or electronic) with limited exceptions.
• Ask us to correct your medical record if you believe it is incorrect or incomplete.
• Request confidential communications (for example, contact you at a different phone number).
• Ask us to limit what we use or share (we are not required to agree to all requests).
• Get a list (accounting) of certain disclosures.
• Get a copy of this Notice at any time.
• Choose someone to act for you (medical power of attorney or legal guardian).


E. Telehealth and Technology

We provide telehealth services using technology designed to support HIPAA compliance and maintain appropriate contractual protections where required, including Business Associate Agreements/Addenda when applicable.
Examples of systems that may create/receive/maintain PHI on our behalf include IntakeQ (EHR/intake/forms), Google Workspace / Google Meet for telehealth video encounters, Fullscript for supplement and lab workflows (including processing lab orders and receiving results), and ScriptSure e-prescribing integrated within IntakeQ.
If we store patient-identifiable information in internal tracking tools (including spreadsheets such as Google Sheets), that data is treated as PHI and protected under HIPAA. We restrict access and apply security controls consistent with HIPAA requirements and our agreements with vendors.


F. Complaints
If you believe your privacy rights have been violated, you may complain to MHMD and/or to the U.S. Department of Health and Human Services Office for Civil Rights. MHMD will not retaliate against you for filing a complaint.


Privacy Contact:
Metabolic Health MD, PLLC 
945 McKinney St #16579, Houston, TX 77002
713-364-6830
contact@metabolichealthmd.com


G. Changes to This Notice
We may change this Notice, and the changes will apply to all PHI we maintain. The current Notice will be available on our website and upon request.​

​

bottom of page