HIPAA Compliance Statement For Pure IV Utah

Effective Date: 01/18/2025 | Last Updated: 01/18/2025

1. Introduction

Pure IV Utah ("we," "our," or "us") is dedicated to protecting the privacy, security, and confidentiality of all client Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and applicable federal and state regulations.


This HIPAA Compliance Statement explains how we collect, use, store, and protect your health-related information, as well as your rights regarding your PHI. By using our website, scheduling an appointment, or receiving IV therapy services, you acknowledge and agree to the terms outlined in this policy.

2. What is Protected Health Information (PHI)?

PHI refers to any individually identifiable health information that is created, received, stored, or transmitted by Pure IV Utah in relation to your healthcare services. This includes:

  • Your full name, address, phone number, and date of birth
  • Your medical history, treatment plans, and healthcare services received
  • Your insurance and billing details
  • Any other information that can be used to identify you in a medical or healthcare context

We are required by law to maintain the privacy of your PHI and to provide you with this statement outlining our legal duties and privacy practices.

3. How We Use and Disclose Your PHI

Pure IV Utah may use or disclose PHI only as permitted under HIPAA, including:

3.1 Permitted Uses of PHI

  • For Treatment: We use PHI to provide IV therapy services, assess medical history, coordinate care, and ensure safe administration of treatments.
  • For Payment: We use PHI to process payments, verify insurance coverage, and manage billing for our services.
  • For Healthcare Operations: We use PHI to conduct quality assurance, staff training, compliance monitoring, and administrative record-keeping.

3.2 Limited Disclosures Without Client Consent

We may disclose PHI without your written consent in certain legally required situations, including:

  • Public Health Reporting: To report infectious diseases, adverse reactions, or product recalls to government authorities.
  • Legal and Regulatory Compliance: If required by law, court order, or subpoena.
  • Medical Emergencies: To prevent serious threats to health and safety.
  • Law Enforcement Requests: To comply with criminal investigations, fraud prevention efforts, or other legal inquiries.

3.3 Disclosures Requiring Written Authorization

For any PHI disclosures not covered under permitted uses, we will obtain your written authorization before sharing your information. Examples include:

  • Marketing or promotional communications involving PHI
  • Disclosure of PHI to third-party researchers
  • Sharing PHI with individuals or organizations not involved in treatment, payment, or healthcare operations


You may revoke your authorization at any time by submitting a written request to Pure IV Utah.

4. Your HIPAA Privacy Rights

As a client of Pure IV Utah, you have several rights regarding your PHI under HIPAA, including:

4.1 Right to Access Your PHI

  • You may request a copy of your medical records or treatment history.
  • We will provide access within the legally required timeframe.
  • A reasonable fee may apply for copies or record retrieval.

4.2 Right to Request Amendments

  • If you believe that your PHI is incorrect or incomplete, you may request an amendment.
  • We will review your request and make necessary changes when appropriate.

4.3 Right to Restrict Disclosures

  • You may request restrictions on how we use or disclose your PHI.
  • We will accommodate reasonable requests unless legally required to disclose information.

4.4 Right to Confidential Communications

  • You may request that we contact you via a specific method (e.g., phone, email, mail).
  • We will honor reasonable requests to maintain privacy.

4.5 Right to an Accounting of Disclosures

  • You may request a list of instances in which your PHI was disclosed for non-routine purposes.

4.6 Right to File a Complaint

  • If you believe your privacy rights have been violated, you may file a complaint with:
  • Pure IV Utah’s Privacy Officer
  • The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)
  • We do not tolerate retaliation against individuals who file HIPAA-related complaints.

To exercise any of these rights, contact us using the information in Section 10.

5. How We Protect Your PHI

We have implemented multiple security measures to ensure that PHI is protected against unauthorized access, use, or disclosure. These safeguards include:

5.1 Administrative Safeguards

  • HIPAA training for all employees handling PHI.
  • Access controls to ensure only authorized personnel can view PHI.
  • Policies and procedures regulating PHI storage, usage, and disposal.

Failure to disclose accurate health information may increase the risk of adverse effects, for which Pure IV Utah is not liable.

5.2 Physical Safeguards

  • Locked file storage for paper records containing PHI.
  • Restricted access areas for medical and administrative personnel.

5.3 Technical Safeguards

  • Encryption technology to protect digital PHI.
  • Secure electronic health record (EHR) systems.
  • Firewalls and security protocols to prevent unauthorized access.

If a data breach occurs, we will notify affected individuals as required by HIPAA’s Breach Notification Rule.

6. Third-Party Business Associates

Pure IV Utah may contract with third-party business associates (e.g., payment processors, scheduling platforms) that require access to PHI.

All business associates must:

  • Sign a Business Associate Agreement (BAA) ensuring HIPAA compliance.
  • Follow strict confidentiality and security protocols.

7. HIPAA Breach Notification Policy

7.1 What Constitutes a HIPAA Breach?

A breach occurs when unauthorized access, use, or disclosure of PHI compromises its security or privacy.

7.2 Breach Response Protocol

If a breach occurs, we will:

  • Investigate the incident and determine the extent of unauthorized access.
  • Notify affected individuals as required by HIPAA within 60 days.
  • Report the breach to the U.S. Department of Health and Human Services (HHS) if necessary.
  • Implement corrective actions to prevent future occurrences.


Clients will be informed via email, phone, or written notification about the nature of the breach and any protective steps they should take.

8. Retention of Health Records

We retain medical records and PHI for the legally required period, after which they are securely disposed of in compliance with HIPAA regulations.

9. Changes to This HIPAA Compliance Statement

We reserve the right to update this HIPAA Compliance Statement as needed. Changes will be reflected on our website, and continued use of our services constitutes acceptance of the updated policy.

10. Contact Information

If you have any questions about this HIPAA Compliance Statement, need to exercise your rights regarding your Protected Health Information (PHI), or wish to file a complaint, please contact us using the details below:

Share by: