Privacy Policy
Privacy Statement
We are committed to protecting your privacy and providing a safe online experience. This Privacy Statement applies to our Practice’s website and governs our data collection and usage practices. By using this website, you consent to the data practices described in this Privacy Statement.
Collection of your Personal Information
This Practice collects personally identifiable information provided by you, such as your e-mail address, name, home or work address or telephone number. This Practice also collects anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests and favorites. There is also information about your computer hardware and software that is automatically collected by this website. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of this website. Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through public message boards, this information may be collected and used by others. This Practice encourages you to review the privacy statements of websites you choose to link to from the website so that you can understand how those websites collect, use and share your information. This Practice is not responsible for the privacy statements or other content on any other websites.
Use of your Personal Information
This Practice collects and uses your personal information to operate the website and deliver the services you have requested. This Practice also uses your personally identifiable information to inform you of other products or services available from this Practice and its affiliates. This Practice may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered. This Practice does not sell, rent or lease its customer lists to third parties. This Practice may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services and they are required to maintain the confidentiality of your information. This Practice does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent. This Practice will disclose your personal information, without notice, only if required to do so by law.
Use of Cookies
The website uses “cookies” to help this Practice personalize your online experience. A cookie is a text file that is placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
Security of your Personal Information
This Practice secures your personal information from unauthorized access, use or disclosure. This Practice secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Notice of Privacy Practices: Protected Health Information (HIPAA) & Texas Medical Privacy Law
Effective Date: July 2026 This section supplements, and does not replace, our general Website Privacy Statement above.
Texas Cannabis Clinic (“TCC,” “we,” “us,” “our”) is a healthcare provider and a “Covered Entity” under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA, 45 C.F.R. Parts 160 and 164), and a “Covered Entity”/”Business” under the Texas Medical Records Privacy Act (Texas Health & Safety Code, Chapter 181, also known as “HB 300”), which imposes privacy obligations that are, in several respects, stricter than federal HIPAA. This section describes how we may use and disclose your Protected Health Information (PHI), and describes your rights regarding that information.
1. What Counts as PHI
PHI includes any individually identifiable health information we create, receive, transmit, or maintain in connection with your care, including:
- Information you provide during intake, qualification screening, or telemedicine visits
- Medical history, diagnoses, and qualifying-condition documentation
- Certification and CURT (Compassionate Use Registry of Texas) registration status
- Appointment, billing, and payment records tied to your identity
- Communications with our clinical or administrative staff regarding your treatment
Under Texas HB 300, this protection extends to PHI we handle even in contexts where federal HIPAA might not otherwise apply, and applies regardless of the method of transmission (electronic, paper, or oral).
2. How We May Use and Disclose Your PHI
We use and disclose PHI only as permitted or required by law, primarily for:
- Treatment — coordinating your telemedicine evaluation, certification, and any related clinical follow-up
- Payment — billing, processing consultation fees, and related administrative functions
- Health Care Operations — quality assurance, staff training, and practice management
- Legal/Regulatory Reporting — including submission of qualifying certifications to the Texas Department of Public Safety (DPS) for enrollment in the CURT registry, as required under the Texas Compassionate Use Program (Texas Health & Safety Code, Chapter 487)
- As required by law — including in response to a valid court order, subpoena, or public health reporting obligation
We do not sell PHI. We do not use PHI for marketing purposes without your prior written authorization, and any such authorization can be revoked at any time.
CURT Registry Disclosure Notice: By completing certification with TCC, you acknowledge that your qualifying information will be submitted to the CURT registry maintained by Texas DPS, which is governed by its own state confidentiality and access provisions separate from this policy. TCC does not control DPS’s retention or use of registry data once submitted.
3. Your Rights Regarding Your PHI
Under HIPAA and Texas law, you have the right to:
- Access and obtain a copy of your medical records (Texas law generally requires a response within 15 business days of a written request)
- Request amendment of PHI you believe is inaccurate or incomplete
- Request restrictions on certain uses or disclosures of your PHI
- Request confidential communications (e.g., being contacted only at a specific phone number or email)
- Receive an accounting of disclosures made outside of treatment, payment, and healthcare operations
- Receive a paper copy of this Notice upon request, even if you agreed to receive it electronically
- File a complaint if you believe your privacy rights have been violated, without fear of retaliation (see Section 6)
To exercise any of these rights, contact our Privacy Officer using the information in Section 7.
4. Security Safeguards
We maintain administrative, physical, and technical safeguards designed to protect PHI, consistent with the HIPAA Security Rule (45 C.F.R. Part 164, Subpart C), including:
- Encryption of PHI in transit and at rest where technically feasible
- Access controls limiting PHI access to authorized personnel on a need-to-know basis
- Staff training on PHI handling requirements under HIPAA and Texas HB 300
- Secure telemedicine platforms for clinical visits
- [INSERT: name of telemedicine/EHR/scheduling vendor(s), e.g., Phreesia] operate under a signed Business Associate Agreement (BAA) requiring them to safeguard PHI to the same standard required of TCC
5. Breach Notification
In the event of a breach of unsecured PHI, we will notify affected individuals in accordance with:
- The HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414), and
- The Texas Identity Theft Enforcement and Protection Act (Texas Business & Commerce Code § 521.053), which requires notification without unreasonable delay and, for breaches affecting 250+ Texas residents, notification to the Texas Attorney General.
6. How to File a Complaint
You may file a complaint about our privacy practices, at no cost and without retaliation, with:
Our Privacy Officer
Texas Cannabis Clinic 5625 Eiger Road, #200, Austin, TX 78735 Phone: 512-892-7092 Email: [email protected]
U.S. Department of Health & Human Services, Office for Civil Rights https://www.hhs.gov/ocr/complaints
Office of the Texas Attorney General, Consumer Protection Division https://www.texasattorneygeneral.gov/consumer-protection
7. Contact for Privacy Matters
Questions about this Notice or our PHI practices can be directed to: Texas Cannabis Clinic, 5625 Eiger Road, #200, Austin, TX 78735 | 512-892-7092 | Email: [email protected]
8. Changes to This Notice
We reserve the right to change the terms of this Notice and to make the revised Notice effective for all PHI we maintain. Updated versions will be posted at texascannabisclinic.com/privacy-policy and, where required by law, provided to patients directly.
Changes to this Statement
We are committed to protecting your privacy and providing a safe online experience. This Privacy Statement applies to our Practice’s website and governs our data collection and usage practices. By using this website, you consent to the data practices described in this Privacy Statement.
Contact Information
Please contact us by phone at 512-892-7092 or by mail at 5625 Eiger Road, #200, Austin, TX 78735.