Solace Health Group HIPAA Privacy Policy

Last updated: August 2025

At Solace Health Group, protecting the confidentiality of client information is not just a legal requirement—it is a core part of our commitment to safety, trust, and ethical care. This policy outlines how we safeguard protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

1. Confidentiality of Client Information

We maintain strict safeguards to protect the privacy of all PHI. This includes:

  • Secure storage of records, both electronic and physical

  • Limiting access to PHI to only authorized staff who require it to perform their job duties

  • Clear protocols for maintaining confidentiality in conversations, documentation, and electronic communication

2. Client Rights Under HIPAA

Every client has the right to:

  • Receive a copy of their health information upon request

  • Request corrections to their records if they believe information is inaccurate or incomplete

  • Request limits on how their PHI is used or shared, when legally possible

  • Obtain an accounting of disclosures of their information

  • File a complaint without fear of retaliation if they believe their privacy rights have been violated

3. Permitted Use and Disclosure

We only use or disclose PHI when it is:

  • Necessary for treatment, payment, or healthcare operations

  • Required by law or regulation (such as court orders or public health reporting)

  • Authorized in writing by the client or their legal representative

  • Needed in an emergency situation to protect health or safety

4. Safeguards and Security Practices

To prevent unauthorized access or disclosure, Solace Health Group enforces:

  • Encrypted email and secure phone communication for sensitive information

  • HIPAA-compliant electronic health record (EHR) systems

  • Staff training on privacy and security practices

  • Routine audits and reviews of data security measures

  • Physical safeguards, such as locked file storage and controlled office access

5. Staff Responsibility and Training

All employees, contractors, and partners:

  • Complete annual HIPAA training and sign confidentiality agreements

  • Are held accountable for following privacy and security protocols

  • Must immediately report suspected breaches, accidental disclosures, or security concerns

6. Breach Notification and Response

In the event of a data breach or unauthorized disclosure:

  • Impacted clients will be notified in accordance with HIPAA requirements

  • The incident will be investigated promptly, and corrective actions will be taken

  • Preventive measures will be strengthened to reduce the risk of recurrence

Contact for Privacy Concerns

If you have questions about this policy or believe your privacy rights may have been violated, please contact:

Charles Lyles, CEO
📧 info@solacehealthgroup.com
📞 (949) 763-4717