HIPPA Policy
Effective June 11, 2026.
Jurige Prostate Center (“Jurige Prostate Center,” “Practice,” “we,” “us,” or “our”) is a prostate-focused medical practice owned and operated by HALO Dx, Inc., doing business as HALO Precision Diagnostics (“HALO”). Patients engage with Jurige Prostate Center as the provider of services and point of care. HALO, as the owner and operator of Jurige Prostate Center, is responsible for the privacy, security, and compliance infrastructure that supports the Practice’s handling of patient information.
Jurige Prostate Center is committed to protecting the privacy, confidentiality, integrity, and availability of protected health information (“PHI”) and electronic protected health information (“ePHI”) in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and other applicable federal and state privacy and security laws. This policy explains how Jurige Prostate Center handles patient information, the safeguards used to protect it, and the rights patients have with respect to their medical information.
Scope
This policy applies to all PHI and ePHI created, received, maintained, or transmitted by Jurige Prostate Center in connection with the provision of health care services, including patient inquiries, appointment requests, consultations, diagnostic imaging, treatment planning, outpatient care, billing, payment, and practice operations.
This policy also applies to the systems, platforms, vendors, personnel, contractors, and service providers used to support Jurige Prostate Center’s operations where those parties may have access to PHI in connection with services performed on behalf of the Practice.
Information We May Collect
Jurige Prostate Center may collect and maintain the following categories of information in connection with patient care and practice operations:
Contact information, such as name, address, phone number, email address, and date of birth.
Demographic information and identifying details needed to create and maintain patient records.
Insurance, billing, and payment-related information.
Appointment requests, scheduling information, and referral information.
Medical history, symptoms, diagnoses, imaging records, treatment plans, physician notes, and other clinical information.
Communications between patients and the Practice, including information submitted through online forms, phone calls, secure portals, and in-person interactions.
Technical and system information collected through secure digital systems used to operate the Practice and maintain service quality, performance, and security.
When information relates to a patient’s health condition, treatment, payment for care, or can reasonably identify the patient in connection with health services, that information is treated as PHI and protected accordingly.
How We Use Protected Health Information
Jurige Prostate Center may use PHI as permitted by law and as reasonably necessary to operate the Practice and provide care. Permitted uses include:
Providing, coordinating, and managing patient care and related health services.
Scheduling appointments and communicating with patients regarding services, follow-up, and treatment.
Consulting with referring providers, specialists, imaging personnel, and other clinicians involved in a patient’s care.
Verifying insurance coverage, billing for services, collecting payment, and conducting payment-related activities.
Conducting health care operations, including quality improvement, internal administration, staff training, compliance oversight, auditing, and performance monitoring.
Maintaining records, supporting continuity of care, and fulfilling legal, regulatory, and accreditation obligations.
Jurige Prostate Center limits the use of PHI to purposes that are authorized, legally permitted, and reasonably necessary for care delivery and operations.
How We May Disclose Protected Health Information
Jurige Prostate Center may disclose PHI when permitted or required by applicable law, including:
To other providers or care teams for treatment purposes.
To health plans, payors, billing vendors, and related service providers for payment and reimbursement purposes.
To persons or organizations supporting the Practice’s health care operations.
To business associates performing services on behalf of Jurige Prostate Center where access to PHI is necessary to provide those services.
To public health authorities, oversight agencies, or government regulators when required by law.
In response to valid legal process, court orders, subpoenas, or other lawful requests, as permitted by law.
To prevent or lessen a serious threat to health or safety when legally permitted.
For other purposes expressly authorized by the patient or the patient’s personal representative.
Except where otherwise permitted or required by law, uses and disclosures outside treatment, payment, and health care operations will generally require the patient’s written authorization.
Minimum Necessary Standard
Jurige Prostate Center applies a minimum necessary standard where appropriate, meaning access to and use of PHI is limited to the information reasonably necessary to accomplish the intended purpose. Workforce members, contractors, and vendors are given access only to the information needed to perform their authorized duties.
HIPAA Safeguards
HALO, as the owner and operator of Jurige Prostate Center, maintains and oversees the administrative, physical, and technical safeguards used to protect PHI and ePHI handled by the Practice.
Administrative Safeguards
Administrative safeguards may include:
Privacy and security policies and procedures governing the handling of PHI.
Risk assessments and ongoing evaluation of threats and vulnerabilities affecting systems that store or transmit ePHI.
Workforce training regarding privacy, confidentiality, security, and incident reporting obligations.
Role-based access management and approval processes for access to patient information.
Confidentiality obligations for personnel and contractors.
Internal monitoring, compliance oversight, and enforcement measures for policy violations.
Incident response procedures for potential privacy or security events.
Physical Safeguards
Physical safeguards may include:
Facility access controls designed to limit unauthorized access to locations where PHI may be stored or accessed.
Secure workstations, devices, and screens to reduce unauthorized viewing or use.
Device and media controls for the transfer, disposal, re-use, and destruction of records or equipment containing PHI.
Secure storage practices for paper and electronic records.
Technical Safeguards
Technical safeguards may include:
Encryption of PHI in transit and, where appropriate, at rest.
Secure user authentication and access controls for systems handling ePHI.
Unique user credentials and role-based permissions.
Audit logs and system monitoring designed to detect, investigate, and document system access and activity.
Integrity controls to protect against unauthorized alteration or destruction of data.
Backup, disaster recovery, and continuity measures designed to preserve the availability of critical information.
Secure transmission protocols for digital communications and data exchange.
Online Forms and Website Submissions
Patients and prospective patients may submit information to Jurige Prostate Center through online forms, appointment requests, intake workflows, secure digital platforms, phone calls, and other communication channels made available by the Practice.
Information submitted to Jurige Prostate Center is received as part of the Practice’s operations and is handled within the compliance and security environment operated by HALO. Where those forms or systems are intended to receive patient information, they are managed as part of the Practice’s HIPAA compliance program.
Patients should provide only the information reasonably necessary for the requested service, appointment, consultation, or communication. Jurige Prostate Center maintains safeguards designed to protect information submitted through approved channels. However, patients should avoid submitting unnecessary sensitive information through any channel not specifically designated for clinical or patient communication.
Business Associates and Vendors
Jurige Prostate Center may use third-party vendors, contractors, and service providers to support hosting, infrastructure, communications, imaging systems, data storage, billing, technology services, compliance, and operational functions. When such parties create, receive, maintain, or transmit PHI on behalf of the Practice, they are required to comply with applicable HIPAA requirements and contractual obligations.
Where required, Jurige Prostate Center and HALO enter into Business Associate Agreements with vendors that handle PHI. These agreements require such vendors to implement appropriate safeguards, limit uses and disclosures of PHI, report unauthorized uses or disclosures, and ensure that any subcontractors with access to PHI are subject to equivalent protections.
Workforce Access and Responsibilities
Access to PHI is limited to authorized members of the workforce and authorized service providers who require such access to perform legitimate clinical, operational, billing, administrative, or compliance-related functions.
All workforce members with access to PHI are expected to:
Protect the confidentiality of patient information.
Access PHI only when necessary to perform their job duties.
Follow applicable privacy and security policies and procedures.
Promptly report any suspected unauthorized access, disclosure, or security incident.
Complete required privacy and security training.
Unauthorized access, use, or disclosure of PHI may result in disciplinary action, termination of access, termination of engagement, and other appropriate corrective measures.
Patient Rights
Jurige Prostate Center respects patient rights regarding medical information, subject to applicable legal requirements and exceptions. Patients may have the right to:
Request access to or copies of their medical records and other PHI maintained by the Practice.
Request an amendment to PHI if they believe information is incomplete or inaccurate.
Request restrictions on certain uses or disclosures of PHI.
Request confidential communications through alternative means or at alternative locations, where reasonable.
Request an accounting of certain disclosures of PHI.
Obtain a copy of the Practice’s privacy-related notices and policies, as applicable.
File a complaint if they believe their privacy rights have been violated.
Requests related to patient rights may need to be submitted in writing, and Jurige Prostate Center may take reasonable steps to verify identity before acting on a request.
Breach Response and Notification
Jurige Prostate Center maintains processes to identify, review, investigate, and respond to potential privacy incidents and security events involving PHI. If an unauthorized use or disclosure of unsecured PHI occurs and notification is required by law, Jurige Prostate Center and HALO will provide any required notices to affected individuals, regulators, and other parties in accordance with applicable legal requirements.
Incident response efforts may include containment, investigation, mitigation, corrective action, documentation, and notice as required.
Record Retention and Secure Disposal
Jurige Prostate Center retains medical and compliance-related records for the period required by applicable law, regulation, contract, and operational necessity. When records containing PHI are no longer required to be retained, they are disposed of or destroyed using methods designed to protect confidentiality and prevent unauthorized access.
Policy Updates
Jurige Prostate Center may revise this HIPAA Compliance Policy from time to time to reflect changes in law, regulation, technology, operational practices, or compliance requirements. Any updates will be posted with a revised effective date. Continued use of the Practice’s services or website after an updated policy becomes effective constitutes acknowledgment of the revised policy to the extent permitted by law.
Contact Information
Questions about this HIPAA Compliance Policy, requests relating to patient privacy rights, or concerns regarding the handling of medical information may be directed to:
Privacy Officer
Jurige Prostate Center
6600 University Pkwy
Suite 203
Sarasota, FL 34240
(877) 237-3363
