top of page

Privacy Policy

Effective: 3/31/2025

​

Introduction
Work Med Inc. dba Work Med Plus ("we", "our", or "us") is committed to protecting the privacy and confidentiality of our patients and consumers. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal and medical information in compliance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA) and any relevant state privacy regulations.


Direct Primary Care Disclaimer
Work Med Plus operates under a Direct Primary Care (DPC) model, which provides healthcare services directly to patients without involving traditional health insurance. It is important to note:

  • Not Insurance: The services provided by Work Med Plus under the DPC model are not health insurance. Patients are responsible for any additional costs incurred outside of the services covered within their DPC agreement, including specialist visits, hospitalizations, or emergency care.

  • No Claims Submission: We do not bill or submit claims to insurance companies. Patients may use their insurance independently for services outside of our offerings.

 

By using our DPC services, you acknowledge and understand that these services are distinct from traditional health insurance coverage.


Information We Collect
We collect personal information necessary to provide you with quality medical care. This includes:

  • Identification and Contact Information: Name, address, phone number, email, date of birth, emergency contact details.

  • Medical Information: Health history, treatment records, test results, prescriptions, and other information related to your care.

  • Payment Information: Billing details, insurance information (if applicable), and payment history.

 

How We Use Your Information

We use your information for the following purposes:

  1. Treatment: To provide medical care and services.

  2. Payment: To process payments for services rendered.

  3. Healthcare Operations: For administrative purposes such as scheduling appointments, managing records, and improving our services.

  4. Compliance: To meet legal obligations under HIPAA and other applicable laws.

 

Use of Third-Party Applications
We utilize third-party services provided by Hint to assist in the onboarding of patients and management of healthcare services. Hint may collect, process, and store forms of payment, your personal and medical information on our behalf. As a Business Associate under HIPAA, Hint is required to comply with all applicable privacy and security regulations to safeguard your Protected Health Information (PHI).


Disclosure of Information
We may disclose your information under the following circumstances:

  • To healthcare providers involved in your treatment.

  • To insurance companies for payment purposes (if applicable).

  • To third-party vendors such as Hint for administrative support.

  • As required by law (e.g., public health reporting or legal proceedings).

  • With your consent or authorization for specific purposes not covered by this policy.

 

Patient Rights
You have the following rights regarding your personal and medical information:

  1. Access: You can request copies of your medical records.

  2. Amendments: You can request corrections to inaccurate or incomplete information.

  3. Restrictions: You may request limits on how we use or disclose your information.

  4. Confidential Communications: You can request that we communicate with you in a specific manner (e.g., via email or phone).

  5. Accounting of Disclosures: You can request a list of instances where your information was shared outside of treatment, payment, or healthcare operations.

 

Safeguarding Your Information
We implement administrative, physical, and technical safeguards to protect your personal and medical information from unauthorized access, use, or disclosure. These include secure storage systems, encryption technologies, access controls, regular security audits, and workforce privacy training.


Retention Policy
Medical records are retained in accordance with federal and state laws governing recordkeeping practices. Records will be securely archived or destroyed when retention requirements have been met.


Breach Notification Policy
In the event of a breach involving unsecured Protected Health Information (PHI), we will notify affected individuals promptly as required by law. Notifications will include details about the breach, steps taken to mitigate harm, and recommendations for protecting yourself further.


Changes to This Privacy Policy
We reserve the right to update this Privacy Policy periodically to reflect changes in legal requirements or our practices. Any updates will be posted on our website with the effective date clearly indicated.


HIPAA Compliance Statement
Work Med Plus is committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which establishes national standards to protect the privacy of individuals' medical records and other personal health information. This policy outlines how we handle Protected Health Information (PHI) in accordance with HIPAA regulations.


Patient Rights Under HIPAA
Under the HIPAA Privacy Rule, you have the following rights regarding your Protected Health Information (PHI):

  1. Access: You may request and obtain a copy of your PHI maintained in our records.

  2. Amendments: You may request corrections to inaccurate or incomplete PHI.

  3. Restrictions: You may request restrictions on certain uses or disclosures of your PHI.

  4. Confidential Communications: You can request that we communicate with you in a specific way (e.g., via email or phone).

  5. Accounting of Disclosures: You may request a list of instances where your PHI was shared outside of treatment, payment, or healthcare operations.

  6. Breach Notification: You will be notified promptly if a breach occurs that compromises the privacy or security of your PHI.

 

Permitted Uses and Disclosures of PHI
We may use or disclose your PHI without your written authorization for the following purposes:

  • Treatment: To provide medical care and coordinate services with other healthcare providers.

  • Payment: To process payments for services rendered.

  • Healthcare Operations: For administrative purposes such as quality improvement and staff training.

 

Other uses and disclosures may include:

  • Public health reporting

  • Compliance with legal requirements (e.g., subpoenas)

  • Reporting abuse or neglect

 

Any other use or disclosure not described here will require your written authorization, which you have the right to revoke at any time.


Our Responsibilities Under HIPAA
As a covered entity under HIPAA, Work Med Plus is required by law to:

  1. Protect the privacy of your PHI.

  2. Provide you with this Notice of Privacy Practices.

  3. Notify you in case of a breach involving unsecured PHI.

  4. Follow the terms outlined in this Notice unless updated.

 

How We Notify Patients About Changes

If we make significant changes to our privacy practices, we will update this Notice of Privacy Practices and make it available on our website, in our office, or upon request. The effective date of any updates will be clearly indicated.


Contact Information
If you have questions about this Privacy Policy or wish to exercise your rights regarding your personal information, please contact us at:


Work Med Plus
2525 S. Telshor Ave
Suite 16-104
Las Cruces, NM 88011
Phone: 575-521-1919
Email: hello@workmedplus.com

bottom of page