HIPAA Notice
Last updated: April 29, 2026
HIPAA Applicability
Personal injury law firms typically are not "covered entities" under HIPAA. However, when we receive your medical records from healthcare providers, those providers ARE covered entities, and your records reach us under a signed HIPAA-compliant authorization (Medical Records Release).
Protected Health Information (PHI)
We handle your medical records and other health information (collectively "PHI") with care. PHI is stored in encrypted form, accessible only to firm staff working on your case, and shared with insurers, opposing counsel, or experts only with your written authorization or as required by law.
Your Authorization
By signing the Medical Records Release, you authorize specific healthcare providers to release your records to us. The authorization names: (a) the providers; (b) the firm as recipient; (c) the purpose (your personal injury case); (d) an expiration date.
Revoking Authorization
You may revoke the authorization at any time in writing. Revocation does not apply to disclosures already made.
Security Safeguards
We use TLS encryption in transit, encrypted-at-rest databases, role-based access, audit logs for sensitive operations, and secure document storage. Documents and signatures captured via the portal are tied to your case ID with timestamp and audit metadata.
AI Processing of PHI
When AI assists with your case, only the minimum necessary information is sent to AI services to perform the task. Our AI providers contractually agree not to train on or retain your data.
Breach Response
If we learn of unauthorized access to your PHI, we will notify you per applicable law (typically within 60 days for any reportable breach).
Contact
For questions about how we handle your medical information, contact your case attorney directly or message us through the portal.