Privacy Policy & HIPAA Notice

How Alamo Liver Institute PLLC collects, uses, and protects your information.

Effective Date: January 1, 2025 · Last Updated: June 17, 2026

Alamo Liver Institute PLLC ("we," "our," or "the Practice") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy and HIPAA Notice of Privacy Practices describes how we collect, use, and disclose information about you — including through our website at alamoliver.com, by phone, by email, and by text message (SMS) — and explains your rights under federal and state law.

If you have questions about this Notice, please contact us at (210) 405-9000 or write to us at the address below.

HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

We are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of our legal duties and privacy practices, and to abide by the terms of this Notice.

Protected Health Information (PHI) is individually identifiable health information, including demographic data, that relates to your past, present, or future physical or mental health condition; the provision of healthcare to you; or the payment for your healthcare.

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already hold. We will post any revised Notice in our office and on our website. You may request a paper copy at any time.

How We Use Your Health Information

We may use and disclose your PHI for the following purposes without your written authorization:

Treatment

We use your PHI to provide, coordinate, or manage your healthcare and related services, including sharing information with other providers involved in your care (e.g., referring physicians, labs, hospitals).

Payment

We may use your PHI to bill and collect payment for services, including submission to your health insurance plan, Medicare, Medicaid, or other payers.

Healthcare Operations

We may use your PHI for quality assessment, staff training, accreditation, licensing, and other business activities necessary to operate our practice.

Appointment Reminders

We may contact you by phone, text, or email to remind you of upcoming appointments or follow-up care. You may opt out of any of these channels at any time.

As Required by Law

We will disclose PHI when required by federal, state, or local law, including public health reporting, law enforcement, court orders, and oversight activities.

Disclosures to Family / Friends

With your agreement, we may share relevant health information with a family member, close friend, or other person involved in your care or payment for care.

Uses and Disclosures Requiring Written Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes that require authorization under HIPAA, including:

  • Most uses and disclosures of psychotherapy notes
  • Uses and disclosures for marketing purposes where authorization is required by law
  • Any sale of PHI

We do not sell your PHI.

You may revoke an authorization at any time in writing, except to the extent we have already relied on it. To revoke, submit a written request to our Privacy Officer at the address in Section 12.

Your Rights as a Patient

You have the following rights regarding the PHI we maintain about you:

Right to Access

You have the right to inspect and receive a copy of your medical record and billing records. Many records are available directly through the athenahealth Patient Portal. For complete records, requests must be submitted in writing. We may charge a reasonable fee for copies.

Right to Amend

If you believe your health information is incorrect or incomplete, you may request an amendment. We may deny the request in certain circumstances and will explain our decision in writing.

Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI made by us in the six years prior to your request, other than disclosures for treatment, payment, and healthcare operations.

Right to Request Restrictions

You may ask us to limit how we use or disclose your PHI for treatment, payment, or operations. We are not required to agree unless the disclosure is to a health plan and you paid out-of-pocket in full.

Right to Request Confidential Communications

You may request that we communicate with you in a specific way or at a specific location (e.g., call you at work rather than home). We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

Right to Be Notified of a Breach

You have the right to be notified if there is a breach of your unsecured Protected Health Information, as required by the HIPAA Breach Notification Rule (45 CFR §§ 164.400–164.414). We will notify you without unreasonable delay and no later than 60 days after discovery of a breach.

To exercise any of these rights, please contact our office in writing at the address listed in Section 12.

Appointment Information

When you request or schedule an appointment — whether by phone, online form, or in person — we collect the following information to facilitate your care:

  • Full name, date of birth, and other identifying information needed for scheduling and care
  • Contact information (phone number, email address, mailing address)
  • Reason for visit or clinical concern
  • Insurance carrier, plan name, and member ID
  • Referring provider information (if applicable)
  • Preferred method of contact and preferred language

This information is used solely to schedule and confirm your visit, prepare your care team, verify insurance eligibility, and coordinate with referring providers. It is stored securely in athenahealth (athenaOne), our cloud-based electronic health record (EHR) and practice management system, and is subject to the same HIPAA protections as all PHI. athenahealth acts as a Business Associate under HIPAA and is bound by a Business Associate Agreement (BAA) with our practice.

Appointment Reminders: We may contact you via phone call, voicemail, email, or text message (SMS) to remind you of upcoming appointments or schedule changes. These communications may be sent through athenahealth's automated patient communication platform or directly by our office staff. You may opt out of automated reminders by contacting our office or updating your preferences in the athenahealth Patient Portal.

Website & Online Information

When you visit alamoliver.com, we may automatically collect certain non-personally identifiable information, including your browser type, device type, operating system, the pages you visit, and the time and date of your visit. This information is used solely to improve website performance and user experience.

Our website contact form collects your name, phone number, email address, and any message you submit. This information is transmitted securely and used only to respond to your inquiry. We do not sell, rent, or otherwise disclose this information to third parties, except as required by law or as necessary to respond to your request (e.g., routing an appointment request to our scheduling staff).

Cookies: Our website may use cookies or similar tracking technologies to improve functionality. You may configure your browser to refuse cookies, though some features of the site may not function properly as a result.

Third-party services: Our site uses Google Maps (for directions) and Google reCAPTCHA (for form spam prevention). These services have their own privacy policies and may collect data independently. We encourage you to review Google's Privacy Policy at google.com/policies/privacy. Our clinical and billing operations are powered by athenahealth (athenaOne), whose privacy practices are described at athenahealth.com/privacy-policy.

athenahealth Patient Portal

Alamo Liver Institute uses athenahealth / athenaOne for electronic medical records and patient portal access. The portal may allow patients to:

  • View certain health information and visit summaries
  • Complete intake forms and update demographic information
  • Request appointments and referrals
  • Exchange secure messages with our care team
  • Review billing information and make payments
  • Manage certain administrative aspects of care
The patient portal is intended for non-urgent communication only. Do not use the portal for emergencies or urgent symptoms. If you are experiencing a medical emergency, call 911 or go to the nearest emergency room immediately.

Patients are responsible for keeping their portal username, password, associated email account, and login credentials secure. Do not share your portal credentials with others.

Information Security

We implement administrative, physical, and technical safeguards required by HIPAA to protect the confidentiality, integrity, and availability of your PHI. These safeguards include:

  • athenahealth (athenaOne) — our cloud-based EHR and practice management system, which provides role-based access controls, encryption at rest and in transit, security features, and a signed Business Associate Agreement (BAA) with our practice
  • Secure, encrypted website contact forms (HTTPS/TLS)
  • Staff training on HIPAA Privacy and Security Rules
  • Periodic risk assessments and security audits
  • Business Associate Agreements (BAAs) with athenahealth and all other third-party vendors who may access PHI
  • Physical security measures at our office location

In the event of a breach of unsecured PHI, we will notify affected individuals as required by the HIPAA Breach Notification Rule (45 CFR §§ 164.400–164.414).

Minors

Our website is not directed to individuals under 18 years of age, and we do not knowingly collect personal information from minors through our website. If a minor is a patient, their PHI is handled in accordance with HIPAA and applicable Texas law governing minors' health information rights.

Parents and legal guardians may have rights to access their minor child's PHI. Certain categories of care (e.g., mental health, substance use, reproductive health) may have additional privacy protections under Texas law that limit parental access. Please contact our office for specifics.

Changes to This Notice

We reserve the right to modify this Privacy Policy and HIPAA Notice at any time. Changes will be posted on this page with an updated effective date. We may also provide notice to patients via our patient portal, by mail, or in our office. The revised Notice will apply to PHI we already maintain and to PHI we receive in the future, unless otherwise stated. We encourage you to review this page periodically.

Contact & Complaints

If you have questions about this Notice or about how we handle your health information, please contact our Privacy Officer:

Mailing Address
Alamo Liver Institute PLLC
Attn: Privacy Officer
6715 San Pedro Ave
San Antonio, TX 78216
Fax
844-749-3196

Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR):

  • Online: hhs.gov/ocr/complaints
  • By mail: 200 Independence Ave SW, Washington, DC 20201
  • By phone: 1-800-368-1019 (TDD: 1-800-537-7697)

We will not retaliate against you for filing a complaint.