Emergency Care Patient Portal Order Contacts College of Optometry
Privacy

NOTICE OF PRIVACY PRACTICES

This notice explains how we may use or disclose your medical information, be used or disclosed, and how you can access your medical information. This notice also describes your rights and our responsibilities regarding the use and disclosure of your medical information.

Please review this notice carefully. EFFECTIVE: APRIL 15, 2026

I. OUR OBLIGATIONS.

This Notice explains how we protect your personal medical information at the University Eye Institute (UEI), also known as the UH Eye Care Center, and our affiliated clinics. Everyone who works with us, including our staff, doctors, and business partners, is required to follow these rules. Throughout this document, any mention of “UEI” refers to all our eye care locations and clinics, ensuring your private health information is handled safely across our entire network.

Protected Health Information (“PHI”) includes any information, whether oral, written or recorded in electronic form, that is created or received by us as health care providers, and that identifies you and relates to your past, present, or future physical or mental health, or condition, treatment, or payment for your health care.

We are required by law to:

  • Maintain the privacy of your PHI to the extent required by state and federal law;
  • Give you this Notice explaining our legal duties and privacy practices with respect to your PHI;
  • Notify you in the event of a breach of your PHI; and
  • Follow the terms of the version of this Notice that is currently in effect.

If we revise this Notice, we will make the revised Notice available to you upon request and will follow the terms of the revised Notice so long as it is in effect. This Notice is maintained on our website and in conspicuous locations within our facilities.

We maintain your PHI in records that are kept confidential, as required by law. However, we must use and disclose your PHI to the extent necessary to provide you with quality health care.

II. NOTIFICATION OF ELECTRONIC USES AND DISCLOSURES OF PHI

We use an electronic health record system to manage your PHI. We may create, receive, maintain, and disclose your PHI in electronic format. We may communicate with you through email, text messages, phone calls, and the secure patient portal. If you initiate or otherwise agree to receive communications from us electronically, we will assume that you understand the privacy and security risks inherent to electronic communications.

III. HOW WE MAY USE AND DISCLOSE YOUR PHI.

The following categories describe the different reasons that we typically use and disclose PHI. These categories are intended to be general descriptions only, and not a list of every instance in which we may use or disclose your PHI. Please understand that for these categories, the law generally does not require us to get your authorization in order for us to use or disclose your PHI.

A. For Treatment. We may use and disclose your PHI to provide you with health care treatment and related services, including coordinating and managing your health care. We may disclose medical information about you to physicians, nurses, or other health care providers and personnel who are involved in providing health care to you both within and outside of UEI. For example, should your care require referral to or treatment by another physician outside of UEI, we may provide that physician with your PHI in order to aid the physician in their treatment of you. Some uses and disclosures for treatment purposes also include the following:

a. Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that we believe may be of interest to you.

b. Appointment Reminders and Health Related Benefits and Services. We may use and disclose medical information in order to contact you (including, for example, contacting you by phone, leaving a message on an answering machine, leaving a message with the person answering the phone, or contacting you by automated text/e-mail) to provide appointment reminders and other information. We may use and disclose medical information to tell you about health-related benefits or services that we believe may be of interest to you.

B. For Payment. We may use and disclose your PHI as requested by your health plan, insurer, or other third-party payor, to obtain payment for treatment or services that we provide to you. This may include the disclosure of your PHI to obtain prior authorization for treatment and procedures from your insurance plan. For example, we may send a claim for payment to your insurance company, and that claim may have a code on it that describes the services that have been rendered to you. However, if you pay for an item or service entirely out-of-pocket and request that we not disclose that item or service to your health plan, then we will follow that restriction on disclosure unless otherwise required by law (see Section V(D) for more detail).

C. For Health Care Operations. We may use and disclose your PHI for our health care operations. These uses and disclosures are necessary to operate and manage our practice and to promote quality care. Uses and disclosures for health care operations include:

a. Quality Assurance. We may need to use or disclose your PHI for our internal processes to assess and facilitate the provision of quality care to our patients.

b. Utilization Review. We may need to use or disclose your PHI to perform a review of the services we provide to evaluate whether the appropriate level of services is received, depending on the condition and diagnosis.

c. Credentialing and Peer Review. We may need to use or disclose your PHI in order for us to review and evaluate the credentials, qualifications, and actions of our health care providers.

d. Risk Management, Legal, Compliance, and Audit Functions. We may use and disclose your PHI to facilitate risk management efforts, legal reviews, compliance programs, accreditation processes, licensing and credentialing services, and audit functions.

D. Business Associates. We may disclose your PHI to certain vendors, otherwise referred to as “business associates,” with whom we contract to provide services on our behalf. Our business associates are required to appropriately safeguard our patients’ PHI.

E. Individuals Involved in Your Care or Payment for Your Care. We may disclose your PHI to a friend or family member who is involved in your health care, as well as to someone who helps pay for your care, but we will do so only as allowed by state or federal law (with an opportunity for you to agree or object when required under the law), or in accordance with your prior authorization.

F. As Required or Permitted by Law. We may use and disclose your PHI as required or permitted by federal, state, or local law. Uses and disclosures required or permitted by law include, but are not limited to, the following:

a. Public Safety. We may use and disclose your PHI when we believe the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

b. Organ and Tissue Donation. If you are an organ, eye, or tissue donor, we may use and disclose your PHI to an organ donation and procurement organization.

c. Research. As an academic institution, an important part of our mission is research. We may use or disclose your PHI for research purposes in certain situations. For instance, our researchers may use your PHI to prepare research protocols or identify potential study participants. Under applicable law, our researchers may only use and disclose your PHI for research purposes once the research protocol has been reviewed and approved by an Institutional Review Board (IRB). IRBs are responsible for protecting individual research participants and ensuring that research is conducted ethically. We may use or disclose your PHI for research purposes without your consent if the IRB grants its permission. Additionally, we may use or disclose your PHI for research purposes if your consent has been obtained when required by law, or if the information we provide to researchers is “de-identified.”

d. Specialized Government Functions. We may disclose your PHI for special governmental functions, such as military and veterans’ activities, national security, and intelligence activities. We may also disclose your PHI to correctional institutions for law enforcement custodial situations.

e. Workers’ Compensation. We may disclose your PHI regarding your workers’ compensation or similar program. These programs provide benefits for work-related injuries. For example, if you have injuries that resulted from your employment, workers’ compensation insurance or a state workers’ compensation program may be responsible for the payment of your care, in which case we may provide your PHI to the insurer or program.

f. Public Health and Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include audits, civil, administrative, or criminal investigations and proceedings, inspections, licensure and disciplinary actions, and other activities necessary for the government to monitor the health care system, certain governmental benefit programs, certain entities subject to government regulations which relate to health information, and compliance with civil rights laws. Additionally, we may use or disclose your PHI for public health activities, including for reporting disease, injury, or vital events, and for conducting public health surveillance, investigation, or intervention.

g. Abuse or Neglect. In accordance with federal and state law, we may disclose your PHI when it concerns abuse, neglect, or domestic violence, such as reporting to social welfare, law enforcement, or protective service agencies. Except in certain limited circumstances, we will promptly inform you that a report of abuse, neglect, or domestic violence has been or will be made.

h. Legal Matters. If you are involved in a lawsuit or a legal dispute, we may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process. In addition to lawsuits, there may be other legal proceedings for which we may be required or authorized to use or disclose your PHI, such as investigations of health care providers, competency hearings on individuals, or claims over the payment of fees for medical services.

i. Law Enforcement. We may disclose your PHI to law enforcement personnel for certain law enforcement purposes. For example, we may disclose your PHI to identify or locate a suspect, fugitive, material witness, or missing person; to report crimes in emergencies; to report deaths or certain violent injuries; and to meet other mandatory reporting requirements.

j. Coroners, Medical Examiners, and Funeral Home Directors. We may disclose your PHI to a coroner, medical examiner, or funeral director as necessary for them to fulfill their duties.

k. Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the health care personnel of a correctional institution as necessary for the institution to provide you with health care treatment.

l. Marketing of Related Health Services. We may use or disclose your PHI to send you treatment or healthcare operations communications concerning treatment alternatives or other health-related products or services. We may provide such communications to you in instances where we receive financial remuneration from a third party in exchange for making the communication only with your specific authorization unless the communication: (i) is made face-to-face by the Practice to you, (ii) consists of a promotional gift of nominal value provided by the Practice, or (iii) is otherwise permitted by law. If the marketing communication involves financial remuneration and an authorization is required, the authorization must state that such remuneration is involved. Additionally, if we use or disclose information to send a written marketing communication (as defined by Texas law) through the mail, the communication must be sent in an envelope showing only the name and addresses of sender and recipient and must (i) state the name and toll-free number of the entity sending the market communication; and (ii) explain the recipient’s right to have the recipient’s name removed from the sender’s mailing list.

m. Fundraising. We may use or disclose certain limited amounts of your PHI to send you fundraising materials. You have a right to opt out of receiving such fundraising communications. Any such fundraising materials sent to you will have clear and conspicuous instructions on how you may opt out of receiving such communications in the future.

n. Incidental Disclosures. We may use or disclose limited information about you as part of our routine office procedures. For example, you may be asked to sign in when you arrive, and your name may be called in the waiting area. Only the minimum information necessary to achieve the intended purpose will be incidentally disclosed.

G. Special Privacy Protections for Substance Use Disorder Information: Records relating to substance use disorder are subject to special protections under federal law. In some cases, UEI may receive or maintain these records about you. UEI will only use or disclose your substance use disorder records with your written consent or as otherwise permitted or required by applicable law.

UEI will not use or share your substance use disorder records, or any testimony about those records, in legal proceedings against you unless you have given written consent or we receive a court order and you have been notified and allowed to respond. The court order must be accompanied by a subpoena or another legal requirement that compels disclosure.

IV. Uses and Disclosures Requiring Your Authorization (Permission)

The use or disclosure of your PHI for purposes of activities not listed above or otherwise permitted by law will be made only with your written permission, known as an “Authorization.” If you permit us to use and disclose your PHI, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose your PHI for the reasons covered by your written authorization. We are unable to take back any uses or disclosures we have already made in reliance on your authorization. If your PHI is disclosed to a third-party with your permission, that PHI is no longer subject to this notice, and the recipient may redisclose your PHI if the recipient is not subject to federal privacy laws.

A. Psychotherapy Notes, Marketing and Sale of Medical Information. Most uses and disclosures of “psychotherapy notes,” uses and disclosures of medical information for marketing purposes, and disclosures that constitute a “sale of medical information” under HIPAA require your authorization.

V. YOUR RIGHTS REGARDING YOUR PHI.

Federal and state laws provide you with certain rights regarding the medical information we have about you. The following is a summary of those rights.

A. Right to Inspect and Copy. Under most circumstances, you have the right to inspect and/or copy your PHI that we have in our possession, which generally includes your medical and billing records. To inspect or copy your PHI, you must submit your request to do so in writing to the UEI Privacy Officer at the address listed in Section VII below. We will act on your request within 15 business days of receiving your written request.

If you request a copy of your information, we may charge a reasonable fee for the costs of copying, mailing, or certain supplies associated with your request. The fee we may charge will be the amount allowed by applicable law.

If your requested medical information is maintained in an electronic format (e.g., as part of an electronic medical record, electronic billing record, or other group of records maintained by UEI that is used to make decisions about you) and you request an electronic copy of this information, then we will provide you with the requested medical information in the electronic form and format requested, if it is readily producible in that form and format. If it is not readily producible in the requested electronic form and format, we will provide access in a readable electronic form and format as agreed to by UEI and you.

In certain very limited circumstances allowed by law, we may deny your request to review or copy your medical information. We will give you any such denial in writing. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by UEI will review your request and the denial. The person conducting the review will not be the person who denied your request. We will abide by the outcome of the review.

B. Right to Amend. If you feel the medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by UEI. To request an amendment, your request must be in writing and submitted to the UEI Privacy Officer at the address listed in Section VII below. In your request, you must provide a reason as to why you want this amendment. If we accept your request, you will be notified in writing. UEI will respond to your request written request for an amendment within 60 days of receiving the request.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that (i) was not created by us (unless you provide a reasonable basis for asserting that the person or organization that created the information is no longer available to act on the requested amendment), (ii) is not part of the information kept by UEI, (iii) is not part of the information which you would be permitted to inspect and copy, or (iv) is accurate and complete. If we deny your request, we will notify you of that denial in writing.

C. Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures” of your medical information. This is a list of the disclosures we have made for up to six years before the date of your request of your medical information, but does not include disclosures for Treatment, Payment, or Health Care Operations (as described in Sections III A, B, and C of this Notice) or disclosures made pursuant to your specific authorization (as described in Section IV of this Notice), or certain other disclosures.

To request a list of accounting, you must submit your request in writing to the UEI Privacy Officer at the address outlined in Sections VII below. We will act upon your request for an accounting within 60 days after we receive your written request.

Your request must state a time period, which may not be longer than six years. Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within twelve months will be free. For additional lists, we may charge you a reasonable fee for the costs of providing the list. We will notify you of the cost involved, and you may choose to withdraw or modify your request at that time before any costs are incurred.

D. Right to Request Restrictions. You have the right to request a restriction or limitation on our use or disclosure of your PHI for treatment, payment, or health care operations. You also have the right to request a restriction or limitation on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. You may not request a restriction of a disclosure that is required by law.

We will attempt to accommodate all reasonable requests for restrictions, but we are not obliged to agree to a restriction (except as otherwise noted in this paragraph).

As required by law, we will honor your request not to disclose certain PHI to a health plan, insurer, or other third-party payor for payment or health care operations if the PHI relates only to services you have fully paid for out-of-pocket. Please note that this restriction may have unintended consequences. For example, other providers (such as a pharmacy filling a prescription) may need this information, and you will be responsible for notifying them of the restriction. In addition, a restriction may also affect your health plan’s willingness to cover the cost of related services. If you choose not to pay for those services out-of-pocket, your plan may deny payment because the restricted information cannot be shared.

To request a restriction, you must make your request in writing to the UEI Privacy Officer at the address listed in Section VII of this Notice below. In your request, you must specifically tell us (1) what information you want to limit, (2) whether you want us to limit our use, disclosure, or both, and (3) to whom you want the limits to apply.

E. Right to Request Confidential Communications. You have the right to ask us to communicate with you in a specific way or at a certain location. For example, you may ask that we contact you only at home and not at work, or only at work and not at home. To make a specific request regarding confidential communications, you must submit a request in writing to the UEI Privacy Officer at the address listed in Section VII below. We will not ask why you are making the request, and we will make every effort to accommodate reasonable requests. However, some requests may not be possible. Your request must clearly state how and where you would like us to contact you.

F. Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. To obtain a copy of this Notice, you must make your request by writing to the UEI Privacy Officer at the address outlined in Section VI below.

G. Right to Breach Notification. We are required to notify you if your PHI is breached. A breach is an unpermitted use or disclosure of PHI in which there is more than a low probability that such PHI has been compromised.

VI. CHANGES TO THIS NOTICE.

We reserve the right to update this Notice, as well as our privacy policies and practices, at any time. We reserve the right to make the revised or changed Notice effective for medical information we already have about you and for any information we receive in the future. We will post a copy of the current notice online and in our office, and we will announce any updates as applicable. You can request a revised copy at any time by writing to the UEI Privacy Officer at the address listed in Section VII below or by asking the office receptionist for a current copy of the Notice.

VII. COMPLAINTS.

If you believe that your privacy rights as described in this Notice have been violated, you may file a complaint with the UEI at:

UH Eye Care Center
Attn: UEI Privacy Officer
4401 Martin Luther King Blvd.., Houston, TX 77204-2020
713-743-9605

You may file a complaint by phone or in writing. The Practice will not retaliate against anyone who files a complaint. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services by contacting the U.S Department of Health and Human Services, Office for Civil Rights (OCR), and submitting the complaint in writing (whether paper or electronically, by mail, fax, or email at OCRMail.hhs.gov). You may request additional information about how to file a complaint with OCR online at http://www.hhs.gov/ocr/privacy/hipaa/complaints/, by email at OCRMail@hhs.gov, or by phone at 1-800-368-1019. You have 180 days from the date you found out about the privacy incident to file your complaint with OCR. OCR may extend the 180-day period if you can show “good cause.”

Additionally, concerns about fraud, waste, abuse, or non-compliance may be reported through the UH System Fraud and Non-Compliance Hotline, which can be found on the UH System website at https://uhsystem.edu

If you have any questions about this Notice, please contact the UEI Privacy Officer at the address or phone number listed above.

VIII. ACKNOWLEDGEMENT AND REQUESTED RESTRICTIONS.

You will have the opportunity to acknowledge during your check-in or through our patient portal that you have received UEI’s Notice of Privacy Practices prior to any service being provided to you by UEI, and you consent to the use and disclosure of your medical information as set forth in the notice.