THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
Cantex Continuing Care Network (“Cantex,” “we,” “our,” or “Facility”) is committed to protecting the privacy and confidentiality of your Protected Health Information (“PHI”) and Personally Identifiable Information (“PII”). PHI is information that identifies you and relates to your physical or mental health condition, the provision of health care services, or payment for those services.
We are required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and applicable state and federal law to:
• Maintain the privacy of your PHI
• Provide you with this Notice of Privacy Practices (“Notice”)
• Abide by the terms of this Notice currently in effect
• Notify you following a breach of unsecured PHI
This Notice explains how we may use and disclose your PHI, your rights regarding your PHI, and our legal duties.
PERMITTED USES AND DISCLOSURES OF PHI: We may use and disclose your PHI without your written authorization for the following purposes:
1. Treatment: We may use or disclose your PHI to provide, coordinate, or manage your health care.
a) For Example: We may share medical information with physicians, nurses, therapists, pharmacists, technicians, hospice providers, or other personnel involved in your care.
2. Payment: We may use and disclose your PHI to bill and collect payment for services provided to you.
a) For Example: We may send information to Medicare, Medicaid, private insurers, or other third-party payors to verify eligibility or obtain payment. We may also disclose PHI to billing companies and claims processors that assist us.
3. Health Care Operations: We may use and disclose your PHI for operational purposes necessary to run our organization.
a) These include:
1. Quality assessment and performance improvement
2. Clinical peer review
3. Staff training and education
4. Compliance audits
5. Risk management activities
6. Accreditation reviews
7. Business planning and development
We may disclose PHI to accountants, attorneys, consultants, and business associates as needed to ensure compliance with applicable laws.
B. Other Permitted or Required Disclosures: We may also disclose PHI without your authorization in the following circumstances:
• Emergency Treatment
• Personal Representatives (legal guardians, executors, POA)
• Family and Friends involved in care or payment, unless you object
• Public Health activities
• Health Oversight agencies
• Law Enforcement purposes
• Court orders, subpoenas, or legal proceedings
• Abuse, neglect, or domestic violence reporting
• Serious threat to health or safety
• Workers’ Compensation
• Military and national security activities
• Organ donation
• Coroners, medical examiners, funeral directors
• Disaster relief agencies
• Research, subject to privacy protections
C. Direct Contact with You: We may contact you to:
• Remind you of appointments
• Inform you about treatment alternatives
• Provide information about health-related benefits or services
If we engage in fundraising communications, you will have the right to opt out of such communications.
USES AND DISCLOSURES REQUIRING WRITTEN AUTHORIZATION:
We must obtain your written authorization for:
• Uses or disclosures not described in this Notice
• Marketing activities involving PHI
• Sale of PHI
• Disclosure of psychotherapy notes (except limited exceptions)
You may revoke your authorization in writing at any time.
YOUR RIGHTS REGARDING YOUR PHI:
• Right to Receive a Paper Copy of This Notice.
o You may request a copy of the paper at any time, even if you agreed to receive it electronically
• Right to Inspect and Copy PHI
o You may request access to your medical record for as long as we maintain it.
o Requests must be submitted in writing to the Privacy Officer. Reasonable fees may apply as permitted by state law.
• Right to Request Restrictions:
o You may request restrictions on:
Treatment
Payment
Health care operations
Disclosures to family members
We are not required to agree to requested restrictions, except: You have the right to restrict disclosure to a health plan if you paid out-of-pocket in full for the services.
• Right to Confidential Communications
o You may request that we contact you in a specific way (e.g., at home only, not at work).
• Right to Request Amendment
o If you believe your PHI is incorrect or incomplete, you may request an amendment.
We may deny your request if:
• We did not create the information
• The information is accurate and complete
• The information is not maintained by us
• The information is not available for inspection
• Right to an Accounting of Disclosures
You may request a list of certain disclosures made in the past six (6) years, excluding disclosures for treatment, payment, and operations.
• Right to Notice of Breach
o You will receive written notice if your unsecured PHI is breached.
OUR DUTIES:
Cantex Continuing Care Network is required by applicable federal and state laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and implementing regulations at 45 C.F.R. Parts 160 and 164, to maintain the privacy and security of your Protected Health Information (“PHI”). We are committed to protecting the confidentiality, integrity, and availability of your PHI through the implementation of appropriate administrative, physical, and technical safeguards designed to prevent unauthorized access, use, or disclosure.
Cantex is required to provide you with this Notice of Privacy Practices, which describes our legal duties, privacy practices, and your rights concerning your PHI. This Notice outlines the circumstances under which we may use or disclose your PHI and explains the protections afforded to you under federal and applicable state law.
We are obligated to comply with the terms of the Notice currently in effect. Cantex will not use or disclose your PHI in a manner that is inconsistent with this Notice unless you provide a valid written authorization or unless such use or disclosure is otherwise permitted or required by law.
Cantex reserves the right to revise or amend the terms of this Notice at any time. Any revision will apply to all PHI that we maintain, including information created or received prior to the effective date of the revision. If we make material changes to our privacy practices, we will update this Notice and distribute the revised version in accordance with regulatory requirements.
Breach Notification Obligations:
In accordance with the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414), Cantex is required to notify affected individuals following the discovery of a breach of unsecured PHI. A “breach” generally means the acquisition, access, use, or disclosure of PHI in a manner not permitted under HIPAA that compromises the security or privacy of the information.
If a breach of unsecured PHI occurs, we will provide written notification to affected individuals without unreasonable delay and no later than sixty (60) calendar days following discovery of the breach, unless a delay is required by law enforcement. The notification will include, to the extent known:
• A brief description of what happened, including the date of the breach and the date of discovery;
• A description of the types of information involved;
• Steps individuals should take to protect themselves from potential harm;
• A description of what Cantex is doing to investigate the breach, mitigate potential harm, and prevent future occurrences; and
• Contact information for individuals to obtain additional information.
When required by law, Cantex will also notify the Secretary of the U.S. Department of Health and Human Services and, in certain circumstances involving breaches affecting more than 500 residents of a state or jurisdiction, prominent media outlets. If we determine that substitute notice is necessary, we will provide such notice in accordance with regulatory requirements.
Cantex maintains policies and procedures designed to identify, assess, mitigate, and respond to potential breaches, including documented risk assessments to determine whether an impermissible use or disclosure constitutes a reportable breach under applicable law.
Revisions to This Notice:
Cantex Continuing Care Network reserves the right to revise or amend this Notice of Privacy Practices at any time. If we make material changes to the terms of this Notice, the revised Notice will apply to all Protected Health Information (“PHI”) that we maintain, including information created or received prior to the effective date of the revision. Upon request, we will provide copies of the current Notice to any individual. The most current version of this Notice will be prominently posted within our facilities in a location accessible to patients, residents, and visitors. In addition, if applicable, the Notice will be posted on our official website to ensure continued transparency and accessibility.
Acknowledgment of Receipt:
We will request that you sign a written acknowledgment confirming that you have received a copy of this Notice of Privacy Practices. Your signature acknowledges receipt of the Notice, not agreement with its terms. If you decline to sign the acknowledgment, we will document our good faith effort to obtain your written acknowledgment in accordance with applicable federal regulations. Your care and treatment will not be conditioned upon your signing of the acknowledgment form.
Electronic Notice:
If Cantex maintains a website that provides information regarding our services, this Notice of Privacy Practices will be prominently displayed on the website and made available in electronic format. Upon your agreement, we may provide this Notice to you via email. However, you retain the right to request and receive a paper copy of this Notice at any time, even if you have previously agreed to receive it electronically. In the event that email delivery of the Notice is unsuccessful or otherwise fails, we will promptly provide you with a paper copy to ensure compliance and accessibility.
Special Protections for Substance Use Disorder (SUD)
Treatment Records: Special Federal Confidentiality Protections (42 CFR Part 2)
Cantex Continuing Care Network complies with federal confidentiality protections governing substance use disorder (“SUD”) treatment records under 42 U.S.C. § 290dd-2 and 42 CFR Part 2, as amended. These protections apply when Cantex or any of its facilities operates as, or receives records from, a federally assisted substance use disorder treatment program (“Part 2 Program”).
SUD treatment records are afforded heightened privacy protections beyond those provided under HIPAA.
Use and Disclosure of SUD Treatment Records:
Records relating to the diagnosis, treatment, or referral for treatment of a Substance Use Disorder may not be used or disclosed without your written authorization unless permitted by federal law.
Permitted disclosures may include:
• Disclosures for treatment, payment, and health care operations as allowed under 42 CFR Part 2;
• Medical emergencies;
• Public health reporting;
• Program audits or evaluations;
• Disclosures pursuant to a court order that complies with 42 CFR Part 2; and
• Other limited circumstances expressly authorized by federal regulation.
A general authorization for release of medical information is not sufficient to authorize disclosure of SUD treatment records.
Prohibition on Redisclosure:
Substance Use Disorder treatment records disclosed by Cantex Continuing Care Network are protected by federal confidentiality rules.
Federal law prohibits the recipient from redisclosing such records unless further disclosure is expressly permitted by:
• Your written authorization; or
• 42 CFR Part 2.
Restrictions on Use in Proceedings:
SUD treatment records may not be used or disclosed in civil, criminal, administrative, or legislative proceedings against you without a court order that complies with 42 CFR Part 2.
These records may not be used to:
• Initiate or substantiate criminal charges against you; or
• Conduct criminal investigations of you, except as permitted by federal law
Anti-Discrimination Protections:
Federal law prohibits discrimination against individuals based on information contained in Substance Use Disorder treatment records. Such records may not be used to deny health care, employment, housing, or access to other benefits, except as permitted by law.
REVIEW AND DOCUMENTATION:
The Privacy Officer will:
• Periodically review this Notice
• Update it as needed to reflect changes in law or operations
• Maintain documentation of issued Notices consistent with Cantex’s Documentation and Retention Policy
Corporate Privacy and Legal Counsel are available to assist with revisions.
If you believe your privacy rights have been violated, you may file a complaint without fear of retaliation.
To File a Complaint with Cantex:
Cantex Continuing Care Network; Compliance & Privacy Office
2537 Golden Bear Dr. Carrollton, Texas 75006
Phone: 214-954-4114
Email: compliance@cantexcc.com
Compliance Ethics Hotline: 1-877-428-8844
Web Portal: www.CantexDoingRight.com
You may also contact:
U.S. Department of Health and Human Services Office for Civil Rights
200 Independence Avenue, S.W.
Room 515F HHH Building
Washington, D.C. 20201
Website: https://ocrportal.hhs.gov
Phone: (800) 368-1019
TDD: (800) 537-7697
We will not retaliate against you for filing a complaint.
Effective Date: February 16, 2026