Skip to content
START Center for Cancer Care

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Required under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 CFR § 164.520, and the Texas Medical Records Privacy Act, Texas Health & Safety Code Chapter 181.

Who We Are

The START Center for Cancer Care (“we,” “us,” or “Organization”) is a Texas-based oncology care organization and a Covered Entity under HIPAA (45 CFR Parts 160 and 164) and under the Texas Medical Records Privacy Act (Texas Health & Safety Code Chapter 181). This Notice applies to all Protected Health Information (PHI) created, received, or maintained by our Organization, including information created through our use of artificial intelligence tools in clinical documentation.

We are required by law to: maintain the privacy of your PHI; provide you with this Notice; follow the terms of the Notice currently in effect; and notify you if a breach of your unsecured PHI occurs.

Protected Health Information (PHI) Defined

Protected Health Information means individually identifiable health information in any form — electronic, paper, or oral — relating to your health condition, care, or payment for care. As a cancer care organization, your PHI includes diagnoses, treatment records, imaging, lab results, clinical notes (including AI-generated notes reviewed by your clinician), and billing records.

How We May Use & Disclose Your Information Without Authorization

Federal and Texas law permit us to use and disclose your PHI for the following purposes without your written authorization:

Treatment

Coordinating your cancer care among physicians, nurses, specialists, laboratories, imaging providers, and all other clinicians involved in your oncology treatment plan — including referring providers and hospitals.

Payment

Billing and collecting payment from Medicare, Medicaid, private insurers, and other payers. Obtaining prior authorizations and verifying coverage for your treatment

Healthcare Operations

Quality assessment and improvement, accreditation and licensing activities, staff and trainee education, compliance auditing, business planning, and use of AI tools for clinical documentation and administrative operations.

Required by Law

Mandatory reporting to the Texas Cancer Registry (Texas Health & Safety Code Chapter 82), public health authorities, child or adult protective services, workers’ compensation, court orders, and law enforcement as permitted under 45 CFR § 164.512.
Texas Cancer Registry — Mandatory Reporting

As a Texas cancer treatment facility, we are legally required under Texas Health & Safety Code Chapter 82 to report your cancer diagnosis and treatment information to the Texas Cancer Registry, operated by the Texas Department of State Health Services. This reporting does not require your authorization and is protected by state confidentiality provisions. Registry data is used for cancer surveillance, research, and public health purposes.


Family & Caregivers Involved in Your Care

Sharing information relevant to your care with a family member, caregiver, or other person you identify as involved in your care. In emergencies, we may share limited information with those involved in your care if it is in your best interest. You may restrict such sharing at any time.

Facility Directory

We may include your name, general location within our facility, and religious affiliation in a facility directory. This information may be disclosed to persons who ask for you by name and to clergy. You may restrict or object to directory inclusion by notifying any member of your care team.

Research

IRB-approved research protocols, or research with an appropriate waiver of authorization reviewed by a Privacy Board under 45 CFR § 164.512(i). As a cancer care organization, clinical trial participation is governed separately by your signed research consent form.

Health Oversight Activities

Government audits, investigations, inspections, and licensure surveys conducted by the Texas Medical Board, the Texas Health and Human Services Commission, the Centers for Medicare & Medicaid Services (CMS), and the Joint Commission.

Serious Threats to Health or Safety

Disclosures we believe in good faith are necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public, consistent with applicable law and ethical standards.

Decedents

Disclosures to coroners, medical examiners, and funeral directors for purposes of identifying a deceased person or determining cause of death, consistent with Texas Health & Safety Code § 166.002.


Uses & Disclosures That Require Your Written Authorization

Click here to change this teOther than the permitted uses described above, we will not use or disclose your Protected Health Information without your signed, written authorization.

Marketing Communications

We will contact you with marketing communications — such as information about our programs, services, clinical trials, and cancer care resources — only if you provide explicit written authorization.

Your authorization will specify exactly what types of communications you will receive and how you will be contacted

  • You may revoke your authorization at any time in writing; revocation does not affect actions already taken
  • We will never use your health information to target you with advertising from third-party companies

Sale of Protected Health Information

We Do Not Sell Your Health Information

We do not sell, rent, or trade your Protected Health Information under any circumstances. The sale of PHI is prohibited under HIPAA (45 CFR § 164.502(a)(5)(ii)) and Texas Health & Safety Code § 181.006. Any exchange of PHI for remuneration requires your explicit written authorization, which we will never seek for commercial or marketing purposes.

Psychotherapy Notes

We will not disclose psychotherapy notes (as defined under 45 CFR § 164.501) without your specific written authorization, except in very limited circumstances permitted by law.

Specially Protected Categories of Health Information

Certain categories of health information receive heightened protection under Texas law beyond standard HIPAA requirements. Disclosure of the following requires specific authorization or meets a stricter legal standard:

HIV/AIDS Status & Test Results

Texas Health & Safety Code Chapter 81 — requires specific written consent for each disclosure. Non-disclosure is the default, even to family members, without your explicit consent.

Mental Health Records

Texas Health & Safety Code Chapter 611 — strict limitations on disclosure. Mental health providers have additional duties of confidentiality beyond HIPAA.

Substance Use Disorder Treatment Records

42 CFR Part 2 & Texas Health & Safety Code Chapter 462 — federal regulations provide protections stronger than HIPAA. Separate written consent is required for most disclosures.

Genetic Information

Texas Health & Safety Code Chapter 546 & the Genetic Information Nondiscrimination Act (GINA) — we will not disclose your genetic information to insurers, employers, or others for underwriting or employment decisions. This is particularly relevant for hereditary cancer risk information (e.g., BRCA1/2 testing).

Reproductive Health Information

Includes fertility treatment, pregnancy-related care, and related services. Subject to heightened disclosure limitations under Texas and federal law.

Cancer Diagnosis & Treatment Records

As our primary scope of care, your oncology records are handled with the highest level of confidentiality controls in our systems, including access restrictions, audit logging, and encryption.

Your Patient Rights

You have the following rights under HIPAA (45 CFR §§ 164.520–164.528) and Texas law. To exercise any right, submit a written request to our Privacy Officer at privacy@thestartcenter.com or (210) 593-5872.

Right to Access Your Health Information

You have the right to inspect and receive a copy of your medical records and other PHI used to make decisions about your care. We will respond within 30 days (60 days if records are off-site, with one 30-day extension permitted). You may request records in electronic format. We may charge a reasonable, cost-based fee consistent with Texas Health & Safety Code § 241.154. We will not charge for records sent electronically to another provider at your direction.

Right to Request Amendment

If you believe your PHI is incorrect or incomplete, you may request an amendment. We will act within 60 days. We may deny the request if the information was not created by us, is not part of the designated record set, or is accurate and complete. Denials will be provided in writing with instructions on how to disagree. This right extends to AI-generated clinical documentation incorporated into your record.

Right to an Accounting of Disclosures

You may request a list of disclosures of your PHI made in the prior six years that were not for treatment, payment, healthcare operations, or other specified exceptions under 45 CFR § 164.528. We will provide this accounting within 60 days of your written request.

Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI. We are not generally required to agree — except: if you request that we not disclose PHI to a health plan for a service you paid for entirely out of pocket, we must comply. All restriction requests must be in writing.

Right to Confidential Communications

You may request that we contact you only at a specific phone number or address. We will accommodate reasonable requests without requiring you to explain your reason. Requests must be in writing and specify your preferred method or location.

Right to Opt Out of Fundraising

We may contact you with fundraising communications for our cancer care mission. Each communication will include clear opt-out instructions. We will not condition your treatment on your decision regarding fundraising.

Right to Receive This Notice

You have the right to receive a paper copy of this Notice upon request at any time, even if you agreed to receive it electronically. This Notice is available at all our facilities, on our website, and through our patient portal.

Right to File a Complaint Without Retaliation

You have the right to file a complaint with our Privacy Officer or with the U.S. Department of Health & Human Services Office for Civil Rights. We will not retaliate against you for exercising any privacy right or filing a complaint. Retaliation against patients who exercise HIPAA rights is itself a HIPAA violation.

Artificial Intelligence & Ambient Documentation Disclosure

Warning

Required Disclosure: We use ambient artificial intelligence technology to assist clinicians in generating clinical documentation. Under our AI Governance Policy and HIPAA, this section provides the disclosures you are entitled to receive before or at the time of your visit

How Ambient AI Documentation Works

  • An AI system (governed by a HIPAA Business Associate Agreement) may listen to and transcribe conversations between you and your care team during your clinical encounter
  • The AI generates a draft clinical note, which your physician reviews, edits, and approves before it enters your record
  • No AI-generated note becomes part of your official medical record without a licensed clinician’s signature and authorization
  • Audio and raw transcripts are not retained beyond the period necessary to generate the clinical note
  • All ambient AI vendors execute HIPAA Business Associate Agreements and are contractually prohibited from using your PHI to train their models
  • You will be informed before AI documentation technology is used in your visit

Your Rights Regarding AI Documentation

  • Opt out at any time: Inform any member of your care team that you do not wish to have AI documentation used during your visit — your care will not be affected in any way
  • Access & amendment: AI-generated clinical notes are part of your medical record and subject to the same access and amendment rights described in Section 5
  • Human oversight: No AI system makes final clinical decisions about your diagnosis or treatment without physician review and judgment
  • Vendor accountability: AI vendors are contractually required to maintain HIPAA compliance and are subject to security review before deployment


Other Administrative AI Uses

We may also use AI tools for prior authorization processing, appointment scheduling assistance, revenue cycle management, and quality reporting. All such uses are governed by Business Associate Agreements and our internal AI Governance Policy, which requires human review of AI outputs that affect patient care.

Your Texas-Specific Privacy Rights

Texas law provides several privacy protections that exceed the federal HIPAA minimum. As a patient in Texas, you benefit from the following additional rights and protections:


Texas Medical Records Privacy Act (Texas Health & Safety Code Chapter 181)

  • Broader scope: Texas law extends HIPAA-like protections to additional entities that handle health information, including some not covered by federal law
  • Genetic information: We will not disclose your genetic information to insurers, employers, or others for underwriting or employment decisions (Texas Health & Safety Code Chapter 546)
  • Electronic records: You have the right to receive your records electronically and to direct them to another provider
  • Private right of action: Texas residents may have the right to bring a civil lawsuit for violations of Texas health privacy law, in addition to filing federal complaints

Breach Notification Under Texas Law

For breaches affecting 250 or more Texas residents, we are required to notify the Texas Attorney General in addition to affected individuals, under Texas Business & Commerce Code § 521.053.

Advance Directives (Texas Health & Safety Code Chapter 166)

Your advance directives, out-of-hospital DNR orders, and POST (Physician Orders for Scope of Treatment) documents are maintained as part of your medical record and shared with your care team as necessary for your care. Contact our Medical Records department for information about your advance directive documents.

Non-Discrimination

We do not discriminate based on race, color, national origin, sex, age, or disability in our privacy practices. Language assistance services and alternative format accommodations are available at no cost. Contact Patient Services to request accommodations.

Breach Notification

If a breach of your unsecured Protected Health Information occurs, we will notify you without unreasonable delay and no later than 60 calendar days after discovery, as required by the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414) and Texas Business & Commerce Code § 521.053.

Our notification to you will include:

  • A description of what happened, including the dates of the breach and discovery
  • The types of PHI involved in the breach
  • Steps you should take to protect yourself from potential harm
  • What we are doing to investigate the breach, mitigate harm, and prevent future breaches
  • Contact information for our Privacy Officer and any applicable credit monitoring resources

For breaches affecting 500 or more individuals, we will also notify the HHS Office for Civil Rights. For breaches affecting 250 or more Texas residents, we will notify the Texas Attorney General. We maintain a breach log and report smaller breaches to HHS annually as required.

Our Duties to You

We are required by law to:

  • Maintain the privacy of your Protected Health Information
  • Provide you with this Notice of Privacy Practices
  • Notify you following a breach of your unsecured PHI
  • Follow the terms of the Notice currently in effect
  • Not retaliate against you for exercising any right described in this Notice
  • Obtain your written authorization before using or disclosing your PHI for marketing purposes
  • Not sell your PHI without your authorization

We reserve the right to change this Notice and to make the new Notice effective for all PHI we already maintain. Revised Notices will be posted in our facilities, on our website, and provided to you upon request. Material changes will be communicated to established patients through the patient portal or by mail.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with a regulatory agency. We will not retaliate against you for filing a complaint.

Our Privacy Officer

Privacy Officer
The START Center for Cancer Care
4383 Medical Dr, San Antonio, TX 78229
Phone or fax: (210) 593-5872
Email: privacy@thestartcenter.com

U.S. Department of Health & Human Services — Office for Civil Rights

hhs.gov/ocr/complaints | 1-800-368-1019 | TDD: 1-800-537-7697

Texas Attorney General — Consumer Protection Division

texasattorneygeneral.gov | 1-800-252-8011

Texas Medical Board (Physician-Related Concerns)

tmb.state.tx.us | 1-800-201-9353

Acknowledgment of Receipt

We will ask you to sign an acknowledgment confirming you received this Notice. Signing is not a condition of treatment. If you decline or are unable to sign, we will document our good-faith effort to provide this Notice as required under 45 CFR § 164.520(c)(2).

The START Center for Cancer Care | Effective Jan 1, 2026

Questions or requests: privacy@thestartcenter.com | (210) 593-5872 | See also: Privacy Policy HIPAA Policy

Ready For An Appointment?

Our team is here to guide you. Fill out the form below, and we'll connect with you soon.

Doctor with an older woman