This Privacy Policy describes how Lexa Records (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information obtained through our website and online portal (the “Portal”). The Portal is provided to support authorized record requests, client services, and related projects. We are committed to protecting personal information, maintaining security, and complying with applicable privacy and data protection laws. Lexa Records acts as a Business Associate to healthcare providers and processes PHI on their behalf under executed Business Associate Agreements (BAAs)
This Privacy Policy applies to any individual or organization using the Portal, including users submitting information, managing requests, or participating in client projects.
We collect information that is submitted, generated, or received through use of the Portal in connection with record requests, project management, and related operational workflows.
We collect information submitted, generated, or received through the Portal in connection with requests, projects, or operational workflows. Users may provide:
We may collect certain information automatically to support security and system functionality, including:
We use personal information solely to:
We do not use PHI for marketing or non-permitted purposes. We do not provide legal or medical advice and users should not rely on Portal information as a substitute for professional guidance.
We disclose information only as permitted by HIPAA and applicable law, including:
Lexa Records does not sell, rent, or share PHI for advertising, marketing, or other commercial purposes.
Lexa Records maintains reasonable safeguards to protect information passed through the Portal. These measures are consistent with HIPAA Security Rule requirements and industry best practices. While we use reasonable safeguards, no system is completely secure. Users should also follow best practices to protect their own login credentials and account access. Users assume responsibility for the security of any PHI they download, store, or transmit outside of the Portal. In the event of a security incident or breach, Lexa Records follows HIPAA Breach Notification Rule obligations and contractual notification requirements to affected parties.
Lexa Records retains information, including PHI, only as long as necessary to:
Downloadable files are time-limited and expire. Lexa follows documented retention and secure destruction policies to protect sensitive information. Users assume responsibility for the security and handling of any PHI they download, transmit, or store outside the Portal
This Privacy Policy does not replace a healthcare provider’s HIPAA Notice of Privacy Practices and that patient rights under HIPAA are exercised through the provider. Lexa Records maintains safeguards and procedures to comply with HIPAA and applicable law. Users of the Portal have limited rights regarding information submitted through the system, including:
Submitting or correcting information you personally provide through the Portal
Revoking authorizations, where permitted under HIPAA and applicable law
Requests may require identity verification to protect privacy and security. Note: Access to or correction of PHI held by healthcare provider clients must be requested directly from the provider, as the Portal is a service platform and does not provide full patient record management functionality.
The Portal uses essential cookies and similar technologies for security, session management, and fraud prevention. We do not use tracking technologies for advertising.
The Portal is not intended for use by children under the age of 18. Any information related to minors is collected and processed only in connection with authorized ROI requests submitted by a parent, legal guardian, or other authorized representative.
We may update this Privacy Policy as needed. Changes will be posted with a revised “Effective Date.”
For questions about this Policy or your information, contact: info@lexarecords.com or 817-421-4700
The Portal is provided to support authorized record requests, client services, and related services. Any use of the Portal outside its intended purpose, including attempts to access information without authorization, is prohibited.
By using the Portal, you agree to:
You may not:
Portal access may be issued to authorized users. Lexa Records may require verification before granting access and may suspend or terminate accounts for:
Users acknowledge that Lexa Records maintains reasonable administrative, technical, and physical safeguards designed to protect information processed through the Portal in accordance with applicable law. No electronic system is completely secure. Users are responsible for protecting their login credentials and for safeguarding any information they download or access through the Portal. Users assume responsibility for the security of any PHI they download, store, or transmit outside of the Portal. Once information is disclosed pursuant to a valid authorization, responsibility for safeguarding that information transfers to the recipient, and Lexa Records is not liable for subsequent use or disclosure
Some requests may require payment.
The Portal, user interface, workflows, documentation, and all content excluding PHI are the property of Lexa Records. Users may not copy, reverse engineer, modify, or distribute any part of the Portal.
You agree not to:
Violations may result in immediate account termination and referral to law enforcement.
Lexa Records may modify or restrict Portal features, suspend access for maintenance, or discontinue the Portal at any time for operational, security, or compliance reasons.
Lexa Records is not liable for downtime, interruptions, or delays. Lexa Records may refuse, delay, or suspend processing of requests that are incomplete, invalid, suspicious, or non-compliant with these Terms or applicable law.
The Portal is provided on an “as-is” and “as-available” basis. Lexa Records does not guarantee uninterrupted or error-free operation. Users assume responsibility for any reliance on information accessed or downloaded through the Portal. Lexa Records does not provide legal or medical advice, and users should not rely on information accessed through the Portal as a substitute for professional guidance.
To the extent permitted by law, Lexa Records is not liable for:
You agree to take responsibility for any costs, damages, or claims that happen because of your actions while using the portal. Examples include, but are not limited to:
By accessing or using the Portal, you acknowledge that you have read, understood, and agree to be bound by these Terms & Conditions. If you do not agree to these Terms, you must not access or use the Portal. These Terms are governed by applicable federal and state laws. Lexa Records may update these Terms from time to time, with changes posted on the Portal. Continued use of the Portal indicates your acceptance of the revised Terms. For questions about these Terms, please see our Contact Us page.