Pay Invoice
Submit Request
Request Demo

Privacy Policy

1. Introduction

This Privacy Policy describes how Lexa Records (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information obtained through our website and online portal (the “Portal”). The Portal is provided to support authorized record requests, client services, and related projects. We are committed to protecting personal information, maintaining security, and complying with applicable privacy and data protection laws. Lexa Records acts as a Business Associate to healthcare providers and processes PHI on their behalf under executed Business Associate Agreements (BAAs)

2. Scope

This Privacy Policy applies to any individual or organization using the Portal, including users submitting information, managing requests, or participating in client projects.

3. Information We Collect

We collect information that is submitted, generated, or received through use of the Portal in connection with record requests, project management, and related operational workflows.

3.1 Information Provided by Users

We collect information submitted, generated, or received through the Portal in connection with requests, projects, or operational workflows. Users may provide:

  • Identifiers such as name, date of birth, address, and contact information, when required for a request or project
  • Medical or billing identifiers, including medical record numbers or other reference data necessary to perform services
  • Authorization or legal documents, such as HIPAA-compliant releases, subpoenas, or court orders
  • Project or workflow details, including notes, task-related information, or other relevant data

We may collect certain information automatically to support security and system functionality, including:

  • Portal usage and access logs
  • IP addresses, browser type, and device identifiers
  • Timestamped activity records, such as access attempts, submissions, task updates, or downloads

4. How We Use Information

We use personal information solely to:

  • Authenticate requestors and validate authorization
  • Fulfill medical record requests
  • Provide secure access to the Portal
  • Maintain compliance with HIPAA, state law, and contractual obligations
  • Prevent unauthorized access or misuse
  • Support audit and reporting requirementImprove Portal performance and security

We do not use PHI for marketing or non-permitted purposes. We do not provide legal or medical advice and users should not rely on Portal information as a substitute for professional guidance.

5. How We Disclose Informatio

We disclose information only as permitted by HIPAA and applicable law, including:

  • To our Healthcare Provider clients, in connection with providing Release of Information services on their behalf, including processing requests and supporting required accounting of disclosures
  • To authorized third parties, such as patients or their authorized representatives, legal requestors with valid authority, and vendors that support secure hosting, encryption, authentication, auditing, or file transmission (all subject to appropriate confidentiality obligations and Business Associate Agreements, where required)
  • When required by law, including in response to court orders, subpoenas, public health authorities, or law enforcement requests, as legally permitted

Lexa Records does not sell, rent, or share PHI for advertising, marketing, or other commercial purposes.

6. Data Security

Lexa Records maintains reasonable safeguards to protect information passed through the Portal. These measures are consistent with HIPAA Security Rule requirements and industry best practices. While we use reasonable safeguards, no system is completely secure. Users should also follow best practices to protect their own login credentials and account access. Users assume responsibility for the security of any PHI they download, store, or transmit outside of the Portal. In the event of a security incident or breach, Lexa Records follows HIPAA Breach Notification Rule obligations and contractual notification requirements to affected parties.

7. Data Retention

Lexa Records retains information, including PHI, only as long as necessary to:

  • Fulfill requests or complete services
  • Meet minimum retention periods under applicable state and federal laws

Downloadable files are time-limited and expire. Lexa follows documented retention and secure destruction policies to protect sensitive information. Users assume responsibility for the security and handling of any PHI they download, transmit, or store outside the Portal

8. Your Choices & Rights

This Privacy Policy does not replace a healthcare provider’s HIPAA Notice of Privacy Practices and that patient rights under HIPAA are exercised through the provider. Lexa Records maintains safeguards and procedures to comply with HIPAA and applicable law. Users of the Portal have limited rights regarding information submitted through the system, including:
Submitting or correcting information you personally provide through the Portal
Revoking authorizations, where permitted under HIPAA and applicable law
Requests may require identity verification to protect privacy and security. Note: Access to or correction of PHI held by healthcare provider clients must be requested directly from the provider, as the Portal is a service platform and does not provide full patient record management functionality.

9. Cookies and Tracking

The Portal uses essential cookies and similar technologies for security, session management, and fraud prevention. We do not use tracking technologies for advertising.

10. Children’s Privacy

The Portal is not intended for use by children under the age of 18. Any information related to minors is collected and processed only in connection with authorized ROI requests submitted by a parent, legal guardian, or other authorized representative.

11. Changes to This Policy

We may update this Privacy Policy as needed. Changes will be posted with a revised “Effective Date.”

12. Contact Us

For questions about this Policy or your information, contact: info@lexarecords.com or 817-421-4700

Terms & Conditions

1. Definitions

  • Portal: The online platform provided by Lexa Records for submitting, managing, and processing record requests and related workflow activities.
  • PHI (Protected Health Information): Individually identifiable health information as defined under HIPAA.
  • User: Any individual or organization accessing the Portal.
  • Authorization: A legally valid release, subpoena, court order, or other document permitting the use or disclosure of PHI.

2. Intended Use of the Portal

The Portal is provided to support authorized record requests, client services, and related services. Any use of the Portal outside its intended purpose, including attempts to access information without authorization, is prohibited.

3. User Responsibilities

By using the Portal, you agree to:

  • Provide accurate and lawful information
  • Keep your username and password confidential
  • Notify us immediately of unauthorized use or suspicious activity
  • Use the Portal only for lawful and appropriate purposes
  • Communicate respectfully with staff through the Portal
  • Use any downloaded information responsibly and in compliance with applicable laws

You may not:

  • Attempt to breach or disable security controls or access information without authorization
  • Interfere with the Portal or introduce harmful code
  • Share information with unauthorized parties
  • Upload or transmit harmful or inappropriate content

4. Account Registration & Authentication

Portal access may be issued to authorized users. Lexa Records may require verification before granting access and may suspend or terminate accounts for:

  • Violations of these Terms
  • Suspicious or unauthorized activity
  • Invalid or incomplete authorizations
  • Security or compliance concerns

5. Security Obligations

Users acknowledge that Lexa Records maintains reasonable administrative, technical, and physical safeguards designed to protect information processed through the Portal in accordance with applicable law. No electronic system is completely secure. Users are responsible for protecting their login credentials and for safeguarding any information they download or access through the Portal. Users assume responsibility for the security of any PHI they download, store, or transmit outside of the Portal. Once information is disclosed pursuant to a valid authorization, responsibility for safeguarding that information transfers to the recipient, and Lexa Records is not liable for subsequent use or disclosure

6. Fees and Payments

Some requests may require payment.

  • All payments are processed securely by a third-party payment provider.
  • Payments are subject to applicable state ROI fee schedules.
  • Once a payment is submitted through the third-party provider, it cannot be canceled after processing begins.

7. Intellectual Property

The Portal, user interface, workflows, documentation, and all content excluding PHI are the property of Lexa Records. Users may not copy, reverse engineer, modify, or distribute any part of the Portal.

8. Prohibited Conduct

You agree not to:

  • Access or attempt to access another user’s information without authorization
  • Submit fraudulent or forged documents
  • Use automated scripts, scraping tools, or bots
  • Upload malicious files, viruses, or harmful code
  • Attempt to test, scan, or probe the vulnerability of the Portal without authorization

Violations may result in immediate account termination and referral to law enforcement.

9. Availability & Service Modifications

Lexa Records may modify or restrict Portal features, suspend access for maintenance, or discontinue the Portal at any time for operational, security, or compliance reasons.

Lexa Records is not liable for downtime, interruptions, or delays. Lexa Records may refuse, delay, or suspend processing of requests that are incomplete, invalid, suspicious, or non-compliant with these Terms or applicable law.

10. Disclaimer of Warranties

The Portal is provided on an “as-is” and “as-available” basis. Lexa Records does not guarantee uninterrupted or error-free operation. Users assume responsibility for any reliance on information accessed or downloaded through the Portal. Lexa Records does not provide legal or medical advice, and users should not rely on information accessed through the Portal as a substitute for professional guidance.

11. Limitation of Liability

To the extent permitted by law, Lexa Records is not liable for:

  • Indirect, incidental, or consequential damages
  • Errors or omissions in information provided through the Portal
  • Unauthorized access or misuse by third parties
  • Any action taken based on Portal information

12. Indemnification

You agree to take responsibility for any costs, damages, or claims that happen because of your actions while using the portal. Examples include, but are not limited to:

  • Your misuse of the Portal
  • Your improper handling of downloaded PHI
  • Your violation of these Terms
  • Submission of invalid or fraudulent authorization

13. Acceptance of Terms

By accessing or using the Portal, you acknowledge that you have read, understood, and agree to be bound by these Terms & Conditions. If you do not agree to these Terms, you must not access or use the Portal. These Terms are governed by applicable federal and state laws. Lexa Records may update these Terms from time to time, with changes posted on the Portal. Continued use of the Portal indicates your acceptance of the revised Terms. For questions about these Terms, please see our Contact Us page.