CALL NOW OPEN 24/7
407-929-9292
hablamos español

Industry-Specific Compliance

Effective Date: 07-23-2025  Last Updated: 07-23-2025

Great American Law Firm, PLLC (“Great American,” “we,” “us,” or “our”) is dedicated to protecting every client’s sensitive information—especially medical records obtained while handling personal-injury matters. This page describes our compliance approach under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), relevant state privacy laws, and applicable Bar rules.

 

1. HIPAA Alignment

Although law firms are generally not “covered entities” or “business associates” under HIPAA, we voluntarily adopt HIPAA-aligned safeguards whenever we receive a client’s Protected Health Information (PHI), including:

SafeguardHow We Implement It
AdministrativeLimited-access client-file policy; staff & contractor HIPAA-awareness training; signed confidentiality agreements.
TechnicalEncrypted email (TLS) and secure client portal; MFA for all cloud storage (Microsoft 365); role-based permissions.
PhysicalRestricted office access; locked file cabinets; confidential shredding for paper records.
 

All PHI is used solely to advance your legal claim or comply with court requirements.

 

2. Client Authorization & Minimum Necessary Rule

We obtain written authorization from you before requesting medical records. Once received, we share only the minimum necessary information with insurers, experts, or courts to prosecute your claim, consistent with HIPAA’s “minimum necessary” principle.

 

3. Data Retention & Destruction

  • Active Cases: PHI is retained in encrypted cloud folders.

  • Closed Cases: Medical records are archived for 6 years (Florida Bar Rule 5-1.2) unless you instruct otherwise.

  • Secure Disposal: Paper files are cross-cut shredded; digital files are permanently deleted or cryptographically purged.

 

4. Client Rights Regarding PHI

You may, at any time:

  1. Request a copy of medical records in our possession.

  2. Direct us to transmit records to another party.

  3. Ask that we delete records we are not legally required to keep.

To exercise these rights call +1 407-929-9292.

 

5. Data Breach Response

If we discover unauthorized access to PHI, we will:

  1. Investigate within 72 hours.

  2. Notify affected clients promptly, including steps they can take.

  3. File any required notices with state regulators and the U.S. Department of Health & Human Services, if applicable.

 

6. Other Industry Regulations

  • FTC Safeguards Rule: We maintain a written information-security program for all client data, financial or health-related.

  • Florida Information Protection Act (FIPA): We comply with FIPA regarding breach notification for Florida residents.

 

7. Questions & Contact

If you have questions about how we handle medical or other sensitive records, please contact:

Great American Law Firm, PLLC
100 Frandorson Circle, Suite 202C
Apollo Beach, FL 33572, USA
📞 +1 407-929-9292