Skip to main content
Legal

HIPAA Notice of Privacy Practices

Last updated: June 30, 2026

Important: This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Our commitment to your privacy

Heart of a Giant Foundation (“we,” “our,” or “us”) is committed to protecting the privacy of your health information. We are required by law to maintain the privacy of Protected Health Information (PHI) and to provide you with this Notice of our legal duties and privacy practices.

What is Protected Health Information (PHI)?

PHI is information about you, including demographic information, that may identify you and relates to:

  • Your past, present, or future physical or mental health or condition
  • The provision of health care to you
  • The past, present, or future payment for the provision of health care to you

How we may use and disclose your PHI

Treatment

We may use and disclose your PHI to provide, coordinate, or manage your health care and related services, including health education and wellness programs.

Payment

We may use and disclose your PHI to obtain payment for services provided to you or to determine your eligibility for benefits.

Health care operations

We may use and disclose your PHI for our health care operations, including quality improvement, program evaluation, and training.

Other permitted uses and disclosures

  • Public health activities
  • Health oversight activities
  • Judicial and administrative proceedings (when required by court order)
  • Law enforcement purposes (when required by law)
  • To avert serious threat to health or safety
  • Military and veterans affairs
  • Workers’ compensation programs

Uses and disclosures requiring your authorization

For uses and disclosures beyond treatment, payment, and health care operations, we will obtain your written authorization before using or disclosing your PHI. You may revoke your authorization at any time by providing written notice.

Your individual rights

Right to access

You have the right to inspect and obtain a copy of your PHI that we maintain, with certain exceptions.

Right to amend

You have the right to request that we amend your PHI if you believe it is incorrect or incomplete.

Right to restrict

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or health care operations.

Right to confidential communications

You have the right to request that we communicate with you about your PHI in a certain way or at a certain location.

Right to an accounting

You have the right to receive an accounting of certain disclosures of your PHI that we have made.

Right to file a complaint

You have the right to file a complaint if you believe your privacy rights have been violated.

Our responsibilities

  • Maintain the privacy and security of your PHI
  • Provide you with this Notice of our privacy practices
  • Follow the terms of this Notice
  • Notify you if we cannot accommodate a requested restriction
  • Accommodate reasonable requests for confidential communications
  • Notify you of breaches of your unsecured PHI

Changes to this Notice

We reserve the right to change the terms of this Notice and to make new provisions effective for all PHI we maintain. If we make material changes, we will post the revised Notice on our website and make copies available upon request.

Contact information

To exercise your rights or for questions about this Notice:

Privacy Officer
Heart of a Giant Foundation
Email: privacy@heartofagiant.org
Phone: (617) 294-9617
524 River Street, Suite 800, Mattapan, MA 02126

File a complaint

You may file a complaint with us or with the U.S. Department of Health and Human Services:

U.S. Department of Health and Human Services
Office for Civil Rights
Website: hhs.gov/ocr/privacy/hipaa/complaints
Phone: 1-800-368-1019