BOOK ONLINE
Contact Us

How We Protect Your Immigration Medical Records with HIPAA-Compliant Procedures

Table of Contents

Why Privacy Matters for Immigration Medical Exams

When you come to us for an immigration medical exam, you’re trusting us with deeply personal health information during what’s often a sensitive life transition. At Medrein Health and Aesthetics, we take that trust seriously. Every day, we handle confidential medical records for patients throughout Southlake, Grapevine, Keller, and the broader DFW area, and our obligation to protect your privacy isn’t just a legal requirement—it’s core to who we are as a medical practice.

This guide explains how we safeguard your immigration medical records, what federal regulations protect you, and what rights you have as a patient. If you’ve ever wondered what happens to your I-693 form after you leave our office or how we keep your protected health information secure, you’ll find real answers here.

Immigration medical exams are uniquely sensitive. You’re sharing not only your medical history but also information tied to your immigration status, family circumstances, and future plans. Unlike a routine wellness visit, this documentation travels with your case and may be reviewed by government agencies.

For many patients in Westlake, Trophy Club, and Colleyville, the fear of a privacy breach isn’t abstract. A leak of your medical records could expose health conditions, medication use, or other details you’d prefer to keep private. It could also potentially affect your case or create problems down the line.

That’s why we’ve designed our entire process around protection. From the moment you check in at our Southlake practice to the day we seal your I-693 documentation, every step is built to keep your information confidential and secure. We don’t do this because it looks good—we do it because your privacy is non-negotiable.

What to do next: When scheduling your exam with us, let our team know if you have specific privacy concerns. We’ll walk you through exactly how we handle your records before your appointment.

HIPAA Regulations That Govern Your Medical Records

HIPAA—the Health Insurance Portability and Accountability Act—is the federal law that sets the standard for patient privacy in the United States. It applies to all medical practices, including ours, and it gives you explicit rights over your health information.

Under HIPAA, your medical records are considered protected health information (PHI). This means your name, date of birth, medical history, test results, diagnoses, and any identifying information are legally protected. We cannot share this information without your explicit written consent, except in very specific situations authorized by law (such as when required by a court order or for immigration purposes, where you’ve authorized us to send your sealed I-693 form directly to USCIS).

The regulation requires us to:

  • Keep your records physically and electronically secure
  • Limit access to staff who have a legitimate reason to review your file
  • Notify you immediately if your information is breached
  • Maintain detailed logs of who accesses your records and when
  • Provide you with a copy of your records upon request

We treat HIPAA compliance not as a checkbox but as the foundation of our practice. Every member of our staff understands that violating patient privacy isn’t just against policy—it’s against the law, and the penalties are severe.

Our Commitment to Confidential Record Handling

We’ve built our practice around a simple principle: your information belongs to you, and we’re custodians of it temporarily. That mindset shapes how we handle everything from intake paperwork to the final sealed envelope containing your I-693.

When you arrive for your immigration medical exam, you’ll complete confidential intake forms in a private area. You won’t be discussing your health history in waiting rooms or open spaces. Our clinical staff are trained to keep conversations discreet, and we use private exam rooms for all medical discussions.

We also limit who sees your records. Your exam provider has full access to create and review your documentation. Our administrative staff can access scheduling and contact information, but your clinical notes are restricted to clinical personnel. Billing staff don’t see your medical details unless necessary to process insurance or payments you’ve authorized.

Throughout your visit, we explain exactly what information we’re documenting and why. If you have questions about what we’re recording, ask. Transparency builds trust, and we believe you should understand how your information is being used.

What to do next: Before your appointment, review what documentation you’ll need (passport, prior medical records, vaccination records). This helps us complete your exam efficiently while minimizing the time your information is in our system.

Chain of Custody Procedures We Follow

Chain of custody is a legal concept that tracks who has handled a document and when. For your I-693 form and supporting medical records, we maintain meticulous documentation of every handoff.

Here’s how it works in our Southlake practice:

Creation and Completion: Our physician completes your I-693 form immediately following your physical examination. Only the provider who examined you completes this document. We don’t use templates or pre-filled forms that could be mixed up between patients.

Verification: A second team member (typically a registered nurse or administrative coordinator) independently verifies that all required fields are complete, all required signatures are present, and no identifying information is missing or illegible.

Illustration 1
Illustration 1

Sealing: Once verified, we place your original I-693 form and any supporting medical documents in a sealed envelope. We mark the date and time of sealing on the envelope’s exterior.

Documentation: We create a paper log (and maintain a digital backup) recording:

  • Patient name and date of birth
  • Date exam was performed
  • Date and time of sealing
  • Names of staff involved in sealing
  • Method of delivery (mail, courier, hand-delivered by patient, etc.)
  • Signature of the person who sealed the envelope

Delivery: Whether we mail your documents directly to USCIS or hand them to you in the sealed envelope, we document the delivery method and date. If we mail documents on your behalf, we keep a copy of the mailing label and postal receipt.

This chain of custody protects you and us. It proves that your documents were handled appropriately and arrived in the condition you’d expect.

How We Maintain Sealed I-693 Documentation

One of the most common questions we hear is: “What happens to my sealed I-693 form?” The short answer is that we follow USCIS guidelines precisely.

The I-693 form is designed to be sealed by the examining physician and only opened by USCIS. This means once we seal it, neither you nor we should open it again. If you’ve already received your sealed envelope, we advise against opening it. If it accidentally opens in transit, contact our office and USCIS immediately.

For patients who ask us to mail their documents directly to USCIS on their behalf, we use certified mail or a courier service that provides tracking. This way, you can verify that your documents arrived and were signed for. We never use standard mail for sealed I-693 forms because the documentation trail is important.

We retain a copy of the I-693 form (not the sealed original) in your patient file for a minimum of seven years, as required by both HIPAA and USCIS regulations. This allows us to respond to any questions from immigration authorities and ensures continuity if you need documentation of your exam in the future.

If you lose your sealed envelope before submitting it to USCIS, don’t panic. Contact our office, and we can issue a new sealed envelope with a new I-693 form. This happens occasionally, and there’s no penalty.

What to do next: Ask us about delivery options when you schedule your exam. If you prefer us to handle mailing directly to USCIS, we’ll explain costs and timeline. If you’re picking up your sealed envelope, we’ll remind you to store it carefully and deliver it promptly.

Secure Storage and Access Controls

Our physical and digital systems are both built with security in mind. This matters because immigration medical records, like all medical records, are valuable targets for identity theft and fraud.

Physical storage: We keep paper medical records in a locked cabinet in a restricted-access area of our Southlake clinic. Only clinical and administrative staff with passwords can enter this area. Files are organized by patient last name and date of birth to prevent mix-ups. We regularly audit our filing system to ensure no documents are misfiled or lost.

Digital security: Your electronic health records are stored on a HIPAA-compliant medical records system with multiple security layers. This system includes:

  • Encrypted data transmission (your information is scrambled while traveling over the internet)
  • Role-based access controls (staff can only view records needed for their job)
  • Multi-factor authentication (staff must use a password and a second form of verification to log in)
  • Automatic session timeout (after 15 minutes of inactivity, staff are logged out)
  • Audit logs that track every access to your records, including who, when, and what they viewed

Backup and disaster recovery: We maintain encrypted backups of all patient records stored both on-site and at a secure off-site facility. If our primary systems fail, we can restore patient records within hours. These backups are protected with the same encryption and access controls as our live system.

Destruction protocols: When we do dispose of records (after the required seven-year retention period), we use a certified medical records destruction service. Documents are shredded on-site or transported to a facility where they’re shredded in a secure environment. We receive a certificate of destruction for our records.

Your Rights as a Patient Under HIPAA

HIPAA gives you several explicit rights regarding your medical information. We want you to know what these are and how to exercise them.

Right to access: You have the right to request a copy of your medical records at any time. We’ll provide this within 30 days (often sooner). There’s typically a small fee for copying and processing, which we’ll disclose upfront.

Right to amendment: If you believe information in your file is inaccurate or incomplete, you can request that we correct it. We’ll review your request and either make the correction or, if we disagree, document your concern in your file.

Right to privacy: You have the right to know how your information is being used and to whom it might be disclosed. We provide a privacy notice when you become a patient, and we’re happy to discuss this in detail.

Right to restrict use: You can request that we limit how we use or share your information. For example, you might ask us not to share information with an insurance company (though this could affect billing). We’ll honor reasonable requests.

Right to receive a breach notification: If your information is ever accessed or disclosed without authorization, we’re required to notify you within 60 days and explain what happened and what steps you can take.

Right to lodge a complaint: If you believe we’ve violated your privacy rights, you can file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights.

To exercise any of these rights, contact our privacy officer at our Southlake location. We’ll guide you through the process and answer any questions.

Illustration 2
Illustration 2

What Happens If Your Information Is Breached

A breach occurs when unauthorized individuals access or acquire your protected health information. While we’ve implemented extensive safeguards to prevent this, it’s important to know what would happen if a breach ever occurred.

Under HIPAA, we’re required to:

Conduct an investigation: We immediately determine what information was accessed, who accessed it, and whether the breach poses a risk to your privacy.

Notify you promptly: If the breach creates a reasonable risk of identity theft or other harm, we notify you by mail, phone, or email within 60 days. The notification explains what happened, what information was involved, what steps you can take to protect yourself, and what we’re doing to prevent future breaches.

Notify the media: If a breach affects more than 500 people in your state, we’re required to notify local and national media.

Notify the HHS Secretary: We report all breaches to the Department of Health and Human Services, which maintains a public database of breaches.

Provide resources: We typically offer complimentary credit monitoring or identity theft protection services to affected patients.

In our years of operation, we haven’t experienced a breach that compromised patient information. We maintain this record through continuous security updates, regular staff training, and a culture that treats privacy as non-negotiable. But we also maintain incident response plans so that if something ever does occur, we can respond swiftly and transparently.

What to do next: If you’re concerned about a specific incident, don’t hesitate to call us. We can discuss your concerns and explain exactly what protections are in place.

Our Staff Training on Privacy Compliance

Every member of our team receives HIPAA training before they begin working at our Southlake clinic, and we provide ongoing training annually. This isn’t a generic online module that people click through—it’s tailored to the specific roles and responsibilities of our staff.

Our physicians and nurse practitioners learn how to document medical information securely and recognize potential privacy risks. Our administrative staff learn how to handle phone calls about medical information, how to verify patient identity before disclosing anything, and when they can and cannot use patient names or information.

Our front desk team members understand that they’re often the first line of defense. They’re trained to keep patient conversations private, to not discuss other patients in earshot of anyone, and to direct privacy questions to our privacy officer.

We also conduct regular scenarios and testing. For example, our staff might receive a call from someone claiming to be a family member of a patient, asking for medical information. We train staff on how to verify identity and what information can and cannot be shared without written consent.

Beyond formal training, we maintain a culture of privacy awareness. Staff members know they can report concerns without fear of retaliation. We’ve created an internal system for reporting potential privacy issues, and we investigate all reports thoroughly.

Finally, we discipline violations seriously. If a staff member inappropriately accesses or shares patient information, it’s grounds for termination. Everyone who works here understands that patient privacy is not negotiable.

The Documentation Process From Start to Finish

Let’s walk through exactly what happens with your medical information from the moment you call to schedule your immigration exam.

Scheduling call: You call our office and speak with an administrative coordinator. They collect your name, phone number, date of birth, and insurance information (if applicable). This information goes into our patient database. They send you an email or paper form with intake instructions and privacy policies.

Pre-visit paperwork: A few days before your appointment, you complete intake forms either online or on paper. These forms ask about your medical history, medications, allergies, prior surgeries, and any health concerns. You also acknowledge our privacy notice and authorize us to create and maintain your medical records. If you need translation services, we’ll arrange them.

Check-in: You arrive at our Southlake clinic 10-15 minutes early. You check in at the front desk in a semi-private area. We verify your identity and insurance. We give you a copy of our privacy notice (if you haven’t received it already) and confirm that you’ve completed your intake forms.

Clinical assessment: You’re escorted to a private exam room by a clinical staff member. Our physician or nurse practitioner reviews your intake form with you, asks follow-up questions, and performs your physical examination. During this time, they document findings in your electronic health record.

I-693 completion: Our physician completes your I-693 form based on the findings from your exam. They review it with you, answer any questions, and explain what the form is and how it will be used.

Verification and sealing: After you leave the exam room, a second clinical staff member independently verifies that the I-693 is complete and accurate. Then we seal it in an envelope, document the sealing in our log, and discuss delivery options with you.

Post-visit: Your appointment summary is filed in your chart (both paper and electronic). Your billing information is processed. If you requested copies of any documents, we prepare them. Records are secured in our locked file system.

Illustration 3
Illustration 3

Retention: We retain all records in both paper and electronic format for a minimum of seven years, with proper storage and security measures in place the entire time.

If you ever need a copy of your records or have questions about how your information was handled, you can contact our office and request access to your file.

Questions Patients Ask About Record Security

Over the years, we’ve addressed dozens of questions about privacy and record handling. Here are the ones we hear most often.

Q: Can my family member get a copy of my records without my permission?

A: No. Under HIPAA, we can only release your records to someone else if you’ve given us written authorization. If your adult family member wants access, they need to bring a signed form from you. For minors, parents typically have access, but this gets complex depending on circumstances. Call us with your specific situation, and we’ll explain what we can do.

Q: What if USCIS asks you about my medical exam?

A: USCIS can legally request your medical records through proper channels, and we’ll comply with those requests. However, USCIS cannot contact us without proper documentation and your consent. If you receive a letter from USCIS requesting your records, we can help you understand how to respond.

Q: Are my medical records shared with my employer?

A: Not without your written permission. We may share information with your insurance company if necessary for billing, but that’s different from sharing with your employer. Immigration medical exams are separate from employment medical exams, and we keep them confidential.

Q: How long do you keep my records after my exam?

A: We keep all medical records for a minimum of seven years after your last visit, as required by federal law and best practices. After seven years, we securely destroy records using certified shredding services.

Q: What if I lose my sealed I-693 envelope?

A: Contact us immediately. We can issue a new sealed envelope with a new I-693 form. This is a straightforward process and happens occasionally. There’s no penalty, and it doesn’t raise any red flags with USCIS.

Q: Is my information safe if I book an appointment online?

A: Yes. Our online scheduling system is encrypted and HIPAA-compliant. We only collect the information necessary to schedule your appointment (name, phone, email, date of birth). All data is transmitted securely and stored on servers that meet HIPAA standards.

At Medrein Health and Aesthetics, we understand that trust is earned through consistent, transparent practices. When you choose us for your immigration medical exam, you’re not just getting a medical evaluation—you’re getting the assurance that your information will be handled with the utmost care and protection.

If you have questions about our privacy practices or want to schedule your exam with complete confidence, we invite you to contact us. Our team is here to answer your questions and guide you through the process. Visit us at medreinhealth.com or call to speak with someone from our Southlake clinic today. We’re honored to serve patients throughout the DFW area and beyond.

Call us today to schedule your consultation with Dr. Mikki!

Frequently Asked Questions (FAQ)

How do we protect my I-693 form and other immigration exam documents?

We store all immigration medical records in secure, encrypted systems with restricted access limited to authorized clinical and administrative staff only. Your completed I-693 form is sealed in a confidential envelope and handled according to strict chain of custody procedures that track every person who accesses your documentation. We maintain this sealed status throughout storage and only release your records directly to you or the appropriate government agency with your written authorization.

What HIPAA rights do I have regarding my immigration medical exam records?

You have the right to access, review, and obtain copies of your complete medical records at any time, request corrections to any information you believe is inaccurate, and receive notice if your protected health information is ever breached. We also honor your right to know exactly how your information is being used and who has accessed it, and we provide detailed documentation of our record-keeping practices upon request. Your privacy is your right, and we take these protections seriously.

What happens if there’s a breach of my immigration medical information?

We notify you immediately if we discover any unauthorized access to or disclosure of your protected health information, providing details about what information was involved and what steps we’re taking to secure it. We also report the breach to appropriate regulatory authorities and work with you to implement additional safeguards to prevent future incidents. Our staff undergoes regular HIPAA training to minimize breach risks, and we continuously update our security systems to meet evolving compliance standards.

Schedule a Consultation
Dr Mikki Medrein Health and Aesthetics
Meet Dr. Mikki

Dr. Haritha Mikkilineni, MD, is a board-certified physician and founder of Medrein Health & Aesthetics.

Recent Blogs
Ready to Achieve Your Aesthetic Goals?

Discover personalized beauty solutions at Medrein Health & Aesthetics. Led by Dr. Mikki’s expertise, our dedicated team offers a wide range of advanced treatments tailored to your unique needs. Schedule your consultation today and experience the premier destination for aesthetic services in Texas!

Schedule a Consultation
Dr Mikki Medrein Health and Aesthetics
Why Choose Us
medrein-health-and-aesthetics-southlake-texas-dedicated
Experienced Professionals:
Our team is trained and experienced in the latest laser technologies.
medrein-health-and-aesthetics-southlake-texas-treatments
Customized Treatments:
We understand that every individual is different, and we tailor our services to meet your specific needs.
A blue and green icon of two hands holding each other
Comfort and Safety:
Your comfort and safety are our top priorities. Our state-of-the-art equipment ensures minimal discomfort during the procedure.

Our team at Medrein Health and Aesthetics is committed to providing you with the best results.

For more information, contact us at Medrein Health & Aesthetics today.

Book a Consultation