HIPAA Notice of Privacy Practices
Last updated: June 1, 2026
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
1. Who We Are
Your Brand ("Your Brand," "we," "us," "our") is a healthcare technology company that facilitates access to licensed healthcare providers for telehealth consultations and health optimization services. We are committed to protecting the privacy of our members ("you," "your") and complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state privacy laws.
Privacy Officer Contact: Email support@yourbrand.com.
2. Protected Health Information (PHI)
"Protected Health Information" (PHI) is individually identifiable health information that relates to your past, present, or future physical or mental health, the provision of healthcare to you, or the payment for such care. PHI includes information in any form: written, electronic, or oral.
We collect PHI that you provide, including:
- Name, date of birth, email address, phone number, and mailing address
- Health history, current medications, allergies, and lab results
- Consultation notes and treatment plans created by affiliated Providers
- Payment information (processed by our PCI-compliant payment processor)
3. How We Use and Disclose PHI
We use and disclose your PHI only as permitted or required by law. Primary uses include:
Treatment: Sharing your PHI with affiliated Providers to facilitate your consultations and care coordination.
Payment: Sharing your PHI with payment processors (e.g., Stripe) and, where applicable, with payers, to process charges for services rendered.
Healthcare Operations: Using PHI for quality improvement, auditing, compliance monitoring, and Provider credentialing activities.
Required by Law: Disclosing PHI when required by federal or state law, including to public health authorities, law enforcement (in limited circumstances), or the Department of Health and Human Services (HHS) for compliance investigations.
Business Associates: We share PHI with third-party vendors ("Business Associates") who assist in our operations, including our patient relationship management platform and communications tools, under written Business Associate Agreements (BAAs) that require them to protect your PHI to the same standard we do.
We do not sell your PHI. We do not use your PHI for marketing purposes without your separate written authorization.
4. Your Rights as a Patient
You have the following rights regarding your PHI:
Right to Access: You may request a copy of your PHI held by Your Brand or affiliated Providers. Requests will be fulfilled within 30 days. We may charge a reasonable fee for copies.
Right to Amend: If you believe PHI in your record is incorrect or incomplete, you may request an amendment. We may deny the request if we determine the record is accurate.
Right to an Accounting of Disclosures: You may request a list of disclosures of your PHI made by Your Brand, other than disclosures for treatment, payment, or healthcare operations.
Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI. We are not always required to agree to your request, but we will consider it.
Right to Receive Confidential Communications: You may request that we contact you in a specific way (e.g., by email only) or at a specific location.
Right to Receive a Notice of Privacy Practices: You have the right to receive a paper copy of this Notice upon request.
To exercise any of these rights, contact our Privacy Officer at support@yourbrand.com.
5. Data Security
We implement administrative, physical, and technical safeguards to protect your PHI from unauthorized access, use, or disclosure, including:
- Encryption of PHI in transit and at rest
- Access controls limiting PHI access to authorized personnel
- Audit logs tracking access to and modifications of PHI
- HIPAA-compliant Business Associate Agreements with all third-party processors
6. Breach Notification
In the event of a breach of unsecured PHI, we will notify affected individuals without unreasonable delay and within 60 days of discovery, as required by HIPAA's Breach Notification Rule. Notification will include a description of the breach, the types of information involved, steps you should take to protect yourself, and steps we are taking to investigate and mitigate the breach.
7. Retention
We retain PHI for a minimum of seven (7) years from the date of service, or as otherwise required by applicable state law. When PHI is no longer needed, it is securely destroyed.
8. How to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with:
Your Brand Privacy Officer: support@yourbrand.com
U.S. Department of Health and Human Services, Office for Civil Rights: hhs.gov/hipaa/filing-a-complaint
You will not be retaliated against for filing a complaint.
9. Changes to This Notice
We reserve the right to change the terms of this Notice at any time. Updated versions will be posted on this page and will apply to all PHI we maintain. If we make a material change, we will notify you by email.
