Last Updated: January 1, 2025

---

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. Our Commitment to Your Privacy

We understand that your health information is personal and we are committed to protecting your privacy. We are required by law to:

• Maintain the privacy and security of your protected health information (PHI)
• Provide you with this notice of our legal duties and privacy practices
• Notify you following a breach of unsecured protected health information
• Follow the terms of this notice currently in effect

2. Information We Collect

We collect the following types of information:

Protected Health Information (PHI)

• Name, address, date of birth, and contact information
• Social Security Number (when required for billing)
• Health insurance information and policy numbers
• Prescription information and medication history
• Medical conditions and diagnoses relevant to prescriptions
• Healthcare provider information
• Billing and payment information

Technical Information

• IP address and device information
• Browser type and operating system
• Login history and access logs
• Cookies and similar tracking technologies

3. How We Use Your Information

We may use and disclose your health information for the following purposes:

Treatment

We use your health information to provide, coordinate, and manage your pharmacy services. This includes dispensing medications, checking for drug interactions, and communicating with your healthcare providers about your care.

Payment

We use your information to bill and collect payment for services provided. This includes submitting claims to your health insurance, verifying coverage, and processing copayments.

Healthcare Operations

We use your information for quality improvement, training, accreditation, compliance activities, and other business operations necessary to run our pharmacy.

4. Disclosures Without Your Authorization

We may disclose your health information without your authorization in the following circumstances:

• As Required by Law: When required by federal, state, or local law
• Public Health Activities: To prevent or control disease, injury, or disability
• Health Oversight: To health oversight agencies for audits and investigations
• Legal Proceedings: In response to court orders or subpoenas
• Law Enforcement: Under specific circumstances as required by law
• To Prevent Serious Threat: To prevent a serious threat to your health or safety or that of others
• Workers' Compensation: As authorized by workers' compensation laws
• Coroners and Medical Examiners: For identification and determining cause of death
• Organ Donation: To organ procurement organizations
• Research: Under strict oversight by an Institutional Review Board
• Military and Veterans: As required by military command authorities
• National Security: For intelligence and national security activities

5. Uses Requiring Your Authorization

We will obtain your written authorization before using or disclosing your health information for:

• Marketing purposes (except face-to-face communications and promotional gifts of nominal value)
• Sale of your health information
• Most uses of psychotherapy notes
• Any other purposes not described in this notice

You may revoke your authorization at any time by submitting a written request, except to the extent that action has already been taken based on your authorization.

6. Your Rights Regarding Your Health Information

Under HIPAA, you have the following rights:

7. Data Security

We implement comprehensive administrative, technical, and physical safeguards to protect your health information, including:

• Encryption of data in transit and at rest using industry-standard protocols
• Secure user authentication and access controls
• Regular security assessments and audits
• Employee training on privacy and security policies
• Physical security measures for our facilities and equipment
• Business associate agreements with third-party service providers
• Incident response procedures for potential security breaches

8. Breach Notification

In the event of a breach of unsecured protected health information, we will notify you as required by law. Notification will be sent without unreasonable delay and no later than 60 days after discovery of the breach. The notification will describe:

• What happened and when
• The types of information involved
• Steps you should take to protect yourself
• What we are doing to investigate and mitigate the breach
• How to contact us for more information

9. Cookies and Tracking Technologies

Our Patient Portal uses cookies and similar technologies to:

• Maintain your login session and remember your preferences
• Analyze usage patterns to improve our services
• Ensure the security of our platform

You can control cookies through your browser settings, but disabling cookies may affect the functionality of the Patient Portal.

10. Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as payment processors, shipping carriers, and technology providers. These providers are bound by business associate agreements and are required to protect your information in accordance with HIPAA and our privacy policies.

11. Children's Privacy

Our Patient Portal is not intended for use by children under 18 years of age without parental or guardian consent. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. State-Specific Rights

Depending on your state of residence, you may have additional privacy rights. For example:

• California Residents: You may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt-out of the sale of personal information.
• Other States: Various states have enacted privacy laws that may provide additional protections. Please contact us for information about rights specific to your state.

13. Changes to This Privacy Policy

We reserve the right to change this Privacy Policy at any time. Changes will be effective when posted on the Patient Portal. We will provide prominent notice of material changes. The revised policy will apply to all information collected from the effective date forward.

14. How to Exercise Your Rights

To exercise any of your rights or to make a complaint, please contact our Privacy Officer:

15. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

---