• Return to Home

HIPAA Notice of Privacy Practices

Effective Date: June 15, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices (the "Notice") is provided on behalf of the hospital systems, integrated delivery networks ("IDNs"), and affiliated professional medical groups (collectively, the "Healthcare Providers") utilizing the technology platform operated by Direct Patient Systems Corporation ("Direct Patient Systems"). Direct Patient Systems acts as a "Business Associate" under HIPAA to securely process and store your medical data on behalf of your Healthcare Providers.

1. OUR COMMITMENT TO YOUR HEALTH PRIVACY

Your Healthcare Providers are required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") to maintain the privacy and security of your Protected Health Information ("PHI"). PHI includes any demographic, physical, or mental health information that can identify you. We are required to provide you with this Notice explaining our legal duties and privacy practices regarding your PHI, and to notify you following a breach of unsecured PHI.

2. HOW WE MAY USE AND DISCLOSE YOUR PHI

We may use or share your health information for the following purposes without your written authorization:

• For Treatment: We can use your PHI and share it with other healthcare professionals who are treating you. For example, a specialist physician on the Platform may share your intake survey answers and bloodwork results with your primary care provider or a dispensing pharmacist to coordinate care.
• For Payment: We can use and share your PHI to bill and collect payment from you, your insurance plan, or other payment entities. For example, we may share diagnosis codes with your credit card processor or HSA/FSA provider to approve payment.
• For Healthcare Operations: We can use and share your PHI to run our clinical operations, perform quality reviews of our clinicians, compile outcome statistics, and improve your user experience on the Platform.
• Business Associates: We may share your PHI with third-party software and service vendors who assist in operating our secure infrastructure (such as hosting and database providers). All such Business Associates must sign a Business Associate Agreement (BAA) contractually binding them to protect your data.

3. DISCLOSURES PERMITTED OR REQUIRED BY LAW

We may share your PHI in certain situations without your authorization, subject to strict legal conditions:

• **Public Health and Safety**: To report disease control data, prevent abuse or neglect, or assist with product recalls.
• **Law Enforcement and Legal Proceedings**: In response to a court order, subpoena, warrant, or administrative request.
• **Organ Procurement or Medical Examiner**: To organ donation organizations, coroners, or medical examiners as necessary to carry out duties.
• **Specialized Government Functions**: For national security, intelligence, or protective services.

4. USES AND DISCLOSURES REQUIRING YOUR WRITTEN AUTHORIZATION

Except as described in this Notice, we will not use or disclose your PHI without your explicit written authorization. Specific examples requiring your authorization include:

• Marketing communications subsidized by third parties.
• The sale of your PHI.
• Psychotherapy notes (if applicable).

You may revoke any written authorization at any time, in writing, except to the extent that we have already acted in reliance on it.

5. YOUR RIGHTS REGARDING YOUR PHI

You have the following rights regarding the PHI we maintain about you:

• Inspect and Copy: You have the right to request an electronic or paper copy of your medical and billing records. We will provide this within 30 days of your request (a reasonable cost-based fee may apply).
• Request Amendment: If you believe the health information we have is incorrect or incomplete, you can ask us to amend it. We may deny your request if we did not create the record or believe it is accurate, but we will notify you in writing.
• Request Restrictions: You can ask us not to use or share certain health information for treatment, payment, or operations. We are not required to agree, except if you pay for a service entirely out-of-pocket and request that we not share the info with your health insurer.
• Request Confidential Communications: You can ask us to contact you in a specific way (e.g., cell phone only) or at a specific address. We will accommodate all reasonable requests.
• Accounting of Disclosures: You can request a list of the times we've shared your PHI for purposes other than treatment, payment, and operations.

6. COMPLAINTS

If you believe your privacy rights have been violated, you can file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services (HHS). We will not retaliate against you in any way for filing a complaint.

7. CONTACT INFORMATION

To exercise any of your rights or file a complaint, please contact our Privacy Officer at:

privacy@directpatientsystems.com

© 2026 Direct Patient Systems Corporation. All rights reserved.