Introduction

RXBridge is a telehealth platform that connects patients with licensed healthcare providers and helps manage prescriptions and medication workflows. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the "Service").

We are committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act (HIPAA). This policy describes our privacy practices for protected health information (PHI) and other personal information you provide to us.

Information We Collect

We collect various types of information in order to provide you with quality service and comply with healthcare regulations:

• Personal Information: Name, date of birth, address, phone number, email address, insurance information, and emergency contacts.
• Health Information: Medical history, current medications, allergies, symptoms, diagnoses, test results, treatment records, and other clinical information provided during consultations.
• Payment Information: Credit card, debit card, or other payment method details necessary to process your copayments, fees, or subscription costs. Payment processing is handled by third-party payment processors.
• Usage Data: Information about how you interact with our platform, including pages visited, features used, consultation duration, and access times.
• Device Information: Device type, operating system, browser type, IP address, and unique device identifiers.
• Biometric Data: If applicable, identity verification information used to confirm your identity for security purposes.

How We Use Your Information

We use the information we collect for the following purposes:

• Treatment: To provide healthcare services, conduct consultations, diagnose conditions, prescribe medications, and monitor your health.
• Payment: To process payments, billing, insurance claims, and manage your account.
• Operations: To maintain our platform, improve services, conduct quality assurance, and ensure compliance with legal and regulatory requirements.
• Communications: To send appointment reminders, prescription refill notifications, test results, clinical communications, and account-related messages.
• Research and Analytics: To conduct de-identified research, improve clinical outcomes, and analyze trends (with HIPAA-compliant safeguards for any identifiable data).
• Legal Compliance: To comply with court orders, subpoenas, and other legal requirements.

HIPAA and Protected Health Information

RXBridge is a HIPAA-covered entity and business associate. We handle your protected health information (PHI) in strict compliance with HIPAA regulations and state privacy laws.

Your HIPAA Rights include:

• Right to Access: You have the right to access, review, and obtain copies of your medical records.
• Right to Amendment: You may request corrections or amendments to your health information if you believe it is inaccurate or incomplete.
• Right to Accounting: You may request an accounting of disclosures of your PHI made by RXBridge.
• Right to Restrict: You may request restrictions on how your PHI is used or disclosed, though we may not be able to grant all requests.
• Right to Confidential Communications: You may request that we communicate with you using alternative methods or addresses.
• Right to Breach Notification: In the event of a breach of unsecured PHI, we will notify you as required by HIPAA.

To exercise any of these rights, please contact our Privacy Officer using the contact information provided below.

Information Sharing

We do not sell your personal information or health information to third parties. We may share your information only in limited circumstances:

• Healthcare Providers: We share your health information with licensed healthcare providers on our network who are involved in your care, treatment, and diagnosis.
• Pharmacies: We may share prescription information and relevant clinical data with pharmacies to fulfill your prescriptions.
• Payment Processors: Payment information is shared with PCI-DSS compliant payment processors to process your transactions.
• Business Associates: We share information with business associates who assist us in providing services (e.g., cloud storage, analytics, technical support). All business associates have signed Business Associate Agreements (BAAs) and must maintain HIPAA-compliant safeguards.
• Insurance Companies: We may share information with your insurance provider to process claims and verify coverage.
• Legal Requirements: We may disclose information when required by law, court order, subpoena, or governmental request, or to protect the safety and rights of individuals.
• De-identified Information: We may use and share de-identified health information (information that cannot be connected to any individual) for research, quality improvement, and other purposes without restriction.

All entities with access to your PHI are contractually bound to maintain confidentiality and security.

Data Security

We implement comprehensive administrative, physical, and technical safeguards to protect your information from unauthorized access, alteration, disclosure, or destruction.

• Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
• Access Controls: Access to PHI is restricted to authorized personnel who need it to perform their job functions. Role-based access controls limit what information each user can see.
• Audit Controls: All access to PHI is logged and monitored for suspicious activity.
• Authentication: We use multi-factor authentication and secure password requirements to protect your account.
• Facility Security: Physical access to our servers and systems is restricted and monitored.
• Breach Response: In the event of a suspected breach, we have procedures in place to investigate, contain the incident, and notify affected individuals as required by law.
• Compliance Audits: We conduct regular security assessments and penetration testing to identify and remediate vulnerabilities.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for maintaining the confidentiality of your login credentials.

Your Rights

In addition to your HIPAA rights, you may have other rights depending on your state of residence. These may include:

• Right to Access Your Data: You may request a copy of the information we hold about you.
• Right to Correction: You may request that we correct inaccurate or incomplete information.
• Right to Deletion: Subject to legal and regulatory requirements, you may request that we delete your information. Note that we may need to retain some information for legal, regulatory, or clinical purposes.
• Right to Opt-Out: You may opt out of certain communications and non-essential data uses.
• Right to Data Portability: You may request that we provide your information in a portable format.

To exercise any of these rights, please contact us using the information provided in the Contact section.

Cookies and Tracking

RXBridge uses cookies and similar tracking technologies to enhance your experience, remember your preferences, and understand how you use our platform. Cookies are small text files stored on your device.

• Essential Cookies: Required for the platform to function (e.g., authentication, security).
• Performance Cookies: Help us understand how you use the platform and improve performance.
• Functional Cookies: Remember your preferences and settings.

You can control cookie settings through your browser preferences. Disabling essential cookies may limit your ability to use certain features of the platform.

Children's Privacy

RXBridge is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly and terminate the child's account. If you believe we have collected information from a child under 18, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this policy indicates when it was most recently revised. If we make material changes, we will notify you via email or by posting a notice on our platform. Your continued use of RXBridge after such modifications constitutes your acceptance of the updated Privacy Policy.

Contact

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact our Privacy Officer:

If you are not satisfied with our privacy practices or response to your concerns, you may file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.