Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect the following personal information:

• Contact Information: Name, email address, phone number, mailing address
• Demographic Information: Date of birth, gender, emergency contact information
• Payment Information: Credit card numbers, billing address (processed securely through Paya)
• Account Information: Username, password, account preferences

1.2 Protected Health Information (PHI)

As a healthcare provider, we collect health-related information including:

• Medical history and current health conditions
• Medications, allergies, and treatment history
• Laboratory results and diagnostic information
• Treatment plans and clinical notes
• Insurance information (if applicable)

Note: The use and disclosure of your Protected Health Information is also governed by our Notice of Privacy Practices (HIPAA Notice).

1.3 Technical Information

When you visit our website, we automatically collect:

• IP address and device identifiers
• Browser type and operating system
• Pages visited and time spent on our website
• Referring website addresses
• Cookies and similar tracking technologies

2. How We Use Your Information

We use your information for the following purposes:

2.1 Healthcare Services

• Providing medical consultations and treatment
• Scheduling appointments and sending reminders
• Processing prescriptions and medication orders
• Coordinating care with other healthcare providers (when authorized)
• Conducting telehealth consultations via Doxy.me

2.2 Administrative Purposes

• Processing payments and billing through Paya
• Maintaining your electronic health record in RXNT
• Responding to inquiries and providing customer support
• Sending important notices about our services

2.3 Business Operations

• Improving our website and services
• Analyzing website usage and trends
• Marketing and promotional communications (with your consent)
• Complying with legal obligations

3. How We Share Your Information

We may share your information with:

3.1 Service Providers

• RXNT: Electronic health record management
• Doxy.me: HIPAA-compliant telehealth platform
• Paya: PCI DSS-compliant payment processing
• JotForm: HIPAA-compliant patient intake forms
• Laboratory Services: Quest Diagnostics, Labcorp for testing
• Empower Pharmacy: Compounding pharmacy for medications

3.2 Legal Requirements

We may disclose your information when required by law, including:

• Court orders or subpoenas
• Government agency requests
• Public health reporting requirements
• To prevent fraud or protect our legal rights

3.3 With Your Consent

We may share your information with third parties when you have provided explicit consent, such as when coordinating care with other healthcare providers.

4. Data Security

We implement robust security measures to protect your information:

• Encryption: All data transmitted is encrypted using TLS 1.2 or higher
• Access Controls: Role-based access limited to authorized personnel
• HIPAA Compliance: All systems and processes comply with HIPAA requirements
• PCI DSS Compliance: Payment processing meets PCI DSS Level 1 standards
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Staff trained on privacy and security protocols

5. Your Rights

You have the following rights regarding your personal information:

• Access: Request a copy of your personal and health information
• Correction: Request corrections to inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Restriction: Request restrictions on how we use your information
• Portability: Request your information in a portable format
• Opt-Out: Opt out of marketing communications at any time

For health information rights, please see our HIPAA Notice.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Improve website functionality
• Provide personalized content

You can control cookies through your browser settings. Disabling cookies may affect some website functionality.

7. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

8. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

9. Data Retention

We retain your information for as follows:

• Medical Records: Minimum 7 years as required by Connecticut law
• Payment Records: 7 years for tax and audit purposes
• Marketing Data: Until you opt out or request deletion
• Website Analytics: 26 months

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notification for significant changes

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

12. Connecticut Residents

If you are a Connecticut resident, you may have additional rights under the Connecticut Data Privacy Act (CTDPA). To exercise these rights, please contact us using the information above.