HIPAA Compliance

Notice of Privacy Practices

Effective date: April 1, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

mediCare is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of our legal duties and privacy practices, and to follow the terms of the Notice currently in effect.

Uses and Disclosures Without Authorization

We may use and disclose your PHI without your written authorization for the following purposes:

Treatment

To provide, coordinate, or manage your healthcare. For example, sharing consultation notes with a specialist to whom you are referred, or communicating with your pharmacy to process a prescription.

Payment

To obtain payment for healthcare services, including billing your insurance company, determining eligibility, and conducting utilization review.

Healthcare Operations

To support business activities including quality assessment, staff training, compliance programs, auditing, and business planning.

As Required by Law

When required by federal, state, or local law, including public health reporting, reporting abuse or neglect, health oversight activities, judicial and administrative proceedings, law enforcement purposes, and reporting to coroners or medical examiners.

Averting a Serious Threat

To prevent a serious and imminent threat to the health or safety of a person or the public, disclosed only to those capable of helping prevent the threat.

Appointment Reminders and Health Services

To contact you with appointment reminders, treatment alternatives, or health-related benefits and services that may be of interest to you.

Uses and Disclosures Requiring Authorization

The following uses and disclosures require your written authorization:

  • Sale of your Protected Health Information
  • Most uses of psychotherapy notes (if applicable)
  • Marketing communications (beyond face-to-face or promotional gifts of nominal value)
  • Any use or disclosure not described in this Notice

You may revoke an authorization in writing at any time, except to the extent that we have already taken action in reliance on it.

Your Rights Regarding Your PHI

Right to Access

You may request access to inspect and obtain a copy of your PHI maintained by us. We will provide electronic copies when feasible. We may charge a reasonable, cost-based fee for copies. Requests must be submitted in writing.

Right to Amend

You may request that we amend your PHI if you believe it is inaccurate or incomplete. We may deny the request under certain circumstances (e.g., the information was not created by us), but we will explain the denial in writing.

Right to an Accounting of Disclosures

You may request a list of certain disclosures we have made of your PHI during the six years prior to your request. This does not include disclosures for treatment, payment, or healthcare operations, or disclosures made to you or authorized by you.

Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request except where the disclosure is to a health plan for payment or operations purposes and the PHI relates to a service you paid for in full out-of-pocket.

Right to Confidential Communications

You may request that we communicate with you about your health information by alternative means or at alternative locations (e.g., only by email to a specific address).

Right to a Paper Copy

You have the right to obtain a paper copy of this Notice upon request, even if you agreed to receive the Notice electronically.

Breach Notification

In accordance with the HITECH Act, we will notify you promptly if a breach of your unsecured Protected Health Information occurs. Notification will be made without unreasonable delay and no later than 60 calendar days after discovery of the breach. The notification will include a description of the breach, the types of information involved, the steps you should take, what we are doing in response, and contact information for further inquiries.

Our Duties

  • We are required by law to maintain the privacy and security of your PHI
  • We are required to provide you with this Notice of our legal duties and privacy practices
  • We are required to follow the terms of the Notice currently in effect
  • We will not use or disclose your PHI without your authorization except as described in this Notice
  • We will use the minimum amount of information necessary for non-treatment purposes
  • We reserve the right to change the terms of this Notice and the new provisions will apply to all PHI we maintain

Changes to This Notice

We reserve the right to change this Notice at any time. The revised Notice will be effective for all PHI that we already maintain, as well as any PHI we create or receive in the future. The current Notice will always be available on our platform and at our offices.

Contact & Complaints

To exercise any of your rights, request additional information, or file a complaint about our privacy practices, contact our HIPAA Privacy Officer:

mediCare HIPAA Privacy Officer

Email: hipaa@medicare-app.com

You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights at www.hhs.gov/ocr. You will not be retaliated against for filing a complaint.