Your Privacy Matters

Privacy Policy

Last updated: April 1, 2026

mediCare ("we," "us," or "our") is committed to protecting the privacy and security of your personal information, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our telemedicine platform.

Information We Collect

Personal Information

Name, email address, phone number, date of birth, gender, and other demographic information you provide during registration or profile updates.

Health Information (PHI)

Medical history, diagnoses, treatment plans, prescriptions, lab results, consultation notes, and any other health-related data created or shared through the platform. This information is treated as Protected Health Information under HIPAA.

Technical Information

Device type, browser type, IP address, operating system, access times, and pages viewed. This data is collected automatically to improve service quality and security.

Communication Data

Messages, video consultation recordings (when consented), and other communications transmitted through the platform.

How We Use Your Information

  • Providing telemedicine consultations, appointment scheduling, and care coordination
  • Processing prescriptions and referrals between healthcare providers
  • Sending appointment reminders, health alerts, and important service notifications
  • Verifying your identity and managing your account securely
  • Improving the platform through analytics (using de-identified or aggregated data only)
  • Complying with legal and regulatory obligations, including HIPAA requirements
  • Facilitating billing and payment processing
  • Responding to your inquiries and providing customer support

When We Disclose Information

We do not sell your personal information. We may share information only in the following circumstances:

  • For Treatment, Payment, and Healthcare Operations (TPO) as permitted by HIPAA
  • With your explicit written authorization for uses not covered under TPO
  • With business associates bound by HIPAA-compliant Business Associate Agreements (BAAs)
  • When required by law, including court orders, subpoenas, or public health reporting obligations
  • To prevent serious and imminent threats to health or safety, as permitted by applicable law
  • To Health Information Exchanges (HIEs) if you opt in to data sharing

Data Security

We implement comprehensive administrative, technical, and physical safeguards as required by HIPAA:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Multi-factor authentication and role-based access controls
  • Regular security audits, penetration testing, and vulnerability assessments
  • Automated audit logging of all access to Protected Health Information
  • Secure data backup with encrypted, geographically distributed storage
  • Employee security training and background checks for all staff with data access
  • Incident response and breach notification procedures compliant with the HITECH Act

Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this policy and to comply with legal and regulatory requirements. Medical records are retained in accordance with applicable state and federal laws governing medical record retention, which generally require a minimum of 6 to 10 years after the last date of service (longer for minors).

When data is no longer required, it is securely deleted or de-identified in accordance with NIST guidelines.

Your Rights

Under HIPAA and applicable state laws, you have the right to:

  • Access and obtain a copy of your Protected Health Information
  • Request amendments to inaccurate or incomplete health records
  • Request restrictions on certain uses and disclosures of your PHI
  • Receive an accounting of disclosures of your PHI made in the past six years
  • Request confidential communications through alternative means or locations
  • Receive notification in the event of a breach of your unsecured PHI
  • File a complaint with us or the U.S. Department of Health and Human Services

Children's Privacy

mediCare does not knowingly collect personal information from children under 13 without verified parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA). For patients under 18, a parent or legal guardian must create and manage the account. If you believe a child has provided information without appropriate consent, contact us immediately.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a prominent notice on our platform at least 30 days before they take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

Questions or Complaints

If you have questions about this Privacy Policy, wish to exercise your rights, or want to file a complaint, contact our Privacy Officer at privacy@medicare-app.com or visit our Contact page. You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.