RxION (“RxION,” “we,” “us,” or “our”) is committed to protecting the privacy and security
of your Protected Health Information (“PHI”) in accordance with the Health Insurance
Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology
for Economic and Clinical Health Act (“HITECH”), and applicable state laws. This HIPAA
Privacy Policy describes how we may use and disclose your PHI, as well as your rights
regarding your health information.
Please review this policy carefully.
1. Our Responsibilities Under HIPAA
RxION is a Covered Entity and works with Business Associates (such as
pharmacies, payment processors, and technology providers) to deliver telemedicine
services. RxION is required by law to:
• Maintain the privacy and security of your PHI.
• Notify you if a breach occurs that compromises the privacy or security of your
information.
• Provide you with notice of our legal duties and privacy practices regarding PHI.
• Comply with the terms of this Privacy Policy.
2. What is Protected Health Information (PHI)?
PHI includes individually identifiable health information that relates to:
• Your past, present, or future physical or mental health condition.
• The provision of healthcare services to you.
• Payment for healthcare services.
Examples include your name, date of birth, contact information, medical history,
diagnosis, treatment details, and payment information.
3. How We May Use and Disclose Your PHI Without Your Written Authorization
RxION may use or disclose your PHI for the following purposes without your prior
written consent, as permitted or required by HIPAA:
A. Treatment
To provide, coordinate, or manage your healthcare services. For example, your
healthcare provider may share your medical history with a pharmacy to fulfill your
prescription.
B. Payment
To obtain payment for healthcare services provided to you. This may include sharing
information with your health plan or a third-party payment processor to process claims
or receive payment.
C. Healthcare Operations
For quality assessment, training, auditing, licensing, accreditation, and other internal
business operations essential to providing you with quality care.
4. Other Permitted or Required Disclosures Without Your Authorization
RxION may also disclose your PHI under the following circumstances:
• As Required by Law: To comply with federal, state, or local laws, regulations, or
legal processes (such as court orders or subpoenas).
• Public Health and Safety: To prevent or control disease, report adverse events,
or address public health emergencies.
• Law Enforcement: To respond to law enforcement officials for purposes such as
locating a suspect or reporting a crime.
• Health Oversight Activities: To government agencies responsible for
overseeing healthcare systems and ensuring compliance with regulations.
• Judicial and Administrative Proceedings: In response to a court order or legal
proceeding.
• To Avert a Serious Threat: When necessary to prevent a serious threat to
health or safety.
• Workers’ Compensation: To comply with workers’ compensation laws or similar
programs.
5. Uses and Disclosures Requiring Your Written Authorization
RxION will not use or disclose your PHI for the following purposes without your explicit
written authorization:
• Marketing activities unrelated to RxION’s services.
• Sale of PHI (we do not sell your PHI under any circumstances).
• Psychotherapy notes, if applicable.
If you provide authorization for any other use or disclosure of your PHI, you may revoke
it at any time in writing. We will honor your revocation, except to the extent that we have
already relied on your authorization.
6. Your Rights Regarding Your PHI
You have specific rights regarding your PHI under HIPAA. These rights include:
A. Right to Access Your PHI
You have the right to inspect and receive a copy of your PHI, including your medical
records and billing information, maintained by RxION. Requests must be made in
writing. We may charge a reasonable fee for copies.
B. Right to Request Amendments
If you believe your PHI is incorrect or incomplete, you may request an amendment.
Requests must be submitted in writing and must include a reason supporting the
amendment request. RxION may deny the request in certain situations, such as when
records are accurate and complete.
C. Right to Request Restrictions
You may request a restriction on how your PHI is used or disclosed for treatment,
payment, or healthcare operations. While RxION is not required to agree to every
restriction request, we will comply with legally required restrictions.
D. Right to Request Confidential Communications
You may request that we contact you in a specific way (e.g., via email, phone, or mail)
or at a specific location (e.g., your home or office). We will accommodate reasonable
requests.
E. Right to an Accounting of Disclosures
You have the right to request an accounting of certain disclosures of your PHI made by
RxION during the six years prior to your request, excluding disclosures for treatment,
payment, healthcare operations, and other exempt disclosures.
F. Right to Receive a Copy of This Policy
You may request a paper or electronic copy of this HIPAA Privacy Policy at any time.
7. Safeguards to Protect Your PHI
RxION implements physical, administrative, and technical safeguards to ensure the
confidentiality, integrity, and availability of your PHI. Our security measures include:
• Data encryption during transmission and at rest.
• Secure access controls to limit access to authorized personnel.
• Regular risk assessments and audits.
• Ongoing staff training on HIPAA policies and privacy practices.
Despite these efforts, no system can guarantee 100% security. If a breach occurs that
compromises your PHI, we will notify you as required by law.
8. Breach Notification Policy
In the event of a breach of your unsecured PHI, RxION will:
• Notify you promptly, as required by HIPAA.
• Provide information about what happened, the type of information involved, steps
you should take, and what RxION is doing to mitigate harm.
• Notify the U.S. Department of Health and Human Services (HHS) and, in some
cases, the media, as required by law.
9. Business Associates
RxION partners with third-party service providers, known as Business Associates, to
facilitate the delivery of our Services. These Business Associates may have access to
your PHI for purposes such as payment processing, IT services, or pharmacy fulfillment.
Each Business Associate is required by law and contract to:
• Safeguard your PHI.
• Use and disclose PHI only for authorized purposes.
• Notify RxION of any data breaches involving your PHI.
10. Retention of PHI
RxION retains your health records and PHI for as long as required by law or necessary
to provide you with healthcare services. Once the retention period ends, we securely
dispose of your PHI following HIPAA guidelines.
11. Complaints
If you believe your privacy rights have been violated, you may:
• File a complaint with RxION by contacting our Privacy Officer at [Insert Contact
Email].
• File a complaint with the U.S. Department of Health and Human Services (HHS),
Office for Civil Rights (OCR).
There will be no retaliation for filing a complaint.
12. Changes to This HIPAA Privacy Policy
RxION reserves the right to modify this HIPAA Privacy Policy at any time. If we make
significant changes, we will:
• Notify you via email or through our website.
• Post the updated policy with the revised effective date.
Continued use of our Services after changes are posted constitutes your acceptance of
the revised policy.
13. Contact Information
For more information or to exercise your privacy rights under HIPAA, contact us.
