Privacy Policy

Protected Health Information (PHI)

We collect and process the following types of protected health information:

• Medical history and current health conditions
• Prescription and medication information
• Laboratory results and diagnostic information
• Treatment plans and medical recommendations
• Healthcare provider communications
• Insurance and billing information

Personal Information

• Name, address, phone number, and email address
• Date of birth and government-issued identification
• Payment and billing information
• Account credentials and preferences

Technical Information

• IP address and device information
• Browser type and operating system
• Usage patterns and session information
• Cookies and similar tracking technologies

Treatment

We use your PHI to provide, coordinate, and manage your healthcare treatment, including:

• Conducting telehealth consultations
• Prescribing medications and treatments
• Coordinating care with other healthcare providers
• Maintaining medical records

Payment

We use your information for billing and payment purposes, including:

• Processing payments for services
• Insurance claim processing
• Billing inquiries and collection activities

Healthcare Operations

We may use your information for healthcare operations, including:

• Quality assessment and improvement
• Staff training and competency evaluation
• Compliance monitoring and auditing
• Business planning and development

Permitted Disclosures

• Healthcare Providers: Other providers involved in your care
• Business Associates: Vendors who assist with healthcare operations
• Insurance: Your health plan for payment and coverage determinations
• Family/Friends: Individuals you authorize to receive information

Required Disclosures

• To you upon your request
• To the Department of Health and Human Services for compliance investigations
• As required by state and federal law

Special Circumstances

We may disclose PHI without authorization in specific situations:

• Public health activities and disease reporting
• Judicial and administrative proceedings
• Law enforcement activities
• Emergency situations to prevent serious harm

Access Rights

• Right to Access: Request copies of your medical records
• Right to Amend: Request corrections to your PHI
• Right to an Accounting: Request a list of PHI disclosures

Control Rights

• Right to Restrict: Request limitations on PHI use and disclosure
• Right to Confidential Communications: Request alternative communication methods
• Right to Authorize: Control certain uses and disclosures of your PHI

Notification Rights

• Right to Notification: Be notified of breaches of your PHI
• Right to a Paper Copy: Request a paper copy of this Privacy Policy

Technical Safeguards

• End-to-end encryption for all data transmission
• Secure data storage with AES-256 encryption
• Multi-factor authentication requirements
• Regular security audits and penetration testing

Administrative Safeguards

• HIPAA compliance training for all staff
• Access controls and user authentication
• Incident response and breach notification procedures
• Business associate agreements with vendors

Physical Safeguards

• Secure data centers with 24/7 monitoring
• Restricted access to servers and equipment
• Secure disposal of PHI-containing devices

We retain your protected health information in accordance with:

• Federal and state medical record retention requirements
• HIPAA minimum necessary standards
• Business and legal requirements

Medical records are typically retained for a minimum of 6 years from the date of last treatment, or longer as required by applicable law.

In the event of a breach of your protected health information, we will:

• Notify you within 60 days of discovery
• Report the breach to the Department of Health and Human Services
• Provide details about the breach and steps being taken
• Offer guidance on protecting yourself from potential harm

We use cookies and similar technologies to:

• Maintain secure user sessions
• Remember user preferences
• Analyze website usage patterns
• Improve our services and user experience

You can control cookie settings through your browser preferences.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take appropriate steps to delete it.

We reserve the right to modify this Privacy Policy. Material changes will be communicated through:

• Email notification to registered users
• Prominent notice on our website
• Updated effective date on this policy

We are required by law to abide by the privacy policy currently in effect.

If you believe your privacy rights have been violated, you may file a complaint with:

• Heros Health Privacy Officer
• The U.S. Department of Health and Human Services

You will not be retaliated against for filing a complaint.