Privacy Policy
Heros Health, Inc.
Effective Date: January 1, 2024
HIPAA Notice of Privacy Practices
This Privacy Policy serves as our Notice of Privacy Practices under the Health Insurance Portability and Accountability Act (HIPAA). Your protected health information (PHI) is safeguarded with the highest level of security and confidentiality as required by federal law.
1. Information We Collect
Protected Health Information (PHI)
We collect and process the following types of protected health information:
- Medical history and current health conditions
- Prescription and medication information
- Laboratory results and diagnostic information
- Treatment plans and medical recommendations
- Healthcare provider communications
- Insurance and billing information
Personal Information
- Name, address, phone number, and email address
- Date of birth and government-issued identification
- Payment and billing information
- Account credentials and preferences
Technical Information
We collect and process the following types of protected health information:
- IP address and device information
- Browser type and operating system
- Usage patterns and session information
- Cookies and similar tracking technologies
2. How We Use Your Information
Treatment
We use your PHI to provide, coordinate, and manage your healthcare treatment, including:
- Conducting telehealth consultations
- Prescribing medications and treatments
- Coordinating care with other healthcare providers
- Maintaining medical records
Payment
We use your information for billing and payment purposes, including:
- Processing payments for services
- Insurance claim processing
- Billing inquiries and collection activities
Healthcare Operations
We may use your information for healthcare operations, including:
- Quality assessment and improvement
- Staff training and competency evaluation
- Compliance monitoring and auditing
- Business planning and development
3. Information Sharing and Disclosure
Important: We never sell your protected health information. We only share your PHI as permitted or required by law.
Permitted Disclosures
- Healthcare Providers: Other providers involved in your care
- Business Associates: Vendors who assist with healthcare operations
- Insurance: Your health plan for payment and coverage determinations
- Family/Friends: Individuals you authorize to receive information
Special Circumstances
We may disclose PHI without authorization in specific situations:
- Public health activities and disease reporting
- Judicial and administrative proceedings
- Law enforcement activities
- Emergency situations to prevent serious harm
4. Your Rights Under HIPAA
Access Rights
- Right to Access: Request copies of your medical records
- Right to Amend: Request corrections to your PHI
- Right to an Accounting: Request a list of PHI disclosures
Control Rights
- Right to Restrict: Request limitations on PHI use and disclosure
- Right to Confidential Communications: Request alternative communication methods
- Right to Authorize: Control certain uses and disclosures of your PHI
Notification Rights
- Right to Notification: Be notified of breaches of your PHI
- Right to a Paper Copy: Request a paper copy of this Privacy Policy
5. Data Security and Protection
Technical Safeguards
- End-to-end encryption for all data transmission
- Secure data storage with AES-256 encryption
- Multi-factor authentication requirements
- Regular security audits and penetration testing
Administrative Safeguards
- HIPAA compliance training for all staff
- Access controls and user authentication
- Incident response and breach notification procedures
- Business associate agreements with vendors
Physical Safeguards
- Secure data centers with 24/7 monitoring
- Restricted access to servers and equipment
- Secure disposal of PHI-containing devices
6. Data Retention
We retain your protected health information in accordance with:
- Federal and state medical record retention requirements
- HIPAA minimum necessary standards
- Business and legal requirements
Medical records are typically retained for a minimum of 6 years from the date of last treatment, or longer as required by applicable law.
7. Breach Notification
In the event of a breach of your protected health information, we will:
- Notify you within 60 days of discovery
- Report the breach to the Department of Health and Human Services
- Provide details about the breach and steps being taken
- Offer guidance on protecting yourself from potential harm
8. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Maintain secure user sessions
- Remember user preferences
- Analyze website usage patterns
- Improve our services and user experience
You can control cookie settings through your browser preferences.
9. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take appropriate steps to delete it.
10. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy. Material changes will be communicated through:
- Email notification to registered users
- Prominent notice on our website
- Updated effective date on this policy
We are required by law to abide by the privacy policy currently in effect.
11. Complaints
If you believe your privacy rights have been violated, you may file a complaint with:
- Heros Health Privacy Officer
- The U.S. Department of Health and Human Services
You will not be retaliated against for filing a complaint.
Contact Information
Privacy Officer
Heros Health, Inc.
Email: privacy@heroshealth.com
Phone: +1 702763-HERO
Address: 1708 Spring Green Blvd Suite 120-343, Katy, TX, 77494
For HIPAA Complaints:
U.S. Department of Health and Human Services
Phone: +1 702763-HERO
.svg)