P
Pharmissy
HIPAA Compliance

Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Effective Date: April 1, 2026 | Last Updated: April 1, 2026

Important Information About This Notice

Pharmissy is a technology platform that connects you with independent licensed healthcare providers. While Pharmissy operates as a Business Associate under HIPAA, the healthcare providers who review your information and prescribe treatment are Covered Entities with their own Notice of Privacy Practices. This notice covers how both Pharmissy and our provider network handle your protected health information (PHI).

1. Our Commitment to Your Privacy

We understand that your health information is personal and private. We are committed to protecting your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable state laws.

This Notice of Privacy Practices explains:

  • How we may use and share your health information
  • Your rights regarding your health information
  • Our legal duties to protect your health information
  • How to file a complaint if you believe your rights have been violated

2. How We Use and Disclose Your Information

For Treatment

We share your health information with the licensed healthcare providers who review your assessment and make treatment decisions. This includes your symptoms, medical history, allergies, and current medications.

For Payment

We use your information to process payments for services. This may include sharing information with payment processors and, if applicable, your health insurance company.

For Healthcare Operations

We may use your information for quality assurance, training, licensing, and accreditation activities to ensure you receive high-quality care.

With Pharmacy Partners

When a prescription is issued, we share necessary information with your chosen pharmacy to fulfill your prescription, including your name, date of birth, prescribed medication, and prescriber information.

As Required by Law

We may disclose your information when required by federal, state, or local law, including for public health activities, reporting abuse or neglect, health oversight activities, and judicial proceedings.

3. Your Rights

Under HIPAA, you have the following rights regarding your health information:

Right to Access

You may request to inspect and obtain a copy of your health information.

Right to Amend

You may request that we correct information you believe is inaccurate or incomplete.

Right to an Accounting of Disclosures

You may request a list of certain disclosures we have made of your health information.

Right to Request Restrictions

You may request that we limit how we use or disclose your information, though we are not required to agree to all requests.

Right to Confidential Communications

You may request that we communicate with you in a specific way or at a specific location.

Right to a Paper Copy

You may request a paper copy of this Notice at any time.

To exercise any of these rights, please contact us using the information provided at the end of this notice.

4. How We Protect Your Information

We implement comprehensive safeguards to protect your health information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Only authorized personnel can access your information on a need-to-know basis
  • Audit Trails: We maintain logs of all access to your health information
  • Employee Training: All staff receive HIPAA compliance training
  • Business Associate Agreements: We require all vendors who handle PHI to sign BAAs
  • Secure Infrastructure: Our systems are hosted on HIPAA-compliant infrastructure

5. Breach Notification

In the unlikely event of a breach of your unsecured protected health information, we will notify you as required by law. Notification will be made without unreasonable delay and no later than 60 days after discovery of the breach.

The notification will include:

  • A description of what happened and the date of the breach
  • The types of information involved
  • Steps you should take to protect yourself
  • What we are doing to investigate and mitigate the breach
  • Contact information for questions

6. Changes to This Notice

We reserve the right to change this Notice and make the new provisions effective for all PHI we maintain. If we make material changes, we will post the revised Notice on our website and update the effective date. We encourage you to review this Notice periodically.

7. Questions and Complaints

If you have questions about this Notice or wish to exercise your rights, please contact our Privacy Officer:

Pharmissy Privacy Officer

privacy@pharmissy.com

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

U.S. Department of Health and Human Services

Office for Civil Rights

www.hhs.gov/ocr/complaints

Acknowledgment

By using Pharmissy's services, you acknowledge that you have received and reviewed this Notice of Privacy Practices. A copy of this Notice is always available at pharmissy.com/hipaa-notice.

← Back to Home