1. Who this Notice Applies To
This Notice is provided by the independent professional medical entities ("Providers") and licensed pharmacies that deliver care through the NoTimeRx platform, together with NoTimeRx, Inc. acting as their HIPAA Business Associate. Collectively we are called the "Covered Entities" for purposes of this Notice.
2. Our Commitment
We are required by law to:
- Maintain the privacy and security of your Protected Health Information ("PHI");
- Provide you with this Notice of our legal duties and privacy practices;
- Notify you promptly if there is a breach that may have compromised your PHI;
- Follow the terms of the Notice currently in effect.
3. How We May Use and Disclose Your PHI Without Your Specific Authorization
Treatment
We use your PHI to evaluate your medical condition, prescribe medications, coordinate with pharmacies, and respond to questions about your care.
Payment
We use limited PHI to process payments, determine eligibility for services, and coordinate with HSA/FSA administrators when you use those payment methods.
Health Care Operations
Quality improvement, provider credentialing, clinical auditing, legal compliance, and internal analytics to improve the Services. Analytics on PHI is conducted only within our HIPAA-compliant environment.
As Required by Law
Mandatory reporting to public-health authorities, law enforcement in specific circumstances, in response to a valid court order, or when responding to a subpoena consistent with HIPAA's requirements.
To Business Associates
Cloud hosting, pharmacy software, shipping carriers for delivery, and secure messaging providers — each bound by a written Business Associate Agreement (BAA) requiring the same safeguards.
For Serious Threats to Health or Safety
Limited disclosures may be made to prevent serious threats to you or others, as permitted by law.
4. Uses That Require Your Written Authorization
We will not use or disclose your PHI for any of the following without your explicit, revocable written authorization:
- Marketing communications (beyond face-to-face communications with your Provider);
- Sale of PHI (we do not sell PHI under any circumstance);
- Most uses of psychotherapy notes;
- Any use beyond what is described in this Notice or permitted by law.
5. Your HIPAA Rights
- Right to Access — Receive a copy of your medical record, in electronic form when possible.
- Right to Amend — Request a correction to inaccurate or incomplete records.
- Right to an Accounting of Disclosures — Request a list of certain disclosures we've made of your PHI.
- Right to Restrict — Request limits on how we use or disclose your PHI for treatment, payment, or operations.
- Right to Confidential Communications — Request that we contact you a specific way or at a specific location.
- Right to a Paper Copy of this Notice — Even if you agreed to receive this Notice electronically.
- Right to Be Notified of a Breach — We will notify you in writing if your unsecured PHI is breached.
To exercise these rights, email privacy@notimerx.com or write to the Privacy Officer at the address below.
6. Breach Notification
If we discover that your unsecured PHI has been accessed, acquired, used, or disclosed in a manner not permitted by HIPAA, we will notify you without unreasonable delay and in no case later than 60 days after discovery, consistent with 45 CFR § 164.404. For a breach affecting more than 500 residents of a state, we will also notify prominent media outlets and the U.S. Department of Health & Human Services.
7. Complaints
You may file a complaint with us using the contact information below, or with the U.S. Department of Health & Human Services, Office for Civil Rights, at hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.
8. Contact the Privacy Officer
NoTimeRx Privacy Officer
1209 Orange Street, Wilmington, DE 19801
Email: privacy@notimerx.com
If this Notice changes, we will post the updated Notice on this page and make paper copies available in the patient portal.