HIPAA Compliance
This document explains how we protect your health information and comply with HIPAA regulations.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires the protection and confidential handling of Protected Health Information (PHI). We are committed to protecting your health information and complying with all HIPAA requirements.
Our Commitment to Your Privacy
We take your privacy seriously. We implement comprehensive security measures to protect your health information and ensure it is handled in accordance with HIPAA regulations.
What is Protected Health Information (PHI)?
Protected Health Information (PHI) includes any information that:
- Identifies or could identify you
- Relates to your health, healthcare, or payment for healthcare
Examples of PHI We May Collect
- Your name, address, phone number, and email address
- Date of birth
- Medical record numbers
- Appointment information
- Prescription information
- Medical notes and health information
- Payment information related to healthcare services
How We Protect Your Information
Security Measures
We implement multiple layers of security to protect your information:
- Encryption: All your health information is encrypted both when it's stored and when it's transmitted
- Access Controls: Only authorized personnel who need your information to provide care can access it
- Audit Logging: We log all access to your health information to monitor for unauthorized access
- Secure Storage: Your information is stored in secure, encrypted systems
- Regular Security Reviews: We regularly review and update our security measures
Access Controls
- Only authorized healthcare providers and staff can access your health information
- Access is limited to the minimum information necessary to provide care
- All access is logged and monitored
Data Encryption
- All communications between you and our platform are encrypted using industry-standard encryption
- Your stored health information is encrypted at rest
- We use secure, encrypted connections for all data transmission
Your Rights Regarding Your Health Information
Right to Access
You have the right to access your health information. You can request a copy of your medical records at any time.
Right to Request Amendments
You have the right to request corrections to your health information if you believe it is inaccurate or incomplete.
Right to Request Restrictions
You can request restrictions on how we use or disclose your health information, though we may not be able to accommodate all requests.
Right to Request Confidential Communications
You can request that we communicate with you in a specific way or at a specific location.
Right to an Accounting of Disclosures
You have the right to request a list of certain disclosures we have made of your health information.
Right to File a Complaint
If you believe your privacy rights have been violated, you can file a complaint with us or with the U.S. Department of Health and Human Services.
How We Use Your Information
We use your health information to:
- Provide you with healthcare services
- Process payments for services
- Coordinate your care with other healthcare providers
- Comply with legal requirements
- Improve our services
When We May Disclose Your Information
We may disclose your health information in the following situations:
- Treatment: To other healthcare providers involved in your care
- Payment: To process payments and handle insurance claims
- Healthcare Operations: For quality improvement and administrative purposes
- Required by Law: When required by federal, state, or local law
- Public Health: For public health activities and reporting
- Legal Proceedings: In response to court orders or legal processes
- With Your Authorization: When you provide written authorization
Business Associate Agreements
We work with trusted third-party service providers who help us operate our platform. All service providers who handle your health information are required to sign Business Associate Agreements (BAAs) that require them to protect your information in accordance with HIPAA.
Incident Response and Breach Notification
What is a Breach?
A breach is the unauthorized acquisition, access, use, or disclosure of your health information that compromises its security or privacy.
Our Response to Breaches
If we discover a breach of your health information, we will:
- Immediately contain the breach to prevent further unauthorized access
- Investigate the breach to determine what information was involved and who was affected
- Notify affected individuals within 60 days of discovering the breach
- Report to authorities if required by law
- Take corrective action to prevent future breaches
Breach Notification
If a breach affects you, we will notify you:
- By mail to your last known address
- By email if you have provided an email address
- By phone if the breach is urgent
The notification will include:
- A description of what happened
- What information was involved
- What we are doing to investigate and address the breach
- What you can do to protect yourself
- Contact information for questions
Audit and Monitoring
We continuously monitor access to your health information to:
- Detect unauthorized access
- Identify security threats
- Ensure compliance with our policies
- Review access patterns for unusual activity
All access to your health information is logged and regularly reviewed by our security team.
Data Retention
We retain your health information in accordance with legal requirements:
- Medical Records: Retained for 7 years from the date of your last service
- Audit Logs: Retained for 6 years minimum
- Financial Records: Retained for 7 years for tax and accounting purposes
For more details, see our Data Retention Policy.
Your Responsibilities
To help us protect your information, please:
- Keep your login credentials secure and confidential
- Use strong, unique passwords
- Log out of your account when finished
- Notify us immediately if you suspect unauthorized access
- Keep your contact information up to date
Questions or Concerns
If you have questions about our HIPAA compliance or how we protect your health information, please contact us:
Email: maylis@doctoronthewatch.com
Phone: +1 (917) 526-9746
Changes to This Policy
We may update this policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.
Last Updated
12/15/2025
Additional Resources
