← Back to home

HIPAA Notice of Privacy Practices

Last updated: April 28, 2026

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Our Commitment

DoctorNoted is committed to protecting the privacy of your health information. We comply with the Health Insurance Portability and Accountability Act (HIPAA) and related regulations governing how we collect, use, store, and share Protected Health Information (PHI).

What Is PHI?

PHI includes any information about your health condition, treatment, or payment for healthcare services that can identify you. This includes your name, date of birth, diagnosis, medications, doctor's name, and other health-related details you provide during intake.

How We Use and Disclose Your PHI

We use your PHI primarily to:

  • Prepare your Letter of Medical Necessity packet
  • Facilitate communication between you and your physician
  • Process payment for our services
  • Comply with legal obligations

We share PHI only with: (a) your physician at your direction; (b) service providers under HIPAA Business Associate Agreements (hosting, payment processing); (c) law enforcement when required by law.

Your Rights Under HIPAA

  • Right to access: You may request a copy of the PHI we hold about you.
  • Right to amend: You may request corrections to your PHI.
  • Right to an accounting of disclosures: You may request a list of disclosures we have made.
  • Right to request restrictions: You may request limits on how we use or disclose your PHI.
  • Right to confidential communications: You may request communications by alternative means.
  • Right to a paper copy of this notice: Available on request.
  • Right to file a complaint: You may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights.

Our Safeguards

We use administrative, physical, and technical safeguards to protect PHI, including encryption at rest and in transit, role-based access controls, audit logs, regular security assessments, and Business Associate Agreements with all service providers who may access PHI.

Breach Notification

If a breach of unsecured PHI occurs, we will notify affected individuals as required by HIPAA, typically within 60 days of discovery.

Changes to This Notice

We may revise this notice. The most current version will always be posted on our website with the effective date.

Contact

Privacy questions or to exercise your rights, contact our Privacy Officer at privacy@doctornoted.com.

Note for legal counsel: This document is a working draft and should be reviewed and finalized by a qualified healthcare attorney before public reliance. Contact information: hello@doctornoted.com.