HIPAA · 45 CFR §164.520

HIPAA Notice of
Privacy Practices

Effective May 1, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

About This Notice

DocFindMe, Inc. is required by law to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of Privacy Practices, and to abide by the terms of the notice currently in effect.

This Notice explains how DocFindMe may use and share your PHI, your rights regarding that information, and our responsibilities for protecting it. DocFindMe functions as a Business Associate under HIPAA, supporting healthcare providers (Covered Entities) who use our platform to coordinate patient care.

What Is Protected Health Information (PHI)?

PHI is information that identifies you and relates to your past, present, or future physical or mental health condition, the provision of healthcare to you, or the payment for such care. On DocFindMe, PHI includes:

  • Your name, date of birth, contact information when linked to health data
  • Medication names, dosages, and adherence records
  • Medical conditions and diagnoses shared by you or your provider
  • Care team assignments and doctor-patient relationships
  • Emergency alerts, location data shared during health events
  • Emergency contact information linked to your health profile

How We May Use and Disclose Your PHI

Treatment

We share your PHI with your authorized care team (doctors, emergency contacts you designate) to facilitate treatment, medication management, and care coordination. For example, your doctor can view your medication schedule and hospital arrival alerts.

Health Care Operations

We may use your PHI for platform operations, quality improvement, security monitoring, training, and compliance auditing. We use de-identified or aggregated data for analytics to improve the Service.

Emergency Situations

In an emergency, we may share your PHI with emergency contacts you have designated and, if required, with emergency responders or public health authorities to prevent serious harm to you or others.

Other Permitted Disclosures

  • Required by Law: When compelled by court order, subpoena, or government authority
  • Public Health Activities: As required by public health laws to report disease, injury, or vital statistics
  • Health Oversight: To government agencies for audits, investigations, or inspections as authorized by law
  • Law Enforcement: As required or permitted by law enforcement in limited circumstances
  • Serious Threats: To prevent or lessen a serious and imminent threat to your health or safety or the health or safety of the public
  • Business Associates: To our HIPAA BAA-covered service providers (cloud hosting, monitoring) solely to operate the platform

All other uses and disclosures of your PHI require your written authorization. You may revoke any authorization in writing at any time, except to the extent we have already relied on it.

Your Rights Regarding Your PHI

Right to Access Your PHI

You have the right to inspect and receive a copy of your PHI that we maintain. We will provide access within 30 days of your written request. We may charge a reasonable, cost-based fee for copies.

Right to Amend Your PHI

If you believe your PHI is incorrect or incomplete, you may request an amendment. We will act on your request within 60 days. We may deny the request if the information was not created by us, or if we determine the information is accurate and complete.

Right to an Accounting of Disclosures

You have the right to request a list of disclosures we have made of your PHI, other than for treatment, payment, health care operations, or those you authorized. This accounting covers the six years prior to your request.

Right to Request Restrictions

You may request that we restrict how we use or disclose your PHI for treatment, payment, or health care operations. We are not required to agree to your request except when you request we not disclose PHI to a health plan for care you paid for out-of-pocket in full.

Right to Confidential Communications

You may request that we communicate with you about your health matters in a specific way or at a specific location. For example, you may request we contact you only by email or only at a certain phone number. We will accommodate reasonable requests.

Right to Request Deletion

You may request deletion of your PHI. We will comply unless retention is required by HIPAA (minimum 6-year retention), other applicable law, or for legitimate healthcare operations. Upon approved deletion, your data will be de-identified or securely destroyed within 90 days.

Right to a Copy of This Notice

You have the right to receive a paper copy of this Notice of Privacy Practices at any time, even if you have agreed to receive this notice electronically. Contact us at the address below to request a paper copy.

Our Responsibilities

DocFindMe is required to:

  • Maintain the privacy and security of your PHI
  • Provide you with notice of our legal duties and privacy practices
  • Abide by the terms of the notice currently in effect
  • Notify you if a breach occurs that may have compromised the privacy or security of your PHI
  • Not use or share your PHI for marketing purposes without your authorization
  • Not sell your PHI without your authorization

Data Security Safeguards

🔒

Encryption

TLS 1.2+ in transit, AES-256 at rest

🛡️

Access Control

Role-based, least-privilege access to PHI

📋

Audit Logging

All PHI access logged per HIPAA Security Rule

Changes to This Notice

We reserve the right to change this Notice at any time. A revised Notice will apply to PHI we already have about you as well as any PHI we receive in the future. We will post any revised Notice in the application and on our website, with the effective date prominently displayed. You may request a copy of any revised Notice at any time.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with DocFindMe or with the Secretary of the US Department of Health and Human Services. We will not retaliate against you for filing a complaint.

File with DocFindMe

Privacy Officer

privacy@docfindme.com

File with the Government

HHS Office for Civil Rights

www.hhs.gov/ocr

1-800-368-1019

Contact Our Privacy Officer

To exercise any of your rights described in this Notice, or if you have questions about how your PHI is used and protected, contact:

DocFindMe, Inc. — Privacy Officer

Email: privacy@docfindme.com

General Support: support@docfindme.com

Legal: legal@docfindme.com

This Notice is provided pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 CFR §164.520, and the Health Information Technology for Economic and Clinical Health (HITECH) Act.