RxION Health

HIPAA Privacy Policy

RxION ("RxION," "we," "us," or "our") maintains commitment to protecting the privacy and security of Protected Health Information ("PHI") in accordance with the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, and applicable state laws.

1. Our Responsibilities Under HIPAA

RxION operates as a Covered Entity working with Business Associates (pharmacies, payment processors, technology providers). Our legal obligations include:

  • Maintaining PHI privacy and security
  • Notifying customers of breaches compromising information privacy or security
  • Providing notice of legal duties and privacy practices regarding PHI
  • Complying with this Privacy Policy terms

2. What is Protected Health Information (PHI)?

PHI includes individually identifiable health information relating to:

  • Past, present, or future physical or mental health conditions
  • Healthcare services provision
  • Healthcare services payment

Examples: name, date of birth, contact information, medical history, diagnosis, treatment details, and payment information.

3. How We May Use and Disclose Your PHI Without Your Written Authorization

RxION may use or disclose PHI for permitted or required purposes:

A. Treatment

Providing, coordinating, or managing healthcare services. Example: healthcare providers share medical history with pharmacies for prescription fulfillment.

B. Payment

Obtaining payment for healthcare services. Includes sharing information with health plans or third-party payment processors for claims processing or payment receipt.

C. Healthcare Operations

Quality assessment, training, auditing, licensing, accreditation, and other internal business operations essential for providing quality care.

4. Other Permitted or Required Disclosures Without Your Authorization

RxION may disclose PHI under these circumstances:

  • As Required by Law: Complying with federal, state, or local laws, regulations, or legal processes (court orders or subpoenas)
  • Public Health and Safety: Preventing or controlling disease, reporting adverse events, or addressing public health emergencies
  • Law Enforcement: Responding to law enforcement officials for locating suspects or reporting crimes
  • Health Oversight Activities: Government agencies overseeing healthcare systems and ensuring regulatory compliance
  • Judicial and Administrative Proceedings: Responding to court orders or legal proceedings
  • To Avert a Serious Threat: Preventing serious threats to health or safety
  • Workers' Compensation: Complying with workers' compensation laws or similar programs

5. Uses and Disclosures Requiring Your Written Authorization

RxION will not use or disclose PHI for these purposes without explicit written authorization:

  • Marketing activities unrelated to RxION's services
  • Sale of PHI (never sold under any circumstances)
  • Psychotherapy notes, if applicable

You may revoke authorization anytime in writing. RxION honors revocation except where already relying on authorization.

6. Your Rights Regarding Your PHI

You have the following specific HIPAA rights:

A. Right to Access Your PHI

Inspecting and receiving copies of your PHI, including medical records and billing information. Requests must be in writing. Reasonable fees may apply for copies.

B. Right to Request Amendments

If you believe PHI is incorrect or incomplete, you may request amendments. Requests must be in writing and include reasoning. RxION may deny requests when records are accurate and complete.

C. Right to Request Restrictions

You may request restrictions on how PHI is used or disclosed for treatment, payment, or healthcare operations. RxION is not required to agree to every restriction request but will comply with legally required restrictions.

D. Right to Request Confidential Communications

You may request specific contact methods (email, phone, mail) or locations (home or office). RxION will accommodate reasonable requests.

E. Right to an Accounting of Disclosures

You may request an accounting of certain PHI disclosures made by RxION during the six years prior to request, excluding disclosures for treatment, payment, healthcare operations, and other exempt disclosures.

F. Right to Receive a Copy of This Policy

You may request paper or electronic copies of this HIPAA Privacy Policy at any time.

7. Safeguards to Protect Your PHI

RxION implements physical, administrative, and technical safeguards ensuring confidentiality, integrity, and availability of PHI. Security measures include:

  • Data encryption during transmission and at rest
  • Secure access controls limiting access to authorized personnel
  • Regular risk assessments and audits
  • Ongoing staff training on HIPAA policies and privacy practices

No system guarantees 100% security. Breaches compromising PHI will result in notification as required by law.

8. Breach Notification Policy

Following an unsecured PHI breach, RxION will:

  • Notify you promptly as required by HIPAA
  • Provide information about what occurred, involved information types, steps you should take, and RxION's mitigation actions
  • Notify the U.S. Department of Health and Human Services (HHS) and, in some cases, media as required by law

9. Business Associates

RxION partners with third-party service providers (Business Associates) to facilitate Services delivery. Business Associates may access PHI for payment processing, IT services, or pharmacy fulfillment.

Each Business Associate must:

  • Safeguard PHI
  • Use and disclose PHI only for authorized purposes
  • Notify RxION of PHI data breaches

10. Retention of PHI

RxION retains health records and PHI as long as required by law or necessary for providing healthcare services. Following retention periods, PHI is securely disposed of following HIPAA guidelines.

11. Complaints

If you believe your privacy rights have been violated, you may:

  • File a complaint with RxION by contacting the Privacy Officer at privacy@tryrxion.com
  • File a complaint with the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)

No retaliation will occur for filing complaints.

12. Changes to This HIPAA Privacy Policy

RxION reserves the right to modify this policy. Following significant changes, RxION will:

  • Notify you via email or website
  • Post an updated policy with a revised effective date

Continued use of the Services after changes constitutes acceptance of the revised policy.

13. Contact Information

For more information or to exercise your privacy rights under HIPAA, contact us at privacy@tryrxion.com.