XPress Health← Back to Home

Privacy Policy

Your privacy and the security of your health information is our top priority

Last updated: January 26, 2024

HIPAA Compliance Commitment

XPress Health is committed to protecting your Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and health information.

1. Information We Collect

Personal Information

  • Name, address, phone number, email address
  • Date of birth and government-issued ID information
  • Emergency contact information
  • Payment and billing information
  • Device information and IP address

Protected Health Information (PHI)

  • Medical history, symptoms, and health concerns
  • Prescription and medication information
  • Laboratory test results and orders
  • Provider consultations and treatment records
  • Mental health and behavioral health information
  • Any other health-related information you provide

Usage Information

  • How you use our platform and services
  • Login times and session duration
  • Pages visited and features used
  • Messages and communications within the platform

2. How We Use Your Information

We use your information only as permitted by HIPAA and applicable laws:

Treatment Purposes

  • Facilitating consultations between you and healthcare providers
  • Enabling providers to deliver appropriate medical care
  • Coordinating prescription fulfillment and lab test orders
  • Maintaining your medical records and history

Payment Operations

  • Processing payments for services rendered
  • Billing and account management
  • Fraud prevention and financial verification

Healthcare Operations

  • Quality assurance and improvement activities
  • Platform security and technical maintenance
  • Compliance with legal and regulatory requirements
  • Customer support and technical assistance

3. Information Sharing and Disclosure

We do not sell, rent, or share your PHI except as described below:

With Your Consent

  • When you explicitly authorize us to share your information
  • For purposes you have specifically approved

For Treatment

  • With healthcare providers delivering your care
  • With pharmacies for prescription fulfillment
  • With laboratories for test processing

As Required by Law

  • To comply with court orders or legal processes
  • To report communicable diseases to public health authorities
  • For law enforcement investigations when legally required
  • To prevent serious harm or injury

Business Associates

  • Third-party service providers who assist with our operations
  • All business associates sign HIPAA-compliant agreements
  • They are contractually required to protect your PHI

4. Data Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • 256-bit SSL encryption for all data transmission
  • AES-256 encryption for data storage
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery systems

Administrative Safeguards

  • Role-based access controls and user permissions
  • Regular employee privacy and security training
  • Incident response and breach notification procedures
  • Business associate agreements with all vendors

Physical Safeguards

  • Secure data centers with 24/7 monitoring
  • Biometric access controls and security cameras
  • Environmental controls and redundant power systems

5. Your Privacy Rights Under HIPAA

You have the following rights regarding your PHI:

  • Right to Access: Request copies of your medical records and access your PHI in electronic format.
  • Right to Amend: Request corrections to inaccurate or incomplete PHI.
  • Right to Restrict: Request limits on how we use or disclose your PHI.
  • Right to Accounting: Request a list of disclosures we have made of your PHI.
  • Right to Alternative Communication: Request that we communicate with you in a specific way or at alternative locations.

To exercise any of these rights, please contact our Privacy Officer using the information provided below.

6. Data Retention

  • Medical Records: Retained for a minimum of 7 years after your last interaction
  • Payment Information: Retained for 7 years for tax and audit purposes
  • Account Information: Retained for as long as your account is active
  • Communications: Retained for 3 years unless longer retention is required

7. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, improve functionality, analyze usage, and ensure security. We do not use cookies to track PHI or share your health information with third parties for advertising purposes.

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect PHI from children under 18 without appropriate parental consent. If you believe your child has provided us with PHI, please contact our Privacy Officer immediately.

9. Breach Notification

In the unlikely event of a data breach involving your PHI, we will notify you within 60 days, provide details about the information involved, explain steps we are taking, offer guidance on self-protection, and notify relevant authorities as required by law.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will post updated policies, send email notifications for material changes, and update the “Last Updated” date. Your continued use of our services constitutes acceptance of the updated policy.

Privacy Officer Contact Information

For questions about this Privacy Policy or to exercise your privacy rights:

  • Email: privacy@xpresshealth.care
  • Response Time: Within 30 days of receiving your request

Filing Privacy Complaints

If you believe your privacy rights have been violated, you may file a complaint with XPress Health or the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). We will not retaliate against you for filing a complaint.