HIPAA Notice of Privacy Practices

Last updated: January 2025

This Notice Describes How Medical Information About You May Be Used and Disclosed

This notice describes how DoctaRx and our healthcare providers may use and disclose your protected health information (PHI) to carry out treatment, payment, or healthcare operations, and for other purposes that are permitted or required by law.

Your Rights

You have the following rights regarding your PHI:

  • Right to Access: You can request to see or get an electronic or paper copy of your medical record.
  • Right to Amend: You can ask us to correct health information that you think is incorrect or incomplete.
  • Right to an Accounting: You can ask for a list of the times we've shared your health information.
  • Right to Request Restrictions: You can ask us not to use or share certain health information.
  • Right to Request Confidential Communications: You can ask us to contact you in a specific way.
  • Right to File a Complaint: You can file a complaint if you feel your rights are violated.

How We Use and Share Your Information

We may use and share your information as follows:

  • For Treatment: We can use your PHI to provide, coordinate, or manage your healthcare.
  • For Payment: We can use and share your PHI to bill and get payment from health plans or other entities.
  • For Healthcare Operations: We can use and share your PHI to run our practice and improve your care.
  • As Required by Law: We will share information about you if state or federal laws require it.
  • To Prevent Harm: We may use and share your PHI when necessary to prevent a serious threat to your health and safety.

Our Responsibilities

We are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

Security Measures

We use industry-standard and next-generation security measures to protect your PHI, including:

  • 256-bit SSL encryption for all data transmission
  • Encrypted storage of all health records (AES-256-GCM)
  • Secure authentication and access controls with multi-factor authentication
  • Regular security audits and monitoring
  • HIPAA-compliant data centers

AI Workflow Security

DoctaRx uses AI-assisted clinical workflows to support providers and patients. These workflows are protected by permissioned access controls, privacy filtering, and audit logging designed to reduce PHI exposure:

  • Role-Based Access: AI-assisted tools only run within the permissions granted to the signed-in user and the associated workflow.
  • Privacy Filtering: Personally identifiable information is redacted before data is routed to external AI providers.
  • Controlled Egress: Outbound connections are constrained to approved destinations when privacy middleware is active.
  • Audit Logging: Sensitive AI-assisted actions and data access events are recorded for compliance review.
  • Human Oversight: AI-assisted outputs support care teams and do not replace clinical judgment or required review.
  • Operational Health Checks: Dedicated isolated runtimes are only considered active when the gateway health checks pass.

These controls keep AI-assisted workflows inside auditable, permissioned boundaries while preserving encryption and access protections for patient data.

Changes to This Notice

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available on our website and in our office.

Contact Information

If you have questions about this notice or want to exercise your rights, please contact our Privacy Officer at info@doctarx.com or file a complaint with the U.S. Department of Health and Human Services.