Cookie Policy

At LifeRx.md, we’re proud to launch our new products hosted at LifeRx.md alongside our existing services hosted on LifeRx.md. These Terms of Use govern all your interactions with us, including this new offering.

Effective Date: 20-Jan-2024

Last Updated: 20-Dec-2024

1. Introduction and Scope

This Cookie Policy explains how LifeRx.md (“we,” “us,” “our,” or the “Site”) uses cookies and similar technologies on our website. This policy should be read alongside our Privacy Policyand Terms of use.

What are cookies?

This Cookie Policy explains what cookies are and how we use them, the types of cookies we use, the information we collect using cookies and how that information is used, and how to manage your cookie settings.

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser.

These cookies help us make the Site function properly, make it more secure, provide better user experience, understand how the website performs, and analyze what works and where it needs improvement.

Given the healthcare nature of our services, we take special care to ensure our cookie usage complies with all applicable healthcare privacy laws and regulations, including HIPAA.

2. Your Rights and Choices

2.1 General Rights

Under various U.S. privacy laws including HIPAA, the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), and other applicable state and federal regulations, you have the following rights regarding cookies and similar tracking technologies.

As a healthcare platform, we maintain additional protections for your protected health information (PHI) in accordance with HIPAA requirements.

2.1.1 Right to Opt-Out

You have the right to opt-out of:

  • The sale or sharing of your personal information
  • Non-essential cookies and tracking technologies
  • Targeted advertising and profiling unrelated to healthcare services
  • Automated decision-making with legal effects
  • Cross-context behavioral advertising
  • The processing of sensitive personal information for non-healthcare uses

2.1.2 Right to Know and Access

As part of our commitment to transparency and compliance with both healthcare privacy laws and general data protection regulations, you have the right to:

  • Request details about the personal information and protected health information we collect through cookies and our Site
  • Know the categories of information collected, including both general personal information and protected health information
  • Understand how your information is used and shared, subject to HIPAA requirements and restrictions
  • Access specific pieces of personal information collected about you (note that medical records access is handled through our separate Medical Records Request process)
  • Know our retention periods, including our standard seven (7) year retention policy for healthcare records
  • Receive information about any automated decision-making processes that may affect your healthcare services
  • Learn about the sources of collected information, including both technical sources like cookies and healthcare-related sources

2.1.3 Right to Delete

Subject to healthcare regulations and our legal obligations to maintain medical records, you can request:

  • Deletion of personal information collected through cookies and the Site that is not part of your protected health information
  • Removal of your non-medical information from our analytics databases
  • Deletion of information shared with our third-party partners, except where required for healthcare operations
  • Confirmation of deletion for eligible data

Please note that in accordance with healthcare regulations and state laws, we must maintain your protected health information and medical records for a minimum of seven (7) years. While we will honor deletion requests for non-medical data, certain information must be retained to comply with these requirements and to maintain the quality and continuity of your healthcare services.

2.1.4 Right to Correct

Understanding the critical importance of accuracy in healthcare-related information, you have the right to:

  • Request correction of inaccurate personal information collected through the Site
  • Submit correction requests for your protected health information through our dedicated medical records process
  • Submit supplementary documentation to support correction requests
  • Receive notification when corrections are made

For corrections to medical records or protected health information, please contact us at [email protected] or call (609) 201-0119. Our independent contracted healthcare providers will review all medical record correction requests to ensure accuracy while maintaining the integrity of your healthcare documentation.

2.1.5 Right to Data Portability

In accordance with both healthcare regulations and privacy laws, you can receive:

  • Your personal information collected through the Site in a structured, commonly used format
  • Electronic copies of your protected health information through our secure medical records request process
  • Transfer of your medical records to other healthcare providers upon written authorization
  • Technical data collected through cookies in a machine-readable format
  • Direct transfer of your non-medical data to another service provider where technically feasible

For medical records transfers, please submit your request through our secure portal or contact us at [email protected]or call (609) 201-0119. Medical records will be transferred in accordance with HIPAA requirements and maintain all necessary security protocols.

Note that while general website data can be transferred immediately, medical record transfers require verification and processing by our independent contracted healthcare providers.

2.2 How to Exercise Your Rights

2.2.1 Submit Requests

You can exercise your rights through the following methods:

  • For cookie and Site preferences: Use our Cookie Preferences Center
  • For general privacy requests: Email [email protected]
  • For medical records or protected health information: Call (609) 201-0119
  • For 24/7 support: Contact our live support team at (609) 201-0119

2.2.2 Verification Process

To protect your privacy and comply with HIPAA requirements, we will verify your identity through:

  • Multi-factor authentication for all protected health information requests
  • Matching provided information with our medical records
  • Requesting government-issued identification for medical record requests
  • Additional verification steps as required by state and federal healthcare privacy laws
  • Standard cookie-related requests may require basic email verification only

2.2.3 Response Timeline

We adhere to both HIPAA and state privacy law requirements:

  • We will acknowledge all requests within 24 hours through our 24/7 support system
  • For non-medical requests, we will provide a substantive response within 45 days
  • For medical record requests, we will respond within 30 days as required by HIPAA
  • Complex requests may require an additional 45 days (90 days total), and we will notify you if such an extension is needed
  • Urgent medical record requests will be prioritized and handled expeditiously

2.3 Non-Discrimination

We will not discriminate against you for exercising your privacy rights or making requests regarding your information. As a healthcare platform committed to equitable access, we will not:

  • Deny access to healthcare services or the Site
  • Charge different prices or rates for medical consultations
  • Provide a different level or quality of healthcare services
  • Alter the availability of our independent contracted healthcare providers
  • Modify the standard of care or healthcare delivery
  • Suggest or imply any difference in service quality or availability
  • Limit access to our 24/7 support services

This non-discrimination policy applies to all aspects of our services, including both technical website features and healthcare service delivery. We maintain consistent standards of care and service regardless of whether you exercise your privacy rights under this Cookie Policy, make medical records requests, or submit other privacy-related requests.

2.4 Authorized Agents and Personal Representatives

You may designate an authorized agent or personal representative (including healthcare proxies and powers of attorney) to submit requests on your behalf. To protect your privacy and comply with healthcare regulations, authorized representatives must:

  • Provide legally valid proof of authorization:
    • For non-medical requests: Written authorization from you
    • For medical requests: Valid medical power of attorney, healthcare proxy documentation, or other legally recognized medical authorization
    • For deceased patients: Proof of executor status or next-of-kin documentation
  • Complete our verification process:
    • Verify their own identity through government-issued identification
    • Provide contact information for our records
    • Complete any additional verification steps required by state or federal law
  • Submit requests through our secure designated methods:
    • Medical records requests: Through our secure portal or by contacting (609) 201-0119
    • General privacy requests: Email [email protected]
    • Cookie preferences: Through our Cookie Preferences Center

All authorized agent arrangements will be documented and maintained in accordance with our seven (7) year retention policy and applicable healthcare regulations.

2.5 Exceptions and Limitations

Certain exceptions and limitations to these rights apply based on healthcare regulations and other legal requirements:

  • Healthcare-Related Limitations:

    • Medical record retention requirements (minimum seven (7) years)
    • HIPAA compliance obligations
    • State-specific medical record requirements
    • Healthcare provider documentation requirements
    • Public health reporting obligations
    • Healthcare quality assurance needs


  • Security and Technical Requirements:

    • HIPAA Security Rule compliance
    • Healthcare data security protocols
    • Technical limitations of the Site
    • Secure transmission requirements
    • Authentication requirements for healthcare data access


  • Legal and Regulatory Obligations:

    • Federal and state healthcare laws
    • Medical board requirements
    • Professional liability documentation needs
    • Healthcare fraud prevention requirements
    • Legal proceedings involving medical care
    • Legitimate healthcare operations as defined by HIPAA

We will clearly communicate any applicable limitations when responding to your requests. For questions about specific limitations, please contact our 24/7 support team at (609) 201-0119.

2.6 State-Specific Rights and Healthcare Privacy Protections

As a nationwide telehealth platform operating in all 50 U.S. states, we comply with both federal healthcare regulations and state-specific privacy requirements.

2.6.1 All States – Healthcare Privacy Rights

  • Right to access your medical records
  • Right to request amendments to your health information
  • Protection of sensitive health information under HIPAA
  • State-specific medical record retention requirements (we maintain all records for seven (7) years)
  • Access to 24/7 support for privacy-related questions

2.6.2 California Residents (CPRA)

  • Right to limit use and disclosure of sensitive personal information beyond healthcare purposes
  • Right to understand any automated decision-making in healthcare services
  • Right to access information about healthcare-related data processing
  • Enhanced protections for minors’ health information
  • Special protections for mental health and sensitive medical information

2.6.3 Virginia Residents (VCDPA)

  • Right to appeal denied non-medical requests within 45 days
  • Enhanced protections for health-related sensitive data
  • Right to opt-out of non-healthcare profiling
  • Additional safeguards for mental health information

2.6.4 Connecticut Residents (CTDPA)

  • Right to appeal denied non-medical requests
  • Additional protections for health-related sensitive data
  • Enhanced healthcare privacy protections
  • Special safeguards for mental health information

For state-specific healthcare privacy questions, please contact our 24/7 support team at (609) 201-0119. Our independent contracted healthcare providers comply with all applicable state medical board requirements and privacy regulations.

3. Cookies and Similar Technologies

3.1 Cookies and Healthcare Platform Security

Cookies are small text files stored on your device when you visit the Site. Given the sensitive nature of healthcare services, we implement cookies with enhanced security measures to:

  • Ensure secure access to healthcare services
  • Maintain HIPAA-compliant browsing sessions
  • Remember non-medical preferences while protecting medical privacy
  • Analyze Site performance for healthcare service delivery
  • Improve telehealth user experience
  • Support secure communication with independent contracted healthcare providers

3.1.1 Technical Implementation and Security

Our healthcare-focused implementation includes:

  • HIPAA-compliant HTTPS headers
  • Secure JavaScript code execution
  • Protected HTML meta tags
  • Encrypted local storage APIs
  • Additional healthcare security protocols

3.1.2 Cookie Properties and Healthcare Privacy

Each cookie is configured with healthcare privacy in mind:

  • Name: HIPAA-compliant unique identifier
  • Value: Encrypted data storage
  • Domain: Limited to LifeRx.md Site
  • Path: Restricted access controls
  • Expiry: Automated security timeouts
  • Size: Minimized data storage
  • HTTP Flag: Enhanced security settings
  • Secure Flag: Mandatory HTTPS encryption
  • SameSite: Strict cross-origin controls

For questions about our enhanced security measures or cookie usage, contact our 24/7 support at (609) 201-0119.

3.2 Similar Technologies and Healthcare Data Security

3.2.1 Web Beacons and Healthcare Analytics

Secure tracking mechanisms (also known as “pixels” or “clear GIFs”) include:

  • HIPAA-compliant page access monitoring
  • Primary healthcare platform uses:
    • Secure communication delivery confirmation
    • Healthcare service quality monitoring
    • Platform performance analytics for medical service delivery
    • Non-medical marketing analytics (strictly separated from healthcare data)

3.2.2 Local Storage Security

HIPAA-compliant HTML5 storage implementation provides:

  • Encrypted storage with enhanced healthcare privacy protections
  • Healthcare platform use cases:
    • Non-medical user preferences only
    • Temporary session data with automatic expiration
    • Essential Site functionality
    • No storage of protected health information (PHI)

3.2.3 Session Storage and Medical Privacy

Temporary encrypted storage during active Site sessions includes:

  • Automatic clearing when the browser closes for security
  • Limited healthcare platform uses:
    • Temporary form completion backup (excluding medical data)
    • Session security maintenance
    • Non-medical user preferences
    • No storage of protected health information or medical records

3.2.4 Browser Fingerprinting and Healthcare Security

Limited collection of browser characteristics for security purposes includes:

  • HIPAA-compliant device identification
  • Restricted security attributes:
    • Secure session validation
    • Healthcare platform compatibility checking
    • Time zone for appointment management
    • Language settings for healthcare communications
    • Essential security parameters
  • No collection of unnecessary device information

3.2.5 ETags and Healthcare Platform Security

Secure HTTP response headers for platform integrity include:

  • HIPAA-compliant cache management
  • Secure validation headers
  • Healthcare session integrity verification

All technologies implement additional security measures required for healthcare platforms. For questions about our security measures, contact our 24/7 support team at (609) 201-0119.

3.3 First-Party and Third-Party Technologies in Healthcare Services

3.3.1 First-Party Technologies (LifeRx.md)

Set directly by the Site to support healthcare service delivery, first-party technologies include:

  • HIPAA-compliant user authentication
  • Secure healthcare session management
  • Essential telehealth service functionality
  • Non-medical Site preferences
  • Communication with independent contracted healthcare providers

3.3.2 Third-Party Technologies and Healthcare Privacy

Limited to essential service providers who have signed Business Associate Agreements (BAAs), third-party technologies include:

  • HIPAA-compliant analytics services
  • Secure payment processing
  • Essential healthcare platform services
  • Non-medical marketing (strictly separated from healthcare data)

3.3.3 Healthcare Data Protection

Additional healthcare data protection measures include:

  • No sharing of protected health information with unauthorized third parties
  • Regular security audits of all technology providers
  • Strict data segregation between medical and non-medical information
  • Seven (7) year retention policy for all healthcare-related data
  • 24/7 monitoring of all technology systems

For questions about our technology providers or data protection measures, contact our 24/7 support team at (609) 201-0119.

3.4 Cookie Usage in Healthcare Service Delivery

The Site uses both first-party and third-party cookies to deliver secure healthcare services. First-party cookies are essential for secure platform operation and HIPAA compliance, while strictly limiting the collection of personally identifiable information. Third-party cookies are limited to HIPAA-compliant service providers who have signed Business Associate Agreements (BAAs). These cookies help us maintain platform security, monitor Site performance, and improve healthcare service delivery while protecting your medical privacy.

3.4.1 Types of Cookies We Use

Necessary

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
CookieDurationDescription
cookieyes-consent1 yearCookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.
__cf_bm1 hourThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
datadome1 yearThis is a security cookie set by Force24 to detect BOTS and malicious traffic.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_tpapp1 monthTrust Pulse sets this cookie and it is used for tracking a unique TrustPulse session.
_gcl_au3 monthsGoogle Tag Manager sets this cookie to experiment advertisement efficiency of websites using their services.
_ga_*1 year 1 month 4 daysGoogle Analytics sets this cookie to store and count page views.
_ga1 year 1 month 4 daysGoogle Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_omappvp1 year 1 month 4 daysThe _omappvp cookie is set to distinguish new and returning users and is used in conjunction with the _omappvs cookie.
_omappvs20 minutesThe _omappvs cookie, used in conjunction with the _omappvp cookie, is used to determine if the visitor has visited the website before, or if it is a new visitor.
cebssessionCrazyegg sets this cookie to trace the current user session internally.
_fbp3 monthsFacebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
handl_ref_domain1 monthHandl UTM Grabber sets this cookie to contain an ID for referral partners.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
_uetsid1 dayBing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid1 year 24 daysBing Ads sets this cookie to engage with a user that has previously visited the website.
handlID1 monthHandl utm grabber sets this cookie to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

Advertisement

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.
CookieDurationDescription
guest_id_marketing1 year 1 month 4 daysTwitter sets this cookie to identify and track the website visitor.
guest_id_ads1 year 1 month 4 daysTwitter sets this cookie to identify and track the website visitor.
personalization_id1 year 1 month 4 daysTwitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
guest_id1 year 1 month 4 daysTwitter sets this cookie to identify and track the website visitor. It registers if a user is signed in to the Twitter platform and collects information about ad preferences.
muc_ads1 year 1 month 4 daysTwitter sets this cookie to collect user behaviour and interaction data to optimize the website.
_rdt_uuid3 monthsReddit sets this cookie to build a profile of your interests and show you relevant ads.
_pin_unauth1 yearPinterest set this cookie to group actions for users who cannot be identified.
MUID1 year 24 daysBing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie15 minutesdoubleclick.net sets this cookie to determine if the user's browser supports cookies.
_ttp3 monthsTikTok set this cookie to track and improve the performance of advertising campaigns, as well as to personalise the user experience.
_tt_enable_cookie3 monthsTiktok set this cookie to collect data about behaviour and activities on the website and to measure the effectiveness of the advertising.
IDE1 year 24 daysGoogle DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
handl_landing_page1 monthHandL UTM Grabber plugin sets this cookie is used to record the very first page you visited on our site in your browser.
handl_ip1 monthHandL UTM Grabber plugin sets this cookie to record the web browser's IP address.
handl_url1 monthHandL UTM Grabber plugin sets this cookie to form the URL on which we placed the code that generates.
handl_original_ref1 monthHandL UTM Grabber plugin sets this cookie to record the URL from which you came to our site.
handl_ref1 monthHandL UTM Grabber plugin sets this cookie to record the URL from which you came to our site.

Uncategorized

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_rm1 year 1 month 4 daysDescription is currently not available.
ar_debug1 yearDescription is currently not available.
_ce.s1 yearDescription is currently not available.
_ce.clock_data1 dayDescription is currently not available.
cebsp_sessionDescription is currently not available.
cee3 monthsDescription is currently not available.
is_eusessionNo description available.
_omhnuserpastDescription is currently not available.
_omlgdinpastDescription is currently not available.
_omacctpastDescription is currently not available.
_ommkactpastDescription is currently not available.
_ommklvlpastDescription is currently not available.
omSeen-qiw6guy4vjwdacfm21tx1 monthDescription is currently not available.
_ce.cchsessionDescription is currently not available.
MSPTC1 year 24 daysDescription is currently not available.
_dcid1 year 1 month 4 daysDescription is currently not available.
_gtmeecsessionDescription is currently not available.
_omacctwpastDescription is currently not available.
_omacctwfnpastDescription is currently not available.
_omacctrolepastDescription is currently not available.
__spdt1 yearDescription is currently not available.
__pixelId6 daysDescription is currently not available.
am_sso_google_apps_loginsessionDescription is currently not available.
random_id1 dayDescription is currently not available.
ttcsid_CTHEA7BC77UEE9N8HE3G3 monthsDescription is currently not available.
ttcsid_CVGB1UJC77UCA5GK0RA03 monthsDescription is currently not available.
ttcsid3 monthsDescription is currently not available.
handl_url_base1 monthDescription is currently not available.
user_agent1 monthNo description available.
organic_source1 monthDescription is currently not available.
organic_source_str1 monthDescription is currently not available.
handl_landing_page_base1 monthDescription is currently not available.
traffic_source1 monthNo description available.
first_traffic_source1 monthDescription is currently not available.
nitroCachedPagesessionDescription is currently not available.

3.5 Storage Duration and Healthcare Record Management

3.5.1 Session-Based Security Cookies

  • Automatically deleted when browser closes
  • No persistent storage of healthcare data
  • Essential healthcare platform uses:
    • Secure session management
    • Temporary authentication tokens
    • Healthcare provider communication security
    • Form completion protection
    • No storage of protected health information

3.5.2 Persistent Platform Cookies

  • Strictly controlled retention periods
  • HIPAA-compliant storage durations:
    • Critical security cookies (24 hours maximum)
    • Platform preference cookies (30 days maximum)
    • Essential functionality cookies (90 days maximum)
    • Required compliance cookies (1 year maximum)
  • Note: While cookies have limited retention periods, actual medical records and protected health information are maintained securely for seven (7) years in accordance with healthcare regulations. This retention applies only to official medical records, not to temporary cookie data.
  • For questions about our data retention policies or to request access to your medical records, contact our 24/7 support team at (609) 201-0119.

3.6 Healthcare Platform Security Measures

3.6.1 HIPAA-Compliant Security Controls

  • Healthcare Data Transmission Security
    • Mandatory HTTPS encryption for all communications
    • Enhanced TLS protocols for healthcare data
    • Multi-layer encryption for all sensitive information
    • Real-time security monitoring
    • Secure communication channels with independent contracted healthcare providers

  • Healthcare Platform Access Controls
    • HIPAA-compliant session management
    • Advanced cross-site scripting (XSS) prevention
    • Strict authentication requirements
    • Automatic session termination
    • Healthcare-specific security protocols

  • Healthcare Domain Security
    • Strict same-site policies for healthcare services
    • Limited cross-origin resource sharing
    • Enhanced cookie security attributes:
      • Strict: Required for all healthcare-related functions
      • Limited to non-healthcare platform features
      • Not permitted for any healthcare data

  • Platform Access Restrictions
    • Strictly controlled domain access
    • Limited subresource permissions
    • Healthcare service isolation
    • Continuous security monitoring
    • 24/7 threat detection

All security measures are regularly audited for HIPAA compliance and updated to address emerging healthcare privacy threats. For security-related questions, contact our 24/7 support team at (609) 201-0119.

3.6.2 Healthcare Data Protection

We implement comprehensive protection measures for both Site data and protected health information:

  • Healthcare-Grade Encryption
    • HIPAA-compliant encryption for all data
    • Military-grade encryption protocols
    • Separate encryption systems for:
      • Protected health information
      • Communication with independent contracted healthcare providers
      • Platform security data
    • Monthly third-party security audits
    • Continuous encryption key rotation

  • Healthcare Access Management
    • Role-based access control aligned with HIPAA requirements
    • Multi-factor authentication for all healthcare data access
    • Strict separation of duties between:
      • Healthcare providers
      • Technical support staff
      • Administrative personnel
    • Regular access privilege reviews
    • Detailed access logging and monitoring

  • Healthcare Data Minimization
    • Collection limited to essential healthcare delivery data
    • Automatic purging of temporary platform data
    • Seven (7) year retention of required medical records
    • Regular data necessity reviews
    • Strict controls on data collection scope

  • Continuous Security Enhancement
    • Real-time security monitoring
    • 24/7 incident response capability
    • Immediate security patch deployment
    • Regular penetration testing
    • Ongoing HIPAA compliance verification
    • Monthly security control assessments

For questions about our data protection measures, contact our 24/7 support team at (609) 201-0119.

3.7 Healthcare Privacy and Security Compliance Framework

3.7.1 HIPAA-Compliant Technical Controls

We maintain comprehensive technical controls that meet both HIPAA requirements and general privacy regulations:
  • Healthcare Consent Management
    • Clear, HIPAA-compliant consent collection
    • Separate consent tracking for:
      • Medical treatment and services
      • Healthcare communications
      • Platform cookies and technical features
      • Marketing communications (strictly separated from healthcare)
    • Granular consent options with healthcare privacy defaults
    • Easy access to consent management through secure portal
    • Seven (7) year retention of all healthcare-related consents
    • 24/7 access to consent modification

  • Healthcare Privacy Controls
    • Universal privacy protection mechanisms
    • Separate controls for:
      • Healthcare data access
      • Medical record management
      • Platform preferences
      • Marketing preferences (no healthcare data)
    • Recognition of state and federal privacy signals
    • Immediate processing of privacy requests
    • Verification of privacy choice implementation
    • Strict separation between medical and non-medical data

  • Healthcare Data Access System
    • Secure user data request portal
    • HIPAA-compliant verification process
    • Automated medical records request system
    • Multi-factor authentication requirements
    • Access request tracking and documentation
    • Response within legally required timeframes
    • Machine-readable data format options

  • Healthcare Platform Lifecycle Management
    • Regular HIPAA compliance audits
    • Automated security update deployment
    • Regular testing of all platform components
    • Documentation of security measures
    • Continuous monitoring of system integrity
    • Regular review of access controls
    • Immediate security patch implementation

All technical controls are regularly audited for HIPAA compliance and updated based on:

  • Changes in healthcare regulations
  • Updates to state privacy laws
  • Evolution of security standards
  • Feedback from independent contracted healthcare providers

For assistance with privacy controls, contact our 24/7 support team at (609) 201-0119.

3.7.2 Healthcare Platform Documentation Requirements

We maintain comprehensive HIPAA-compliant documentation including:
  • Platform Technology Register
    • Complete inventory of all platform technologies
    • Healthcare purpose justification for each component
    • HIPAA compliance documentation
    • Data processing and retention periods
    • Business Associate Agreements
    • Healthcare security classifications
    • Independent contractor agreements

  • Healthcare Compliance Records
    • Patient consent documentation
    • Medical records access requests
    • Privacy choice implementations
    • Platform security updates
    • HIPAA compliance verifications
    • Seven (7) year records retention
    • State-specific compliance documentation

  • Technical Security Documentation
    • HIPAA security implementations
    • Healthcare platform architecture
    • Security control specifications
    • Integration security requirements
    • Testing and validation procedures
    • Incident response protocols
    • Emergency operations procedures

  • Healthcare Platform Audit Trail
    • HIPAA compliance assessments
    • Security control testing
    • Platform security updates
    • Policy and procedure reviews
    • Security incident investigations
    • Resolution documentation
    • Independent security audits
    • Provider feedback integration

All documentation is maintained securely with role-based access controls. For documentation inquiries, contact our 24/7 support team at (609) 201-0119.

4. Legal Basis for Healthcare Data Processing

4.1 Healthcare Consent-Based Processing

As a healthcare platform, we take special care in processing your information. Our processing activities are based on both your explicit consent and the requirements of healthcare regulations including HIPAA. We understand the sensitive nature of healthcare information and maintain strict separation between medical and non-medical data processing.

For healthcare analytics purposes, we carefully monitor our platform’s performance and service quality while maintaining HIPAA compliance. This allows us to ensure reliable telehealth service delivery through our independent contracted healthcare providers while protecting your privacy. Our analytics focus on system performance and healthcare delivery optimization, helping us maintain high standards of care.

When it comes to marketing activities, we maintain a strict separation between healthcare services and any optional marketing communications. We never share your protected health information for marketing purposes, and you maintain complete control over what non-medical communications you receive. All marketing preferences are stored separately from your healthcare data to ensure the highest level of privacy protection.

Your healthcare platform preferences help us deliver a more personalized telehealth experience. These preferences include your secure communication settings, language choices for medical communications, and how you wish to interact with our independent contracted healthcare providers. We store these preferences securely while maintaining compliance with healthcare privacy regulations.

Throughout all processing activities, we adhere to strict healthcare compliance requirements, including:
  • HIPAA Privacy and Security Rules
  • State-specific healthcare privacy laws
  • Federal telehealth regulations
  • Medical records requirements
  • Our standard seven (7) year retention policy

Our 24/7 support team is always available at (609) 201-0119 to answer questions about how we process and protect your information.

4.2 Legitimate Interests in Healthcare Operations

Our platform processes certain information based on legitimate healthcare interests that are essential to providing safe and effective telehealth services. We carefully balance these interests against privacy considerations, always maintaining HIPAA compliance and protecting patient confidentiality.

For essential website operations, we maintain strict security measures that protect both our telehealth platform and your healthcare information. Security is paramount in healthcare operations. We implement comprehensive security measures to prevent fraud, detect potential security threats, and maintain system integrity.

Platform improvements are carefully implemented to enhance healthcare service delivery while maintaining strict privacy protections.

For each legitimate interest, we:
  • Document our assessment process
  • Evaluate potential privacy impacts
  • Implement appropriate safeguards
  • Provide opt-out options where feasible
  • Regularly review necessity
  • Maintain HIPAA compliance
  • Consider feedback from our independent contracted healthcare providers

All legitimate interest processing adheres to our seven (7) year retention policy for healthcare records while maintaining appropriate security controls.

Our 24/7 support team is available at (609) 201-0119 to address any questions about our processing activities.

4.3 Contractual Necessity in Healthcare Service Delivery

Our telehealth platform processes certain information as necessary to fulfill our healthcare service obligations. This processing is essential for maintaining secure and effective communication between patients and our independent contracted healthcare providers.

For healthcare account management, we maintain secure systems that handle:
  • Authentication for healthcare platform access
  • Secure session management for telehealth visits
  • Healthcare account security protocols
  • Patient communication preferences
  • Secure provider-patient messaging

While we don’t operate as an e-commerce platform, we do process payment information when necessary for healthcare service delivery:
  • Secure payment processing for medical consultations
  • Healthcare service billing documentation
  • Insurance information management when applicable
  • Payment record maintenance
  • Required healthcare transaction records

Our core healthcare service delivery requires processing to:
  • Facilitate secure telehealth consultations
  • Manage healthcare provider availability
  • Maintain continuity of care
  • Enable secure medical documentation
  • Support 24/7 healthcare platform access
  • Ensure compliance with state medical board requirements

All contractually necessary processing adheres to HIPAA requirements and our seven (7) year medical record retention policy. For questions about our healthcare service processing, our 24/7 support team is available at (609) 201-0119.

4.4 Legal Obligations in Healthcare Operations

As a healthcare platform, we process information to comply with a comprehensive framework of legal requirements. Our obligations extend beyond standard privacy laws to encompass healthcare-specific regulations that govern telehealth service delivery.

For regulatory compliance, we adhere to:
  • HIPAA Privacy and Security Rules
  • State-specific telehealth regulations
  • Medical board requirements
  • Healthcare privacy laws
  • Insurance reporting requirements
  • Professional practice standards
  • Required medical documentation rules

Our record-keeping obligations include:
  • Seven (7) year medical record retention
  • Secure documentation of all healthcare encounters
  • Maintenance of required audit trails
  • Treatment documentation requirements
  • Healthcare transaction records
  • Provider-patient communication records
  • Compliance documentation

Our 24/7 support team is available at (609) 201-0119 to address any questions about our legal obligations and compliance measures.

4.5 Processing Limitations in Healthcare Operations

4.5.1 Duration of Processing

We carefully control data processing timeframes based on healthcare requirements and legal obligations:
  • Medical records: Seven (7) year retention
  • Platform preferences: Valid until consent withdrawal
  • Technical session data: Deleted upon session close
  • Security tokens: Limited to active use period
  • Communication records: Maintained with medical records

4.5.2 Scope of Processing

We embrace healthcare-specific data minimization principles:
  • Collect only information necessary for telehealth service delivery
  • Maintain strict separation between medical and non-medical data
  • Limit data sharing to required healthcare purposes
  • Store only necessary technical data for platform operation

4.5.3 Special Category Data Protection

Healthcare data requires enhanced protection:
  • Advanced encryption for all medical data
  • Strict access controls for protected health information
  • Regular security audits of all systems
  • Immediate breach response capabilities

For questions about our processing limitations or to request access to your medical records, contact our 24/7 support team at (609) 201-0119.

4.6 Documentation and Accountability for Transient Data Processing

Our telehealth platform acts as a secure interface, processing but not permanently storing most personal information. When you use our Site, any personal information submitted through our forms and interfaces is transmitted directly to the appropriate systems for healthcare service delivery. We maintain a strict policy of limiting data storage on our platform to only what is necessary for essential operations.

Documentation of Data Flow

We maintain clear documentation showing how information moves through our healthcare platform. Our architecture demonstrates that while protected health information and personal information pass through secure transmission channels, the platform itself serves primarily as a secure conduit rather than a data repository.
  • Basic telehealth platform functionality
  • Secure provider-patient communications
  • User preferences that enhance healthcare delivery
  • Anonymous analytics that cannot identify individual patients

Limited Scope Accountability

Our accountability framework reflects our role as a healthcare platform facilitating connections between patients and independent contracted healthcare providers. Our documentation focuses primarily on:
  • Security measures protecting data during transmission
  • Technical specifications for platform operations
  • Regular verification of data handling processes
  • Consent management systems
  • Data deletion and transmission verification

Security Documentation

While we maintain limited data storage on the platform itself, we keep comprehensive documentation of our security measures that protect information during transmission, including:
  • Healthcare-grade encryption protocols
  • Security certificates and credentials
  • Transmission logging (without personal data)
  • Regular security audit results
  • HIPAA compliance verification
  • Incident response procedures

Verification and Auditing

Our regular auditing process focuses on verifying that:
  • Protected health information is properly handled
  • All transmission channels remain secure
  • Platform components function as documented
  • Data deletion processes work effectively
  • Security measures remain current
  • Seven (7) year retention requirements are met

For questions about our documentation and accountability measures, contact our 24/7 support team at (609) 201-0119.

4.7 Geographic and Jurisdictional Compliance

Our telehealth platform operates nationwide, serving patients across all 50 U.S. states. This broad reach requires us to maintain compliance with both federal healthcare regulations and state-specific privacy requirements. While our platform primarily serves as a transmission interface, we ensure our data handling practices comply with all applicable regulations.

State-Specific Healthcare Requirements

For California residents, our healthcare platform ensures:
  • Clear notice before any health information processing
  • Immediate notifications for data transmission
  • Easy opt-out mechanisms for non-essential features
  • Transparency about automated processing
  • Enhanced protection of sensitive health information
  • Compliance with both HIPAA and state privacy laws

Virginia residents receive additional protections including:
  • Enhanced consent requirements for health data
  • Clear separation of healthcare and platform data
  • Direct access to privacy controls
  • Transparent information about data handling
  • Special protection for sensitive health information

Connecticut residents are provided:
  • Enhanced healthcare privacy controls
  • Clear explanations of data processing
  • Immediate access to privacy settings
  • Additional health data safeguards
  • Special protection for sensitive medical information

For residents of all other states, we maintain:
  • Comprehensive privacy protections
  • State-specific medical record compliance
  • Healthcare-focused consent mechanisms
  • Direct privacy control access
  • Full telehealth compliance

Technical Implementation

Our compliance is built into our platform architecture:
  • State-based compliance verification
  • Dynamic privacy notice presentation
  • Automated compliance controls
  • State-specific consent collection
  • HIPAA-compliant transmission protocols

Documentation Requirements

While maintaining our limited-storage policy, we document:
  • State-by-state compliance measures
  • Healthcare transmission protocols
  • Consent mechanisms by jurisdiction
  • Privacy implementation details
  • Security measures by state

Our platform actively monitors regulatory changes across all 50 states to maintain current compliance with both healthcare and privacy requirements. This allows us to:
  • Adapt quickly to new requirements
  • Implement state-specific changes
  • Maintain consistent care delivery
  • Update security protocols as needed
  • Support our independent contracted healthcare providers

For questions about state-specific requirements, contact our 24/7 support team at (609) 201-0119.

5. Manage Cookie Preferences and Settings

Understanding the sensitive nature of healthcare information, we provide multiple ways to manage your privacy and cookie preferences on our Site.

Cookie Settings Management

You can modify your cookie preferences at any time through our Cookie Preferences Center, accessible via the privacy settings in your account dashboard. This allows you to:
  • Review current privacy settings
  • Modify consent choices
  • Update platform preferences
  • Control non-essential features
  • Manage communication preferences

While certain technical cookies are necessary for the secure operation of our telehealth platform, you maintain control over all non-essential cookies and features. Any changes to your preferences take effect immediately.

Browser-Level Controls

In addition to our platform controls, different browsers provide their own methods to manage cookies. You can adjust your browser settings to block or delete cookies using the following browser-specific guides:
  • Chrome : https://support.google.com/accounts/answer/32050
  • Safari : https://support.apple.com/en-in/guide/safari/sfri11471/mac
  • Firefox : https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
  • Internet Explorer : https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

Please note that blocking essential cookies may impact the functionality of our healthcare platform and your ability to access certain telehealth services.

Our 24/7 support team is available at (609) 201-0119 to assist with any questions about managing your privacy preferences.

If you are using any other web browser, please visit your browser’s official support documentation for guidance on cookie management.