Privacy Policy

1. Notice of Privacy Practices (HIPAA Notice)

IntegrityYou PLLC ("we," "us," "our," or the "Clinic") is committed to protecting the privacy of your health information. This Notice of Privacy Practices ("Notice") explains how we collect, use, disclose, and safeguard your Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state laws.

This Notice applies to the telemedicine weight management services provided by Dr. Jane Mattei, MD (licensed in Texas and Massachusetts), and is effective as of February 1, 2025. We may revise this Notice at any time. Any changes will be posted on our website at integrityyou.com and will be effective immediately upon posting.

2. Information We Collect

We collect various types of information to provide you with quality telemedicine weight management services:

Protected Health Information (PHI)

• Medical History: Past and present medical conditions, medications, allergies, surgical history, family medical history, and lifestyle factors
• Clinical Information: Vital signs (weight, height, blood pressure, heart rate), lab results, diagnostic findings, and clinical assessments
• Treatment Records: Consultation notes, treatment plans, prescription records, and progress notes from telemedicine visits
• Medication Information: Current medications, dosages, prescriptions from our clinic and other providers, and medication history
• Contact Information: Name, date of birth, phone number, email address, mailing address, and emergency contact information

Personal Information

• Insurance information and coverage details
• Payment method and billing address
• Government-issued ID information for verification purposes
• Social Security Number (collected only as required for insurance and billing)

Technical and Usage Data

• IP address and device identifier
• Browser type and version
• Pages visited and time spent on website
• Clicks and interactions with our website and telemedicine platform
• Video consultation session metadata (date, time, duration)

Device Information

• Device type and operating system
• Hardware model information
• Unique device identifiers

3. How We Use Your Information

We use your information for the following purposes:

Treatment

• Providing telemedicine weight management consultations and services
• Diagnosing health conditions and planning treatment
• Prescribing medications and monitoring treatment effectiveness
• Communicating with you about your health status and treatment options
• Coordinating care with other healthcare providers and specialists
• Providing follow-up care and patient education

Payment

• Processing insurance claims and billing
• Collecting payments for services rendered
• Verifying insurance coverage and eligibility
• Managing accounts receivable and payment records
• Handling billing inquiries and disputes

Healthcare Operations

• Maintaining medical records and health information systems
• Conducting quality assurance and peer review
• Training staff and improving healthcare delivery
• Evaluating provider performance and clinical outcomes
• Managing business operations and administrative functions
• Scheduling appointments and patient reminders
• Compliance with legal and regulatory requirements

Compliance and Legal Obligations

• Complying with federal, state, and local laws and regulations
• Responding to court orders, subpoenas, and government requests
• Reporting adverse events and safety concerns to appropriate authorities
• Maintaining licensing and credentialing requirements

Research and Analytics

• De-identified data analysis for quality improvement initiatives
• Clinical research with proper consent and IRB approval
• Website analytics to improve user experience and service delivery

4. How We Share Your Information

We maintain strict controls on how your health information is shared. We only disclose your information in the following circumstances:

With Your Consent

We will request your authorization before disclosing your health information to anyone outside our treatment team, except as otherwise permitted by HIPAA and state law.

Treatment Providers and Healthcare Coordination

• Healthcare providers involved in your care (primary care physicians, specialists, pharmacists)
• Emergency medical services and emergency departments if necessary
• Other healthcare facilities involved in your treatment

Pharmacy Partners

We may share prescription and clinical information with licensed compounding pharmacies to fulfill prescriptions for weight management medications. These pharmacies are HIPAA-covered entities and are bound by similar privacy obligations.

Insurance Companies and Payment

• Health insurance companies for claims processing and verification
• Payment processors and merchant services providers
• Collections agencies if necessary for unpaid bills

Business Associates

We work with business associates (vendors and service providers) who perform functions on our behalf. These entities are contractually obligated to maintain the confidentiality and security of your health information under Business Associate Agreements (BAAs):

• PatientNow: Our telemedicine and electronic health record platform
• Google Analytics: Website analytics service (de-identified data only)
• Cloud Infrastructure Providers: For secure data storage and backup
• Email and Communication Service Providers: For appointment reminders and clinical communications
• Billing and Accounting Services: For payment processing and financial management

As Required by Law

We may disclose your health information without your consent when required by law, including:

• Public health surveillance and disease reporting
• Law enforcement requests (with proper legal authority)
• Court orders and legal proceedings
• Organ and tissue donation programs
• Abuse and neglect reporting (child, elder, or dependent abuse)
• Substance use disorder treatment records (42 CFR Part 2)
• Controlling authorities and health oversight agencies

State-Specific Disclosures

Texas: We comply with the Texas Medical Records Privacy Act and may share information as permitted under Texas state law.

Massachusetts: We comply with Massachusetts state privacy laws and may share information as permitted under Massachusetts state law, including restrictions on substance use disorder treatment records.

5. Your Rights Under HIPAA

You have the following rights regarding your health information:

Right to Access Your Records

You have the right to request access to your medical records. We will provide you with a copy of your health information in a readable format within 30 days of your request. We may charge a reasonable fee for copying and mailing costs. To request your records, contact our Privacy Officer (see Section 12).

Right to Request Amendments

If you believe information in your medical record is inaccurate or incomplete, you have the right to request an amendment. Submit your request in writing to our Privacy Officer. We will respond within 60 days. If we deny your request, we will provide you with a written explanation and your right to file a statement of disagreement.

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your health information. We are not required to agree to all requests. We will notify you in writing of our decision. If we agree, we will be bound by the restriction unless you revoke it or an exception applies.

Right to Accounting of Disclosures

You have the right to request a list of disclosures we have made of your health information. We will provide an accounting of disclosures made within the past six years (or shorter period if requested). You may request this accounting once per year at no charge. Additional requests may incur a reasonable fee.

Right to Confidential Communications

You have the right to request that we communicate with you about your health information in a specific way or at a specific location. For example, you may request that we call you only at work, send mail to an alternate address, or communicate through a specific means. We will accommodate reasonable requests.

Right to Receive Notices

You have the right to receive a copy of this Notice. You will receive it at your first telemedicine visit and annually thereafter, or upon request.

Right to Complain

You have the right to file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) if you believe your privacy rights have been violated. See Section 12 for contact information.

6. Telehealth-Specific Privacy Considerations

Video Consultations

Our telemedicine services are provided through secure, HIPAA-compliant video platforms via PatientNow. You will receive a secure link to join video consultations. We recommend:

• Using a private location for your consultation
• Closing other applications and browser tabs to prevent accidental disclosure
• Using a strong password and not sharing your consultation link
• Ensuring your device and internet connection are secure

Electronic Prescriptions

Prescriptions for weight management medications are sent electronically to licensed pharmacies using secure, encrypted channels. We do not email prescriptions in plain text.

Data Encryption

All telemedicine communications, including video, audio, and text messaging through our platform, are encrypted end-to-end. Your data is encrypted in transit and at rest on our secure servers.

Recording and Retention

Telemedicine sessions are not recorded unless explicitly requested and consented to in writing. Session metadata (date, time, duration) is retained in your medical record. Video files and session recordings, if any, are stored securely and accessed only by authorized personnel.

Prescription and Medication Management

We use secure methods to manage prescriptions and communicate with licensed compounding pharmacies. Prescription information is protected and only shared with authorized pharmacies necessary for medication fulfillment.

7. Data Security

We have implemented comprehensive administrative, physical, and technical safeguards to protect your health information:

Encryption and Secure Transmission

• All data transmissions use SSL/TLS encryption (minimum 256-bit)
• Secure, HIPAA-compliant cloud infrastructure for data storage
• Encrypted backup systems and disaster recovery procedures
• Regular security audits and vulnerability assessments

Access Controls

• Role-based access controls limiting data access to authorized personnel
• Multi-factor authentication for staff and system access
• Unique user IDs and audit logs tracking all data access
• Minimum necessary principle applied to all data access

Staff Training and Accountability

• HIPAA privacy and security training for all employees and contractors
• Regular privacy and security awareness training
• Disciplinary procedures for privacy violations
• Clear policies and procedures for handling protected health information

Data Integrity and Availability

• Regular backup procedures to prevent data loss
• Disaster recovery and business continuity plans
• System monitoring and intrusion detection systems
• Secure disposal and destruction of physical and electronic records

Physical Security

• Secure facilities and controlled access to areas where health information is stored
• Workstation use policies and security measures
• Proper handling and disposal of physical documents containing health information

8. State-Specific Privacy Provisions

Texas Telehealth Privacy Law

IntegrityYou complies with Texas's telemedicine privacy requirements, including the Texas Medical Records Privacy Act. Patients in Texas have the following additional rights:

• Right to receive information about what health information is collected and how it is used
• Right to request and receive a complete copy of medical records
• Right to request amendments to medical records
• Right to restrict certain uses and disclosures of health information
• Right to receive a Notice of Privacy Practices at the beginning of care

Massachusetts Telehealth Privacy Law

IntegrityYou complies with Massachusetts privacy laws, including the Standards for Patient Privacy and Security (105 CMR 164.000). Patients in Massachusetts have the following additional rights:

• Right to inspect and obtain copies of medical records
• Right to request correction of medical records
• Right to an accounting of disclosures
• Right to request restrictions on uses and disclosures
• Right to receive communications by alternative means

Substance Use Disorder Treatment Records

If you receive treatment for substance use disorders under federal regulations (42 CFR Part 2), your records are protected under additional federal privacy laws. These records cannot be disclosed without your written consent, except in limited circumstances specified by federal law (medical emergencies, court orders with special procedures, or internal audits).

9. Cookies and Website Analytics

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics collects information about your browsing behavior, including:

• Pages visited on our website
• Time spent on each page
• Referral source (how you found our website)
• Device and browser information
• General geographic location

Google Analytics data is anonymized and does not contain Protected Health Information. Google may use this data to improve Google Analytics services and to comply with legal obligations. You can opt out of Google Analytics tracking by:

• Installing the Google Analytics opt-out browser extension
• Disabling cookies in your browser settings
• Using private browsing mode

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies for:

• Essential cookies: Required for website functionality and security
• Performance cookies: Track how visitors interact with our website
• Marketing cookies: Used for targeted advertising and remarketing

When you first visit our website, we will ask for your consent to use non-essential cookies. You can manage your cookie preferences at any time through your browser settings or by contacting us.

Website Privacy Policy

Information collected through our website (not telemedicine platform) is subject to our Website Privacy Policy, which may differ from this Notice of Privacy Practices. When you access our telemedicine platform (PatientNow), you enter a HIPAA-regulated environment where this full Notice applies.

10. Third-Party Services and Business Associates

PatientNow Telemedicine Platform

We use PatientNow as our electronic health record (EHR) and telemedicine platform. PatientNow is a HIPAA-covered entity and Business Associate. Your health information is securely stored in PatientNow's systems. PatientNow:

• Maintains HIPAA-compliant security and privacy controls
• Uses SSL/TLS encryption for data in transit and at rest
• Performs regular security audits and penetration testing
• Maintains Business Associate Agreements with their service providers
• Does not sell or share your health information with third parties for marketing

Compounding Pharmacy Partners

We work with licensed compounding pharmacies to prepare customized weight management medications. These pharmacies are HIPAA-covered entities and receive only the minimum necessary information to fill prescriptions. Pharmacy partners must maintain the same privacy and security standards as we do.

Payment Processors

Payment information is processed through secure, PCI DSS-compliant payment processors. We do not store complete credit card numbers on our servers. Payment processors are Business Associates and contractually bound to protect your payment information.

Communication Service Providers

We may use email, text message, or phone services for appointment reminders, clinical updates, and patient education. These service providers are Business Associates and sign Business Associate Agreements.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, applicable laws, or other factors. When we make material changes:

• We will post the revised Notice on our website at integrityyou.com
• The effective date will be updated to reflect when the change becomes effective
• We may notify you via email or during your next telemedicine visit

Your continued use of our services following the posting of changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Notice periodically.

12. Contact Information and Complaint Procedures

Privacy Officer and Contact Information

Carlos Cano
Privacy Officer
IntegrityYou PLLC
Phone: (346)542-8174
Email: contato@integrityyou.com
Service Areas: Massachusetts and Texas

To exercise your rights under this Notice, file a complaint, request an amendment, ask for a restriction, or obtain a detailed accounting of disclosures, please contact our Privacy Officer in writing or by phone.

How to File a Complaint with IntegrityYou

1. Contact our Privacy Officer using the information above
2. Provide a detailed description of your complaint and the facts involved
3. Specify the privacy right you believe was violated
4. We will investigate your complaint within 30 days and provide a written response
5. You will not face retaliation for filing a complaint

How to File a Complaint with HHS Office for Civil Rights

If you believe IntegrityYou has violated your HIPAA privacy rights, you have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). You may file a complaint even if you have already filed one with IntegrityYou.

Additional Contact Information

Clinic Information:
IntegrityYou PLLC
Operated by Dr. Jane Mattei, MD
Licensed in Texas and Massachusetts
Website: integrityyou.com
Phone: (346)542-8174
Email: contato@integrityyou.com

Acknowledgment

By accessing our telemedicine services, you acknowledge that you have received and reviewed this Notice of Privacy Practices. You will be asked to confirm your receipt and understanding of this Notice when you create your patient account in PatientNow.

This Notice of Privacy Practices is effective as of February 1, 2025, and was last updated on February 14, 2025. IntegrityYou reserves the right to make changes to this Notice and to make the revised Notice effective for all health information we maintain, including information created or received prior to the date of revision.