Skip to main content

ShrinkMD HIPAA Privacy Policy

Effective Date: April 21, 2024

Overview

This HIPAA Privacy Policy articulates the safeguards and practices shrinkMD, along with its affiliates and subsidiaries (collectively, “we,” “us,” or “shrinkMD”), deploy in handling Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other applicable state-specific laws, including but not limited to the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA). HIPAA is a federal program that requires that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper or orally, are kept properly confidential. This Act gives you, the patient, significant rights to understand and control how your health information is used.

In Addition

shrinkMD operates the platform but is not a healthcare provider nor a medical group. Telehealth services facilitated through our platform are delivered by independent healthcare entities, collectively referred to in this document here as “Healthcare Groups.” These groups include a network of healthcare professionals across the United States, such as licensed therapists, nurse practitioners, and physicians, each referred to as a “Provider.” These Healthcare Groups and their Providers are obligated by both federal and state law to protect the privacy of your health information and adhere to their own detailed Notice of Privacy Practices. shrinkMD processes health information on behalf of these Healthcare Groups in strict alignment with their directives and privacy practices acting as a intermediary.

If you disagree with the Privacy Policy or the specific Privacy Practices of the Healthcare Groups, you should refrain from using our services.

Scope of the Policy

This policy encompasses all PHI managed by shrinkMD, whether collected via our website,
mobile apps, or through direct interactions, ensuring comprehensive protection across all
platforms.

Data Retention Policy

Uses and Disclosures of PHI

Patient Rights

Other Uses and Disclosures:

We are permitted and/or required by law to make certain other uses and disclosures of your  protected health information without your consent or authorization for the following:

State-Specific Provisions

California Residents:

As a California resident, you are entitled to certain protections under the California Consumer  Privacy Act (CCPA). shrinkMD is committed to ensuring your privacy rights under this law.  Adhering to the CCPA, you can inquire about the categories of collected PHI, request deletion of  your PHI, and opt-out of any sale of your information. Specifically, you can: 

Request details about the categories and specific pieces of personal information shrinkMD  collects, along with the purposes for which we use this data and identify any third parties with  whom we share it.

Gain access to the personal information shrinkMD maintains about you and receive copies upon request. 

Ask for corrections to inaccuracies in your personal data that shrinkMD holds. Have your personal information deleted from shrinkMD’s records. 

Be informed of any financial incentives that shrinkMD may offer in relation to your personal information. 

shrinkMD ensures non-discrimination in service quality for users exercising their CCPA rights, though certain exemptions might apply based on specific legal requirements. We take necessary  steps to verify your identity before fulfilling any related requests to safeguard your information. 

For further inquiries or to exercise your rights, you can contact shrinkMD directly. Should you choose to have an authorized agent make requests on your behalf, appropriate verification of  authority will be required. 

shrinkMD also engages with third parties such as advertising and analytics providers, potentially involving what the CCPA terms as “sharing” for cross-context behavioral advertising. To opt-out  of such sharing or to understand more about how shrinkMD handles such arrangements, you can  visit our privacy management page. 

shrinkMD does not sell the personal information of minors under 16 years of age, and does not generally sell personal information as defined by the CCPA. For comprehensive details on data retention and handling practices, please refer to our Data Retention policy. 

Note: shrinkMD acknowledges and respects “Do Not Track” settings and signals, which may not uniformly be recognized across all platforms and services.

California Shine the Light law:  

Under Section 1798.83 of the California Civil Code, also known as the “Shine the Light” law, residents of California can request information about the types of personal information that  companies like shrinkMD share with third parties for direct marketing purposes. shrinkMD  adheres to this law by not sharing your personal information with third parties for their direct  marketing use without your consent.

Virginia Residents:  

Under the VCDPA, you have similar rights to access, delete, and restrict the processing of your PHI used for targeted advertising or profiling. 

If you reside in Virginia and are covered under the Virginia Consumer Data Protection Act (VCDPA), shrinkMD acknowledges your rights to manage your personal information. These rights include: 

Changes to This Privacy Policy: 

We reserve the right to amend this policy at any time. Changes will become effective immediately upon posting on our website or through direct communication to you. 

Compliance and Enforcement: 

We adhere to all relevant federal and state laws applicable to the protection of PHI. Our practices are designed to ensure compliance with HIPAA, CCPA, VCDPA, and other relevant regulations. 

Paper Copy of this Notice: 

You have a right, even if you have agreed to receive notices electronically, to obtain a paper copy of this notice.

Complaints: 

If you believe your privacy rights have been violated, you can file a complaint with shrinkMD. If you wish to file a complaint with the Secretary of the United States Department of Health and Human Services, please go to the website of the Office for Civil Rights  

www.hhs.gov/ocr/hipaa/, call 202-619-0257 (toll free 877-696-6775), or mail to: 

Secretary of the US – Department of Health and Human Services 

200 Independence Ave S.W. 

Washington, D.C. 20201 

There will be no retaliation for filing a complaint. We are required by law to provide individuals with this notice of our legal responsibilities and privacy practices with respect to Protected Health Information. We are also required to maintain the privacy of, and abide by the terms of the notice currently in effect. If you have any questions in reference to this form, please ask to speak with our HIPAA Compliance Officer in person or by phone at the number listed above. 

The name and address of the person you can contact for further information concerning our privacy practices are at https://www.shrinkMD.com.

By utilizing shrinkMD’s services, you acknowledge your consent to the practices described in this HIPAA Privacy Policy. For further details or inquiries, please reach out to our privacy officer through the designated contact methods on our website.

hand between wooden blocks

Transform Your Tomorrow: Focus on Mental Health Today

At shrinkMD, we make accessing compassionate, expert mental health care straightforward and stress-free. We've created a safe, accessible space for you to embark on your journey to wellness without delay

Book an Appointment

If you are in crisis or need urgent assistance: Crisis Text Line: Text HOME to 741741 • National Suicide Prevention Hotline: 9-8-8