Effective Date: January 1, 2026
Last Updated: January 1, 2026
This HIPAA Privacy Policy describes how Protected Health Information (“PHI”) about you may be used and disclosed and how you can access this information. Please review it carefully.
1. OUR ROLE AND RESPONSIBILITIES
1.1 Covered Entities and Business Associates
Psychiatric services accessed through shrinkMD are provided by licensed healthcare professionals and their affiliated professional entities (“Providers”). These Providers are Covered Entities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
shrinkMD, LLC operates a technology platform that facilitates access to telepsychiatry services and provides administrative, technical, and operational support to Providers. In this role, shrinkMD generally functions as a Business Associate under HIPAA and handles PHI on behalf of Providers pursuant to applicable agreements and legal requirements.
shrinkMD does not replace the Provider’s own Notice of Privacy Practices. Each Provider remains independently responsible for compliance with HIPAA and applicable state privacy laws.
2. HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED
PHI may be used or disclosed for the following purposes, consistent with HIPAA and applicable law:
2.1 Treatment
PHI may be used and disclosed to Providers and others involved in your care for purposes of diagnosis, treatment planning, care coordination, and continuity of care.
2.2 Payment
PHI may be used for billing and payment-related activities only to the extent applicable. shrinkMD operates primarily as a private-pay platform and does not submit claims to health plans or government payors for services provided through the platform unless expressly stated.
2.3 Health Care Operations
PHI may be used for operational activities such as quality improvement, platform security, compliance, auditing, training, and administrative support.
2.4 Public Health and Safety
PHI may be disclosed as required by law, including for public health reporting, preventing serious threats to health or safety, or reporting abuse, neglect, or domestic violence.
2.5 Legal and Regulatory Requirements
PHI may be disclosed in response to court orders, subpoenas, regulatory investigations, audits, or other lawful processes.
3. TELEHEALTH AND ELECTRONIC COMMUNICATIONS
Your care is delivered via telehealth, which involves the electronic transmission of health information.
- We use administrative, technical, and physical safeguards designed to protect PHI.
- No system is completely secure; there is a small risk of unauthorized access inherent in electronic communications.
- You are responsible for participating in telehealth sessions from a private and secure location when possible.
4. TECHNOLOGY AND AUTOMATED TOOLS
shrinkMD may use technology tools to support care delivery and clinical documentation, including secure video platforms, scheduling systems, and documentation support tools (such as transcription or summarization).
- These tools assist administrative and clinical workflows.
- They do not replace clinical judgment.
- PHI processed through these tools is handled in accordance with HIPAA and applicable safeguards.
- Where required, shrinkMD enters into appropriate agreements with vendors that handle PHI.
5. YOUR RIGHTS REGARDING PHI
Under HIPAA, you have the right to:
- Access your PHI and obtain copies
- Request amendments to incorrect or incomplete PHI
- Receive an accounting of disclosures
- Request restrictions on certain uses or disclosures
- Request confidential communications
- Receive notice of a breach of unsecured PHI
Requests must be submitted in accordance with the Provider’s procedures or through shrinkMD’s designated privacy contact.
6. DATA RETENTION AND SECURITY
PHI is retained for the period required by applicable federal and state law or as necessary for treatment, legal, and operational purposes.
shrinkMD employs administrative, physical, and technical safeguards designed to protect PHI against unauthorized access, use, or disclosure.
When PHI is no longer required, it is securely destroyed or de-identified in accordance with applicable law.
7. CHANGES TO THIS POLICY
We may update this HIPAA Privacy Policy from time to time. The most current version will be available on our website and will apply to PHI we maintain.
8. COMPLAINTS AND CONTACT INFORMATION
If you believe your privacy rights have been violated, you may file a complaint:
- With shrinkMD, using the contact information available on our website
- With the U.S. Department of Health and Human Services, Office for Civil Rights (OCR)
- Website: https://www.hhs.gov/ocr/hipaa/
- Phone: 1-877-696-6775
There will be no retaliation for filing a complaint.
9. PAPER COPY
You have the right to receive a paper copy of this HIPAA Privacy Policy, even if you have agreed to receive it electronically.
ACKNOWLEDGMENT
Use of shrinkMD’s Services constitutes acknowledgment of this HIPAA Privacy Policy. Providers may require additional acknowledgments as part of your intake process.
