Effective Date: January 1, 2026
Last Revised: January 1, 2026
This Notice of Privacy Practices at shrinkMD explains how we may use and disclose your protected health information (PHI) and how you can get access to this information. Please review it carefully.
Definitions
Protected Health Information (PHI): Information that identifies you and relates to your health, treatment, or payment for healthcare.
1. WHO THIS NOTICE APPLIES TO
This Notice of Privacy Practices (“Notice”) describes the privacy practices of licensed healthcare professionals and professional entities (“Providers”) who deliver psychiatric services through the shrinkMD platform.
These Providers are Covered Entities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
shrinkMD, LLC operates a technology platform that facilitates telepsychiatry services and provides administrative, technical, and operational support. In this role, shrinkMD generally functions as a Business Associate under HIPAA and handles Protected Health Information (“PHI”) on behalf of Providers in accordance with applicable law and contractual obligations.
This Notice applies to PHI created, received, or maintained in connection with your care.
2. OUR LEGAL DUTIES
We are required by law to:
- Maintain the privacy of your PHI
- Provide you with this Notice of our legal duties and privacy practices
- Abide by the terms of this Notice currently in effect
3. HOW YOUR PHI MAY BE USED AND DISCLOSED
A. For Treatment
PHI may be used and disclosed to provide, coordinate, or manage your psychiatric care. This includes communication among Providers and others involved in your treatment to ensure continuity and quality of care.
B. For Payment
PHI may be used for payment-related purposes to the extent applicable. shrinkMD primarily operates as a private-pay platform and does not routinely submit claims to insurance companies or government payors unless expressly stated.
Payment-related disclosures may include documentation necessary to support charges or resolve payment disputes.
C. For Health Care Operations
PHI may be used for operational purposes such as quality assurance, training, compliance activities, platform security, audits, and administrative support.
D. As Required by Law
PHI may be disclosed when required by federal, state, or local law.
E. Public Health and Safety
PHI may be disclosed for public health activities, reporting abuse or neglect, preventing serious threats to health or safety, or complying with public safety obligations.
F. Judicial and Administrative Proceedings
PHI may be disclosed in response to court orders, subpoenas, or lawful administrative requests.
G. Law Enforcement
PHI may be disclosed to law enforcement officials as required or permitted by law.
4. USES AND DISCLOSURES REQUIRING YOUR AUTHORIZATION
We will obtain your written authorization before using or disclosing your PHI for:
- Marketing purposes
- Sale of PHI
- Most uses and disclosures of psychotherapy notes
You may revoke an authorization at any time in writing, except to the extent action has already been taken.
5. TELEHEALTH AND ELECTRONIC COMMUNICATIONS
Your psychiatric care is provided via telehealth, which involves electronic transmission of information.
- Administrative, technical, and physical safeguards are used to protect PHI.
- No electronic system is completely secure.
- You are responsible for participating in sessions from a private and secure location when possible.
6. TECHNOLOGY AND DOCUMENTATION TOOLS
Technology tools may be used to support care delivery and documentation, including secure video platforms and documentation support tools.
- These tools assist clinical and administrative workflows.
- They do not replace professional judgment.
- PHI processed through such tools is protected in accordance with HIPAA.
7. YOUR RIGHTS REGARDING PHI
You have the right to:
- Inspect and obtain copies of your PHI
- Request amendments to PHI you believe is incorrect or incomplete
- Receive an accounting of disclosures
- Request restrictions on certain uses or disclosures
- Request confidential communications
- Receive notification of a breach of unsecured PHI
Requests must be submitted in accordance with Provider or platform procedures.
8. CHANGES TO THIS NOTICE
We reserve the right to change this Notice. Any changes will apply to PHI we already have as well as future information. The current version will be available on our website.
9. COMPLAINTS
If you believe your privacy rights have been violated, you may file a complaint:
With the U.S. Department of Health and Human Services – Office for Civil Rights (OCR):
Website: https://www.hhs.gov/ocr/hipaa/
Phone: 1-877-696-6775
Mail:
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
You may also file a complaint with shrinkMD using the contact information available on our website.
No retaliation will occur for filing a complaint.
10. PAPER COPY
You have the right to receive a paper copy of this Notice, even if you have agreed to receive it electronically.
CONTACT INFORMATION For questions about this Notice or our privacy practices, please contact shrinkMD through the contact methods listed on our website.
