<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1276106688018989&ev=PageView&noscript=1"/>JourneyDoctors — Healthcare at Your Doorstep
JourneyDoctors

Legal

HIPAA Compliance

Notice of Privacy Practices · Last updated: May 2026

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Our Commitment to Protecting Your Health Information

JourneyDoctors is committed to protecting the privacy and security of your Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and applicable state privacy laws.

We are required by law to maintain the privacy of your PHI, to provide you with this notice of our legal duties and privacy practices, and to notify you if a breach of your unsecured PHI occurs. We are required to abide by the terms of the notice currently in effect.

Your information stays protected

We will never sell your health information. We will never use it for advertising. We use it only to provide and improve the care you receive.

What Is Protected Health Information (PHI)?

PHI is individually identifiable health information that we create, receive, maintain, or transmit in connection with providing healthcare services to you. This includes:

  • Information about your past, present, or future physical or mental health conditions
  • Information about healthcare services provided to you on JourneyDoctors
  • Information about payment for your healthcare services
  • Information that identifies you, or that could reasonably be used to identify you, in connection with the above

Your Rights Under HIPAA

You have the following rights with respect to your PHI. To exercise any of these rights, contact our Privacy Officer at support@journeydoctors.com with the subject line "HIPAA Rights Request".

Right to Access Your Records

You have the right to inspect and receive a copy of your PHI that we maintain in your designated record set, which includes consultation notes, health records, and billing records. We will provide access within 30 days of your request (or 60 days if the records are stored off-site).

You may request records in electronic format. We may charge a reasonable fee for copying and mailing. We may deny access in limited circumstances — for example, if a licensed healthcare professional determines that access would endanger your life or the life of another person. You have the right to have such denials reviewed.

Right to Request Amendments

If you believe PHI we hold about you is inaccurate or incomplete, you have the right to request an amendment. Requests must be in writing and include a reason for the amendment. We will respond within 60 days.

We may deny your amendment request if the information was not created by us, is not part of the records we maintain, is not available for your inspection, or is accurate and complete. If denied, you may submit a written statement of disagreement, which we will include in your record.

Right to an Accounting of Disclosures

You have the right to request a list (accounting) of disclosures of your PHI we have made in the past 6 years, except for disclosures made for treatment, payment, or healthcare operations, or disclosures you authorised. We will provide this accounting within 60 days of your request. The first accounting in any 12-month period is free; subsequent requests may incur a reasonable fee.

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations, or to persons involved in your care. We are not required to agree to your request, except in the following circumstance: if you request that we not disclose PHI to your health insurer for a service you have paid for in full out of pocket, we are required to honour that restriction.

Right to Confidential Communications

You have the right to request that we communicate with you about health matters in a certain way or at a certain location — for example, requesting that appointment reminders be sent only to a specific email address rather than your default contact. We will accommodate reasonable requests.

How We Use and Disclose Your PHI

Treatment

We use and disclose your PHI to provide, coordinate, and manage your healthcare. For example, we share your health information with the doctor or nurse conducting your consultation, and with other providers involved in your care if you are referred.

Payment

We use PHI to obtain payment for services rendered. This may include verifying eligibility, processing claims, and billing activities.

Healthcare Operations

We use PHI for our internal operations — quality improvement, provider training, audits, compliance, and business management — to the extent permitted by HIPAA.

Required Disclosures

We are required by law to disclose PHI in certain circumstances, including when required by court order, to report certain communicable diseases to public health authorities, to report suspected abuse or neglect, or to comply with workers' compensation laws.

Disclosures We Will Not Make Without Your Authorisation

  • Use or disclosure of PHI for marketing purposes
  • Sale of your PHI
  • Disclosure of psychotherapy notes (except in very limited circumstances)
  • Any use or disclosure not described in this notice

Safeguards in Place

We implement administrative, physical, and technical safeguards to protect your PHI as required by the HIPAA Security Rule:

Encryption

All PHI is encrypted in transit (TLS 1.3) and at rest (AES-256). Video consultations use end-to-end encrypted connections.

Access Controls

PHI is accessible only to authorised personnel on a need-to-know basis. All access is logged and audited. Multi-factor authentication is enforced for providers.

Secure Infrastructure

Our platform runs on SOC 2 compliant cloud infrastructure with regular security audits, vulnerability scanning, and penetration testing.

Breach Response

We maintain a documented breach response plan. If a breach of your unsecured PHI occurs, we will notify you as required by law — typically within 60 days of discovery.

Business Associate Agreements

All third-party vendors who handle PHI on our behalf are bound by HIPAA Business Associate Agreements (BAAs).

How to Exercise Your Rights

To exercise any of your HIPAA rights, submit a written request to our Privacy Officer. Requests must:

  • Be in writing (email is acceptable)
  • Include your full name and the email address associated with your account
  • Specify which right you are exercising
  • Include sufficient detail to process your request

We will respond to all requests within 30 days. If we need additional time, we will notify you in writing within the 30-day period.

How to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint without fear of retaliation. You may file a complaint with:

JourneyDoctors Privacy Officer

Email: support@journeydoctors.com

Subject: "HIPAA Privacy Complaint"

US Department of Health and Human Services (HHS)

Office for Civil Rights (OCR)

Website: hhs.gov/ocr/privacy/hipaa/complaints

Phone: 1-800-368-1019

We will not retaliate against you for filing a complaint. Filing a complaint will not affect the quality of care or services you receive from JourneyDoctors.

Privacy Officer Contact

For all HIPAA-related enquiries, rights requests, and complaints, contact our designated Privacy Officer:

Privacy Officer — JourneyDoctors

Email: support@journeydoctors.com

Subject line: "HIPAA Privacy Request"

Response within 30 days as required by HIPAA.