Legal · HIPAA

HIPAA Notice of Privacy Practices

Last updated: 2026-05-19

Template — pre-launch. This document is a working baseline intended to be reviewed and customized by a licensed attorney familiar with telehealth, HIPAA, and the consumer-privacy laws of each state where EndurHealth operates (including California, Colorado, Connecticut, Virginia, Utah, and any others where you accept patients). Do not publish unmodified.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice is provided by the independent medical practices affiliated with EndurHealth, Inc. (the "Practice"), in accordance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and applicable state law.

Our Obligations

The Practice is required by law to:

  • Maintain the privacy of your Protected Health Information (PHI).
  • Provide you this Notice of our legal duties and privacy practices regarding PHI.
  • Notify you following a breach of unsecured PHI affecting you.
  • Abide by the terms of this Notice currently in effect.

How We May Use and Disclose PHI

1. Treatment

We use and disclose PHI to provide, coordinate, or manage your healthcare and any related services. For example, we may share information with pharmacies that fill your prescriptions, laboratories that perform ordered tests, or specialists involved in your care.

2. Payment

We may use and disclose PHI to obtain payment for services. This includes processing credit-card charges and, when applicable, sharing information with insurers or payment processors.

3. Healthcare Operations

We may use and disclose PHI for activities necessary to run the Practice — quality assessment, provider training and credentialing, audits, accreditation, and business planning.

4. Appointment Reminders & Health-Related Information

We may contact you (via phone, text, or email) to provide appointment reminders, prescription refill notices, lab results, or information about treatment alternatives or health-related benefits that may interest you.

5. Business Associates

We may share PHI with third-party vendors that perform services on our behalf — for example, our cloud-hosting, electronic health record, telehealth video, customer relationship management (CRM), and analytics partners. Each such vendor signs a Business Associate Agreement (BAA) requiring them to protect PHI consistent with HIPAA.

6. Required By Law

  • Public-health activities (e.g., reporting communicable diseases to the CDC or state health authorities).
  • Reporting suspected abuse, neglect, or domestic violence.
  • Health oversight activities (e.g., audits and investigations by HHS or state regulators).
  • Judicial and administrative proceedings (e.g., subpoenas with proper safeguards).
  • Law enforcement purposes as permitted by HIPAA.
  • To coroners, medical examiners, and funeral directors.
  • To prevent a serious threat to health or safety.
  • For workers' compensation as authorized by state law.
  • For military, veteran, national security, or correctional purposes when applicable.

7. Uses & Disclosures Requiring Your Written Authorization

We will obtain your written authorization before:

  • Most uses and disclosures of psychotherapy notes (when applicable).
  • Uses and disclosures of PHI for marketing purposes (other than face-to-face communications and certain promotional gifts of nominal value).
  • Disclosures that constitute a sale of PHI.
  • Other uses and disclosures not described in this Notice.

You may revoke an authorization in writing at any time, except to the extent we have already relied on it.

Your Rights

Right to Access

You have the right to inspect and obtain a copy of PHI in our designated record set, typically within 30 days of your written request. We may charge a reasonable fee for copying and mailing as permitted by law.

Right to Amend

You may request that we amend PHI you believe is incorrect or incomplete. We may deny your request in certain circumstances and will provide a written explanation.

Right to an Accounting of Disclosures

You may request a list of disclosures of your PHI we have made in the six years prior to your request, excluding disclosures for treatment, payment, healthcare operations, and certain other categories.

Right to Request Restrictions

You may request restrictions on certain uses and disclosures. We are not required to agree, except that we will honor a request to restrict disclosure of PHI to a health plan if the disclosure is for payment or healthcare operations and the PHI relates to a service for which you paid out-of-pocket in full.

Right to Confidential Communications

You may request that we communicate with you in a specific way (for example, by email only, or to a specific phone number). We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

Right to Be Notified of a Breach

You have the right to be notified following a breach of unsecured PHI affecting you.

Changes to This Notice

We reserve the right to change this Notice and to make the revised Notice effective for all PHI we maintain. The current version will always be posted at endurhealth.com with the "Last updated" date above.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@endurhealth.com or with the U.S. Department of Health and Human Services, Office for Civil Rights, at hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.

Contact: Privacy Officer

EndurHealth Privacy Officer
privacy@endurhealth.com
[STREET ADDRESS PLACEHOLDER]
Phone: [PHONE NUMBER PLACEHOLDER]