HIPAA Notice of Privacy Practices
In connection with your use of EScript360’s pharmacy services, website, mobile application, products, and
other technology platforms (collectively, the “Services”), you may provide us with health information and
other identifiable information. This health information, paired with your identifiable information, is known
as “protected health information” or “PHI”. Under the Health Insurance Portability and Accountability Act of
1996 (“HIPAA”), EScript360 is required to provide you with this Notice of Privacy Practices (this “Notice”)
that describes how we may use and share your PHI for treatment, payment, or other purposes, and how you can
access your PHI that we collect. Please review this Notice carefully.
This Notice is effective with respect to you on or after, depending on when you use or access the Services,
the Effective Date.
eScript360’s responsibilities under HIPAA
1. Specific responsibilities under HIPAA with respect to your PHI include:
- Maintaining the privacy and security of your PHI;
- Following the duties and privacy practices described in this Notice;
- Only using or sharing your PHI as described in this Notice unless you tell us in writing that we can use
or share it in some other way; and
- Promptly letting you know if an incident occurs that may have compromised the privacy or security of
2. We may use or share your PHI for the following reasons:
- For Treatment. PHI may be used and shared in connection with your treatment and to provide you with
treatment-related health care services. For example, we may disclose PHI to doctors, nurses, pharmacists,
technicians, or other personnel who need the information to provide you with medical care.
- For Payment. PHI may be used and shared so that we or others may bill and receive payment from you, an
insurance company, or a third party for the treatment and services you received.
- For Health Care Operations. PHI may be used and shared in connection with our health care operations so
we can operate and manage our business and ensure that our customers receive the best possible care. We
may share PHI with other entities that have a relationship with you, such as your health plan, for their
own health care operation activities.
- Reminders, Treatment Alternatives, and Health-Related Benefits and Services. PHI may be used to contact
you to remind you that you have a prescription with us. We also may use and share PHI to tell you about
treatment alternatives or health-related benefits and services that may be relevant to you.
- Individuals Involved in Your Care or Payment for Your Care. When appropriate, we may share PHI with a
person who’s involved in your medical care or payment for your care, such as your family or a close
friend. If you prefer that we not share PHI in this way, please let us know. However, we’re still
permitted to share PHI to these individuals even if you tell us otherwise if we determine that sharing PHI
is in your best interest based on our professional judgment.
- Business Associates. We may share PHI with our business associates that perform functions on our behalf
or provide us with services if sharing that information is necessary for such functions or services. All
of our business associates are obligated to protect the privacy of PHI and aren’t allowed to use or
disclose any PHI other than as specified in a written agreement with each business associate.
3. Other ways that we use or share your protected health information
- We may be permitted or required to share your PHI in other ways (although we may have to meet certain
conditions first) - usually these ways contribute to the public good, such as public health, research,
and safety. Specifically, we may use or share your PHI for the following purposes:
- Public Health and Safety Issues. PHI may be used and shared in connection with public health and
safety issues such as helping with product recalls, preventing the spread of disease, reporting adverse
reactions to medications, reporting suspected abuse or neglect, or preventing or reducing a serious
threat to anyone’s health or safety.
- Research. PHI may be used and shared for research purposes. For example, a research project may
involve comparing the health of patients who received one medication to those who received another for
the same condition.
- Health Oversight Activities. PHI may be used and shared with a health oversight agency for oversight
activities such as audits, investigations, inspections, and licensure.
- Data Breach Notification Purposes. PHI may be used and shared to provide legally required notices of
unauthorized access to or disclosure of PHI.
- As Required by Law and Law Enforcement. PHI may be shared if state or federal laws require it to be
shared in a given circumstance. For example, we may release PHI to a law enforcement agency if we’re
required to respond to a court order or similar process. We may also share PHI in relation to criminal
conduct, such as if criminal conduct occurred on our premises.
- Lawsuits and Disputes. If you’re involved in a lawsuit or a dispute, we may be required to share PHI
in response to a court or administrative order, subpoena, discovery request, or other lawful process by
someone else involved in the dispute. To the extent not prohibited by law, we’ll first attempt to tell
you about the order or request so you can decide whether to obtain an order protecting the information
- Workers’ Compensation. We may share PHI for workers’ compensation or similar programs. These programs
provide benefits for work-related injuries or illness.
- Organ or Tissue Donation. If you’re an organ donor, we may share PHI with organizations that handle
organ procurement or other entities engaged in procurement, banking or transportation of organs, eyes or
tissues to facilitate organ, eye or tissue donation and transplantation.
- Coroners, Medical Examiners, and Funeral Directors. We may share PHI with a coroner, medical examiner,
or funeral directors as necessary for their duties.
- Specialized Government Functions. We may share PHI with departments or units of the government with
special functions, such as the U.S. military or the U.S. Department of State, for intelligence,
counterintelligence, and other national security activities authorized by law.
- Inmates or Individuals in Custody. If you’re an inmate of a correctional institution or under the
custody of a law enforcement official, we may share PHI with the correctional institution or law
4. When written permission is required to use and share your protected health
- We’re not required to obtain your written permission to use or share your PHI for the purposes
outlined in Sections 2 and 3 of this Notice. In all other circumstances, we can only use or share your
PHI with your written permission. For example, your written permission is required for the following
- Marketing. We must obtain your written permission prior to using PHI for marketing purposes as defined
in HIPAA. This does not apply to face-to-face communication about products or services that may be of
benefit to you, or about prescriptions you have already been prescribed.
- Sale of PHI. We do not sell PHI and under no circumstances will we sell your PHI without your written
- Psychotherapy Notes. To the extent we receive them from your provider, we will not use or share
psychotherapy notes about you without your permission except to defend ourselves in a legal action or
other proceeding brought by you.
- Please note that you’re not required to provide your permission and you may later revoke your
permission at any time by sending a written revocation to our Privacy Officer at the email or mailing
address written under Section 6.
5. Your rights under HIPAA
- HIPAA grants you the following rights with respect to your PHI collected by us:
- Right to Inspect and Copy. You may ask to see or get an electronic or paper copy of your medical
record and other PHI we’ve about you. We’ll provide a copy or a summary of your PHI within 30 days of
your request. We may charge a reasonable, cost-based processing fee for these requests.
- Right to Correct. You may ask us to correct your PHI that you think is incorrect or incomplete. We may
say “no” to your request, but we’ll tell you why in writing within 60 days.
- Right to Confidential Communications. You can ask us to contact you in a specific way (for example,
home or office phone) or to send mail to a different address.
- Right to Request Additional Restrictions. You may ask us not to use or share your PHI for treatment,
payment, or our operations, with certain individuals (such as a family member or close personal friend)
involved with your care or with payment related to your care, or in order to notify other individuals
about your location and general condition. While we’ll consider all requests for additional restrictions
carefully, we’re not required to agree to your request, and we may decline if it would affect your care.
If you pay for a service out-of-pocket in full, you can ask us not to share that information for the
purpose of payment or our operations with your health insurer.
- Right to a List of Disclosures. You may ask for a list of the times we’ve shared your PHI in the
previous six years, who we shared it with, and why. We’ll include all the disclosures except for those
about treatment, payment, and health care operations, and certain other disclosures (such as any that
you gave us permission to make). We’ll provide one list a year for free but may charge a reasonable,
cost-based fee if you ask for another one within 12 months.
- Right to Paper Copy of this Notice. You can ask for a paper copy of this notice at any time, even if
you have agreed to receive the notice electronically.
6. What you should also know
- Changes to this Notice. We may change this Notice at any time. However, we’ll give you prior notice of
any major changes by placing a notice on the Services, by sending you an email, or by some other manner,
and we’ll let you know when the modified Notice will become effective.
- Privacy Officer. If you would like further information about your privacy rights, want to make a
specific request as detailed in this Notice, are concerned that we’ve violated your privacy rights, or
disagree with a decision that we made about access to your PHI, you may contact our Privacy Officer at
Info@eScript360.com or 601 S. 10th Street, Philadelphia, PA 19147 (Attention: Privacy Officer).
- Complaints. If you believe your privacy rights have been violated, you may file a complaint with the
U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200
Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting
www.hhs.gov/ocr/privacy/hipaa/complaints. We will not retaliate against you for filing a complaint.