pills pills

HIPAA Policy

HIPAA Notice of Privacy Practices

Your Information. Your Rights. Our Responsibilities.


eScript360 (hereinafter “eScript360”, “our”, “we” and “us”) is required by law to maintain the privacy of Protected Health Information ("PHI") and to provide you with notice of our legal duties and privacy practices with respect to PHI. This notice is for the purposes of compliance with the Health Insurance Portability and Accountability Act ("HIPAA"). eScript360, its employees, and workforce members who are involved in providing and coordinating health care are all bound to follow the terms of this Notice of Privacy Practices ("Notice").

PHI is information that may identify you and that relates to your past, present or future physical or mental health or condition, the provision of health care products and services to you or payment for such services. This Notice describes how we may use and disclose PHI about you, as well as how you obtain access to such PHI. This Notice also describes your rights with respect to your PHI. We are required by HIPAA to provide this Notice to you. eScript360 is required to follow the terms of this Notice or any change to it that is in effect.

The following information describes different ways that we may use and disclose your PHI. It does not set forth every permissible use or disclosure. Some types of PHI, such as HIV information, genetic information, alcohol and/or substance abuse records, and mental health records may be subject to special confidentiality protections under applicable state or federal law and we will abide by those special protections. If you would like additional information about state law protections in your state, or additional use or disclosure restrictions that may apply to sensitive PHI, please contact our Privacy Officer in New York by email at nyc@eScript360.com or in Philadelphia at philly@eScript360.com.

Your Rights

You have the right to:

  • Get a copy of your paper or electronic medical record for which we may charge a reasonable, cost-based fee; provided, however, that records cannot be denied solely because of an inability to pay;
  • Request a correction to your paper or electronic medical record;
  • Request reasonable confidential communications;
  • Ask us to limit the information we share;
  • Get a list of those with whom we’ve shared your information subject to certain limitations (i.e., an accounting) for no charge once a year; any additional accountings will be charged a reasonable, cost-based fee;
  • Get a copy of this Privacy Notice;
  • Choose someone to act for you; and
  • File a complaint if you believe your privacy rights have been violated.

Your Choices

If you have a clear preference for how we share your information in the situations described below, please inform us and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care, except that if you are a minor, we may release your PHI to your parents or legal guardians when permitted or required by law;
  • Share information in a disaster relief situation; and
  • Contact you for fundraising efforts.

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In these cases we never share your information unless you give us written permission:

  • Marketing purposes;
  • Sale of your information; and
  • Most sharing of psychotherapy notes.

We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice or otherwise permitted by law. You may revoke your authorization at any time by submitting a written notice to the Privacy Officer. Your revocation will be effective upon receipt; however, it will not undo any use or disclosure of your PHI that occurred before you notified us, or any actions taken based upon your authorization.

Our Uses and Disclosures

• We may use and disclose your PHI for treatment, payment and health care operations without your written authorization.

1. Treatment: We can use your health information and share it with other professionals who are treating you.
Example: Sharing health information with your prescribing physician.

2. Health care operations: We can use and share your health information to run our pharmacy, improve your care, and contact you when necessary.
Example: We use health information about you to manage your prescriptions.

3. Payment: We can use and share your health information to bill and get payment from health plans or other entities.
Example: We give information about you to your health insurance plan so it will pay for your services.

• Other Uses and Disclosures of Your PHI that Do Not Require Authorization include:

Help with public health and safety issues: We can share health information about you for certain situations such as preventing disease; helping with product recalls; reporting adverse reactions to medications; reporting suspected abuse, neglect, or domestic violence; and preventing or reducing a serious threat to anyone’s health or safety.

Research: We can use or share your information for health research.

Business Associates: When we contract with third parties to perform certain services for us, such as billing or consulting, these third party service providers, known as Business Associates, may need access to your PHI to perform these services. They are required by law and their agreements with us to protect your PHI in the same way we do.

Comply with the law: We will share information about you if state or federal laws require it, including with the U.S. Department of Health and Human Services if it wants to see that we are complying with federal privacy law.

Respond to organ and tissue donation requests: We can share health information about you with organ procurement organizations.

Work with a medical examiner or funeral director: We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Address workers’ compensation, law enforcement, and other government requests: We can use or share health information about you for workers’ compensation claims; for law enforcement purposes or with a law enforcement official under limited circumstances; with health oversight agencies for activities authorized by law; and for special government functions such as military, national security, and presidential protective services.

Respond to lawsuits and legal actions: We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose your PHI to the institution or its agents to assist them in providing your health care, protecting your health and safety or the health and safety of others.

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know promptly in the event there is a breach of your unsecured PHI as defined by HIPAA.
  • We must follow the duties and privacy practices described in this Notice and give you a copy of it.
  • We will not use or share your information other than as described here unless you tell us we can in writing.
  • We must follow all applicable laws related to confidentiality as prescribed by state laws and regulations that are not preempted by HIPAA, including, but not limited to, only using and sharing HIV related information in accordance with state public health law.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

Changes to the Terms of this Notice

We reserve the right to make changes to the terms of this Notice, and the changes will apply to all information we have about you.
The new notice will be available upon request, in our office, and on our website (www.eScript360.com).

To Report a Problem

If you have questions or would like additional information about eScript360 pharmacy’s
privacy practices, you may contact our Privacy Officers at their respective locations:

• Pennsylvania: 601 S 10th Street, Philadelphia, PA 19147, by email philly@eScript360.com or toll-free by telephone at (833) 384-0100
• New York: 1299 1st Avenue, New York, NY 10021, by email nyc@eScript360.com or toll-free by telephone at (833) 302-5500


If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer or by filing a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. You can also file a complaint through www.eScript360.com, and we will route your complaint to the Privacy Officer. There will be no retaliation for filing a complaint.

This Notice is effective January 1, 2023.