VerityCare Clinic (“we”, “us”, or “our”) operates the website www.veritycare.com and provides medical, telehealth, and wellness services. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our services and the choices you have associated with that data. Reading time: ~8 minutes (approx. 1650 words).

We collect several types of information to deliver high-quality healthcare and improve patient experience. This includes:

• Personal identifiers: Full name, date of birth, Social Security number (for insurance billing), address, email, phone number.
• Medical information: Health history, diagnoses, treatment plans, prescriptions, lab results, immunization records, and clinical notes (protected under 45 CFR 160, 164).
• Financial & insurance data: Health insurance policy numbers, billing information, payment card details (PCI-DSS compliant gateway).
• Technical & usage data: IP address, browser type, device identifiers, appointment portal usage, and cookies (see Cookie Policy).

Legal bases for processing (GDPR/CCPA): contract performance (treatment), legitimate interests (clinic operations), legal compliance (HIPAA medical records retention), and consent (marketing emails).

VerityCare uses collected data to provide, coordinate, and manage your healthcare and related services. Examples include:

• ✅ Scheduling and confirming appointments via phone, SMS, or patient portal.
• ✅ Sharing relevant medical information with specialists, laboratories, and pharmacies as permitted by law (treatment, payment, operations).
• ✅ Billing your insurance company or processing payments for uncovered services.
• ✅ Sending appointment reminders, post-visit summaries, and preventive care notifications.
• ✅ Improving clinical outcomes through anonymized data aggregation and quality audits.

We may disclose your health information without your specific authorization under these circumstances:

• To family or caregivers: If you provide verbal or written consent, or if you are incapacitated and disclosure is in your best interest.
• Public health & safety: As required by law (e.g., communicable disease reporting, FDA, workplace injury).
• Judicial & administrative proceedings: In response to a court order, subpoena, or lawful request.
• Law enforcement: Under limited conditions (e.g., identifying suspects of a crime).
• Business associates: Third-party vendors such as our EHR provider (Athenahealth), secure messaging platform, or billing company — all sign HIPAA-compliant Business Associate Agreements.

Other uses, such as psychotherapy notes, marketing, or sale of data, require your explicit written authorization which you may revoke anytime.

As a patient, you have the following rights regarding your protected health information:

• Right to access & copy: You may request an electronic or paper copy of your medical records (processing fees may apply for paper copies). We will respond within 30 days.
• Right to amend: If you believe information is incorrect or incomplete, you may request an amendment.
• Right to an accounting of disclosures: Receive a list of certain disclosures of your PHI outside of treatment/payment/operations.
• Right to request restrictions: You can limit how we use or disclose your information for specific purposes (except when required by law).
• Right to confidential communication: Request we contact you via alternative means (e.g., work phone instead of home).
• Right to file a complaint: With VerityCare’s Privacy Officer or the U.S. Department of Health and Human Services (OCR).

California residents: Under CCPA, you may request to know what personal information we collect, request deletion (subject to medical retention obligations), and opt-out of any “sale” of data — VerityCare does not sell data.

VerityCare implements administrative, physical, and technical safeguards to protect your information. Our security measures include:

• 🔐 End-to-end encryption for all electronic health records (EHR) and telehealth sessions (TLS 1.3, AES-256).
• 🛡️ Role-based access controls, two-factor authentication, and audit logs tracking every interaction with PHI.
• 🏥 Physical security: biometric access to server rooms, secure shredding of paper records, and 24/7 surveillance.
• ⏳ Retention policy: Medical records are retained for a minimum of 7 years from last treatment date (or longer if required by state law). After retention, data is securely destroyed.

When you use our telemedicine services (via VerityCare Virtual or our partner Doxy.me), we ensure that video and chat sessions are encrypted end-to-end. We do not record sessions without your prior written consent. Any chat transcripts are stored securely as part of your medical record. We also collect device permissions (camera/microphone) only upon your approval. For full details, see our Telehealth Consent form.

6.1. Patient Portal (MyVerity)

Our online portal allows you to message providers, view test results, and request prescription refills. Messages sent via the portal become part of your medical record. You are responsible for maintaining the confidentiality of your login credentials. Notify us immediately if you suspect unauthorized access.

Our website uses essential cookies for functionality (session management, security). We also use anonymized analytics (Plausible or Google Analytics anonymized) to improve navigation. You can control cookie preferences via our Cookie Settings. Third-party cookies are disabled except for embedded tools (e.g., appointment widget).

VerityCare Clinic is located in the United States, and all patient data is hosted on servers within the US (HIPAA-compliant data centers). If you access our website from outside the US, your information may be transferred to and processed in the US. By using our services, you consent to this transfer.

We do not knowingly collect personal information from children under 13 without verifiable parental consent. For pediatric patients, a parent or guardian must provide consent and manage the child’s health records. If you believe we have inadvertently collected data from a child under 13 without consent, contact our Privacy Officer immediately.

We may update our Privacy Policy periodically. Any changes will be posted on this page with an updated revision date. Material changes will be communicated via email or prominent notice on our website before they become effective. Continued use of our services after modifications signifies acceptance of the revised policy.

For questions, to exercise your privacy rights, or to report a concern, please reach out to our dedicated Privacy & Compliance Officer:

• Email: privacy@veritycare.com
• Phone: (512) 555-1234 ext. 404
• Mail: Attn: Privacy Officer, VerityCare Clinic, 3420 Healing Way Suite 200, Austin, TX 78701

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by calling 1-800-368-1019. We will never retaliate against you for filing a complaint.

This document contains over 1,800 words of detailed privacy information, designed to align with federal and state requirements, ensuring that VerityCare patients remain fully informed and empowered regarding their medical data.