Privacy Policy
How Urgent Care Online collects, uses, protects, and manages your personal and health information.
Effective Date: April 15, 2026 | Last Updated: April 15, 2026
1. Introduction
Urgent Care Online ("we," "us," or "our") is committed to protecting the privacy and security of your personal information and Protected Health Information ("PHI"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our telehealth platform and services at urgent-care-online.com (the "Platform").
This policy complies with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the HITECH Act, applicable state consumer health data privacy laws — including the Washington My Health My Data Act, Nevada SB 370, and the California Consumer Privacy Act ("CCPA") / California Privacy Rights Act ("CPRA") — and other applicable federal, state, and local regulations.
2. Information We Collect
2.1 Personal Information
We may collect the following categories of personal information:
- Identifiers: Full name, email address, phone number, mailing address, date of birth
- Account credentials: Username, password (encrypted and hashed)
- Payment information: Billing address, payment card details (processed by PCI-DSS-compliant third-party processors — we do not store full card numbers)
- Device and usage data: IP address, browser type, operating system, device identifiers, pages visited, time spent on pages
2.2 Protected Health Information (PHI)
When you use our telehealth services, we collect PHI as defined under HIPAA, including but not limited to:
- Medical history and health conditions
- Symptoms, diagnoses, and treatment plans
- Prescription and medication information
- Lab results and referrals
- Audio and video recordings of consultations (where permitted by law and with your consent)
- Insurance information (if applicable)
2.3 Consumer Health Data
Under state consumer health data privacy laws (including the Washington My Health My Data Act), "consumer health data" may include health-related information not covered by HIPAA, such as data collected outside the treatment relationship. We treat all health-related data with the same standard of protection regardless of regulatory classification.
3. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing telehealth consultations and treatment | HIPAA Treatment authorization; Contractual necessity |
| Processing payments and billing | HIPAA Payment authorization; Contractual necessity |
| Coordinating prescriptions with pharmacies | HIPAA Treatment authorization |
| Quality assurance and service improvement | HIPAA Health Care Operations; Legitimate interest |
| Communicating with you about your care | HIPAA Treatment authorization; Consent |
| Compliance with legal and regulatory requirements | Legal obligation |
| Responding to inquiries and support requests | Consent; Legitimate interest |
We do not sell your personal information or PHI. We do not use your health data for advertising, marketing profiling, or automated decision-making.
4. How We Share Your Information
We may share your information only as follows:
- Healthcare Providers: Board-certified physicians in our network who provide your care.
- Pharmacies: To fulfill electronic prescriptions ordered during your consultation.
- Payment Processors: PCI-DSS-compliant third-party processors to handle billing and payments.
- Business Associates: Third-party service providers who perform services on our behalf and are bound by HIPAA Business Associate Agreements ("BAAs").
- Legal Compliance: When required by law, subpoena, court order, or government regulation.
- Public Health Activities: As required by law for disease reporting, public health surveillance, or other authorized public health purposes.
We do not share your information with data brokers, advertisers, or any third party for their own marketing or commercial purposes.
5. Data Security
We implement administrative, technical, and physical safeguards to protect your information, including:
- 256-bit AES end-to-end encryption for all data in transit and at rest
- TLS 1.3 for all web communications
- Multi-factor authentication for system access
- Role-based access controls limiting PHI access to authorized personnel
- Regular security audits, penetration testing, and vulnerability assessments
- Employee HIPAA training conducted annually
- Incident response procedures compliant with the HIPAA Breach Notification Rule
6. Data Retention
We retain your PHI and medical records for a minimum of six (6) years from the date of last treatment or as required by applicable state law, whichever is longer. Personal information unrelated to treatment is retained only as long as necessary for the purpose for which it was collected, or as required by law.
Upon expiration of the retention period, records are securely destroyed using NIST-compliant data sanitization methods.
7. Your Rights
7.1 HIPAA Rights
Under HIPAA, you have the right to:
- Access and obtain a copy of your PHI
- Request amendments to your PHI
- Receive an accounting of disclosures of your PHI
- Request restrictions on certain uses and disclosures of your PHI
- Request confidential communications
- File a complaint with us or the U.S. Department of Health and Human Services if you believe your privacy rights have been violated
7.2 State Consumer Privacy Rights
Depending on your state of residence, you may also have the following rights:
- California (CCPA/CPRA): Right to know, delete, correct, limit use of sensitive personal information, and opt out of sale/sharing. To exercise these rights, email privacy@urgent-care-online.com or call (800) 555-0199.
- Washington (My Health My Data Act): Right to access, delete, and withdraw consent for collection of consumer health data. We obtain consent before collecting consumer health data and honor all withdrawal requests within 15 business days.
- Nevada (SB 370): Right to opt out of the sale of personal information.
We do not discriminate against you for exercising any of your privacy rights.
8. Cookies and Tracking Technologies
We use strictly necessary cookies to operate the Platform (authentication, session management, security). We do not use third-party advertising cookies or cross-site tracking technologies. Analytics data, if collected, is aggregated and de-identified.
9. Children's Privacy
Our telehealth services are available for patients ages 2 and older, with parental or legal guardian consent required for minors. We do not knowingly collect personal information from children under 13 without verified parental consent, in compliance with the Children's Online Privacy Protection Act ("COPPA"). If you believe a child's information has been collected without consent, contact us immediately at privacy@urgent-care-online.com.
10. Do Not Sell or Share My Personal Information
Urgent Care Online does not sell your personal information or PHI. We do not share your personal information for cross-context behavioral advertising. If you wish to submit a do-not-sell/do-not-share request or confirm your status, email privacy@urgent-care-online.com with the subject line "Do Not Sell or Share."
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Material changes will be communicated via a prominent notice on our Platform and/or by email at least 30 days before the new policy takes effect. Your continued use of the Platform after the effective date constitutes acceptance of the revised policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information:
- Privacy Officer: privacy@urgent-care-online.com
- General Support: support@urgent-care-online.com
- Phone: (800) 555-0199
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at hhs.gov/hipaa.