Privacy Policy and Notice of Privacy Practices

Effective Date: August 18, 2025

At SleepScriptMD, we value your trust and are committed to protecting your privacy, especially your health information. This notice explains how we may use and disclose your Protected Health Information (PHI), your rights regarding that information, and our legal responsibilities.

1. How We Use and Disclose Your Health Information

We may use or share your PHI for:

• Treatment: With licensed clinicians involved in your care, including HIPAA-compliant Jotform intakes, secure video visits, or phone consultations.
• Operations: Internal administration, care coordination, and quality improvement.
• Billing: Processing payments through Stripe or other secure platforms.

Other legally permitted uses include public health reporting (e.g., communicable disease notifications), health oversight activities (audits, compliance reviews), court orders or legal proceedings, workers’ compensation claims, and law enforcement or national security requirements.

We will never use your PHI for marketing, sale of data, or release of psychotherapy notes without your written consent.

2. Your Rights Regarding PHI

You have the right to:

• Access your records within 30 days
• Request corrections to incomplete or inaccurate information
• Restrict sharing in certain situations
• Request confidential communications (e.g., secure email or phone)
• Request an accounting of disclosures (list of instances PHI was shared in the last 6 years, excluding routine uses)
• Ask for a paper copy of this notice at any time
• File a complaint without fear of retaliation

3. Website Data Collection and Online Privacy

When you use SleepScriptMD.com, we may collect:

• Device and browser data (IP, type, usage)
• Information submitted through HIPAA-compliant Jotform intake forms
• Payment details processed securely through Stripe
• Email interaction data (sign-ups, clicks)

We use this information to deliver and improve care, track usage and campaign effectiveness, detect and prevent fraud, and maintain site security.

Tools may include Jotform, Stripe, Google Analytics, and Meta Pixel. All third-party vendors must meet applicable privacy and security standards.

4. Special Considerations for Age and Eligibility

• Services are only for adults aged 18–65
• Not available for individuals with complex psychiatric or medical conditions, or with a history of substance misuse
• If information falls outside these criteria, services may be denied and a refund issued per policy

5. Telehealth and Electronic Communications

All clinical services at SleepScriptMD occur via HIPAA-compliant Jotform forms, secure video sessions, or phone consultations depending on state regulations and patient needs.

By using our services, you consent to receive care through these virtual methods and understand the limitations compared to in-person visits.

Please note: Standard email is not encrypted. For sensitive matters, use the secure channels we provide.

6. Our Legal Responsibilities

• We are required by law to safeguard your PHI under HIPAA
• We will notify you promptly if your information is compromised
• We must follow the practices outlined in this notice unless you provide written authorization for changes
• You may revoke prior authorizations at any time in writing
• We reserve the right to update this Privacy Policy at any time, with the new effective date posted here

7. Contact Us

If you have questions, requests, or complaints, please contact our Privacy Officer:

📧 Hope@SleepScriptMD.com
📍 SSMD, 118 East Side Square Ste. A, Shelbyville, TN 37160

You may also file a complaint with the U.S. Department of Health & Human Services, Office for Civil Rights:

🌐 https://www.hhs.gov/ocr/privacy/hipaa/complaints/
📞 1-877-696-6775