Privacy Policy

Last Updated: August 04, 2025

At Ithaca Health, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your information when you visit our website (www.ithaca-health.com) or use our telehealth hormone therapy services. By using our site or services, you agree to this policy. If you have questions, contact us at support@ithaca-health.com.

1. Information We Collect

We collect information to provide and improve our services, including:

  • Personal Information: When you contact us, create an account, or use our services, we may collect your name, email address, phone number, billing details, and account preferences.
  • Health Information: As a patient, we collect protected health information (PHI) such as medical history, hormone therapy needs, and treatment details, in compliance with HIPAA standards.
  • Usage Data: We automatically collect data about your interactions with our site, such as IP address, browser type, device information, pages visited, and timestamps, via cookies, web beacons, and analytics tools.
  • Payment Information: For processing payments, we collect billing details through secure third-party payment processors.

2. How We Use Your Information

We use your information to:

  • Provide telehealth hormone therapy services, including consultations, prescriptions, treatment plans, and follow-ups.
  • Process payments and manage subscriptions.
  • Improve our website and services through analytics and user feedback.
  • Communicate with you, such as responding to inquiries, sending appointment reminders, or providing service updates.
  • Comply with legal obligations, including HIPAA, Utah regulations, and other applicable laws.
  • Prevent fraud and enhance the security of our services.

3. How We Share Your Information

We do not sell, rent, or trade your information. We may share it only in the following circumstances:

  • With Service Providers: Trusted partners (e.g., telehealth platforms, payment processors, cloud hosting services) who follow strict privacy and security standards and sign Business Associate Agreements (BAAs) for HIPAA compliance.
  • For Legal Reasons: To comply with applicable laws, regulations, court orders, or to protect our rights, property, or safety (e.g., Utah Code § 13-11-4).
  • With Your Consent: If you explicitly agree to share specific data, such as for referrals or third-party integrations.
  • De-Identified Data: We may share aggregated or anonymized data for research, analytics, or marketing purposes, ensuring it cannot be linked to you.

4. Data Security

We implement industry-standard measures to protect your data, including:

  • Secure Sockets Layer (SSL) encryption for website and data transmissions.
  • HIPAA-compliant platforms for telehealth and electronic health records (EHRs).
  • Role-based access controls to limit staff access to your information.
  • Regular security audits and penetration testing to identify and address vulnerabilities.
  • Encrypted storage for sensitive data, including PHI.
  • Incident response protocols to address potential breaches promptly, in compliance with HIPAA and Utah law.

While we strive to protect your information, no system is completely secure. In the event of a data breach, we will notify affected individuals promptly as required by law.

5. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience, analyze site performance, and personalize content. These technologies may collect data like your IP address, browser type, and site interactions. You can manage cookie preferences through your browser settings, but disabling cookies may limit some site functionality. We do not use cookies to collect or store health information.

6. Your Rights

You have the following rights regarding your information:

  • Access: Request a copy of your personal data or PHI.
  • Correct: Update or correct inaccurate information.
  • Delete: Request deletion of your data, except where retention is required by law (e.g., medical records must be retained for 7 years under Utah law).
  • Restrict: Request limitations on how we use or share your data, where permitted by law.
  • Opt-Out: Unsubscribe from marketing communications via the “unsubscribe” link in emails or texts.
  • Data Portability: Request a transferable copy of your data in a structured format.

To exercise these rights, contact us at support@ithaca-health.com. We will respond within 30 days, in accordance with HIPAA and applicable consumer protection laws.

7. HIPAA Compliance

Our telehealth services handle protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA). We use HIPAA-compliant tools, including secure telehealth platforms and encrypted EHRs, and train our staff to safeguard your PHI. Patients will receive a Notice of Privacy Practices during their first visit, detailing their rights under HIPAA.

8. Third-Party Links

Our website may include links to third-party sites (e.g., payment processors or health resources). We are not responsible for their privacy practices. Please review their policies before sharing information.

9. Children’s Privacy

Our services are intended for individuals 18 and older. We do not knowingly collect data from children under 13, in compliance with the Children’s Online Privacy Protection Act (COPPA). If you believe we have collected such data, contact us immediately at support@ithaca-health.com.

10. International Users

Our services are based in Utah, USA, and subject to U.S. laws, including HIPAA for health information. If you access our services from outside the U.S., your data will be processed in the U.S. By using our services, you consent to this data transfer and processing.

11. Changes to This Policy

We may update this policy to reflect changes in our services, legal requirements, or industry standards. Updates will be posted on this page, and we will notify you via email or a website notice for significant changes. Please review this policy periodically.

12. Contact Us

For questions, concerns, or to exercise your rights, contact:

Ithaca Health LLC
support@ithaca-health.com
Phone: [Insert Phone Number]
Address: [Insert Business Address, if applicable]

We are dedicated to ensuring your privacy and providing transparent, secure services.

```