HIPAA Compliance

Upheal, Inc.

Effective February 15, 2023

This section explains how we use, disclose and protect your PHI (Protected Health Information) in accordance with HIPAA (Health Insurance Portability and Accountability Act) as amended by the Health Information Technology for Economic and Clinical Health Act Title XIII of Division A of the American Recovery and Reinvestment Act, 2009 (“HITECH”) and regulations promulgated thereunder, as such law and regulations may be amended from time to time (collectively, “HIPAA”).


PHI is identifiable health information about you (such as your name, social security number, or address), and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. We need PHI to provide you with quality care and to comply with certain legal requirements.


HIPAA Notice


This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment, or healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information.

  1. Your PHI may be used and disclosed by our organization and our office staff, for the purpose of providing healthcare related services to you (as specified in section 2), to improve the services  offered  by  our organization (as specified in section 3) and any other use required by law (as specified in sections 4-6).
  2. We may have your PHI disclosed to us as a Business Associate of your healing professional to coordinate or manage your health care or to supply your healing professional with our products or services.
  3. We may use or disclose, as needed, and only if you provide us with your consent, your PHI in order to support the business activities of our organization. These activities include, but are not limited to, quality assessment activities, accreditation activities, and conducting or arranging for other business activities. 
  4. We may use or disclose your PHI to your healing professional or to government agencies  in the following situations without your authorization as required by law: mandatory reporting of abuse, “duty to warn” situations regarding threats of serious and imminent harm made by patients (State laws vary as to whether such a warning is mandatory or permissible).
  5. Under the law, we must make disclosures to you when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of § 164.500.
  6. Other permitted and required uses and disclosures will be made only with your consent, authorization, or opportunity to object unless required by law. You may revoke this authorization, at any time, in writing, except to the extent that your physician or this organization has taken an action in reliance on the use or disclosure indicated in the authorization.


If you are a US resident in the United States, the following is a statement of your rights with respect to your PHI.

  • You have the right to inspect and copy your PHI. Under federal law, however, you may not inspect or copy the following records: information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and PHI that is subject to the law(s) that prohibits access to PHI.
  • You have the right to request a restriction of your PHI. This means you may ask us not to use or disclose any part of your PHI for the purposes of treatment, payment, or healthcare operations. You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes as described herein. Your request must state the specific restriction requested and to whom you want the restriction to apply. Our organization is not required to agree to a restriction that you may request. If our organization believes it is in your best interest to permit use and disclosure of your PHI, your PHI will not be restricted. You then have the right to use another Healthcare professional.
  • You have the right to request to receive confidential communications from us by alternative means or at an alternative location.
  • You may have the right to have our organization amend your PHI. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
  • You have the right to receive an accounting of certain disclosures we have made, if any, of your PHI.

You may complain to us or the Secretary of Health and Human Services if you believe we have violated your privacy rights. You may file a complaint with us  by emailing us at privacy@upheal.io. We will not retaliate against you for filing a complaint.


We are required by law to maintain the privacy of PHI and to provide individuals with these notices regarding our legal duties and privacy practices with respect to PHI. If you have any questions concerning, or objections to, this Policy and Notice, please ask to speak with us by email at privacy@upheal.io.


We work to protect ourselves from unauthorized access to or unauthorized alteration, disclosure, or destruction of information we hold. In the unlikely event of a breach of unsecured PHI, we are required by law to notify affected individuals.


Associated companies with whom we may do business are given only enough information to satisfy reporting, safety, and efficacy requirements.