Skip to main content

Effective 2026-01-01 · Last updated 2026-01-01 · 45 CFR § 164.520

Notice of Privacy Practices.

This notice describes how medical information about you may be used and disclosed and how you can get access to that information. Please review it carefully. Conceptual Healthcare Corporation and its eleven Conceptual Health® properties operate as a single Affiliated Covered Entity for purposes of this Notice.

1. Who this Notice covers.

This Notice applies to all Protected Health Information ("PHI") created or maintained by Conceptual Healthcare Corporation and the eleven Conceptual Health® properties: Guardian Orb™, Clinical, Provider AI, hc.exchange, Datavault, Pharmacy, Chain, University, Church, Social, and the marketing front door. We are a single HIPAA-covered entity for purposes of this Notice. Our affiliated providers are subject to the same Notice unless they have given you their own.

2. Uses and disclosures for treatment, payment, and health-care operations.

We may use and disclose your PHI without your specific authorization for the following standard purposes:

  • Treatment — sharing among your care team (clinicians, pharmacists, ordered laboratories, telehealth supervisors), coordination of care, refill authorization, referrals.
  • Payment — submitting claims to your insurer, eligibility checks, prior authorization, collection of co-pays.
  • Health-care operations — quality improvement, clinical training, audit and accreditation, business planning, fraud detection, internal compliance monitoring.

3. Other uses and disclosures permitted or required by law.

We may use or disclose PHI without your authorization in the following circumstances, subject to law:

  • Public health activities and required reporting (communicable disease, child or elder abuse, FDA adverse-event reports).
  • Health oversight activities (audits, investigations by HHS-OCR, state regulators).
  • Judicial and administrative proceedings under valid subpoena, court order, or analogous process.
  • Law enforcement when required by law, in response to a valid administrative request, or to identify a victim of a crime.
  • To avert a serious and imminent threat to health or safety.
  • Workers' compensation, in accordance with state law.
  • Coroners, medical examiners, and funeral directors.
  • Specialized government functions (military, national security, presidential protective services).

4. Uses and disclosures that require your written authorization.

The following uses require your specific written authorization, which you may revoke at any time in writing (revocation is not retroactive):

  • Marketing communications (other than face-to-face or promotional gifts of nominal value).
  • Sale of PHI (we do not sell PHI; this is included for completeness).
  • Most uses of psychotherapy notes.
  • Use of PHI for research, except where an Institutional Review Board has waived authorization or the information is fully de-identified.

Conceptual Health® does not sell PHI. The Master Equation™ axes that flow to the chain are derived from de-identified, aggregated, or cryptographically-attested records; the chain does not receive your underlying PHI. Where you opt in to the data economy through hc.exchange, the terms of that specific opt-in govern, and you may revoke at any time.

5. Your rights.

  • Right to access a copy of your designated record set, in paper or electronic form, within 30 days of request. Reasonable cost-based fees may apply for copies.
  • Right to request amendment of PHI you believe is inaccurate or incomplete.
  • Right to an accounting of disclosures for the six years preceding your request, excluding TPO disclosures.
  • Right to request restriction on uses and disclosures. We must agree if you pay out-of-pocket in full and ask us not to disclose to your health plan.
  • Right to confidential communications at an alternate address, phone, or channel.
  • Right to a paper copy of this Notice on request, even if you have agreed to receive it electronically.
  • Right to be notified of a breach of unsecured PHI affecting you.

6. Our obligations.

  • We are required by law to maintain the privacy and security of your PHI, to provide this Notice, and to abide by its terms currently in effect.
  • We must notify affected individuals following a breach of unsecured PHI.
  • We may not use or disclose your PHI in a manner inconsistent with this Notice unless required by law.
  • We reserve the right to change the terms of this Notice and to make the new Notice apply to all PHI we maintain. Material changes are posted to this page and announced by email and in-app at least 30 days before effect.

7. Breach notification.

In the event of a breach of unsecured PHI affecting you, we will notify you by first-class mail (or by email if you have agreed to electronic notice) without unreasonable delay and in any event within sixty (60) calendar days of discovery, in compliance with 45 CFR §§ 164.404 – 164.410. Notice will include what happened, what was involved, what steps you should take to protect yourself, what we are doing in response, and how to contact us.

8. Complaints.

You may file a complaint with us, with the Patient Ombudsperson, or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint. To file with HHS-OCR: hhs.gov/hipaa/filing-a-complaint or 1-800-368-1019, TDD 1-800-537-7697.

9. Contact.

Privacy Officer · Conceptual Healthcare Corporation · 720 Harbor Blvd, Destin, FL 32541 · privacy@conceptualhealth.com · 1-800-CHC-PRIV. Patient Ombudsperson: ombuds@conceptualhealth.com (independent of management; reports to the Trust Council).