top of page

Privacy Policy

Last Updated: 2026.2

1. OUR PRIVACY COMMITMENT

Hankins Hormonal Health (“Practice”) provides elite, confidential care. This document serves as both our Website Privacy Policy and our HIPAA Notice of Privacy Practices (NPP). We comply with the Health Insurance Portability and Accountability Act (HIPAA) and the February 2026 updates to 42 CFR Part 2 regarding sensitive health records.

 

2. INFORMATION COLLECTION & USE

  • Health Records: We collect medical history, lab results, and biometric data to provide personalized care.

  • Telehealth Data: Consultations are conducted over encrypted, HIPAA-compliant platforms. We do not record video sessions without separate written consent.

  • Payment: Securely processing your concierge membership or consultation fees.

  • PDMP Reporting: As a prescriber of controlled substances (e.g., Testosterone), we are legally required to report prescriptions to the State Prescription Drug Monitoring Program (PDMP).

  • Special Protection for Sensitive Records (2026 Requirement): In compliance with 42 CFR Part 2, any records related to substance use disorder (SUD) are subject to heightened protections. These records—and any testimony relaying their content—will not be used or disclosed in civil, criminal, administrative, or legislative proceedings against you without your specific written consent or a qualifying court order.

 

3. YOUR RIGHTS UNDER HIPAA

  • Right of Access: You may request a digital copy of your medical records. Per 2026 standards, we provide these in a secure format within 15 days of your request.

  • Right to Accounting: You may request a list of times we’ve shared your health info for reasons other than treatment or payment.

  • Right to Restrict: You have the right to request that we do not share your treatment info with your health insurance plan (as a cash-pay practice, we honor this by default).

  • Right to Breach Notification: We will notify you immediately following any breach of unsecured Protected Health Information (PHI).

  • Redisclosure Warning: Please be advised that PHI disclosed in accordance with this notice may be subject to redisclosure by the recipient (such as a third-party health app you choose to use) and may no longer be protected by federal HIPAA regulations.

  • Right to Amend: You may request in writing that we correct health information in your record that you believe is inaccurate or incomplete. We will respond to your request within 60 days.

 

4. WEBSITE & DIGITAL DATA

  • SMS/Text Consent: By providing your phone number, you grant "express written consent" for appointment reminders, lab alerts, and shipping updates.

  • Opt-Out: Reply "STOP" to any message to revoke consent. We do not share mobile data with third parties for marketing.

  • Cookies: We use minimalist "Performance Cookies" to improve the user experience for our high-performing clients.

  • No Data Selling: We never sell your personal, biometric, or health data to AI aggregators or data brokers.

  • Email Marketing: By subscribing to our newsletter, you grant consent to receive clinical briefings, blog updates, and practice announcements.

  • Opt-Out Newsletter: Every newsletter includes an "Unsubscribe" link. You may also revoke consent at any time by contacting the Practice directly.

  • Data Retention: We retain newsletter subscription data only as long as your consent is active. If you unsubscribe, your email data is purged from our active marketing lists within 30 days.

 

5. DATA SHARING WITH THIRD PARTIES

We only share your information with necessary fulfillment partners:

  • Accredited Laboratories: To process your diagnostic bloodwork.

  • Compounding Pharmacies: To fulfill and ship your personalized medications.

  • Regulatory Databases: As required for controlled substance reporting.

  • Email Service Providers: We share your name and email address with our secure email platform (Wix) solely to deliver the newsletter and practice updates you have requested.

  • No Third-Party Marketing: We do not sell or share our email list with third-party advertisers or pharmaceutical marketing companies.

 

6. SECURITY & BREACH NOTIFICATION

We utilize 256-bit encryption and Multi-Factor Authentication (MFA). In the unlikely event of a data breach, we will notify you in accordance with federal law and HITECH Act requirements.

 

7. DISCLOSURES REQUIRED BY LAW

We share information only when required by law, such as responding to a valid court order, subpoena, or mandatory state reporting for controlled substances.

 

8. CONTACT & COMPLAINTS

If you believe your privacy rights have been violated, contact our Privacy Officer via the Practice website.

You may also file a formal complaint with the U.S. Department of Health and Human Services Office for Civil Rights by visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

bottom of page