Privacy Policy

1. Overview

Omnia TeleHealth ("Omnia," "we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, patient portal, and telehealth services.

As a telehealth provider, we are a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We take our obligations under HIPAA and all applicable state and federal privacy laws seriously.

By using our services, you agree to the collection and use of information in accordance with this policy. Please read it carefully.

2. Information We Collect

Personal Identifying Information

When you create an account, book a visit, or contact us, we may collect:

• Full name, date of birth, and gender
• Email address, phone number, and mailing address
• Payment information (processed securely through our payment processor)
• State of residence (to confirm licensed provider availability)
• Username and password for your patient portal account

Protected Health Information (PHI)

In the course of providing telehealth services, we collect health-related information, including:

• Medical history, current medications, and known allergies
• Symptoms, conditions, and chief complaints described during consultations
• Clinical notes, diagnoses, and treatment plans created by our providers
• Prescription records and pharmacy information
• Photos or images you submit for clinical review (e.g., skin conditions)
• Any other health information you share with our clinical team

Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and general geographic location
• Browser type, operating system, and device type
• Pages visited, time spent on site, and referring URLs
• Cookie and session identifiers (see Section 7)

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve our telehealth services
• Verify your identity and eligibility for care in your state
• Facilitate consultations between you and our licensed providers
• Process payments and send appointment confirmations and reminders
• Transmit electronic prescriptions to your pharmacy
• Respond to your inquiries and provide customer support
• Comply with legal and regulatory obligations, including HIPAA
• Analyze site usage to improve our website and user experience
• Send health-related communications you have opted into

We do not sell your personal information or PHI to third parties. We do not use your health information for advertising or marketing purposes without your explicit consent.

4. HIPAA & Protected Health Information

As a HIPAA-covered entity, Omnia TeleHealth is required to maintain the privacy of your Protected Health Information (PHI) and to provide you with a Notice of Privacy Practices. This section summarizes your rights and our obligations; our full Notice of Privacy Practices is available upon request.

How We May Use and Disclose Your PHI

Under HIPAA, we are permitted to use and disclose your PHI for the following purposes without your authorization:

• Treatment: Sharing information with other healthcare providers involved in your care, or with our partner pharmacy (Belmar Pharma Solutions) to fulfill prescriptions.
• Payment: Processing payments for services rendered.
• Healthcare Operations: Quality assurance, compliance, training, and administrative activities necessary to operate our practice.
• As Required by Law: Reporting to public health authorities, responding to law enforcement requests, or complying with court orders as required by applicable law.

Uses Requiring Your Authorization

We will not use or disclose your PHI for the following purposes without your written authorization:

• Marketing purposes
• Sale of your PHI
• Psychotherapy notes (if applicable)
• Any other use not permitted under HIPAA without authorization

You may revoke a previously given authorization at any time in writing, except to the extent we have already acted in reliance on it.

5. How We Share Your Information

We may share your information in the following limited circumstances:

• Service Providers: With trusted vendors and partners who assist in operating our platform (e.g., our patient portal technology, payment processing, and secure messaging providers). These parties are bound by confidentiality agreements and may only use your information to perform services on our behalf.
• Prescriptions & Pharmacy: Your prescription information is shared with your chosen pharmacy, or with Belmar Pharma Solutions if you opt for our partner compounding pharmacy, solely to fulfill your prescription.
• Legal Requirements: We may disclose information if required to do so by law, in response to a valid subpoena or court order, or to protect the rights, property, or safety of Omnia TeleHealth, our patients, or others.
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information becomes subject to a different privacy policy.
• With Your Consent: We may share your information in other ways if you have given us explicit consent to do so.

We do not sell, rent, or trade your personal information or PHI to third parties for their own commercial purposes.

6. Data Security

We implement administrative, physical, and technical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. These include:

• End-to-end encryption for all data transmitted between you and our platform
• Secure, HIPAA-compliant servers and data storage
• Role-based access controls limiting staff access to PHI on a need-to-know basis
• Regular security risk assessments as required by HIPAA Security Rule
• Staff training on privacy and security practices

While we take extensive precautions, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to using industry best practices to protect your information.

In the event of a data breach affecting your PHI, we will notify you in accordance with HIPAA Breach Notification Rule requirements and applicable state law.

7. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyze site usage. Types of cookies we may use include:

• Essential cookies: Required for the website to function properly (e.g., session management, security tokens).
• Analytics cookies: Help us understand how visitors interact with our website so we can improve it. We use Google Analytics, deployed through Google Tag Manager, for this purpose.
• Advertising & marketing technologies: Our public marketing website uses the Meta (Facebook) Pixel, also deployed through Google Tag Manager, to measure the performance of our advertising and to reach people who have visited our site. These technologies may collect identifiers such as your IP address and the pages you view on our public website.
• Preference cookies: Remember your settings and preferences for future visits.

These advertising and analytics technologies operate on our public marketing website only. We do not use them to track your activity within the secure patient portal, and we do not intend for Protected Health Information to be transmitted to advertising or analytics networks. You can control cookie settings through your browser preferences, and you can opt out of interest-based advertising through tools such as the Network Advertising Initiative (optout.networkadvertising.org) and the Digital Advertising Alliance (optout.aboutads.info) opt-out pages. Disabling certain cookies may affect the functionality of our website.

8. Your Rights

Depending on your state of residence and applicable law, you may have the following rights regarding your personal information and PHI:

Under HIPAA

• Right to Access: Request a copy of your medical records and health information we hold.
• Right to Amend: Request corrections to inaccurate or incomplete PHI.
• Right to an Accounting of Disclosures: Request a list of certain disclosures we have made of your PHI.
• Right to Request Restrictions: Request restrictions on how we use or disclose your PHI (we are not always required to agree, but we will consider your request).
• Right to Confidential Communications: Request that we communicate with you about health matters in a specific way or at a specific location.
• Right to a Paper Copy of This Notice: Receive a printed copy of our Notice of Privacy Practices upon request.

General Privacy Rights

• Right to Know: Know what personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions (e.g., we may be required to retain medical records under state law).
• Right to Opt Out: Opt out of non-essential communications from us at any time.

To exercise any of these rights, please contact us using the information in Section 12 below. We will respond to verifiable requests within the timeframes required by applicable law.

9. Third-Party Services

Our website and services may integrate with or link to third-party platforms, including:

• Patient Portal: Our secure patient portal is operated by Healthie, Inc. on a HIPAA-compliant platform. Use of the portal is subject to Healthie's terms and privacy practices in addition to this policy.
• JotForm: We use JotForm to collect intake and visit request information. JotForm's privacy practices are governed by their own Privacy Policy. We have a Business Associate Agreement (BAA) in place with JotForm for HIPAA compliance.
• Payment Processing: Payment card information is processed through a PCI-DSS-compliant payment processor. We do not store full payment card numbers on our servers.
• Partner Pharmacy: Belmar Pharma Solutions may receive prescription information as necessary to fulfill compounded medication orders.
• Fullscript: If you choose to purchase supplements through our online dispensary, those orders are fulfilled through Fullscript. Information you provide to complete a purchase is handled under Fullscript's own Privacy Policy.
• Analytics & Advertising: We use Google (Google Analytics and Google Tag Manager) and Meta Platforms (the Facebook Pixel) on our public marketing website, as described in Section 7. These providers may process limited identifiers and website-activity data under their own privacy policies.

We are not responsible for the privacy practices of third-party websites or services that we do not control. We encourage you to review the privacy policies of any third-party services you use in connection with our platform.

10. Children's Privacy

Our services are intended for adults aged 18 and older. We do not knowingly collect personal information from individuals under the age of 18 without verifiable parental or guardian consent. If you believe we have inadvertently collected information from a minor, please contact us immediately at the information provided in Section 12 and we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Post a notice on our website or notify you by email if the changes are significant

Your continued use of our services after any changes to this policy constitutes your acceptance of the updated terms. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a privacy concern, please contact us: