Notice of Privacy Practices
This Notice of Privacy Practices describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Sippa by Rhodes Med (“Sippa,” “Rhodes Med,” “we,” “us,” or “our”) provides physician-led midlife and menopause medical care for eligible adult women. We currently serve adult patients located in Utah.
This Notice applies to protected health information created, received, maintained, or transmitted by Sippa by Rhodes Med in connection with your medical care. This may include information collected through Athena, our patient management system, as well as information related to intake, scheduling, visits, prescriptions, labs, billing, patient communications, and follow-up care.
This Notice does not replace our Privacy Policy, which explains how we collect and use website, analytics, advertising, email, SMS/text, and other digital information.
1. Our Responsibilities
We are required by law to:
- Maintain the privacy and security of your protected health information.
- Give you this Notice explaining our legal duties and privacy practices.
- Follow the terms of the Notice currently in effect.
- Let you know if a breach occurs that may have compromised the privacy or security of your protected health information.
- Not use or share your protected health information in ways not described in this Notice unless you authorize us in writing or the law allows or requires it.
We may change the terms of this Notice at any time. Any changes may apply to information we already have and to information we receive in the future. The current Notice will be posted on our website.
2. Your Rights
When it comes to your protected health information, you have certain rights. This section explains your rights and some of our responsibilities.
You may ask to see or get a copy of your medical record
You may ask to see or receive an electronic or paper copy of your medical record and other protected health information we maintain about you.
We will provide a copy or summary of your health information, usually within the time required by law. We may charge a reasonable, cost-based fee when allowed by law.
You may ask us to correct your medical record
You may ask us to correct health information about you that you believe is incorrect or incomplete.
We may say no to your request, but we will explain why in writing within the time required by law.
You may request confidential communications
You may ask us to contact you in a specific way, such as by phone, email, patient portal, or at a specific address.
We will say yes to reasonable requests when required by law. Please understand that certain communication methods, such as ordinary email or SMS/text messaging, may not be fully secure.
You may ask us to limit what we use or share
You may ask us not to use or share certain health information for treatment, payment, or healthcare operations.
We are not required to agree to every request, and we may say no if it would affect your care or if the law allows us to continue the use or disclosure.
If you pay for a healthcare item or service out of pocket in full, you may ask us not to share information about that item or service with your health plan for payment or operations purposes. We will agree unless a law requires us to share that information.
You may request a list of certain disclosures
You may ask for a list of certain times we have shared your protected health information.
This is sometimes called an accounting of disclosures. We will include disclosures required by law, except for certain disclosures such as those related to treatment, payment, healthcare operations, and some other categories excluded by law.
You may get a copy of this Notice
You may ask for a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
You may choose someone to act for you
If you have given someone medical power of attorney, or if someone is your legal guardian, that person may be able to exercise your rights and make choices about your health information.
We may verify that the person has authority to act for you before taking action.
You may file a complaint
You may file a complaint if you believe your privacy rights have been violated. You may contact us at:
Sippa by Rhodes Med [email protected]
You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.
We will not retaliate against you for filing a complaint.
3. Your Choices
For certain health information, you may tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, tell us what you want us to do.
You may tell us whether to share information with family, friends, or others involved in your care
You may tell us whether we may share information with:
- A family member.
- A close friend.
- A caregiver.
- Another person involved in your care.
- Someone helping pay for your care.
If you are unable to tell us your preference, such as in an emergency or if you are unavailable, we may share information if we believe it is in your best interest and allowed by law.
Marketing
We generally need your written authorization before using or sharing your protected health information for marketing purposes, except where HIPAA allows otherwise.
This Notice does not prevent us from sending general communications allowed by law, such as appointment reminders, refill reminders, patient portal messages, treatment-related communications, or health-related information about Sippa services.
Marketing emails or SMS/text messages may also be governed by our Privacy Policy and any communication consent you provide.
Sale of health information
We will not sell your protected health information without your written authorization.
Fundraising
If we ever contact you for fundraising purposes, you may tell us not to contact you again. Sippa does not currently conduct fundraising communications.
4. How We May Use and Share Your Information
We may use and share your protected health information in the following ways.
To treat you
We may use and share your health information to provide, coordinate, or manage your medical care. Examples may include:
- Reviewing your intake information.
- Discussing your symptoms, history, medications, allergies, labs, or treatment goals.
- Creating a care plan.
- Prescribing medications when clinically appropriate.
- Ordering labs when clinically appropriate.
- Coordinating with pharmacies, labs, Athena, or other systems involved in your care.
- Communicating with other healthcare professionals involved in your care.
To run our healthcare operations
We may use and share your health information to operate Sippa, improve care, support staff, manage records, conduct quality review, train team members, and perform administrative activities. Examples may include:
- Reviewing care quality.
- Improving patient experience.
- Managing scheduling and follow-up.
- Supporting refill workflows.
- Reviewing safety and escalation protocols.
- Using Athena or other approved systems to manage patient operations.
- Conducting internal audits, compliance, and business operations.
To bill for services
We may use and share your health information to bill and collect payment.
Sippa is a cash-pay membership and does not bill insurance directly. However, we may use or share information for payment processing, receipts, documentation, billing records, membership administration, or patient-requested insurance self-submission documentation.
If labs, pharmacies, payment processors, or other third parties are involved, their billing practices may be separate from Sippa’s.
With business associates
We may share protected health information with vendors or service providers who perform services for us and who are required to protect the information.
These may include Athena, technology providers, billing or payment vendors, secure communication tools, administrative vendors, consultants, legal or compliance advisors, and other service providers.
When required by HIPAA, we use business associate agreements or other appropriate protections.
5. Other Uses and Disclosures Allowed or Required by Law
We may use or share your health information in other ways allowed or required by law.
Public health and safety
We may share health information for public health activities, such as:
- Preventing or controlling disease.
- Reporting adverse events or product issues.
- Reporting suspected abuse, neglect, or domestic violence when required or allowed by law.
- Preventing or reducing a serious threat to health or safety.
Health oversight activities
We may share information with health oversight agencies for activities authorized by law, such as audits, investigations, inspections, licensure, and compliance reviews.
Legal requirements
We may use or share information when required by federal, state, or local law.
Lawsuits and legal actions
We may share information in response to a court or administrative order, subpoena, discovery request, or other lawful process, if the legal requirements are met.
Law enforcement
We may share information for law enforcement purposes when allowed or required by law.
Medical examiners, coroners, and funeral directors
We may share information with a coroner, medical examiner, or funeral director when allowed or required by law.
Organ and tissue donation
If applicable, we may share information with organ procurement organizations or similar entities when allowed by law.
Workers’ compensation
We may share information for workers’ compensation claims or similar programs when allowed or required by law.
Research
We may use or share information for health research if the legal requirements are met.
Specialized government functions
We may share information for certain government functions, such as military, national security, protective services, or correctional institution purposes, when allowed or required by law.
7. Communications Through Athena, Email, and SMS/Text
Sippa uses Athena as its patient management system. Patient intake, patient portal messages, scheduling, forms, consent documents, visit-related communications, and certain care communications may occur through Athena.
We may also communicate with you through email, phone, SMS/text messaging, or other tools when appropriate and allowed.
Please understand:
- Ordinary email and SMS/text messaging may not be fully secure.
- You should avoid sending sensitive medical information by ordinary email or text unless specifically directed.
- Patient care communications should generally occur through Athena or another secure system provided by Sippa.
- You may opt out of marketing emails or marketing text messages, but we may still send non-marketing messages related to appointments, intake, care, billing, legal notices, safety, or other healthcare operations.
8. Minors
Sippa currently provides services to adults only.
Our services are not intended for minors under 18. If this changes, additional privacy practices may apply to minor patients, parents, guardians, or legally authorized representatives.
9. State Availability
Sippa currently serves eligible adult patients located in Utah.
Telehealth availability depends on state licensure, patient location, applicable law, clinical appropriateness, and operational availability.
10. Relationship to Other Policies
This Notice applies to protected health information related to your medical care.
Other Sippa policies may also apply, including:
- Privacy Policy.
- Terms of Use.
- Medical Disclaimer.
- Telehealth Consent information.
- Athena forms and consents.
- Membership or payment terms, when applicable.
11. Changes to This Notice
We may change this Notice at any time.
Any updated Notice may apply to health information we already have and to information we receive in the future. The current Notice will be posted on our website.
12. Contact Us
If you have questions about this Notice or want to exercise your privacy rights, please reach out.
Sippa by Rhodes Med [email protected]
You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.