HIPAA Notice of Privacy Practices

Legal · HIPAA

Notice of Privacy Practices

Effective Date: May 6, 2026 · Last Updated: May 6, 2026

1. Covered entity statement

Vita Health 365 is a HIPAA-covered entity. This means we follow the privacy and security rules set by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the HITECH Act. This notice explains how we may use and share your protected health information (PHI) and what rights you have.

PHI is information about your health, the care you receive, and payment for that care that can be linked to you personally. We are required by law to maintain the privacy of your PHI and to give you this notice.

2. Uses and disclosures for treatment, payment, and operations

We may use and share your PHI without your written permission for the following purposes:

Treatment. We use your health information to provide, coordinate, and manage your care. For example, your provider may review your medical history during a telehealth visit, or share information with a specialist who is helping with your care.
Payment. We may use your information to bill you for services. Even though we are a self-pay practice, we may share information with your FSA or HSA provider if needed to process your payment.
Healthcare operations. We may use your information to run our practice, improve quality of care, train staff, conduct audits, and meet our legal obligations.

3. Uses and disclosures required by law

We are required to share your PHI when:

Ordered by a court or administrative tribunal.
Required by federal, state, or local law (for example, reporting certain diseases to public health authorities).
Requested by the U.S. Department of Health and Human Services to investigate our compliance with HIPAA.

4. Other permitted uses and disclosures

We may also use or share your PHI without your permission in these situations:

Public health activities. Reporting disease, injury, vital events, or FDA-related issues.
Judicial and administrative proceedings. In response to a court order, subpoena, or other lawful process.
Law enforcement. As required by law, such as reporting certain types of wounds or injuries, or in response to a valid warrant.
Coroners, medical examiners, and funeral directors. To help identify a deceased person or determine cause of death.
Organ and tissue donation. To organizations that handle organ procurement, banking, or transplantation.
Research. Under certain conditions approved by an institutional review board or privacy board.
Specialized government functions. For military, national security, or intelligence activities as authorized by law.
Workers' compensation. As authorized by workers' compensation laws.
Abuse and neglect. Reporting suspected abuse, neglect, or domestic violence to appropriate government authorities.
To prevent serious harm. If we believe disclosure is necessary to prevent a serious and imminent threat to your health or safety or the health or safety of others.

For any use or disclosure not described in this notice, we will ask for your written authorization. You may revoke your authorization at any time in writing, but this will not affect any information we already shared based on your earlier permission.

5. Your rights

Under HIPAA and California law, you have these rights regarding your PHI:

Right to access. You may request a copy of your medical records. We will provide them within 30 days (or 15 days for electronic records, as required by California law). We may charge a reasonable fee for copies.
Right to amendment. If you believe your records contain an error, you may ask us to correct it. We may deny the request in certain cases, but we will explain why and tell you how to respond.
Right to an accounting of disclosures. You may request a list of certain disclosures we have made of your PHI in the past six years. This does not include disclosures for treatment, payment, operations, or disclosures you authorized.
Right to request restrictions. You may ask us to limit how we use or share your PHI. We are not required to agree to all requests, but we must agree if you ask us not to share information with your health plan for services you paid for in full out of pocket.
Right to confidential communications. You may ask us to contact you in a specific way or at a specific location. For example, you may ask us to call you only on your mobile phone.
Right to a paper copy. You may request a paper copy of this notice at any time, even if you previously agreed to receive it electronically.

To exercise any of these rights, contact us at hello@vitahealth365.com.

6. Breach notification

If a breach of your unsecured PHI occurs, we will notify you as required by HIPAA and California law. Notification will be made without unreasonable delay, and no later than 60 days after we discover the breach. If the breach affects 500 or more California residents, we will also notify the U.S. Department of Health and Human Services and major media outlets in the state.

7. California Medical Information Act (CMIA)

In addition to HIPAA, the California Medical Information Act (CMIA) provides extra protections for your health information. Under the CMIA:

Mental health records, HIV/AIDS test results, genetic information, and reproductive health information receive additional protections beyond federal HIPAA requirements.
Your medical information generally cannot be shared without your written authorization, except as specifically permitted by California law.
You may bring a private lawsuit for violations of the CMIA, including potential statutory damages.

We follow both HIPAA and the CMIA. When the CMIA provides greater protection than HIPAA, we follow the CMIA.

8. Complaints

If you believe your privacy rights have been violated, you may:

File a complaint with us by emailing hello@vitahealth365.com.
File a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at hhs.gov/hipaa/filing-a-complaint.
File a complaint with the California Department of Public Health.

We will not retaliate against you for filing a complaint.

9. Changes to this notice

We may change this notice at any time. Changes will apply to PHI we already have as well as new information. When we make a significant change, we will post the updated notice on our website and make paper copies available upon request. The effective date at the top of this page tells you when this version was last updated.

10. Contact

If you have questions about this notice or want to exercise your rights, contact our Privacy Officer:

HIPAA Compliance: hello@vitahealth365.com
Privacy: hello@vitahealth365.com
Mailing: Vita Health 365, 2064 Marengo St, Suite 600, Los Angeles, CA 90033