Privacy Policy | ElinMed

Your Privacy Matters: ElinMed is committed to protecting your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with HIPAA and applicable federal and New York State laws.

Virtual Practice: ElinMed is a virtual-only cardiology practice operating in New York State. All services are provided via secure telemedicine.

1. Information We Collect

Protected Health Information (PHI)

We collect and maintain health information necessary to provide quality cardiac care, including:

Personal identifiers (name, date of birth, address, phone number, email)
Medical history and current health conditions
Medications and allergies
Test results and diagnostic information
Treatment plans and clinical notes
Payment and billing information

Technical Information

When you use our website and telemedicine platform, we may collect IP addresses, browser type, pages visited, and device information.

2. How We Use Your Information

Treatment

We use your health information to provide, coordinate, and manage your cardiac care — including virtual consultations, treatment plans, prescriptions, lab orders, and follow-up care.

Payment

We use your information for billing activities, including processing payments and providing superbills for insurance reimbursement.

Healthcare Operations

We may use de-identified information for quality improvement, staff training, and compliance with legal requirements.

3. How We Share Your Information

We will not share your health information without your written authorization except as permitted by HIPAA, including: coordinating care with other providers you designate; processing payments; complying with court orders or law enforcement requests; and preventing serious harm in emergencies.

All third-party vendors (EMR, billing services) are bound by Business Associate Agreements requiring them to protect your information.

4. Your Rights Under HIPAA

Right to Access: Request inspection and copies of your medical records (we respond within 30 days)
Right to Amend: Request correction of inaccurate or incomplete information
Right to Restrict: Request restrictions on how we use or share your information
Right to an Accounting: Request a list of certain disclosures we've made
Right to File a Complaint: File with us or with the HHS Office for Civil Rights — you will not be retaliated against

5. Telemedicine-Specific Privacy

We use HIPAA-compliant video conferencing with end-to-end encryption. We do not record telemedicine visits without your explicit written consent. To protect your privacy, please join from a private location using a secure internet connection.

6. Data Security

We implement encrypted data transmission and storage, secure password-protected medical records systems, limited access on a need-to-know basis, regular security assessments, and comprehensive staff privacy training.

7. Breach Notification

In the event of a breach of your unsecured health information, we will notify you within 60 days as required by law.

8. Contact Us

ElinMed — Privacy Officer: Christabel E. Nyange, MD, MPH
Email: privacy@elinmed.com | Phone: (555) 123-4567

To file a federal complaint: HHS Office for Civil Rights, 200 Independence Avenue S.W., Washington D.C. 20201 | 1-877-696-6775

Effective Date: January 8, 2025. This policy applies to all information collected from that date forward.