AxisMD

HIPAA Notice of Privacy Practices

HIPAA Notice of Privacy Practices

Effective date: 6/5/2026

This notice describes how protected health information (PHI) about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Our pledge regarding your health information

AxisMD is committed to protecting your PHI. We create a record of the care and services you receive so that we can provide you with quality care and comply with legal requirements. This notice applies to all records of your care generated by AxisMD, whether by our clinicians, contracted pharmacies, or affiliated service providers.

How we may use and disclose your health information

  • For treatment. We use your PHI to provide and coordinate clinical services, including sharing it with the clinicians and pharmacies involved in your care.
  • For payment. We may use and disclose PHI to bill and collect payment for services rendered.
  • For healthcare operations. We may use PHI for activities necessary to run our practice, including quality improvement, compliance, audit, and clinician credentialing.
  • As required by law. We will disclose PHI when required by federal, state, or local law, including for public-health, workers’ compensation, or judicial purposes.
  • Recordings of telehealth visits. With your explicit consent, video visits may be recorded for medical record completeness and quality assurance. Recordings are stored with the same controls as the rest of your PHI and only accessed by authorised personnel.

Your rights

  • You may request access to your PHI at any time.
  • You may request an accounting of disclosures.
  • You may request that we amend information you believe is incorrect.
  • You may request restrictions on certain uses and disclosures.
  • You may request confidential communication via specific means.
  • You may revoke a prior authorisation, except where we have already acted in reliance on it.

Security safeguards

We implement administrative, technical, and physical safeguards: TLS in transit, encryption at rest, dual-consent recordings, role-based access, audit logging of every access to PHI, and regular vulnerability testing of our infrastructure.

Breach notification

In the unlikely event of a breach of unsecured PHI, we will notify you within 60 days as required by the HITECH Act and applicable state law.

Complaints

You may file a complaint with our Privacy Officer at privacy@axismd.local or with the U.S. Department of Health & Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

Changes to this notice

We reserve the right to update this notice. The current version will always be posted at /page/hipaa with the date last revised.

This document is provided for transparency. It is not legal advice. Please consult counsel before relying on it in a regulated context.

Last updated: 6/5/2026