Port MD+ ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information — including your protected health information (PHI) — when you use the Port MD+ service.
Port MD+ is a medical practice. Your health information is subject to the Health Insurance Portability and Accountability Act (HIPAA). This policy describes both our general privacy practices and our HIPAA-specific obligations.
Our commitment: Your health information is never sold to third parties. It is used only to provide your care, improve clinical accuracy, and fulfill legal obligations.
Account information: Name, email address, and password when you create an account.
Health and clinical information: Medical history, current medications, known allergies, conditions, symptoms, and any other health information you provide during intake or triage. This is protected health information (PHI) under HIPAA.
Prescription and kit information: Your prescribed medications, kit contents, substitutions, and exclusions made by the physician.
Usage information: How you use the Service, including triage sessions, in-app navigation, and feature interactions. This is collected in aggregate and is not linked to your PHI.
Payment information: Payment card data is processed by our payment processor. We do not store full card numbers.
Communications: Any messages you send us via email, in-app messaging, or consultation features.
We use your information to:
We do not use your health information for advertising, marketing to third parties, or any purpose unrelated to your medical care.
Port MD+ is a covered entity under HIPAA. Your protected health information (PHI) is handled in accordance with HIPAA's Privacy Rule and Security Rule.
As a patient, you have the following rights regarding your PHI:
A full Notice of Privacy Practices (NPP), as required by HIPAA, is available upon request at [email protected].
We share your information only in the following circumstances:
Treatment: Your PHI may be shared with pharmacies, labs, or other providers involved in fulfilling your prescription or providing your care, as permitted by HIPAA's treatment exception.
Service providers: We use third-party vendors to operate the Service, including cloud infrastructure, database hosting, email delivery, and payment processing. These vendors are bound by Business Associate Agreements (BAAs) under HIPAA and are prohibited from using your PHI for their own purposes.
Legal requirements: We may disclose your information when required by law, regulation, court order, or governmental authority, or when necessary to protect the safety of you or others.
Business transfers: If Port MD+ is acquired or merges with another entity, your information may be transferred as part of that transaction. You will be notified of any such transfer and the privacy practices of the new entity.
With your consent: We may share your information for any other purpose with your explicit written consent.
We do not sell, rent, or share your PHI for marketing or commercial purposes under any circumstances.
We implement administrative, physical, and technical safeguards to protect your PHI and personal information, consistent with HIPAA's Security Rule requirements. These measures include:
No security system is impenetrable. In the event of a breach affecting your PHI, we will notify you as required by the HIPAA Breach Notification Rule and applicable state law.
We retain your medical records for a minimum of 7 years from the date of last service, or longer if required by applicable state law. Account information is retained while your account is active and for a reasonable period thereafter in case of legal claims or regulatory requirements.
You may request deletion of your account and non-clinical data at any time. Medical records (PHI) cannot be deleted on request where retention is required by law.
The Port MD+ website uses minimal cookies necessary for the Service to function, including session authentication tokens. We do not use third-party advertising cookies or cross-site tracking.
We may use privacy-preserving analytics (aggregate, non-identifiable data) to understand how patients use the Service and to improve clinical workflows. This analytics data is not linked to your identity or PHI.
Port MD+ is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly. Contact us at [email protected] if you believe this has occurred.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify you by email or by a prominent notice in the app at least 14 days before the changes take effect. For significant changes to how we handle PHI, we will provide notice as required by HIPAA.
To exercise any of your privacy rights, request a copy of our Notice of Privacy Practices, report a privacy concern, or ask questions about this policy:
Port MD+ Privacy
[email protected]
To file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights, visit hhs.gov/ocr/privacy/hipaa/complaints. Filing a complaint will not result in any retaliation or adverse action against you.