Effective date: April 8, 2026
Important
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices ("Notice") describes how the Pepvio Medical Group and its affiliated licensed healthcare providers (collectively, "we," "our," or "the Medical Group"), together with Vio Platform LLC d/b/a Pepvio ("Pepvio") acting as a HIPAA Business Associate, may use and disclose your protected health information ("PHI") to carry out treatment, payment, and healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI.
We are required by law to maintain the privacy of your PHI, provide you with this Notice of our legal duties and privacy practices, notify you following a breach of unsecured PHI, and abide by the terms of this Notice currently in effect.
We may use and disclose your PHI for the following purposes:
We may use and disclose PHI to provide, coordinate, and manage your healthcare and any related services. This includes the coordination of care between licensed healthcare providers, compounding pharmacies, and other parties involved in your treatment. For example, we may share your intake responses, medical history, and prescription information with a 503A or 503B compounding pharmacy that fills your prescription.
We may use and disclose PHI to obtain payment for the services we provide. For example, we may share information with payment processors to process subscription charges, or provide information to confirm that a service is covered under our pricing.
We may use and disclose PHI for our healthcare operations, including quality improvement activities, training, audits, business planning, and customer service. For example, we may use your information to evaluate the quality of care provided through the Pepvio platform and to improve our intake process.
We may use and disclose PHI when required to do so by federal, state, or local law, including for public health activities, reporting suspected abuse or neglect, judicial and administrative proceedings, law enforcement requests, organ donation, research (with appropriate authorization), serious threats to health or safety, and specialized government functions.
We may disclose PHI for public health activities, including: preventing or controlling disease, injury, or disability; reporting births and deaths; reporting child abuse or neglect; reporting reactions to medications or problems with products; notifying people of recalls; and notifying a person who may have been exposed to a disease.
We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure.
We may use and disclose PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
We may share PHI with our business associates that perform functions on our behalf, including hosting, payment processing, email delivery, identity verification, and software services. All business associates are bound by written Business Associate Agreements that require them to safeguard your PHI in accordance with HIPAA.
We may disclose PHI for workers' compensation or similar programs that provide benefits for work-related injuries or illness.
If you are involved in a lawsuit or dispute, we may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
We may disclose PHI for law enforcement purposes, including in response to a court order, subpoena, warrant, summons, or similar process; to identify or locate a suspect, fugitive, material witness, or missing person; about the victim of a crime; about a death we believe may be the result of criminal conduct; about criminal conduct on our premises; and in emergency circumstances to report a crime.
We may disclose PHI to coroners, medical examiners, and funeral directors as necessary for them to perform their duties.
Under certain circumstances, we may use and disclose PHI for research purposes. All research projects involving PHI must be approved through a formal research approval process.
We may disclose PHI for specialized government functions, such as military and veterans activities, national security and intelligence activities, protective services for the President and others, and inmates in correctional institutions.
Most uses and disclosures of PHI not described above will only be made with your written authorization. Specifically, we will obtain your written authorization for:
You may revoke your authorization in writing at any time, except to the extent that we have already taken action in reliance on it. To revoke an authorization, send a written request to hipaa@pepvio.com.
You have the right to inspect and obtain a copy of your PHI in our designated record set. To request access, contact records@pepvio.com. We will respond within the timeframe required by law (generally 30 days). We may charge a reasonable cost-based fee for copying and delivery, as permitted by law. We may deny your request in limited circumstances, in which case we will explain the reason for denial and your right to have the denial reviewed.
If you believe that your PHI is incorrect or incomplete, you have the right to request that we amend the information. Send your written request to records@pepvio.com and include the reason for the amendment. We may deny your request if the information is accurate and complete, was not created by us, is not part of the designated record set, or is not the type of information that is allowed to be amended. If we deny your request, we will provide the reason in writing and you may submit a statement of disagreement.
You have the right to request an accounting of disclosures we have made of your PHI for purposes other than treatment, payment, healthcare operations, or certain other excluded categories. The accounting will cover up to six (6) years prior to the date of your request. Submit your request to records@pepvio.com. The first accounting in any 12-month period is free; we may charge a reasonable fee for additional requests.
You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except that we must agree to a request to restrict disclosure of PHI to a health plan if the disclosure is for payment or healthcare operations and the PHI pertains solely to a healthcare item or service for which you have paid out of pocket in full.
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may request that we contact you only by email or only at a specific phone number. We will accommodate reasonable requests.
You have the right to request a paper copy of this Notice at any time, even if you have agreed to receive it electronically. To request a paper copy, contact hipaa@pepvio.com.
You have the right to be notified following a breach of your unsecured PHI as required by the HIPAA Breach Notification Rule.
You have the right to opt out of fundraising or marketing communications. We do not currently use PHI for fundraising. For marketing communications based on PHI, we will obtain your authorization first.
To exercise any of your rights described in this Notice, contact us at hipaa@pepvio.com.
If you believe your privacy rights have been violated, you may file a complaint with us at hipaa@pepvio.com, or with the Secretary of the U.S. Department of Health and Human Services Office for Civil Rights:
You will not be retaliated against for filing a complaint.
We reserve the right to change this Notice and the privacy practices described in it at any time. The revised Notice will apply to PHI we already have about you as well as PHI we receive in the future. We will post the revised Notice on the Pepvio website and update the "Effective date" above. You may request a copy of the current Notice at any time.
For questions about this Notice or to exercise your rights: