PRIVACY POLICY

1. Introduction & Scope

This Privacy Policy (the "Policy") applies to personal and health information collected by Primal Peak Performance ("Primal Peak," "we," "us," or "our") through our websites, telemedicine portals, patient portals, scheduling systems, and related services (collectively, the "Services").

It describes how we collect, use, disclose, safeguard, and retain information — including protected health information ("PHI") as defined under the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations (45 C.F.R. Parts 160–164).

2. Definitions

"Personal Information" means information that identifies an individual, including name, address, email, phone, and billing information.

"PHI" means individually identifiable health information held or transmitted by Primal Peak in any form, created or received while providing healthcare services, that relates to an individual's past, present, or future physical or mental health condition, the provision of healthcare, or payment for healthcare.

3. Information We Collect

• Personal Information you provide: name, address, email, phone, date of birth, emergency contact, billing information, medical history, symptoms, clinical data, and prescription/treatment information.
• Electronic identifiers & usage data: IP address, device identifiers, browser type, pages visited, session duration, and similar analytics.
• Communications data: messages, emails, voicemails, and other communications to and from Primal Peak.
• Cookies & tracking technologies: used to authenticate users, improve the Services, and analyze usage.

4. How Information Is Used

• Provide, coordinate, and manage telemedicine and related healthcare services.
• Process appointments, prescriptions, lab orders, and follow-up care.
• Communicate with you regarding treatment, payment, and administrative matters.
• Improve and personalize the Services; perform analytics; maintain and secure systems.
• Comply with legal, regulatory, and accreditation requirements, including HIPAA.

5. HIPAA Compliance & Use/Disclosure of PHI

Primal Peak is a HIPAA-covered entity. We use and disclose PHI as permitted or required by HIPAA, including:

• For treatment, payment, and healthcare operations without patient authorization.
• To individuals or their personal representatives as required by law.
• To public health authorities, law enforcement, or other entities when mandated by law.
• For research where permitted under HIPAA and applicable law.

We require all business associates to enter into a Business Associate Agreement (BAA) that mandates HIPAA compliance.

6. Patient Rights

Under HIPAA and applicable state law, patients have rights regarding their PHI, including the right to:

• Access and obtain a copy of their PHI.
• Request amendments to PHI.
• Receive an accounting of disclosures of PHI.
• Request restrictions on certain uses and disclosures of PHI.
• Request confidential communications.
• Obtain a copy of Primal Peak's Notice of Privacy Practices upon request.

7. Security

We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of Personal Information and PHI, including encryption, access controls, secure passwords, and regular risk assessments consistent with HIPAA's Privacy and Security Rules.

8. Third-Party Services & Links

The Services may integrate or link to third-party vendors (e.g., analytics, teleconferencing, payment processors). We require that third-party vendors handling PHI enter into appropriate agreements requiring HIPAA compliance.

9. Data Retention

We retain Personal Information and PHI only as long as necessary to fulfill the purposes for which it was collected, to meet legal, regulatory, and contractual obligations, and to resolve disputes.

10. Minors

Our Services are not directed to individuals under 18. We do not knowingly collect Personal Information or PHI from minors without lawful consent.

11. Changes to This Policy

We may modify this Policy to reflect changes in legal requirements or our practices. Material changes will be posted with a revised effective date.

12. Contact Information

If you have questions about this Policy or wish to exercise privacy rights, contact our Privacy Officer: