1. Privacy Policy
PrescriberNow LLC ("PrescriberNow," "we," "us," or "our") operates the websites prescribernow.com and related subdomains, and provides a software and billing platform (the "Platform") that connects individuals seeking healthcare ("Patients") with independent, state-licensed healthcare providers ("Providers") and independent, state-licensed pharmacies ("Pharmacies"). This Privacy Policy describes how we collect, use, share, and protect personal information when you interact with the Platform.
PrescriberNow is not a healthcare provider, medical practice, or pharmacy. We do not provide medical advice, diagnosis, or treatment. Clinical services and the dispensing of medications are performed by independent third-party Providers and Pharmacies. Information protected by HIPAA that you provide for the purpose of receiving care is governed by Section 11 of this document (HIPAA Notice of Privacy Practices) and the Providers' and Pharmacies' own privacy notices.
2. Information We Collect
2.1 Information you provide
- Account information: name, email address, telephone number, mailing address, password.
- Patient intake information: demographics, contact information, date of birth, address, medical history, current medications, allergies, prior diagnoses, preferred pharmacy, the program or product you are seeking, your responses to safety-screening questions, and an electronic signature affirming the intake. We treat all of this as Protected Health Information ("PHI") under HIPAA once it is associated with you as a Patient.
- Pharmacy applicant information: business name, contact person, contact information, NCPDP number, state pharmacy license, DEA registration, pharmacist-in-charge details, services offered, states served, accreditations.
- Provider applicant information: name, professional credentials, contact information, NPI, DEA registration, state licenses, malpractice insurance, programs you are willing to cover, electronic signature on the Provider Services Agreement.
- Communications: messages you send us, support tickets, survey responses.
- Payment information: when applicable, payment-card information is collected and processed by our payment processor (Authorize.Net or Stripe). We do not store full card numbers on our servers.
2.2 Information collected automatically
- Device and usage data: IP address, browser type, operating system, referring URL, pages viewed, time and date of visit, click and scroll behavior.
- Cookies and similar technologies: see Section 5.
- Audit logs: for HIPAA compliance we maintain detailed access logs identifying every read, write, and update to PHI, including the identity of the user performing the action and the time of the action.
2.3 Information from third parties
We may receive information about you from credentialing databases (NPPES for Providers, NABP for Pharmacies), state licensing boards, background-check vendors, our payment processors, and partner pharmacies that refer you to our Platform using a referral code or QR code.
3. How We Use Information
We use the information described in Section 2 for the following purposes:
- To create, maintain, and secure your account.
- To route Patient intakes to qualified independent Providers and to route signed prescriptions to qualified independent Pharmacies.
- To verify the credentials of Providers and Pharmacies who apply to participate in the Platform.
- To process payments, refunds, and chargebacks.
- To provide customer support and respond to inquiries.
- To send you transactional communications about your account, intake status, prescriptions, and visits.
- To send you marketing communications, if you have consented to receive them. You may unsubscribe at any time.
- To maintain audit logs and demonstrate HIPAA compliance.
- To detect and prevent fraud, security incidents, and abuse of the Platform.
- To comply with legal obligations and to respond to lawful requests from government authorities.
- To improve, develop, and analyze the Platform (in de-identified or aggregated form only with respect to PHI).
4. When We Share Information
We share information only as described below. We do not sell personal information.
4.1 With Providers and Pharmacies
When you submit a Patient intake, we share your intake information with the independent Provider who reviews your request and with any Pharmacy to which your prescription is routed. These parties are separate covered entities under HIPAA and are responsible for their own privacy and security obligations.
4.2 With service providers (Business Associates)
We use service providers to host, secure, and operate the Platform. With respect to PHI, each of these service providers is bound by a Business Associate Agreement and contractual privacy and security obligations. These include: Google Workspace (Google LLC) for data storage and email under a signed Workspace HIPAA BAA; our payment processor (Authorize.Net or Stripe) for payment processing; our fax transmission service (FaxAge) for transmitting prescriptions to pharmacies; and our telecommunications and email infrastructure providers.
4.3 With your consent
We will share your information for any other purpose when you give us specific consent to do so.
4.4 For legal reasons
We may disclose information when required to comply with a subpoena, court order, or other valid legal process; to enforce our agreements; to protect the rights, property, or safety of PrescriberNow, our users, or others; or to investigate suspected fraud or violations of law.
4.5 In a corporate transaction
If PrescriberNow is involved in a merger, acquisition, financing, reorganization, or sale of all or a portion of its assets, your information may be transferred to the successor entity, subject to commercially reasonable confidentiality protections.
5. Cookies & Tracking
We use cookies and similar technologies to operate the Platform, to remember your preferences, to analyze usage, and to support marketing attribution. You can configure your browser to refuse cookies or to alert you when cookies are being sent. If you refuse cookies, some parts of the Platform may not function correctly.
We do not knowingly use cross-site tracking tools that share PHI with advertising networks. Advertising and conversion pixels, if any, fire only on non-PHI pages such as the public marketing landing page.
6. Security
We implement administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Our safeguards include encryption in transit and at rest, multi-factor authentication for staff accounts, role-based access controls, full audit logging of PHI access, periodic access reviews, breach response procedures, and security awareness training for personnel. No system is impenetrable, however, and we cannot guarantee absolute security.
7. Retention
We retain personal information and PHI for as long as required to provide the Platform, to comply with applicable law (including the HIPAA six-year minimum for medical records), to resolve disputes, and to enforce our agreements. When information is no longer needed for these purposes, we de-identify, archive, or delete it consistent with our retention schedule.
8. Your Rights
Subject to applicable law, you have the right to:
- Access the personal information we hold about you.
- Correct or update inaccurate or incomplete information.
- Request deletion of your information, subject to legal retention requirements (medical records cannot be deleted before the HIPAA retention period expires).
- Object to or restrict certain processing.
- Receive a copy of your information in a portable format.
- Withdraw consent for marketing communications.
- Lodge a complaint with the data protection authority in your jurisdiction.
To exercise these rights, contact us using the information in Section 16.
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we collect, the right to delete, the right to opt out of "sale" or "sharing" (we do not sell or share for cross-context behavioral advertising), and the right to non-discrimination for exercising these rights. PHI subject to HIPAA is exempt from CCPA.
9. Children's Privacy
The Platform is intended for users 18 years of age or older. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, contact us immediately and we will delete it.
10. Changes
We may update this Privacy Policy from time to time. When we make material changes, we will post the revised policy on this page, update the "Effective date" above, and, where required by law, notify you by email. Your continued use of the Platform after the effective date constitutes your acceptance of the revised policy.
11. HIPAA Notice of Privacy Practices
PrescriberNow LLC is required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") to maintain the privacy of your Protected Health Information ("PHI"), to provide you with this Notice of our legal duties and privacy practices with respect to PHI, and to abide by the terms of the Notice currently in effect.
For purposes of HIPAA, PrescriberNow operates as a Business Associate to the independent Providers and Pharmacies who use the Platform to deliver care to you. Each of those Providers and Pharmacies is a separate Covered Entity with its own Notice of Privacy Practices. You should review their Notices in addition to this one.
12. How PHI Is Used & Disclosed
12.1 Treatment
We use and disclose PHI to facilitate the treatment provided to you by independent Providers and Pharmacies. For example, when you submit a Patient intake, we transmit your intake to the reviewing Provider; when a Provider signs a prescription, we transmit that prescription to the routing Pharmacy.
12.2 Payment
We use and disclose PHI to bill for the services rendered by Providers and to process payments for those services. For example, we may use PHI to generate invoices, process credit-card payments, and apply discounts or refunds.
12.3 Healthcare operations
We use and disclose PHI for our healthcare operations, such as quality assessment, credentialing of Providers and Pharmacies, audits, training, and case management.
12.4 Required by law
We will disclose PHI when required to do so by federal, state, or local law (for example, in response to a court order, subpoena, or other lawful process).
12.5 Public health activities
We may disclose PHI to public health authorities for purposes such as preventing or controlling disease, reporting child abuse or neglect, reporting reactions to medications, reporting product defects, or notifying a person who may have been exposed to a communicable disease.
12.6 Health oversight activities
We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure actions.
12.7 Judicial and administrative proceedings
We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
12.8 Law enforcement
We may disclose PHI to a law enforcement official as required by law or in response to a valid subpoena.
12.9 Serious threats to health or safety
We may disclose PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
12.10 Other uses requiring your authorization
Most uses and disclosures of psychotherapy notes, marketing communications, and the sale of PHI will be made only with your written authorization. You may revoke an authorization at any time in writing, except to the extent we have already taken action in reliance on it.
13. Your Rights Under HIPAA
You have the following rights with respect to your PHI:
13.1 Right to inspect and copy
You have the right to inspect and obtain a copy of the PHI we maintain about you in a designated record set. We will provide the copy in the form and format you request if it is readily producible. We may charge a reasonable, cost-based fee.
13.2 Right to amend
You have the right to request that we amend PHI we maintain about you if you believe it is incorrect or incomplete. Your request must be in writing and must include the reason for the requested amendment.
13.3 Right to an accounting of disclosures
You have the right to receive a list of certain disclosures of your PHI we have made during the six years prior to your request. The list will not include disclosures for treatment, payment, healthcare operations, or other limited categories.
13.4 Right to request restrictions
You have the right to request a restriction on the PHI we use or disclose about you for treatment, payment, or healthcare operations. We are not required to agree to your request, except that we will agree to a request to restrict disclosure to a health plan if the disclosure is for payment or healthcare operations and the PHI pertains solely to a healthcare item or service that has been paid for out of pocket and in full.
13.5 Right to confidential communications
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location (for example, by mail to a P.O. box). We will accommodate reasonable requests.
13.6 Right to a paper copy of this Notice
You have the right to a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
13.7 Right to be notified of a breach
You have the right to be notified following a breach of unsecured PHI in the manner and within the timeframes required by HIPAA.
14. Breach Notification
In the event of a breach of unsecured PHI affecting you, we will notify you without unreasonable delay and no later than 60 days after discovery of the breach. The notification will describe what happened, what information was involved, what we are doing to investigate and mitigate the breach, and what steps you can take to protect yourself. We will also notify the Secretary of Health and Human Services and, where the breach affects more than 500 residents of a state, the media in that state, as required by 45 CFR §§ 164.404, 164.406, and 164.408.
15. Complaints
If you believe your privacy rights have been violated, you may file a complaint with us using the contact information in Section 16, or with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights:
200 Independence Avenue, S.W., Washington, D.C. 20201
Toll-free: 1-877-696-6775
Online: www.hhs.gov/ocr/privacy/hipaa/complaints
We will not retaliate against you for filing a complaint.
16. Contact Us
If you have questions about this Privacy Policy or about how we handle your information, or to exercise any of the rights described in this document, contact us at:
Email: team@prescribernow.com
Website: prescribernow.com
Mailing address available upon written request.