Notice of Privacy Practices

Our Pledge Regarding Your Health Information

Kare Pharmacy is committed to protecting the privacy of your health information. We are required by law to maintain the privacy of protected health information (PHI), provide this Notice of our legal duties and privacy practices, and notify you following a breach of your unsecured PHI.

We are required to abide by the terms of this Notice currently in effect. We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI we maintain. Revised Notices will be posted in our pharmacy and on our website.

How We May Use and Disclose Your Health Information

The following categories describe different ways we may use and disclose your health information. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.

Treatment, Payment, and Healthcare Operations

• Treatment: We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This includes consultation with other healthcare providers regarding your treatment.
• Payment: We may use and disclose your PHI to obtain payment for healthcare services provided to you, including billing insurance companies and verifying coverage.
• Healthcare Operations: We may use and disclose your PHI for pharmacy operations, such as quality assessment, employee review, training, licensing, and conducting other business activities.

Uses and Disclosures Required or Permitted by Law

• As Required by Law: We will disclose your PHI when required to do so by federal, state, or local law.
• Public Health Activities: We may disclose your PHI for public health activities, including disease prevention, injury reporting, vital statistics, and public health surveillance.
• Health Oversight Activities: We may disclose your PHI to health oversight agencies for audits, investigations, inspections, and licensure.
• Judicial and Administrative Proceedings: We may disclose your PHI in response to a court order, subpoena, warrant, summons, or similar process.
• Law Enforcement: We may disclose your PHI for law enforcement purposes as required by law or in response to a valid subpoena.
• Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of others.
• Specialized Government Functions: We may disclose your PHI for military, national security, protective services, and government benefit determinations.
• Workers' Compensation: We may disclose your PHI to comply with workers' compensation laws.
• Coroners, Medical Examiners, and Funeral Directors: We may disclose PHI to identify a deceased person or determine cause of death.

Uses and Disclosures Requiring Authorization

Other uses and disclosures of your PHI will be made only with your written authorization, including uses and disclosures:

• For marketing purposes that involve financial remuneration
• That constitute a sale of PHI under HIPAA
• Of psychotherapy notes (if applicable)
• For any other purpose not described in this Notice

You may revoke an authorization at any time in writing, except to the extent that we have already taken action based on the authorization.

Special Protections for Certain Health Information

Reproductive Health Information: We will not use or disclose your reproductive health information without your written authorization, except as required for treatment, payment, healthcare operations, or as otherwise required by law. We will not disclose reproductive health information in response to requests that may be related to investigations or legal proceedings regarding reproductive healthcare.

Substance Use Disorder Records: If we maintain substance use disorder treatment records, these records have additional federal protections under 42 CFR Part 2 and will not be disclosed without your written consent except in limited circumstances.

Your Rights Regarding Your Health Information

You have the following rights regarding your PHI:

Right to Access

You have the right to inspect and receive a copy of your PHI that we maintain, with certain exceptions. You must submit your request in writing. We may charge a reasonable fee for copying, mailing, or other costs associated with your request.

Right to Amend

You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. Your request must be in writing and include a reason for the amendment. We may deny your request under certain circumstances.

Right to an Accounting of Disclosures

You have the right to request a list of certain disclosures we have made of your PHI. This list will not include disclosures for treatment, payment, healthcare operations, disclosures made to you, or disclosures made with your authorization.

Right to Request Restrictions

You have the right to request restrictions on how we use and disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request, except when you request that we not disclose PHI to your health plan for payment or healthcare operations purposes if you have paid for the item or service out of pocket in full.

Right to Request Confidential Communications

You have the right to request that we communicate with you about your health matters in a certain way or at a certain location. We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

Right to Choose Someone to Act for You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will verify the person has this authority before we take any action.

Right to Notification of Breach

You have the right to be notified if there is a breach of your unsecured PHI. We will notify you promptly if such a breach occurs that may have compromised the privacy or security of your information.

How We Protect Your Health Information

We maintain appropriate administrative, technical, and physical safeguards to protect your PHI against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.

Administrative Safeguards

• Designated privacy and security officers
• Workforce training and access management
• Minimum necessary access policies
• Sanctions for policy violations
• Regular risk assessments

Physical Safeguards

• Facility access controls and monitoring
• Workstation security policies
• Device and media controls
• Secure disposal procedures

Technical Safeguards

• Unique user identification and strong authentication
• Encryption of PHI in transit and at rest
• Automatic logoff and access controls
• Audit logs and integrity controls
• Secure transmission protocols

Business Associate Protections

We require all business associates who receive your PHI to agree in writing to protect your information with safeguards similar to ours. They must also agree to notify us of any breaches of your PHI.

Breach Notification

In the event of a breach of your unsecured PHI, we will notify you within 60 days of discovery of the breach. The notification will include:

• A description of what happened and when
• The types of information involved
• Steps you should take to protect yourself
• What we are doing to investigate and mitigate harm
• Contact information for questions

Marketing and Communications

Refill Reminders and Treatment Communications: We may contact you with refill reminders, treatment alternatives, or health-related benefits and services. These communications are part of treatment and are not considered marketing.

Marketing Requiring Authorization: We will not use or disclose your PHI for marketing purposes that involve financial remuneration without your written authorization. You have the right to opt out of any marketing communications.

Fundraising: We do not use PHI for fundraising purposes.

Cookies and Website Analytics

We use session identifiers and analytics tools to improve our website and services. These technologies help us:

• Keep you logged in during your visit
• Understand how visitors use our website
• Improve website performance and user experience
• Remember your preferences

We do not use cookies to track your personal health information or share analytics data with third parties for advertising purposes. All IP addresses are anonymized before storage.

Third-Party Services

We work with trusted third-party services to provide certain features:

• Form Processing: We use secure form services to collect and process contact, refill, and transfer requests
• Email Services: For sending prescription reminders and communications
• Professional Verification: To verify prescriber credentials and licenses

External Links: Our website may contain links to third-party services (such as BriskMD for telehealth). When you click these links, you leave our website and are subject to the third party's privacy policy. We do not share your information with these external services.

How to Exercise Your Rights

To exercise any of your rights described in this Notice, please contact our Privacy Officer using the information below. Most requests must be made in writing. We will provide you with the necessary forms upon request.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. You will not be penalized or retaliated against for filing a complaint.

Minimum Necessary Standard

We follow the "minimum necessary" standard when using or disclosing your PHI. This means we limit access to PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. This standard does not apply to:

• Disclosures to or requests by healthcare providers for treatment
• Uses or disclosures made to you
• Uses or disclosures made pursuant to your authorization
• Uses or disclosures required by law
• Uses or disclosures required for compliance with HIPAA

State and Federal Law

This Notice describes our practices under federal HIPAA law. Some states have additional or more stringent privacy protections. When state law provides greater privacy protections than federal law, we follow the more protective state law requirements.

Virginia and North Carolina Laws: As we operate in Virginia and North Carolina, we comply with all applicable state privacy laws in these jurisdictions, including any requirements that exceed federal HIPAA protections.

Information We Collect for Non-Healthcare Services

Website and Digital Services

• Session identifiers and authentication tokens
• Analytics data (page views, clicks, anonymized IP addresses)
• Form submissions (contact requests, feedback)
• Browser type and device information

Business Services

• Career applications and employment records
• Referral program participant information
• Heroes discount program applications
• Email preferences and marketing consents
• Business partner and vendor information

Prescriber-Specific Privacy Practices

For healthcare providers using our prescriber portal, we collect and use additional information:

Information Collection

• National Provider Identifier (NPI) and DEA numbers
• Medical specialty and practice information
• Professional contact information and preferred communication methods
• Prescribing patterns and preferences for inventory management
• Participation in educational programs and clinical initiatives

Marketing and Communications

With your consent provided during registration, we may:

• Send updates about new pharmaceutical products and compounding services
• Share educational materials and continuing education opportunities
• Provide information about drug recalls, shortages, and formulary changes
• Invite you to participate in clinical programs and quality improvement initiatives
• Send newsletters with pharmacy news and healthcare updates

You may opt out of non-essential marketing communications at any time by contacting us or using the unsubscribe link in our emails.

Data Retention

We retain your information only as long as necessary to provide services and comply with legal obligations:

• Medical and prescription records: Minimum 7 years as required by law
• Employment applications: 2 years
• Marketing communications: Until you unsubscribe
• Website analytics: 2 years
• Financial and insurance records: 7 years

Service Area

Kare Pharmacy is licensed to provide pharmaceutical services in Virginia and North Carolina. Our services are intended for residents of these states. Prescriptions and pharmaceutical services can only be provided to patients physically located in these states.

Children's Privacy

Our services are not intended for children under 18 years of age without parental or guardian involvement. We do not knowingly collect personal information from children under 18 without appropriate parental consent. Prescription services for minors require parent or guardian authorization.

Virginia Privacy Rights

If you are a Virginia resident, you may have additional rights under Virginia law, including:

• The right to access your personal data
• The right to correct inaccuracies in your personal data
• The right to delete personal data
• The right to obtain a copy of your personal data
• The right to opt out of targeted advertising (we do not engage in targeted advertising)

To exercise these rights, please contact us using the information below.

Contact Us

If you have questions about this Privacy Policy or your privacy rights, please contact us:

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.