Privacy Policy

1. Introduction

Welcome to Blue Rock Physicians Group (“Blue Rock Physicians Group,” “Blue Rock Physicians Group,” “we,” “us,” or “our”). Blue Rock Physicians Group is a physician-led management services organization (MSO) providing telemedicine consultations with board-certified MDs, DOs, NPs, and nurses across all 50 states through our website at www.bluerockphysiciansgroup.com (the “Site”) and related platforms (collectively, the “Services”).

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use our Services, visit our Site, communicate with us, or otherwise interact with Blue Rock Physicians Group. This Privacy Policy applies to all users of our Services, including patients, caregivers, healthcare facility administrators, and visitors to our Site.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our Services. This Privacy Policy is incorporated into and subject to our Terms of Service.

We are a HIPAA-covered entity as a licensed pharmacy. To the extent that any information we collect constitutes Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), our use and disclosure of that information is governed by HIPAA and our Notice of Privacy Practices, as described further in Section 5 of this Privacy Policy.

2. Information We Collect

We collect information from and about you in several ways, including information you provide directly, information collected automatically, and information obtained from third parties.

2.1 Information You Provide Directly

When you use our Services, create an account, place an order, request a prescription transfer, schedule a telehealth appointment, or otherwise communicate with us, we may collect the following categories of information:

• Account and Identity Information. Your name, date of birth, gender, mailing address, email address, phone number, username, password, and other registration details.
• Health and Medical Information. Prescription information, medication history, medical conditions, allergies, physician and prescriber information, health insurance details, and other health-related information necessary to provide pharmacy and telehealth services.
• Payment and Financial Information. Credit card numbers, debit card numbers, billing addresses, and other payment details necessary to process transactions. Payment information is processed through our third-party payment processors and is not stored on our servers in full.
• Insurance Information. Health insurance plan details, policy numbers, group numbers, and related information used for claims processing and billing.
• Communications. Information contained in messages you send to us via email, phone, SMS, live chat, or other communication channels, including the content of those communications and any attachments.
• Identification Documents. Government-issued identification, insurance cards, and other documentation you provide for identity verification or regulatory compliance purposes.
• Facility Information. For healthcare facility clients, information about the facility, its residents, staff contacts, and operational details relevant to providing our long-term care pharmacy services.

2.2 Information Collected Automatically

When you access our Site or use our Services, we automatically collect certain information about your device and usage, including:

• Device Information. Hardware model, operating system and version, unique device identifiers, browser type and version, language preferences, and mobile network information.
• Usage Information. Pages viewed, links clicked, time spent on pages, referring URLs, search queries entered on our Site, and other interactions with our Services.
• Log Data. Internet Protocol (IP) address, access times, date and time stamps, error logs, and other diagnostic data generated when you access our Services.
• Location Information. General geographic location derived from your IP address. We do not collect precise geolocation data unless you expressly consent.

2.3 Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity and to improve your experience on our Site. The types of cookies we use include:

• Strictly Necessary Cookies. Required for the operation of our Site, such as session management and security cookies.
• Functional Cookies. Used to remember your preferences and settings to enhance your user experience.
• Analytics Cookies. Used to understand how visitors interact with our Site, including which pages are visited most frequently, to help us improve the Site’s functionality and content.
• Advertising and Marketing Cookies. Used to deliver relevant advertisements and to measure the effectiveness of our marketing campaigns.

You may manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Site.

2.4 Information from Third Parties

We may receive information about you from third parties, including:

• Healthcare Providers and Facilities. Prescribers, physicians, hospitals, and long-term care facilities may transmit prescription orders and patient information to us.
• Health Insurance Plans. Insurers may provide eligibility, coverage, and claims information.
• Pharmacy Benefit Managers (PBMs). PBMs may share formulary, prior authorization, and claims adjudication information.
• Identity Verification Services. Third-party services used to confirm your identity for regulatory and security purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing Pharmacy Services. To fill and dispense prescriptions, manage medication therapy, process insurance claims, coordinate with prescribers, and deliver medications.
• Providing Telehealth Services. To facilitate telehealth and telemedicine consultations, communicate with healthcare providers, and manage appointments.
• Processing Payments. To process transactions, verify payment information, and manage billing through our third-party payment processors.
• Account Management. To create and manage your account, authenticate your identity, and maintain your profile and preferences.
• Communications. To send you transactional communications related to your orders, prescriptions, and account activity via email, SMS, phone, or other channels. This includes prescription status updates, refill reminders, shipping notifications, and appointment confirmations.
• Marketing Communications. To send you promotional materials, newsletters, and information about our products and services, where permitted by law. You may opt out of marketing communications at any time as described in Section 8.
• Improving Our Services. To analyze usage patterns, conduct research, and improve the functionality, quality, and safety of our Services and Site.
• Compliance and Legal Obligations. To comply with applicable federal and state laws, regulations, and licensing requirements, including HIPAA, state pharmacy practice acts, and other healthcare regulations.
• Safety and Security. To detect, prevent, and respond to fraud, unauthorized access, security threats, and other harmful or illegal activities.
• Dispute Resolution. To resolve disputes, enforce our Terms of Service, and protect our rights and the rights of our users.

4. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of recipients and for the following purposes:

4.1 Healthcare Providers and Facilities

We share patient health information with prescribing physicians, healthcare providers, and long-term care facilities (including Skilled Nursing & Rehabilitation Centers and Assisted Living Communities) as necessary for treatment, payment, and healthcare operations, and as permitted or required by law.

4.2 Pharmacy Network and Partners

We may share information with other pharmacies, pharmaceutical wholesalers, and pharmacy partners to coordinate care, transfer prescriptions, and ensure continuity of medication therapy.

4.3 Health Insurance Plans and PBMs

We share information with health insurance companies and pharmacy benefit managers for claims adjudication, eligibility verification, prior authorization, and payment processing.

4.4 Payment Processors

We use third-party payment processors to handle payment transactions. Your payment information is transmitted directly to these processors and is subject to their privacy policies and security standards. We do not store your full payment card details on our systems.

4.5 Service Providers

We engage third-party service providers to assist with various business operations, including hosting, data analytics, email and SMS delivery, customer support, and IT infrastructure. These service providers are contractually obligated to use your information only for the purposes for which it was disclosed and to maintain appropriate security measures.

4.6 Legal Requirements and Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request.
• Enforce our Terms of Service or other agreements.
• Protect the safety, rights, or property of Blue Rock Physicians Group, our users, or the public.
• Detect, prevent, or address fraud, security issues, or technical problems.
• Respond to a medical emergency or report adverse drug events as required by law.

4.7 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other business transaction involving all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.8 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your express consent.

5. HIPAA and Protected Health Information

As a licensed pharmacy, Blue Rock Physicians Group is a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. We are required to maintain the privacy and security of your Protected Health Information (PHI).

5.1 Notice of Privacy Practices

Our use and disclosure of PHI is governed by our Notice of Privacy Practices, which describes in detail how we may use and disclose your health information and your rights with respect to that information. To the extent there is any conflict between this Privacy Policy and our Notice of Privacy Practices regarding the use or disclosure of PHI, our Notice of Privacy Practices shall control.

5.2 Uses and Disclosures of PHI

Under HIPAA, we may use and disclose your PHI without your written authorization for purposes of treatment, payment, and healthcare operations. For other uses and disclosures of PHI, we will obtain your written authorization unless the use or disclosure is otherwise permitted or required by HIPAA or applicable state law.

Examples of permitted uses and disclosures include:

• Filling and dispensing your prescriptions.
• Communicating with your physicians and other healthcare providers about your care.
• Submitting claims to your health insurance plan.
• Conducting quality assurance and improvement activities.
• Complying with federal and state reporting requirements.
• Communicating with you about treatment alternatives, health-related benefits, and services.

5.3 Your HIPAA Rights

Under HIPAA, you have certain rights with respect to your PHI, including the right to:

• Access and obtain a copy of your PHI.
• Request amendments to your PHI.
• Receive an accounting of certain disclosures of your PHI.
• Request restrictions on certain uses and disclosures of your PHI.
• Request confidential communications of your PHI.
• File a complaint if you believe your privacy rights have been violated.

To exercise any of these rights, please contact us using the information provided in Section 13.

6. Data Security

We implement and maintain administrative, technical, and physical safeguards designed to protect your personal information and PHI from unauthorized access, use, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit and at rest using industry-standard protocols.
• Access controls that restrict access to personal information to authorized personnel on a need-to-know basis.
• Regular security assessments, vulnerability testing, and monitoring of our systems.
• Employee training on privacy and security policies and procedures.
• Business associate agreements with third-party service providers that access PHI, as required by HIPAA.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and you use our Services at your own risk. If you become aware of any unauthorized access to your account or information, please contact us immediately at info@bluerockphysiciansgroup.com or (000) 000-0000.

7. Data Retention

We retain your personal information and PHI for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, and reporting requirements. Specific retention periods are determined based on:

• The nature of the information and the purposes for which it is used.
• Applicable federal and state laws and regulations, including HIPAA record retention requirements and state pharmacy record-keeping requirements.
• Contractual obligations with healthcare facilities, insurance plans, and other partners.
• Statute of limitations periods for potential legal claims.

When your information is no longer required, we will securely destroy or de-identify it in accordance with our data retention and destruction policies and applicable law.

8. Your Rights and Choices

Depending on your jurisdiction and the nature of the information, you may have certain rights regarding your personal information.

8.1 Access and Portability

You may request access to the personal information we hold about you and, where applicable, request a copy of that information in a portable, commonly used format.

8.2 Correction

You may request that we correct or update inaccurate or incomplete personal information we hold about you.

8.3 Deletion

You may request that we delete your personal information, subject to certain exceptions. Please note that we may be required to retain certain information to comply with legal and regulatory obligations, including HIPAA and state pharmacy record-keeping requirements.

8.4 Opt-Out of Marketing Communications

You may opt out of receiving marketing and promotional communications from us at any time by:

• Clicking the “unsubscribe” link in any marketing email.
• Replying “STOP” to any marketing SMS message.
• Contacting us at info@bluerockphysiciansgroup.com or (000) 000-0000.

Please note that even if you opt out of marketing communications, we will continue to send you transactional and service-related communications, such as prescription notifications, order confirmations, and account alerts.

8.5 Cookie Preferences

You may manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may impair the functionality of certain parts of our Site.

8.6 Do Not Track

Our Site does not currently respond to “Do Not Track” browser signals. However, you may manage tracking through the cookie and browser settings described above.

To exercise any of the rights described in this section, please contact us using the information provided in Section 13. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request.

9. State-Specific Privacy Rights

In addition to the rights described above, residents of certain states may have additional privacy rights under applicable state law.

9.1 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information, including:

• Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collecting the information, and the categories of third parties with whom we share the information.
• Right to Delete. You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct. You have the right to request the correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing. You have the right to opt out of the sale or sharing of your personal information. Blue Rock Physicians Group does not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information. You have the right to limit the use and disclosure of your sensitive personal information to purposes necessary to provide our Services.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of your rights under the CCPA/CPRA.

Please note that under the CCPA/CPRA, certain health information that is subject to HIPAA is exempt from the CCPA/CPRA. To the extent that your information constitutes PHI governed by HIPAA, the protections and rights afforded under HIPAA will apply rather than the CCPA/CPRA.

To exercise your CCPA/CPRA rights, please contact us at info@bluerockphysiciansgroup.com or (000) 000-0000. You may also designate an authorized agent to submit a request on your behalf.

9.2 Other State Privacy Laws

Residents of other states, including but not limited to Colorado, Connecticut, Virginia, Texas, and other states in which Blue Rock Physicians Group is licensed (AZ, CO, CT, FL, IA, ID, IL, KS, KY, MD, ME, MI, MT, ND, NE, NJ, NY, SC, OK, OR, PA, RI, SD, TX, VA, WI, WV, WY), may have additional rights under their respective state privacy laws, such as:

• The right to access, correct, and delete personal information.
• The right to data portability.
• The right to opt out of targeted advertising, the sale of personal information, and profiling.
• The right to appeal a denial of a privacy request.

To exercise any state-specific privacy rights, please contact us using the information provided in Section 13. We will process your request in accordance with the applicable state law.

10. Children’s Privacy

Our Services are not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18 except as necessary to provide pharmacy services pursuant to a valid prescription authorized by a parent, guardian, or authorized healthcare provider. If a parent or legal guardian becomes aware that their child has provided us with personal information without their consent, they should contact us at info@bluerockphysiciansgroup.com. If we become aware that we have collected personal information from a child under 18 without appropriate authorization, we will take steps to delete such information promptly.

11. Third-Party Links

Our Site and Services may contain links to third-party websites, applications, or services that are not owned or controlled by Blue Rock Physicians Group. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our Site with a revised “Date of last revision” at the top. We may also provide additional notice, such as via email or a prominent notice on our Site, if required by applicable law.

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Blue Rock Physicians Group
[Address placeholder]
Miami, Florida 33130

Phone: (000) 000-0000
Email: info@bluerockphysiciansgroup.com
Website: www.bluerockphysiciansgroup.com

If you believe your privacy rights have been violated, you may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr/complaints or by calling (800) 368-1019.