Privacy Policy
Last Updated: August 15, 2025
Introduction
Hygea Health, Inc. ("Hygea," "we," "us," or "our") operates a healthcare technology platform connecting healthcare providers with pharmaceutical suppliers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information, including Protected Health Information (PHI), in compliance with HIPAA and applicable state laws.
How We Use Your Information
We use collected information to:
Process and fulfill medication orders
Verify provider credentials
Facilitate transactions between providers and suppliers
Communicate about orders, updates, and support
Comply with legal and regulatory requirements
Improve platform functionality and user experience
Information Sharing and Disclosure
We share information only as follows:
With Pharmacy Partners: Order details necessary for fulfillment
With Payment Processors: Billing information for transaction processing
For Legal Compliance: When required by law, subpoena, or governmental request
With Your Consent: When you explicitly authorize sharing
Business Transfers: In connection with merger, acquisition, or asset sale
We maintain Business Associate Agreements (BAAs) with all partners who handle PHI.
HIPAA Compliance
As a Business Associate under HIPAA, we:
Implement administrative, physical, and technical safeguards
Limit PHI access to authorized personnel only
Maintain audit logs of all PHI access
Encrypt PHI in transit and at rest
Conduct regular security risk assessments
Report breaches as required by law
Data Security
We protect your information using:
256-bit SSL/TLS encryption
Secure cloud infrastructure with SOC 2 compliance
Multi-factor authentication
Regular security audits and penetration testing
Employee training on data protection
Incident response procedures
Data Retention
We retain information as follows:
PHI: Minimum 6 years per HIPAA requirements
Order records: 7 years for regulatory compliance
Account information: Duration of account plus 3 years
Usage data: 2 years
Your Rights
You have the right to:
Access your personal information and PHI
Request corrections to inaccurate information
Request deletion (subject to legal requirements)
Opt-out of non-essential communications
Request an accounting of PHI disclosures
File a complaint with us or HHS Office for Civil Rights
To exercise these rights, contact privacy@hygea.com.
Breach Notification
In the event of a breach affecting your information, we will:
Notify you within 60 days as required by HIPAA
Provide details about the breach and affected information
Describe steps taken to mitigate harm
Offer credit monitoring services when appropriate
State-Specific Rights
Residents of certain states may have additional rights:
California: Rights under CCPA/CPRA
Texas: Rights under Texas Medical Records Privacy Act
Additional state requirements apply where applicable
International Users
Hygea operates in the United States. By using our platform, you consent to the transfer and processing of your information in the U.S.
Updates to This Policy
We may update this policy periodically. We will notify you of material changes via email or platform notification.
Contact Us
For privacy-related inquiries:
Email: privacy@hygea.com
Mail: Hygea Health, Inc., [Address]
Phone: [Phone Number]
For HIPAA-related concerns:
HIPAA Compliance Officer: compliance@hygea.com