HIPPA Privacy Policy

Privacy Policy (HIPAA-Compliant)

Last Updated: July 26, 2025

WellShift Health ("WellShift", “we”, “our”, or “us”) operates this website and associated services, including any patient-facing platforms used to deliver telehealth, wellness, and educational support (the "Services"). We are committed to protecting the privacy and security of your personal information, including any information classified as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

This Privacy Policy outlines:

  • How we collect, use, and safeguard PHI

  • Your rights under HIPAA

  • Our legal obligations

  • Who to contact with privacy questions or concerns

1. Our Duties Under HIPAA

As a HIPAA-covered entity or business associate, WellShift is required by law to:

  • Maintain the privacy and security of your PHI.

  • Provide you with notice of our legal duties and privacy practices.

  • Abide by the terms of this Privacy Policy.

  • Notify you in case of a breach involving your PHI.

2. How We Use and Disclose Protected Health Information

We may use or disclose your PHI for the following purposes:

  • Treatment – Coordinating or managing your care with healthcare providers or pharmacy services.

  • Payment – Processing payments for your care, which is cash-based (we do not bill insurance).

  • Healthcare Operations – Quality improvement, training, and administrative purposes.

  • As Required by Law – In response to court orders, subpoenas, or other legal processes.

  • With Your Written Authorization – Any other use or disclosure not described above will require your express permission.

3. Your Rights Regarding PHI

Under HIPAA, you have the right to:

  • Access your medical records – You may request to view or receive copies of your records.

  • Request a correction – If you believe something is inaccurate, you may request a correction.

  • Receive an accounting of disclosures – You may request a list of certain disclosures made without your authorization.

  • Request restrictions – You may ask us to limit how we use or disclose your PHI.

  • Request confidential communications – You may request that we contact you in a specific manner.

  • File a complaint – You may submit a complaint if you believe your rights have been violated.

To exercise any of these rights, please email: wellshifthealth@gmail.com

4. Safeguards to Protect PHI

We implement physical, administrative, and technical safeguards to protect your information, including:

  • Use of HIPAA-compliant platforms like SpaKinect for all telemedicine consultations

  • Secure data storage and encrypted communications

  • Role-based access controls for internal staff and medical providers

  • Staff training on privacy practices and HIPAA compliance

5. Use of Business Associates

We partner with secure, vetted third parties—including Shopify, SpaKinect, and licensed pharmacy vendors—who help us deliver our services and are contractually obligated under Business Associate Agreements (BAAs) to protect your PHI in accordance with HIPAA.

6. Privacy Official Contact Information

If you have questions about our privacy practices or want to file a concern, contact our Privacy Official:

Privacy Officer

Robert Fredrickson
Email: wellshifthealth@gmail.com
Phone: 512-270-0574
Address: 501 S Austin Ave, Suite 1220, Georgetown, TX 78626

7. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. When we make changes, we will revise the "Last Updated" date and post the revised version here.