Needle Corporation Privacy Policy
Last Updated: January 13, 2025
Needle Corporation (“we,” “us,” or “our”) is committed to protecting and securing your personal information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable federal and state privacy laws. This Policy describes how we handle and protect your Protected Health Information (“PHI”).
1. Information We Collect
Email: Collected for account setup, customer support, and application updates.
User Address: Used to help connect you with the appropriate pharmacy for medication availability.
Date of Birth: Collected when necessary for compliance, verification, or to fulfill certain pharmacy or medication requirements.
Physician Contact Info: Collected to facilitate any necessary communication between Needle, your physician, and pharmacies regarding your prescription needs.
Medication Details: Stored to fulfill orders and keep historical records.
Call Recordings and Transcriptions: Calls are recorded and transcribed (via AI tools) to confirm medication availability and accuracy.
2. Use and Disclosure of Information
Service Delivery: We use and disclose PHI only as needed to verify pharmacy stock, support medication orders, and ensure service quality.
Pharmacies: We share only essential information (e.g., medication details, physician contact if needed) with pharmacies. We do not disclose names, genders, or other personal details without explicit consent.
Business Associates: Where necessary, we engage vetted service providers (e.g., for call transcription). They must comply with HIPAA and sign a Business Associate Agreement.
Legal Requirements: We may disclose PHI if required by law or regulation.
3. Your HIPAA Rights
You have the right to:
Access your PHI.
Request Corrections to your PHI.
Request Restrictions on certain uses or disclosures (though we may not always be able to accommodate these requests).
Request Confidential Communications in a specific manner or at a specific location.
To exercise these rights, contact us using the information in Section 8.
4. Safeguards and Security
Access Controls: We restrict PHI access to authorized personnel and business associates.
Encryption: Data is encrypted in transit and at rest where feasible.
Monitoring: We monitor systems to detect and respond to unauthorized access or security incidents.
5. Data Retention
We retain PHI only as long as necessary to fulfill service requirements or as required by law. You may request deletion of your data; we will honor such requests in compliance with legal obligations.
6. Payment Processing
We do not store payment information. All payments are processed securely through Stripe, subject to Stripe’s privacy policy.
7. Changes to This Policy
We may update this Policy to reflect changes in law or our practices. Any changes will include a new “Last Updated” date and will take effect immediately upon posting. We encourage you to review this Policy periodically.
8. Contact Us
If you have questions about this Policy or wish to exercise your HIPAA rights, please contact us at:
Email: email@findneedle.co
By using Needle, you consent to our collection, use, and disclosure of your PHI as described in this Privacy Policy. If you do not agree, please discontinue using our services.