Overview
WeTreatYourUTI.com ("we," "our," or "the Service") is operated as a telehealth platform connecting patients with board-certified physicians licensed in their state. This Privacy Policy, combined with our Notice of Privacy Practices below, explains how we collect, use, protect, and share your personal information and protected health information (PHI).
By using this Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use this Service.
HIPAA Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.
WeTreatYourUTI.com is a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We are required by law to:
- Maintain the privacy and security of your protected health information (PHI)
- Provide you with this notice of our legal duties and privacy practices
- Notify you following a breach of your unsecured PHI
- Follow the duties and privacy practices described in this notice
Information We Collect
Information You Provide
- Patient intake data: name, date of birth, phone number, email address, state of residence, and confirmed anatomy
- Clinical information: symptom descriptions, symptom duration, severity ratings, prior UTI history, current medications, drug allergies, and medical conditions
- Safety screening responses: presence of fever, chills, back pain, nausea, pregnancy status, immunocompromised status, and diabetes
- Pharmacy information: your chosen pharmacy name and address
- Treatment preference: your preferred antibiotic if indicated
- Payment information: processed securely through our payment processor; we do not store full card numbers
Information Collected Automatically
- IP address and approximate geographic region
- Browser type and operating system
- Pages visited and time spent on the Service
- Referring URL
How We Use Your Information
We use your information exclusively to provide healthcare services:
- Treatment: Your PHI is used by the reviewing physician to evaluate your clinical intake and, if appropriate, prescribe treatment
- Payment: To process the $49 visit fee
- Health care operations: Quality assurance, compliance, physician licensing verification, and service improvement
- Communications: Sending confirmation emails, prescription status notifications, and responding to your inquiries
We do not sell, rent, or trade your personal information or PHI to any third party for marketing purposes.
When We May Disclose PHI
We may disclose your PHI without your written authorization in the following circumstances:
- Treatment: To the reviewing physician, supervising physician, or pharmacy receiving your prescription
- Payment: To your insurance plan or payment processor as necessary to process payment
- As required by law: To comply with applicable federal, state, or local law, including public health reporting requirements
- Law enforcement: If required by a valid court order, subpoena, or law enforcement request meeting applicable legal standards
- Serious threats: To prevent or lessen a serious and imminent threat to your health or safety or the health or safety of the public
Any other use or disclosure of your PHI requires your written authorization. You may revoke that authorization at any time, except to the extent we have already acted on it.
Security
We implement industry-standard administrative, physical, and technical safeguards to protect your PHI:
- All patient data is encrypted at rest using AES-256 encryption
- All data in transit is protected with TLS 1.2 or higher
- Access to PHI is restricted to authorized clinical staff on a need-to-know basis
- All access to patient records is logged in a HIPAA-compliant audit trail
- Physician access requires authenticated login with JWT-secured sessions
No method of electronic transmission or storage is 100% secure. In the event of a breach affecting your unsecured PHI, we will notify you as required by the HIPAA Breach Notification Rule.
Your Rights
You have the following rights regarding your PHI:
- Right to Access: You have the right to inspect and receive a copy of your PHI. We will respond to requests within 30 days.
- Right to Amend: You may request that we correct inaccurate PHI in your record. We may deny requests if we did not create the information or if the information is accurate.
- Right to an Accounting of Disclosures: You may request a list of disclosures of your PHI made in the past six years, other than those made for treatment, payment, or health care operations.
- Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI. We are not required to agree, but if we do, we are bound by the agreement.
- Right to Confidential Communications: You may request that we contact you in a specific way or at a specific location.
- Right to a Paper Copy: You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
- Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us at the address below or with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.
Cookies & Analytics
We use essential cookies necessary for the operation of this Service (e.g., session management). We do not use third-party advertising cookies or tracking pixels. Basic, anonymized analytics may be collected to improve the service. You may configure your browser to reject cookies, though some functionality may be affected.
Children's Privacy
This Service is not intended for individuals under the age of 18, and we do not knowingly collect PHI from minors. If you believe a minor has provided information through this Service, please contact us immediately so we can delete it.
Changes to This Policy
We reserve the right to update this Privacy Policy and HIPAA Notice at any time. Material changes will be communicated via a notice on this page and, where feasible, by email to patients who have submitted an intake. The updated policy will be effective on the date indicated at the top of this page.
Contact Us
To exercise your rights, request a copy of your records, or report a privacy concern, please contact our Privacy Officer:
- Phone: 1-866-511-3060
- Address: WeTreatYourUTI.com — Privacy Officer, [Address on file]
For complaints to the U.S. Department of Health & Human Services, visit hhs.gov/hipaa/filing-a-complaint.