What is HIPAA and how does it protect my health information?

HIPAA (Health Insurance Portability and Accountability Act) is a federal law that protects your health information privacy. Twinge Health is a covered entity under HIPAA, meaning we are legally required to maintain the privacy and security of your protected health information (PHI) and provide you with this notice of our privacy practices.

What information does Twinge Health consider protected health information?

Protected Health Information (PHI) includes any information that identifies you and relates to your health, such as your name, medical history, symptoms, medications, allergies, intake forms, prescription records, and provider communications. This includes information collected through our telehealth platform.

How does Twinge Health use my health information?

We use your PHI for treatment (providing medical care), payment (processing fees and refunds), and healthcare operations (improving services). We may also share it with business associates who help us operate, all bound by HIPAA agreements. We will not use your PHI for marketing without your written authorization.

What are my rights under HIPAA?

You have the right to access your PHI, request corrections, get an accounting of disclosures, request restrictions on use, receive confidential communications, file complaints, and receive a copy of this notice. Contact care@twingehealth.com to exercise these rights.

How does Twinge Health protect my health information?

We maintain industry-standard security measures including end-to-end encryption, secure cloud storage, role-based access control, routine audits, and HIPAA training for all staff. We store PHI using encrypted, cloud-based infrastructure on US servers with limited access to authorized personnel.

Is Twinge Health HIPAA compliant?

Yes, Twinge Health is fully HIPAA compliant with bank-level encryption. Your health information is protected with the highest security standards and we maintain all required administrative, physical, and technical safeguards to ensure your privacy.

What happens if there's a data breach?

In the event of a breach involving your PHI, we will notify you in writing within 60 days of discovery. The notice will include a description of the breach, the information involved, and our remediation steps. You will be offered support and further instructions.

Can I request a copy of my health records?

Yes, you have the right to access your PHI. You can request a copy of the health information we maintain about you in paper or electronic format. Contact care@twingehealth.com to make this request.

How can I file a HIPAA complaint?

If you believe your privacy rights have been violated, you may file a complaint with us at care@twingehealth.com or with the U.S. Department of Health & Human Services. You will not be penalized for filing a complaint.

HIPAA Notice of Privacy Practices | Twinge Health - Telehealth Pain Management Services

Q: Does Twinge Health share my information with third parties?

We may share your PHI with trusted business associates who help us operate, such as email platforms, cloud hosts, or security providers. All business associates are bound by HIPAA Business Associate Agreements and required to safeguard your data.

1. Who We Are

Twinge Health LLC ("Twinge Health," "we," "our," or "us") is a New York-based telehealth service that provides asynchronous clinical evaluation and, where medically appropriate, compounded medication for pain management. We operate under a direct-to-consumer, cash-pay model and serve patients physically located in New York and Connecticut, aged 18 years and older.

Our services include medical review by licensed physicians, fulfillment of prescriptions by an affiliated compounding pharmacy (Friendly Pharmacy), and secure cloud-based data management using HIPAA-compliant systems.

We act as a covered entity under HIPAA, which means we are directly responsible for maintaining the confidentiality and security of your health information.

2. Our Legal Obligations

We are legally required to:

Maintain the privacy and security of your protected health information (PHI)
Provide you with this Notice detailing our privacy practices and legal duties
Notify you promptly if a breach compromises your PHI
Abide by the terms of this Notice currently in effect

We may change this Notice at any time, and any updates will apply to all PHI we maintain. Updated versions will be posted on our website with a revised "Effective Date."

3. What is Protected Health Information (PHI)?

PHI includes any information, in any form, that:

Identifies you or can reasonably be used to identify you; and
Relates to your past, present, or future physical or mental health or condition, the provision of healthcare, or payment for healthcare services.

Examples of PHI include your:

Name, date of birth, email address, and physical address
Medical history, symptoms, and diagnosis
Medication use and allergies
Intake forms, prescription records, and provider communications
IP address or device ID when linked to health information

4. How We Collect and Maintain PHI

Twinge Health collects PHI when you:

Create an account or complete an intake form
Communicate with our providers or support staff
Receive a diagnosis or prescription through our platform
Choose to receive your medication through our affiliated pharmacy
Interact with us via email, phone, or online messaging

We store your PHI using encrypted, cloud-based infrastructure (MongoDB Atlas) on servers located in the United States. Access is limited to authorized personnel and subject to role-based permissions.

5. Permitted Uses and Disclosures Without Your Written Authorization

HIPAA allows us to use and disclose your PHI for the following purposes without your written consent:

A. Treatment
To provide or coordinate healthcare services.
Example: A Twinge-affiliated physician reviews your intake form and writes a prescription based on your symptoms.

B. Payment
To process payments, refunds, and billing documentation, even in a cash-pay model.
Example: If a provider determines a prescription is not medically necessary, your information is used to initiate a refund.

C. Healthcare Operations
To conduct necessary administrative functions, such as improving service quality, training, auditing, and platform development.
Example: Analyzing patient response data to optimize care protocols.

D. Business Associates
We may share your PHI with trusted vendors who help us operate, such as email platforms, cloud hosts, or security providers. All business associates are bound by HIPAA Business Associate Agreements (BAAs) and are required to safeguard your data.

E. As Required by Law
We will disclose PHI if required to comply with federal, state, or local law, such as:

Court orders
Public health reporting
Regulatory audits or investigations

F. Public Health and Safety
We may disclose PHI to authorities for purposes including:

Reporting adverse reactions to medications
Preventing disease or controlling outbreaks
Reporting abuse or domestic violence (where required by law)

G. Law Enforcement or Legal Requests
We may provide PHI in limited circumstances such as:

Subpoenas or warrants
To report crimes or prevent imminent harm

H. De-Identified Data
We may use your information in de-identified form (removing all identifying elements) for research, analysis, or operational improvement without further notice to you.

6. Uses and Disclosures Requiring Your Written Authorization

We will not use or disclose your PHI for the following purposes unless you provide explicit, written authorization:

Marketing communications unrelated to your care or services
Sale of your health information
Use of your PHI in promotional materials or testimonials
Psychotherapy notes (if applicable)

You may revoke your authorization at any time in writing. However, revocation will not apply to actions already taken.

7. Your Rights Regarding Your PHI

You have the following rights under HIPAA. To exercise any of them, email us at care@twingehealth.com.

A. Right to Access
You can request a copy of the PHI we maintain about you in paper or electronic format.

B. Right to Amend
If you believe your PHI is incorrect or incomplete, you may request a correction. We may deny your request with written justification if:

The information was not created by us
It is already accurate and complete
We are not legally obligated to change it

C. Right to Request an Accounting of Disclosures
You may request a list of disclosures we've made in the past six years, excluding those for treatment, payment, operations, or with your authorization.

D. Right to Request Restrictions
You may ask us to limit how we use or share your PHI. While we will consider your request, we are not obligated to agree unless:

The disclosure is to a health plan; and
You paid for the services entirely out-of-pocket

E. Right to Confidential Communications
You can request that we contact you in a certain way (e.g., only via email) or at a specific address.

F. Right to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint:

With us: care@twingehealth.com
Or with the U.S. Department of Health & Human Services: https://www.hhs.gov/hipaa/filing-a-complaint/

You will not be penalized for filing a complaint.

G. Right to Receive a Copy of This Notice
You may request a printed or electronic copy of this Notice at any time by contacting us or visiting our website.

8. Data Security Measures

We maintain industry-standard administrative, physical, and technical safeguards to protect your PHI, including:

End-to-end encryption
Secure cloud storage
Role-based access control
Routine platform audits and penetration testing
HIPAA training for all staff and contractors

We do not store PHI on physical servers or personal devices.

9. Breach Notification

In the event of a breach involving your PHI:

We will notify you in writing within 60 days of discovery
The notice will include a description of the breach, the information involved, and our remediation steps
You will be offered support and further instructions, including identity protection if applicable

10. Minors and Children's Privacy

Twinge Health serves only patients aged 18 years and older. We do not knowingly collect, use, or disclose PHI from individuals under 18. If we discover unauthorized use by a minor, we will delete all associated information.

11. Contact Us

If you have questions, want to make a request, or need help understanding your rights under HIPAA, contact us at:

Twinge Health LLC
1 New York Lane
New York, NY 10040
Email: care@twingehealth.com

Arthritis & Joint Pain

Back Pain

Neuropathy

Foot & Heel Pain

Muscle Spasms & Strains

Sports & Overuse Injuries

Is Twinge Right for Your Pain?

Twinge Health HIPAA Notice of Privacy Practices Policy

1. Who We Are

2. Our Legal Obligations

3. What is Protected Health Information (PHI)?

4. How We Collect and Maintain PHI

5. Permitted Uses and Disclosures Without Your Written Authorization

6. Uses and Disclosures Requiring Your Written Authorization

7. Your Rights Regarding Your PHI

8. Data Security Measures

9. Breach Notification

10. Minors and Children's Privacy

11. Contact Us

Join our newsletter

Explore

Learn

Company

Arthritis & Joint Pain

Back Pain

Neuropathy

Foot & Heel Pain

Muscle Spasms & Strains

Sports & Overuse Injuries

Ready for Real Relief?

⌛ Limited Spots Remaining for September

Is Twinge Right for Your Pain?

Twinge Health HIPAA Notice of Privacy Practices Policy

1. Who We Are

2. Our Legal Obligations

3. What is Protected Health Information (PHI)?

4. How We Collect and Maintain PHI

5. Permitted Uses and Disclosures Without Your Written Authorization

6. Uses and Disclosures Requiring Your Written Authorization

7. Your Rights Regarding Your PHI

8. Data Security Measures

9. Breach Notification

10. Minors and Children's Privacy

11. Contact Us

Join our newsletter

Explore

Learn

Company