MEDMATRIX

Privacy Policy

MED MATRIX — PRIVACY POLICY
Effective Date: January 1, 2025
Last Updated: January 1, 2025

Med Matrix (“Company,” “we,” “us,” or “our”) values your privacy and is committed to protecting your Personal Information and Protected Health Information (“PHI”). This Policy explains how we collect, use, and safeguard data in compliance with:

  • HIPAA (Health Insurance Portability and Accountability Act),
  • LegitScript requirements for healthcare advertisers,
  • applicable state privacy laws.

1. Information We Collect

We may collect:

Personal Information

  • Name
  • Address
  • Email
  • Phone number
  • Birthdate
  • Payment information

Protected Health Information (PHI)

  • Medical history
  • Lab results
  • Treatment plans
  • Medication history
  • Provider notes

Technical Information

  • Device identifiers
  • IP address
  • Browser type
  • Cookies and analytics data

2. How We Collect Information

We gather information:

  • directly from you,
  • through intake forms,
  • via telehealth platforms,
  • from labs and pharmacies when permitted,
  • through website cookies (consent-based).

3. How We Use Information

We use information to:

  • provide clinical services,
  • schedule appointments,
  • send lab orders,
  • coordinate with pharmacies,
  • process payments,
  • improve website performance,
  • comply with legal reporting requirements.

We never sell PHI.

4. Legal Basis for Processing

We process data based on:

  • your consent,
  • legitimate healthcare interest,
  • contractual necessity,
  • compliance with law.

5. Disclosure of Information

We may share data with:

  • HIPAA-compliant laboratories,
  • licensed pharmacies,
  • healthcare providers,
  • payment processors,
  • technology vendors under Business Associate Agreements.

We do not disclose information to advertisers about specific medical conditions without consent.

6. Marketing & Advertising Compliance

We comply with:

  • LegitScript’s Health in Personalized Advertising guidelines
  • restrictions on sensitive health audience targeting

We will never use sensitive PHI for targeted ads.

7. Data Security

We implement commercially reasonable safeguards such as:

  • encryption in transit and at rest,
  • access controls,
  • audit logs,
  • data minimization,
  • role-based permissions.

Despite best practices, no system is 100% secure.

8. Cookies and Tracking Technologies

We use cookies to:

  • improve site functionality,
  • personalize content,
  • analyze usage patterns.

You may disable cookies in browser settings.

9. Patient Portal & Communications

We may email or text you for:

  • appointment reminders,
  • follow-ups,
  • lab updates,
  • education.

By providing contact information, you consent to non-marketing clinical notifications. Marketing emails require opt-in and include opt-out capability.

10. Third-Party Analytics

We may use:

  • Google Analytics,
  • Meta Pixel,
  • similar tools.

No PHI is stored in analytics platforms.

11. Data Retention

Medical records are retained for the period required by state medical record law, typically 7 years.

12. Your Rights

You have the right to:

  • access your records,
  • request corrections,
  • request restrictions on disclosures,
  • request confidential communications,
  • receive a list of disclosures,
  • revoke authorization.

To exercise rights, contact us using the information below.

13. Minors

We do not knowingly collect data from children under 18 without parental consent.

14. International Users

Our Services are intended for U.S. residents only. Non-U.S. users consent to U.S. jurisdiction.

15. Changes to This Policy

We may update this Policy. Revised versions will be posted here with a new effective date.

16. Contact

To access records or report a privacy concern:
Med Matrix Privacy Officer
South Portland, Maine
Email: privacy@medmatrixusa.com
Phone: 207-544-4643