Effective Date: July 7, 2026
1. Our Commitment to Your Privacy
Omnyx Medical PC (Arizona) and Matthew Stapleton, M.D., Professional Corporation (California) (each, "the Practice," "we," "us," or "our") are required by federal law (the Health Insurance Portability and Accountability Act, "HIPAA") and other applicable laws to maintain the privacy of your protected health information ("PHI"), to provide you with notice of our legal duties and privacy practices with respect to PHI, and to notify you in the event of a breach of unsecured PHI. This Notice describes our privacy practices and the rights you have regarding your PHI.
2. Uses and Disclosures of PHI Without Your Authorization
We may use and disclose your PHI without your authorization for the following purposes:
2.1 Treatment
We may use and disclose your PHI to provide, coordinate, and manage your healthcare, including communicating with other healthcare providers (such as compounding pharmacies, specialty pharmacies, and laboratories) who are involved in your care.
2.2 Payment
We may use and disclose your PHI to obtain payment for services, including processing your credit card payments through our payment processor and verifying eligibility for Health Savings Account or Flexible Spending Account reimbursement when you request such documentation.
2.3 Healthcare Operations
We may use and disclose your PHI for healthcare operations, including quality assessment, provider credentialing and licensing, training, audits, compliance activities, and business management. This includes use by our Business Associates (defined below) for operational support.
2.4 Business Associates
We use Business Associates to perform certain services on our behalf. Business Associates with access to your PHI include, but are not limited to: our electronic health record and clinical system of record (which includes native clinical documentation, telehealth video, and secure patient messaging), our patient texting provider, our AI patient assistant ("Sam"), our payment processors, our compounding pharmacy partners, our clinical laboratory partners, our at-home phlebotomy partner, and others as needed. No Business Associate receives access to your PHI until it has signed a Business Associate Agreement requiring it to safeguard your PHI consistent with HIPAA.
2.5 Required by Law
We may use and disclose your PHI when required by federal, state, or local law, including reporting to public health authorities, responding to subpoenas, complying with controlled substance prescription monitoring programs (such as the Arizona Controlled Substances Prescription Monitoring Program), and reporting suspected abuse or neglect.
2.6 Safety
We may use and disclose your PHI to prevent or lessen a serious and imminent threat to health or safety.
2.7 Other Permitted Uses
Other permitted uses include: organ donation, research with IRB approval, military and veterans' activities, workers' compensation, coroners and funeral directors, and certain government functions.
3. Uses and Disclosures That Require Your Authorization
The following uses and disclosures require your written authorization:
- Most uses and disclosures of psychotherapy notes (we do not provide psychotherapy services);
- Marketing communications that involve financial remuneration to us from a third party;
- Sale of PHI;
- Use of your name, photograph, or testimonial for marketing purposes (separate written photo release required);
- Sharing PHI with family members or friends not directly involved in your care;
- Any other use or disclosure not permitted by HIPAA without authorization.
You may revoke an authorization at any time in writing, except to the extent we have already acted in reliance on it.
4. Your Rights Regarding Your PHI
4.1 Right to Inspect and Copy
You have the right to inspect and obtain a copy of your PHI maintained by us, generally in the format you request (including electronic format). We may charge a reasonable cost-based fee. We will respond within thirty (30) days of your request.
4.2 Right to Amend
If you believe your PHI is incorrect or incomplete, you may request that we amend it. We may deny requests in certain circumstances (such as records not created by us). If we deny, we will provide a written explanation and you have the right to submit a statement of disagreement.
4.3 Right to an Accounting of Disclosures
You have the right to receive a list of certain disclosures we have made of your PHI in the six (6) years prior to your request, except for disclosures for treatment, payment, healthcare operations, or those you authorized.
4.4 Right to Request Restrictions
You may request that we restrict certain uses or disclosures. We are not required to agree to most restriction requests, but we will agree to restrictions on disclosure to a health plan for services you paid for in full out of pocket.
4.5 Right to Request Confidential Communications
You may request that we communicate with you about your PHI in a specific way or at a specific location (for example, by mail to a P.O. Box rather than your home address). We will accommodate reasonable requests.
4.6 Right to a Paper Copy of This Notice
You have the right to a paper copy of this Notice at any time, even if you previously received it electronically.
4.7 Right to Notification of Breach
You have the right to be notified following a breach of your unsecured PHI in accordance with HIPAA.
5. How to Exercise Your Rights or File a Complaint
To exercise any of the rights above, submit a written request to our Privacy Officer at:
Omnyx Medical PC
Attn: Privacy Officer
Omnyx Medical PC, 4539 N 22nd St, Ste N, Phoenix, AZ 85016
Email: privacy@omnyxlife.com
If you believe your privacy rights have been violated, you may file a complaint with us at the address above or with the Office for Civil Rights of the U.S. Department of Health and Human Services. Complaints to OCR may be filed at https://www.hhs.gov/hcp/complaints/index.html. We will not retaliate against you for filing a complaint.
6. Changes to This Notice
We reserve the right to change this Notice. Any change will apply to all PHI we maintain. We will post the revised Notice in our patient portal and on our website, and we will provide a copy upon request.
7. Our Privacy Officer
Privacy Officer: Matthew Stapleton, MD (designated Compliance Officer of the Practice)
Contact: privacy@omnyxlife.com
8. Acknowledgment of Receipt
By signing below or by accepting this Notice electronically through the patient portal, you acknowledge that you have received and reviewed a copy of this Notice of Privacy Practices.