health convenience
HIPAA Secure
← Back

Lux Health, LLC d/b/a Health Convenience

Notice of Privacy Practices

HIPAA Notice — how your Protected Health Information may be used and disclosed

Effective Date: March 19, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. Purpose of This Notice

Lux Health, LLC, d/b/a Health Convenience ("Company," "we," "us," or "our") is required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and applicable state laws to maintain the privacy of your Protected Health Information ("PHI"), to provide you with notice of our legal duties and privacy practices with respect to PHI, and to notify you in the event of a breach of your unsecured PHI.

We are required to abide by the terms of this Notice currently in effect. We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI that we maintain. If we make a material change, we will post the revised Notice on our website at healthconvenience.com and make copies available upon request.

2. Definitions

Protected Health Information (PHI)

Individually identifiable health information, including demographic data, that relates to your past, present, or future physical or mental health condition, the provision of healthcare to you, or the payment for the provision of healthcare, and that identifies you or for which there is a reasonable basis to believe can be used to identify you.

Electronic Protected Health Information (ePHI)

PHI that is created, stored, transmitted, or received in any electronic format or media.

Treatment

The provision, coordination, or management of healthcare and related services, including consultation between healthcare providers and referrals.

Payment

Activities related to obtaining reimbursement for healthcare services, including billing, claims management, collections, utilization review, and related functions.

Healthcare Operations

Administrative, financial, legal, and quality improvement activities, including quality assessment and improvement, outcome evaluation, business planning, credentialing, and compliance activities.

Business Associate

A person or entity that performs certain functions or activities involving the use or disclosure of PHI on behalf of, or providing services to, a covered entity.

Personal Data

Information about a living individual who can be identified from such information, including but not limited to name, email address, phone number, device identifiers, IP address, and browsing behavior.

3. How We May Use and Disclose Your PHI

We may use and disclose your PHI for the following purposes without your written authorization:

A. Treatment

We may use and disclose your PHI to provide, coordinate, and manage your healthcare and any related services, including telehealth consultations. For example, we may disclose your PHI to a specialist to whom you have been referred for further treatment.

B. Payment

We may use and disclose your PHI for payment purposes, including billing and collection activities. Although we do not accept insurance directly, we may provide documentation upon written request so that you may submit claims to your insurance company for reimbursement as an out-of-network provider.

C. Healthcare Operations

We may use and disclose your PHI for quality assessment and improvement activities, reviewing the competence or qualifications of healthcare professionals, training programs, accreditation, certification, licensing or credentialing activities, business planning, development, management, and administration.

D. Required by Law

We may use or disclose your PHI when required to do so by federal, state, or local law, including mandatory reporting of certain types of wounds, injuries, or diseases.

E. Public Health Activities

We may disclose your PHI for public health activities, including reporting to a public health authority for the purpose of preventing or controlling disease, injury, or disability; reporting births and deaths; reporting child abuse or neglect; and reporting adverse events related to medications or devices.

F. Health Oversight Activities

We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure.

G. Judicial and Administrative Proceedings

We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, subject to applicable procedural requirements.

H. Law Enforcement

We may disclose your PHI for law enforcement purposes as required by law or in response to a valid subpoena or court order.

I. Coroners, Medical Examiners, and Funeral Directors

We may disclose your PHI to a coroner, medical examiner, or funeral director as necessary for them to carry out their duties.

J. Research

Under certain circumstances, we may use or disclose your PHI for research purposes, provided that certain conditions are met under applicable law.

K. Threats to Health or Safety

We may use or disclose your PHI when necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

L. Specialized Government Functions

We may disclose your PHI for military and veterans' activities, national security and intelligence activities, and protective services for the President.

M. Workers' Compensation

We may disclose your PHI as authorized by and to the extent necessary to comply with workers' compensation laws and other similar programs.

N. De-Identified Information

We may use or disclose your health information that has been de-identified in accordance with 45 C.F.R. §164.514. De-identified information is not PHI and is not subject to the restrictions of this Notice.

4. Uses and Disclosures Requiring Your Written Authorization

We will obtain your written authorization before using or disclosing your PHI for:

  • Marketing purposes, except for face-to-face communications and promotional gifts of nominal value
  • Sale of your PHI
  • Most uses and disclosures of psychotherapy notes, if applicable
  • Any other uses and disclosures not described in this Notice

You may revoke any authorization at any time by submitting a written revocation to us. However, your revocation will not affect any uses or disclosures we have already made in reliance on your prior authorization.

5. Your Rights Regarding Your PHI

A. Right to Inspect and Copy

You have the right to inspect and obtain a copy of your PHI maintained in a designated record set. To request access, you must submit a written request to us. We may charge a reasonable, cost-based fee for copies. We may deny your request under limited circumstances; if we do, you may request that the denial be reviewed.

B. Right to Amend

You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. Your request must be in writing and must provide a reason for the amendment. We may deny your request under certain circumstances.

C. Right to an Accounting of Disclosures

You have the right to request an accounting of certain disclosures of your PHI made by us during the six (6) years prior to your request (or a shorter period if requested). The first request in any twelve (12) month period will be provided free of charge; subsequent requests may be subject to a reasonable, cost-based fee.

D. Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except that we must agree to restrict disclosures to a health plan for payment or healthcare operations purposes if you have paid for the service in full out-of-pocket.

E. Right to Request Confidential Communications

You have the right to request that we communicate with you about your PHI in a certain way or at a certain location. For example, you may ask that we contact you only by mail or at a specific address. We will accommodate reasonable requests.

F. Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice upon request, even if you have previously agreed to receive this Notice electronically.

G. Right to Be Notified of a Breach

You have the right to be notified in the event of a breach of your unsecured PHI, as required by HIPAA and HITECH.

H. Right to Withdraw Consent

You have the right to withdraw any express consent you have provided to the processing of your Personal Data at any time without penalty.

I. Right to Data Portability

You have the right to obtain a transferable copy of your Personal Data in a structured, commonly used, and machine-readable format, where technically feasible.

J. Right to Object

You have the right to object to our processing of your Personal Data for certain purposes, including direct marketing.

K. Right to Deletion

You have the right to request deletion of your Personal Data under certain circumstances. Note that we may be required to retain certain PHI as required by law.

6. How We Collect Your Information

  • When you sign up to use our website or patient portal at healthconvenience.com
  • When you provide information to create your account, build your profile, or complete patient intake forms
  • When you schedule appointments or participate in telehealth consultations
  • When you enter health information, insurance information, or other demographic data
  • When you access our website or services via a mobile device
  • Through third-party tools used to collect user behavior, such as cookies and similar tracking technologies
  • When you communicate with us via email, phone, or other channels
  • From third-party sources, including but not limited to healthcare providers, laboratories, pharmacies, and other entities involved in your care

7. Types of Information We Collect

A. Protected Health Information

  • Medical history, diagnoses, treatment plans, and clinical notes
  • Prescription and medication information
  • Laboratory and diagnostic test results
  • Telehealth consultation records and communications
  • Billing and payment information related to healthcare services

B. Personal Data

  • Name, date of birth, Social Security Number (where required)
  • Email address, phone number, and mailing address
  • Emergency contact information
  • Government-issued identification numbers
  • Financial and payment information

C. Usage Data

  • IP address, browser type, device information, and operating system
  • Pages visited, date and time of visits, time spent on pages
  • Referring URLs, search terms, and clickstream data
  • Cookies and similar tracking technology data

8. With Whom We Share Your Information

  • With healthcare providers, specialists, and referring providers involved in your treatment and coordination of care
  • With pharmacies and pharmacy benefit managers for the purpose of fulfilling prescriptions and verifying medication history
  • With laboratories, diagnostic imaging centers, and other diagnostic service providers
  • With health information exchanges (HIEs) to facilitate electronic sharing of health information among authorized providers
  • With our employees and staff who have a business need to access your information
  • With Business Associates and Service Providers pursuant to written Business Associate Agreements
  • With payment processors and billing services
  • With third-party analytics and advertising platforms (non-PHI only)
  • As required by law, including in response to court orders, subpoenas, or government requests
  • In connection with a merger, acquisition, reorganization, or sale of substantially all of our assets

9. Telehealth-Specific Privacy Practices

  • We use only HIPAA-compliant platforms for telehealth consultations
  • The Company does not routinely record (voice or video) telehealth consultations. If recording or AI-assisted documentation tools are utilized, patients will be separately notified and consent will be obtained
  • There is an unavoidable risk of unauthorized access when sending or receiving PHI electronically
  • You are solely responsible for ensuring privacy and confidentiality on your end by conducting the visit in a private space
  • You must be physically located in the State of Florida at the time of the telehealth visit or service
  • Your healthcare provider may consult with other providers remotely about your care
  • If you use the internet for telehealth, you should use a network that is private and secure

10. Cookies and Tracking Technologies

Our website uses cookies, Local Storage Objects, and similar tracking technologies to enhance your experience. These technologies may collect Usage Data as described above. You may configure your browser to accept or reject cookies. Please note that if you disable cookies, certain features of our website may not function properly.

Our Website does not currently respond to "Do Not Track" browser signals. We will update this Notice if our practices change.

11. Data Retention

We retain your PHI in accordance with applicable federal and state law, including Florida medical records retention requirements. Generally, medical records are retained for a minimum of seven (7) years from the date of the last entry, or in the case of a minor, until the patient reaches the age of majority plus the applicable statute of limitations.

We retain your Personal Data only for as long as is necessary for the purposes set out in this Notice. Usage Data is generally retained for a shorter period, except when used to strengthen security, improve functionality, or when we are legally obligated to retain it for longer.

12. Security of Your Information

We implement administrative, technical, and physical security measures including:

  • Encryption of ePHI in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and audits
  • Employee training on HIPAA compliance and data security
  • Business Associate Agreements with all third-party service providers who access PHI
  • Use of HIPAA-compliant platforms for telehealth and electronic communications

Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information.

13. Children's Privacy

Our services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and become aware that your child has provided us with Personal Data, please contact us immediately.

14. State-Specific Rights

A. Florida Residents

Florida residents have additional rights under the Florida Information Protection Act of 2014 (FIPA) and other applicable state laws. We will notify you of any data breach involving your personal information as required by FIPA.

B. California Residents (CCPA/CPRA)

California residents have rights to Know, Delete, Correct, Opt Out of Sale/Sharing, Limit Use of Sensitive Personal Information, and Non-Discrimination. To exercise these rights, contact us at support@healthconvenience.com or call 786-863-6314.

C. Consumer Health Data (Washington, Nevada, Connecticut)

Certain states have enacted specific consumer health data privacy laws that may apply to health-related information collected outside of the HIPAA-covered provider-patient relationship. Please review our Consumer Health Data Privacy Policy for details on your rights under the Washington My Health My Data Act, Nevada SB 370, and Connecticut Data Privacy Act.

D. Other State Privacy Laws

Residents of Colorado, Virginia, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and other states with comprehensive privacy laws may have additional rights. We will comply with all applicable state privacy laws. Please contact us to exercise your rights.

15. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

U.S. Department of Health and Human Services — Office for Civil Rights

200 Independence Avenue, S.W., Room 509F, HHH Building
Washington, D.C. 20201
Toll-Free: 1-877-696-6775

16. Changes to This Notice

We reserve the right to change this Notice at any time. Any changes will be effective for all PHI that we maintain. We will post the revised Notice on our website and make copies available upon request. We will notify you via email and/or a prominent notice on our website prior to the change becoming effective.

17. Contact Information

Lux Health, LLC, d/b/a Health Convenience — Privacy Officer

Email: support@healthconvenience.com
Phone: 786-863-6314
Website: healthconvenience.com

Questions? Contact Lux Health, LLC d/b/a Health Convenience at support@healthconvenience.com or (786) 863-6314. Website: healthconvenience.com