RxMapper - Health Notice of Privacy Practices and Privacy Policy

THIS NOTICE DESCRIBES HOW INFORMATION YOU PROVIDE RXMAPPER MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

RxMapper, LLC (“We,” “Our”, “Us” or “RxMapper”) is committed to keeping Your health information safe. To help You, the individual (“You” or “Your”), understand Your rights to Your health information, please review this Notice of Privacy Practices and Privacy Policy (“Privacy Policy” or “Policy”). We are required by law to have this Privacy Policy and maintain Your health information in a manner consistent with this Policy and law. This notice is in five parts to describe our privacy practices. We hope through this Privacy Policy that we answer any questions You have about how RxMapper maintains Your health information. The sections are as follows:

1. What is Protected Health Information (“PHI”)?
2. What PHI does RxMapper collect?
3. Who does RxMapper share my PHI with and why?
4. What are my rights to my PHI?
5. What should I do if I have a question or concern about my collected PHI?

What is Protected Health Information?
As is true for many healthcare service providers, RxMapper receives and maintains certain personal information about all Our members. Some of this personal information is protected by federal and state laws. This type of information is known as “protected health information” or “PHI”. PHI is health information that identifies or could be used to identify a specific person.
‍
What PHI does RxMapper collect?
When You voluntarily give Your PHI to RxMapper through Our online website and through Your use of RxMapper Services, we maintain such PHI in our secure systems. Examples of PHI You may provide to RxMapper include:

When You choose to register for RxMapper Services, You provide Your personal information such as Your name, address, date of birth, telephone number and email address. This information may be provided in combination with information about your health or medical condition(s).
When You use RxMapper Services, We will receive health information from You, such as a sample of Your DNA, Your personal medical history, or Your prescription, lab, and claims data.

Who does RxMapper share my PHI with and why?
We use or disclose Your PHI for treatment, research, payment, or healthcare operations purposes, to provide and improve RxMapper Services, and for other purposes permitted or required by law. By registering for RxMapper Services, You authorize RxMapper to use or disclose Your PHI for such purposes, which are described below. We need Your written authorization to use or disclose Your health information for any purpose not covered by one of the categories below. RxMapper never shares Your information for marketing purposes unless You give Us permission.

You can inform Us at any time that You no longer permit Us to use or disclose Your PHI for the reasons shown below, but this will not stop any disclosure that we made based on Your prior authorization. The law permits Us to use and disclose Your health information for the following purposes:

Treatment: RxMapper may use or disclose Your PHI to healthcare professionals for treatment purposes. For example, We may disclose protected health information about You to health care providers such as doctors, nurses, pharmacists, pharmacy or laboratory technicians, or other hospital or medical personnel who are involved in taking care of You.
Payment: RxMapper may use or disclose Your PHI for purposes of billing and payment for RxMapper Services. For example, We may disclose Your PHI to Your pharmacy benefits manager, healthcare insurance plans, or other payers to determine whether You are enrolled with the payer, eligible for health benefits, or to get payment for RxMapper Services. If You are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner, or a former spouse), RxMapper may also send invoices to the person whose policy covers Your health services. We provide only the minimal PHI to accomplish the intended purpose of the use and disclosure of the PHI. Entities RxMapper discloses Your PHI to for payment purposes are required to keep the PHI confidential and secure.
Healthcare Operations: RxMapper may use or disclose Your PHI for activities necessary to support Our healthcare operations, such as: providing consultations; running Our organization; Billing for RxMapper Services; public health and safety issues; performing quality checks of RxMapper Services; internal audits; legal services; data analysis; research and development; and developing reference ranges for RxMapper Services.
We may also disclose Your PHI to healthcare professionals, Your healthcare plan, healthcare benefits consultant, or benefits manager clinical team. We provide only the minimal PHI to accomplish the intended purpose of the use and disclosure of the PHI. These entities are required to keep the PHI confidential and secure.
Business Associates: RxMapper may disclose Your PHI to other companies or individuals that need the information to provide services to Us. These other entities, known as "Business Associates," are required to also keep the PHI confidential and secure. For example, We may provide information to companies that assist Us with support services or billing of RxMapper Services. These entities are required to keep the PHI confidential and secure.
De-identifiable and Aggregated Format: RxMapper may use and disclose Your PHI in a de-identifiable and aggregated manner to review Our impact on all Our members health or broader populations and in hopes of making the RxMapper Services even more effective.
Research: RxMapper may use and disclose PHI for research purposes.
As Required by Law: RxMapper may use or disclose Your PHI as required by law.
Law Enforcement Activities, Legal Proceedings and Court Orders: RxMapper may use and disclose Your PHI to prevent or minimize a serious threat to Your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence. We may disclose Your PHI if required to do so with a court or administrative order. We may disclose Your PHI in response to a subpoena, discovery request or other legal process during a judicial or administrative proceeding. We may also disclose PHI to those assisting in disaster relief efforts so that others can be notified about Your condition, status, and location.
Substance Use Disorder Records. (The rules described in this paragraph become effective February 16, 2026.) If We receive substance use disorder records created by a federally assisted program or health care provider under 42 CFR Part 2, We may not use or disclose those records, or testimony relaying the content of those records, in any civil, criminal, administrative, or legislative proceedings against You unless based on Your specific written consent or a court order. We may only use or disclose records based on a court order after: (1) a notice and an opportunity to be heard is provided to You or the holder of the record, where required by 42 CFR Part 2; and (2) the court order is accompanied by a subpoena or other similar legal requirement compelling the disclosure.
Family and Friends: At Your request, we may disclose PHI to a family member, friend, or anyone else You inform Us to provide the information to. Information about Your location, general condition, or death may also be provided to a family member, personal representative, or another person responsible for Your care. You will generally be given the opportunity to agree or object to these disclosures, unless You are not present, You are incapacitated, or the situation involves an emergency circumstance. In addition, We may generally disclose your PHI to your personal representative.
Other Uses and Disclosures: As permitted by HIPAA, we may disclose Your PHI to:

o Public Health Authorities
o The Food and Drug Administration
o Health Oversight Agencies
o Military Command Authorities
o National Security and Intelligence Organizations
o Correctional Institutions
o Organ and Tissue Donation Organizations
o Coroners, Medical Examiners, and Funeral Directors
o Workers Compensation Agents

What are my rights to my PHI?
‍
Right to Request Restrictions: You have rights to Your PHI that We collect. You can request RxMapper restrict the use and disclosure of Your PHI by sending written request to the email address listed below. In Your request, tell Us what information You want limited, whether You want to limit use, disclosure or both, and to whom You want the limits to apply (for example, disclosures to Your children or spouse). However, We are not required to agree to Your request. If We do agree to a requested restriction, the restriction may later be terminated by Your written request, by agreement between You and Us (including oral agreement), or unilaterally by Us for PHI created or received after You’re notified that We have removed the restriction. We may also disclose PHI about You if You need emergency treatment, even if We have agreed to a restriction.

‍Right to Inspect and Copy: You can also request that We send You Your PHI that We maintain in a “designated records set. A “designated records set” includes the medical records and billing records We maintain about You. Also, if We use or maintain an electronic health record with respect to your PHI, You have the right to obtain a copy of such information in an electronic format, and We must provide such information in the electronic form and format requested if it is “readily producible” in that form and format; or, if not, in a readable electronic form and format as agreed to by You and Us. Additionally, You may direct that the copy of such information in an electronic format be transmitted directly to an entity or person designated by You. The requested information will be provided within 30 days if the information is kept onsite or within 60 days if the information is kept offsite. A 30-day extension is allowed if We are unable to comply with these deadlines. In certain limited situations, We may deny your request to inspect and copy Your PHI. If Your request is denied, We will provide you with a written statement stating the basis for the denial, a description of how You may request a review of the denial, and additional information regarding further actions You might take.

‍Right to Amend: Once You review Your PHI, if You see any problems with Your PHI, You may request amendments to Your PHI by making a written request to the email address listed below. We have 60 days from the date of Your request to make the amendment. A 30-day extension is allowed if We are unable to meet the date of that deadline. We may deny the request in some cases, including if You ask that We amend information that (i) is not part of the PHI We maintain, (ii) was not created by Us, unless the person or entity that created the information is no longer available to make the amendment, (iii) is not part of the information You would be permitted to inspect or copy, or (iv) is accurate and complete. If We deny Your request to change Your PHI, We will provide You with a written explanation of the reason for the denial and additional information regarding further actions that You may take.
‍
Right to an Accounting of Disclosures: You also have the right to receive an accounting of certain disclosures of Your PHI made by Us by making a written request to Us at the email address listed below. Under the law, this does not include disclosures made for purposes of treatment, payment, or healthcare operations, or for certain other purposes stated above. Notwithstanding the preceding sentence, if We use or maintain an electronic health record with respect to Your PHI, You may (effective as of the date required by law) receive an accounting of disclosures made to carry out treatment, payment or health care operations that We make through such an electronic health record. If the accounting cannot be provided within 60 days of Your request, an additional 30 days is allowed if We provide You a written statement of the reason for the delay and the date we anticipate providing the accounting. Your request should indicate a time period to be covered in the accounting, which time period may not be longer than six years (or three years, in the case of an accounting of disclosures for treatment, payment or health care operations that are made through an electronic health record). You should also indicate in what form you want the list of disclosures (for example, in electronic form or by mail). The first accounting you request within a 12-month period is free. For additional accountings, we may charge you the reasonable cost of providing the accounting

‍Right to be Notified of a Breach: Please be aware that We are required to notify You in the event of a breach involving Your unsecured PHI and will do so as required by law.

‍Right to Receive a Paper Copy of this Notice: You have the right to obtain a paper copy of this Privacy Policy by written request to the email address listed below.

What should I do if I have a question or concern about my collected PHI?
If You believe Your privacy rights have been violated by RxMapper, You have the right to file a complaint with Us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights sending a letter to 200 Independence Avenue, S.W., Room 509F HHH Bldg., Washington, D.C. 20201 or by visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against You, or any individual, for filing a complaint.

Confidentiality and the Genetic Information Nondiscrimination Act (GINA)
RxMapper is bound by and fully abides by the GINA law that was passed into law in 2008 designed to prohibit discrimination based upon genetic information.

Changes to Notice of Privacy Practices and Privacy Policy
RxMapper reserves the right to amend the terms of this Privacy Policy and Notice of Privacy Practices to reflect changes in Our privacy practices, and to make the new terms and practices applicable to all PHI that We maintain about You, including PHI created or received prior to the effective date of the Privacy Policy and Notice of Privacy Practices revision. Our Privacy Policy and Notice of Privacy Practices is displayed on our website and a copy is available upon request. Accordingly, please check back periodically.

Contact Information
To request We send You Your health information, request amendments to Your PHI, file a complaint with Us, or should You have any questions about this Privacy Policy and Notice of Privacy Practices, send an email to support@rxmapper.com, call Us at 1-800-950-3230, or write to Us at RxMapper, LLC, 9375 E. Shea Blvd., Suite 134, Scottsdale, AZ 85260.
‍
Effective Date: November 1, 2025

About RxMapper

How It Works

Connect