This Consumer Health Data Privacy Policy ("Policy") supplements our general Privacy Policy and is provided in compliance with the Washington My Health My Data Act (HB 1155), the Nevada Consumer Health Data Privacy Law (SB 370), and similar state consumer health data protection laws.
This Policy describes how Nuvari Health, LLC ("Nuvari," "we," "us," or "our") collects, uses, shares, and protects consumer health data, and explains your rights regarding that data.
Consumer health data is personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. Under applicable state laws, this includes but is not limited to:
| Category | Examples | Source |
|---|---|---|
| Health Assessment Data | Responses to health questionnaires, symptom descriptions, wellness goals, health history | Directly from you |
| Treatment Information | Prescribed protocols, medication details, dosages, treatment plans | Healthcare providers via CareValidate |
| Prescription Data | Medication names, quantities, refill history, pharmacy fulfillment records | Pharmacies, healthcare providers |
| Biometric & Physical Data | Height, weight, BMI, blood pressure (if provided) | Directly from you |
| Health Product Purchases | Protocol subscriptions, order history, product selections | Your account activity |
| Health-Related Communications | Messages with healthcare providers, support inquiries about health topics | Directly from you |
| Inferred Health Data | Health interests or conditions inferred from browsing behavior on our site | Automatically collected |
We collect and use consumer health data for the following purposes:
| Purpose | Description |
|---|---|
| Providing Services | To facilitate telehealth consultations, process prescriptions, and deliver personalized wellness protocols |
| Treatment & Care | To enable healthcare providers to evaluate your health, make clinical decisions, and provide ongoing care |
| Pharmacy Fulfillment | To transmit prescriptions to pharmacies and coordinate medication delivery |
| Billing & Payments | To process subscription payments and manage your account |
| Communications | To send treatment-related notifications, appointment reminders, and respond to your inquiries |
| Service Improvement | To analyze aggregated, de-identified data to improve our platform and services |
| Legal Compliance | To comply with applicable laws, regulations, and legal obligations |
| Safety & Security | To detect and prevent fraud, abuse, and security threats |
We do not sell consumer health data. We do not use consumer health data for advertising or marketing purposes without your explicit consent.
We may share consumer health data with the following categories of third parties, and only for the purposes described:
| Recipient | Purpose | Data Shared |
|---|---|---|
| CareValidate (Telehealth Partner) | Clinical services, physician consultations, treatment management | Health assessment data, health history, treatment information |
| Licensed US Pharmacies | Prescription compounding and fulfillment | Prescription details, patient name, shipping address |
| Payment Processors | Transaction processing | Billing information only (no health data) |
| Shipping Carriers | Medication delivery | Name, address (no health data on packaging) |
| Legal/Regulatory Authorities | Compliance with laws, subpoenas, court orders | As required by the specific legal obligation |
All third parties with access to consumer health data are contractually required to maintain confidentiality and comply with applicable privacy laws. We require Business Associate Agreements where required by HIPAA.
We retain consumer health data for the following periods:
| Data Category | Retention Period | Reason |
|---|---|---|
| Health assessment responses | Duration of account + 7 years | Medical record retention requirements |
| Treatment and prescription records | Duration of account + 7 years | State medical record retention laws |
| Provider communications | Duration of account + 7 years | Part of medical record |
| Purchase history | Duration of account + 7 years | Tax and compliance requirements |
| Inferred health data | 13 months | Service improvement; deleted after analysis |
When data is no longer needed for its stated purpose and no legal retention requirement applies, we will securely delete or de-identify it.
Under applicable state consumer health data privacy laws, you have the following rights:
You have the right to confirm whether we are collecting or sharing your consumer health data and to request a list of all third parties with whom we have shared your data during the prior 12 months.
You have the right to request deletion of your consumer health data. Upon receiving a verified request, we will delete your data within 30 days, unless an exception applies (such as legal retention requirements for medical records).
Where we rely on your consent to collect or share consumer health data, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing performed before the withdrawal.
We will not discriminate against you for exercising any of your rights under this Policy. You will not receive different pricing, quality of service, or access based on exercising your privacy rights.
To exercise any of the rights described above, you may:
To protect your privacy, we will verify your identity before processing any request. Verification may require you to provide:
We will respond to verified requests within 30 days. If we need additional time (up to 15 extra days), we will notify you of the extension and the reason.
You may designate an authorized agent to submit requests on your behalf. We may require the authorized agent to provide proof of written authorization and may separately verify your identity.
Before collecting consumer health data, we obtain your consent through:
You will not be required to create an account or agree to collection of unnecessary consumer health data as a condition of receiving our core Services, unless that data is essential to providing the service you requested.
We do not use geofencing technology to collect consumer health data around healthcare facilities, counseling centers, or similar locations.
We protect consumer health data with security measures including:
We may update this Policy to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by email or through a prominent notice on our website at least 30 days before the changes take effect.
If you have questions about this Consumer Health Data Privacy Policy or wish to exercise your rights, please contact us:
Nuvari Health, LLC
Email: privacy@nuvarihealth.com
Website: nuvarihealth.com