Notice of Privacy Practices

English | Español


This Notice of Privacy Practices (“Privacy Notice”) applies to ScriptHero Pharmacy, LLC (“ScriptHero Pharmacy”), to the extent of its acting in the capacity of a “covered health care provider” by transmitting health information as a health care provider in electronic form in connection with a transaction covered by 45 C.F.R. Subchapter C (Administrative Data Standards and Related Requirements).


When acting in the capacity as a covered health care provider, ScriptHero Pharmacy is required by law to maintain the privacy of protected health information (“PHI”) and provide you notice of our legal duties and privacy practices with respect to PHI. PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care products and services to you, or payment for such services. We have provided you with examples on how we may use or disclose your PHI; however, not every permissible use or disclosure will be listed in this Notice.

We implement reasonable administrative, technical, and physical safeguards to protect PHI against unauthorized access, use, and disclosure.

How ScriptHero Pharmacy Uses and Discloses PHI

Treatment - We use your PHI to treat you. For example, we may receive written, verbal, facsimile or electronic health information and prescription orders for you and use health PHI to provide prescription medications to you. To coordinate your care, we may also disclose your information to other health care providers who are treating you. We may contact you to provide treatment-related services, such as treatment alternatives, and other health-related benefits and services that may be of interest to you.

We may use or disclose your PHI to provide refill reminders or otherwise communicate about a drug or biologic that is currently being prescribed for you, either where no financial remuneration is received by us or, if so, where only where any financial remuneration received by us in exchange for making the communication is reasonably related to our cost of making the communication. Otherwise, we will only do so if and once you have provided us with a HIPAA Authorization to do so.

Payment - We use your PHI to receive payment for products and services. For example, we may contact your third-party payor, such as your insurer or pharmaceutical benefits manager, to determine whether your program will pay for your prescription. We bill you and/or a third-party payor for the cost of prescription medications provided to you. The information on or accompanying the bill may include your PHI such as the prescriptions you are taking.

Health Care Operations - We use your PHI to carry out health care operations. These uses and disclosures are necessary to run the pharmacy and to make sure that all of our patients receive quality care. For example, we may use information in your health record to monitor the quality of pharmacist performance and to train pharmacy personnel. Your PHI may be transferred for the purposes of carrying out pharmacy services if we buy or sell pharmacy locations.

Business Associates - We may contract with third parties to perform certain services for us, such as billing services, copy services, or consulting services. These third-party service providers, referred to as Business Associates, may need to access your PHI to perform services for us. They are required by contract and law to protect your PHI and only use and disclose it as necessary to perform their services for us. ScriptHero Pharmacy business associates may include, but not be limited to, ScriptHero, LLC (“ScriptHero Marketplace”); and CoverMyMeds, LLC (“CMM”).

To Communicate with Individuals Involved in Your Care or Payment for Your Care - We may disclose PHI about you to a relative, a close friend, or any other person you identify, provided the information is directly relevant to that person’s involvement with your health care or payment for that care. For example, if a family member or a caregiver calls us with prior knowledge of a claim, we may confirm whether or not the claim has been received and paid. You have the right to stop or limit this kind of disclosure by calling us at our phone number listed below, during our hours of operation, also noted below.

Food and Drug Administration ("FDA") - We may disclose to persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacement.

Workers’ Compensation - To the extent necessary to comply with law, we may disclose your PHI to workers’ compensation or other similar programs established by law.

Public Health - We may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability, including the FDA. In certain circumstances, we may also report work-related illnesses and injuries to employers for workplace safety purposes.

Law Enforcement - We may disclose your PHI for law enforcement purposes as required or permitted by law for example, in response to a subpoena or court order, in response to a request from law enforcement, and to report limited information in certain circumstances.

As Required by Law - We disclose your PHI when required to do so by federal, state or local law. We will follow applicable state laws if they are more protective of your health information or provide you with additional rights regarding your health information.

Health Oversight Activities - We may disclose your PHI to oversight agencies for activities authorized by law. These oversight activities include such things as audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs and compliance with civil rights laws.

Judicial and Administrative Proceedings - If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.

Research - We may use your PHI to conduct research and we may disclose your PHI to researchers as authorized by law. For example, we may use or disclose your PHI as part of a research study when the research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.

Coroners, Medical Examiners and Funeral Directors - We may release your PHI to coroners or medical examiners so that they can carry out their duties. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.

Organ or Tissue Procurement Organizations - Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.

Notification - We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.

Disaster Relief - We may use and disclose your PHI to organizations for purposes of disaster relief efforts.

Correctional Institution - If you are or become an inmate of a correctional institution, we may disclose to the institution, or its agents, PHI necessary for your health and the health and safety of other individuals.

To Avert a Serious Threat to Health or Safety - We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.

Military and Veterans - If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.

National Security, Intelligence Activities, and Protective Services for the President and Others - We may release PHI about you to federal officials for intelligence, counterintelligence, protection of the President, and other national security activities authorized by law.

Victims of Abuse or Neglect - We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.

HIPAA Authorization Uses or Disclosures - To the extent required by the HIPAA Privacy Rule, we will first ask for and obtain from you a HIPAA Authorization before using or disclosing your PHI. For example, where a HIPAA Authorization is required, we would not use or disclose your PHI for marketing purposes or to sell your PHI, unless you first provide a HIPAA Authorization to allow us to do so. Other instances for which we may use or disclose your PHI based on a HIPAA Authorization include, but are not limited to, drug manufacturer, patient assistance programs, copay programs, free trial programs, or benefits investigations to determine expected medical or prescription drug coverage through your health insurance plan or other programs. If you have given us a HIPAA Authorization, you may revoke it at any time, if we have not already acted on it.

Your Legal Rights

You have the right to make certain requests regarding your PHI, including the right to:

Federal regulations concerning the privacy and security of personal health information give you the right to make certain requests regarding health information about you.

  • See and get a copy of your PHI held by ScriptHero Pharmacy - If we maintain an electronic health record containing your PHI, you have the right to ask to get the information in an electronic format. You may ask us to send a copy of your information to other individuals or entities that you designate. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your information, you may request that the denial be reviewed.
  • Request an amendment of your information - If you feel that the PHI we maintain about you is incomplete or incorrect, you may request that we amend it. You must include a reason that supports your request. If we deny your request for an amendment, we provide you with a written explanation of why we denied it.
  • Get a list of those who received your PHI from ScriptHero Pharmacy - Except for certain disclosures, you have a right to receive a list of the disclosures we have made of your PHI, in the six years prior to the date of your request. The list will not include disclosures such as PHI that was given to you or your personal representative or that was given out for treatment, payment or operations reasons.
  • Ask ScriptHero Pharmacy to communicate with you in a different manner or at a different place - (for example, by sending materials to a P.O. Box instead of your home address).
  • Ask ScriptHero Pharmacy to restrict or limit how we use or disclose your PHI - You have the right to request restrictions on our use or disclosure of your PHI. We are not required to agree to the restrictions, except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, is not otherwise required by law, and the information pertains solely to a health care item or service for which you, or a person on your behalf, has paid in full.
  • Receive a notice of a breach of certain health information - We are required to notify you of any breach that involves your PHI.
  • Get a separate paper copy of this notice - You can ask for a paper copy of this Notice at any time, even if you have agreed to receive the notice electronically.

How to File a Complaint

You may make any of the requests described above in writing to our Privacy Officer at our address provided below. You may request a paper copy of this notice by calling us at our phone number below. Our hours of operation are provided below. You also have the right to file a complaint if you think your privacy rights have been violated. To do so, please send your inquiry to the address provided below. You also may write to the Secretary of the U.S. Department of Health and Human Services (“HHS”) at the contact information noted below. You will not be penalized for filing a complaint.

You also have the right to file a complaint if you think your privacy rights have been violated. To do so, please send your inquiry to the address provided below. You also may write to HHS at the contact information noted below. You will not be retaliated for filing a complaint.

This Notice is Subject to Change

This notice is being provided to you herein and is also posted on our website. ScriptHero Pharmacy follows the terms of the notice currently in effect. We may change the terms of this notice and our privacy policies at any time. If we do, the new terms and policies will be effective for all of the information that we already have about you, as well as any information that we may receive or hold in the future.

If you have questions regarding this notice, please contact us at phone number provided below, during our hours of operation noted below.

Our and HHS’ Contact Information

Our contact information is: ScriptHero Pharmacy LLC, 2 Miranova Place Floor 10, Columbus, Ohio, 43215, Attn: Privacy Officer. Our phone number is 866-411-9134 (TTY/TDD users should call 711). Our hours of operation are Monday through Friday, 8:00 a.m. to 7:00 p.m. EST; and Saturday from 9:00 a.m. to 2:00 p.m. EST. We have an answering service 24 hours a day, 7 days a week.

HHS may be contacted, as follows: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, SW, Room 509F, HHH Building, Washington, D.C. 20201; (800) 368-1019; TDD toll-free: (800) 537-7697;

[1] As used in this Privacy Notice, the pronouns, “we”, “us” or “our”, whether in lower or upper case, refers to ScriptHero Pharmacy. The pronouns, “you”, “your” or “yours”, whether in lower or upper case, refers to the individual whose protected health information is at issue. Under the HIPAA Privacy Rule, a personal representative is a person who is duly-authorized under applicable law to make health care decisions for the individual. To the extent the HIPAA Privacy Rule requires us to treat such person as having the right to act for such individual whose protected health information is at issue, the terms, “you”, “your” and “yours”, whether in lower or upper case, also shall refer to such person, when acting as personal representative.

Last updated: April 22, 2021