Noticy of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY
When this Notice of Privacy Practices (“Notice”) refers to “we” or “us,” it is referring to RoyalRX and all the pharmacists who provide health care services and the employees of our pharmacy. We are required by law to maintain the privacy of your protected health information (“PHI”), to follow the terms of the Notice currently in effect, to give you this Notice setting forth our legal duties and privacy practices concerning your PHI and to notify affected individuals following a breach of unsecured PHI. This Notice describes how we may use and disclose your PHI. Additionally, this Notice explains the rights you have with respect to your PHI, and certain obligations we must abide by in accordance with the law. We reserve the right to amend this Notice. If we make any material revisions to this Notice, we will post a copy of the revised Notice in the pharmacy, on our website and will offer you a copy of the revised Notice.
This notice explains how your medical information may be used and shared, and how you can access it. Please read it carefully:
At KnightlyRx, when we use the terms “we,” “our,” or “us,” we’re referring to KnightlyRx and the licensed healthcare professionals and pharmacy partners who help deliver services through our platform. We are legally obligated to protect the privacy of your protected health information (“PHI”), to comply with the terms outlined in this Notice, and to inform you in the event of any unauthorized breach involving your PHI.
This Notice outlines how we may use or disclose your PHI as part of delivering care, operating our platform, and meeting legal or regulatory requirements. It also details your individual rights regarding your PHI and our responsibilities under federal privacy law. We may update this Notice from time to time, and if we do, the revised version will be made available on our website and offered to you upon request.
1) How We Use And Share Your Protected Health Information (PHI)
We will use and disclose your PHI for treatment, payment and health care
operations. We may also use your PHI for other purposes that are permitted and/or required by law and pursuant to your written authorization. The following lists examples of how we may use and/or disclose your PHI. Any other uses not described in this Notice will only be made with your explicit written authorization, which you may revoke at any time by providing us with written notice of your revocation.
A. Treatment – We may use and disclose your PHI in order to provide you with prescription and supply services. We may disclose your PHI to other pharmacists, pharmacy technicians and health care providers that are involved in your care. You
will receive an individual notice and have the opportunity to opt out of any subsidized treatment communications.
B. Payment – We will use and disclose your PHI in order to obtain payment for the health care services we provide to you. We may also need to disclose your PHI to receive prior approval from your health plan or to determine if your health plan will cover a certain prescription or service.
C. Health Care Operations – We may use and disclose your PHI in connection with the management of our pharmacy. For example, this may include: quality assessment and improvement, internal compliance audits, and performance evaluations.
Additionally, we may use your PHI for our business management and general administrative activities.
D. Prescription Refill Reminders, Treatment Alternatives or Health-Related Benefits – We may use and disclose your PHI to contact you to remind you about prescription refills, to tell you about treatment options or alternatives, or to inform you about health-related benefits or services that may be of interest to you.
E. Family Members, Relatives or Close Friends – Unless you object to such disclosure, we may disclose your PHI to your family members, relatives or close personal friends, or any other persons identified by you as being involved in the treatment or
payment for your medical care. If you are not present to agree or object to our disclosure of your PHI to a family member, relative or friend, we may exercise our professional judgment to determine whether the disclosure is in your best interest. If we decide to disclose your PHI, we will only disclose the PHI that is relevant to your treatment or payment.
F. Other Permitted and Required Uses and Disclosures – We may use your PHI without obtaining your authorization and without offering you the opportunity to agree or object as follows:
- as required by law, provided however, that the use or disclosure will be made in compliance with applicable law;
- to a public health authority that is authorized by law to collect or receive such information, or to a foreign government agency that is acting in collaboration with a public health authority and these health activities generally include preventing or controlling disease, reporting deaths, reporting adverse effects of medications or problems with products, notification of communicable disease, and reporting abuse or neglect under certain circumstances;
- to a health oversight agency for oversight activities authorized by law, including audits and inspections, and civil, administrative or criminal investigations, proceedings or actions;
- for judicial or administrative proceedings purposes in response to a subpoena, court order, discovery request, etc. but only if efforts have been made to inform you about the request or to obtain an order protecting the information requested;
- to law enforcement to report certain injuries, comply with court orders or warrants or similar process, to identify a suspect, fugitive, missing person or victim or to report a crime;
- to a coroner or medical examiner to perform duties authorized by law such as identification of a deceased person or determining the cause of death;
- to funeral directors, consistent with applicable law, as necessary to carry out their duties;
- to organ procurement organizations or similar entities for the purpose of facilitating organ, eye or tissue donation and transplantation;
- for research purposes provided that certain approvals take place and assurances are given;
- to avert a serious threat to health or safety, so long as the disclosure is only to a person who is reasonably able to prevent or lessen such threat;
- for military and veterans activities (including foreign military personnel) to assure the proper execution of a military mission and to determine eligibility for benefits;
- for national security and intelligence activities for the purpose of conducting lawful intelligence, counter-intelligence and other national security activities;
- for protection of the President and other authorized persons or foreign heads of state or to conduct authorized investigations;
- to a correctional institution or law enforcement custodian if you are an inmate or under custody; and to the extent necessary to comply with laws relating to workers’ compensation and work-related injuries.
At KnightlyRx, we use and share your PHI for essential functions such as delivering care, processing payments, and managing operations. In some cases, your PHI may also be disclosed as required or allowed by law, or if you’ve given us written permission. Below are key ways we may use or share your information. Any other use not covered here will require your explicit, written authorization, which you can revoke at any time by notifying us in writing.
A. Treatment
We may use or disclose your PHI to provide you with prescription services and coordinate your care. This may include communication with affiliated pharmacists, technicians, or other healthcare professionals involved in your treatment. You will be notified and given the opportunity to opt out of any promotional or subsidized treatment communications.
B. Payment
Your PHI may be used to secure payment for services provided. This could include sharing information with your insurance plan to confirm coverage, obtain prior authorizations, or process billing.
C. Healthcare Operations
We may use or disclose your PHI to run and improve our operations. These uses include internal audits, quality control, regulatory compliance reviews, staff evaluations, and administrative tasks related to operating our pharmacy services.
D. Refill Reminders, Alternatives, and Health Benefits
We may contact you using your PHI to remind you about upcoming prescription refills, offer information about alternative treatments, or share updates on health-related products or services that may benefit you.
E. Involvement of Family or Personal Representatives
Unless you tell us otherwise, we may share relevant PHI with your family members, close friends, or others you identify as being involved in your care or payment. If you are unavailable or incapacitated, we may use our professional judgment to decide whether sharing specific PHI is in your best interest, limiting it only to what is necessary.
F. Other Permitted or Required Disclosures Without Authorization
In certain situations, we may use or disclose your PHI without your written consent or opportunity to object, including:
- Legal Requirements: When disclosure is required to comply with federal, state, or local law.
- Public Health Activities: To report disease, injury, death, medication side effects, product recalls, or abuse/neglect to public health authorities.
- Health Oversight: To agencies performing audits, inspections, or investigations.
- Judicial and Administrative Proceedings: In response to a court order, subpoena, or other legal process, provided efforts are made to notify you or safeguard your data.
- Law Enforcement: To report certain injuries, support criminal investigations, or respond to valid legal requests.
- Coroners and Medical Examiners: For identifying a deceased individual or determining cause of death.
- Funeral Directors: As needed for them to carry out their lawful duties.
- Organ and Tissue Donation: When necessary to support transplant coordination.
- Research: Under specific conditions and protections for your privacy.
- Prevention of Harm: When necessary to avoid a serious health or safety threat, and only shared with individuals who can help mitigate it.
- Military and Veterans Affairs: To ensure mission readiness or benefit eligibility.
- National Security and Intelligence: For lawful intelligence and national security efforts.
- Presidential Protection and Investigations: As authorized by law for security or investigative purposes.
- Inmate Health or Law Enforcement Custody: When required by correctional institutions or legal custodians.
- Workers’ Compensation: To comply with laws governing job-related injuries or illnesses.
2) Your Right Regarding Your Protected Health Information
As our patient, you have a number of rights associated with your PHI. The following describes your specific rights.
A. You have the right to request restrictions or limitations on how we use and/or disclose your PHI, however, we do not have to agree to your requested restriction or limitation (except for transactions you paid for in full out-of-pocket). Your written request must specify: (1) if you would like to restrict or limit our use and/or disclosure; (2) what information you want restricted or limited; and (3) to whom the restriction or limitation applies (e.g., spouse).
If we agree to your request, it will not prevent us from disclosing your PHI as follows: (1) to you if you request access or an accounting of disclosures; (2) for purposes required or permitted by law; or (3) in case of an emergency.
B. You have the right to receive confidential communications concerning your PHI by alternative means or via alternative locations. For example, you may want to receive communications related to your prescriptions at a different address other than your home address. If you wish to receive confidential communications via alternative means or locations, please submit your request in writing to the Privacy Officer and set forth the alternative means by which you wish to receive communications or the alternative location at which you wish to receive such communications. We will accommodate all reasonable requests.
C. You have the right to access, inspect and obtain a copy of your PHI, including any electronic PHI; provided, however, you are not entitled to access certain PHI exempted under HIPAA. To the extent we maintain electronic PHI, upon request we will provide you with a copy of your PHI in the format requested. If we do not have your PHI in our possession, we will provide you with the appropriate contact information when your request is received. If you request a copy of your PHI, you will receive a response to your request in a timely fashion but may be charged a reasonable, cost-based fee to cover copy costs and postage. In some limited circumstances, we may deny your request for access to PHI in which case you may request for the denial to be reviewed. If access is ultimately denied, you are entitled to a written explanation with the reason(s) for the denial.
D. You have the right to receive an accounting of disclosures of your PHI made by us, including disclosures to or by our business associate(s), for a period of six (6) years prior to the date on which you request an accounting of disclosures, or such lesser period as you indicate. You will receive one request annually free of charge and, thereafter, we may charge you a reasonable, cost-based fee for each subsequent request for an accounting of disclosures within the same twelve-month period. We will notify you of the cost for an accounting of disclosures and you may choose to withdraw or modify your request before we charge you.
E. If you believe we have PHI about you that is incorrect or incomplete, you may make a written request to us stating the reasons to support any requested amendment. You have the right to request an amendment to your PHI for so long as we maintain your PHI. If we do not have your PHI in our possession, we will provide you with the appropriate contact information when we receive your request. We will respond to your request for an amendment after we receive your request. However, we may deny your request for amendment if, for example, we determine that the PHI you requested was not created by us or is already accurate and complete. You may respond to our denial by filing a written statement of disagreement, but we have the right to rebut your disagreement. If this occurs, you have the right to request that your original request, our denial, your statement of disagreement, and our rebuttal be included in future disclosures of your PHI.
F. You have the right at any time to obtain a paper copy of this Notice, even if you receive this Notice electronically. If you have received an electronic copy of this Notice but wish to obtain a paper copy of this Notice, please send your request in writing to the Privacy Officer at the address listed below.
G. You have the right to opt-out of fundraising and your PHI will not be used for fundraising purposes or sold without your prior authorization.
As a KnightlyRx patient, you have specific rights when it comes to your PHI. Below is a summary of those rights and how you can exercise them:
A. Right to Request Restrictions
You may ask us in writing to place limits on how your PHI is used or shared, such as who we can disclose your information to or what specific data should be restricted. While we are not obligated to approve most restrictions, we are required to comply if the information relates to services you paid for fully out-of-pocket. Your request must clearly specify what information you want restricted, how the restriction should apply, and to whom.
Even if we approve a restriction, we may still disclose your PHI:
- To you, upon request;
- If required or permitted by law;
- Or in emergency situations when necessary to protect your health.
B. Right to Receive Confidential Communications
You may request to receive communications about your PHI through alternate means or at alternate locations (e.g., at a work address rather than your home). These requests must be made in writing to our Privacy Officer, and we will honor all reasonable requests to protect your privacy.
C. Right to Access and Copy Your PHI
You have the right to inspect and request copies of your health records, including any available electronic formats. If we maintain your PHI electronically, we’ll do our best to provide it in the format you prefer. If your PHI is maintained by another entity, we will direct you to the appropriate source. A reasonable cost-based fee may apply to cover copy or postage costs. If we deny access to certain information (as allowed under HIPAA), you may request a review of that denial and will receive a written explanation.
D. Right to an Accounting of Disclosures
You may request a record of certain disclosures we’ve made of your PHI, including those made by our business partners, for up to 6 years before the date of your request (or a shorter time period if you choose). You are entitled to one free report every 12 months; any additional requests may be subject to a reasonable fee. We’ll notify you of the cost beforehand so you can decide whether to proceed, modify, or cancel the request.
E. Right to Request an Amendment
If you believe your PHI is inaccurate or incomplete, you may request a correction. This request must be made in writing, along with your reasons for the amendment. If we do not control the records in question, we’ll help direct you to the appropriate entity. While we will review all requests, we may deny an amendment if the information was not created by us, or if it is already accurate and complete. If we deny your request, you may submit a written disagreement, and we reserve the right to respond with a rebuttal. Upon request, we will include your original request, our response, your disagreement, and any rebuttal in all future disclosures related to that PHI.
F. Right to a Paper Copy of This Notice
You have the right to receive a physical copy of this notice at any time, even if you initially received it electronically. To request a paper copy, simply send a request at support@knightlyrx.com
G. Right to Opt Out of Fundraising and PHI Sales
Your PHI will never be sold or used for fundraising activities without your explicit written permission. You may opt out of any such uses at any time.
3) Questions, Complaints or Additional Information
If you need any additional information about this Notice or wish to exercise any of your rights set forth in this Notice, please contact the Privacy Officer at the following address: RoyalRX 1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 80281
If you believe your privacy rights have been violated, you may file a complaint without retaliation with the Privacy Officer of the pharmacy or with:
Secretary of the Department of Health and Human Services
200 Independence Avenue SW
Washington D.C. 20201
A. Contacting Us
If you have questions about this Privacy Notice, need help understanding your rights, or would like to exercise any of the rights outlined above, please reach out to our Privacy Officer at the address below:
Email: support@knightlyrx.com
Phone: 855-597-1248 (toll-free)
Business Address: 194 N Wimberly Way Conroe, TX 77385
B. Filing a Complaint
If you believe your privacy rights have been violated, you have the right to file a complaint without fear of retaliation. You may direct your complaint either to our Privacy Officer or to the Secretary of the Department of Health and Human Services at the following address:
U.S. Department of Health and Human Services
Secretary’s Office
200 Independence Avenue SW
Washington, D.C. 20201
