Legal
Privacy Policy
1. Introduction
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Privacy Policy explains how Health Rockit collects, uses, protects, and shares information about visitors to healthrockit.com and individuals who use our telehealth platform. It also summarizes the notice-of-privacy-practices rights you have with respect to the licensed providers and pharmacies — the HIPAA covered entities — who deliver care through the platform, including how health information may be used and disclosed by them and how you can access that information.
By using healthrockit.com or the services available through our platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the site or the services.
2. Who We Are
Health Rockit is a telehealth platform operated by Here Brands LLC. We provide the technology that connects patients with independent licensed healthcare providers and licensed pharmacies. Health Rockit does not practice medicine and does not dispense medication. Clinical consultations are provided through LocumTele (locumtele.org), an independent network of licensed providers, and prescriptions are filled by licensed pharmacy partners, including Rush Pharmacy (rushpharmacy.com).
Health Rockit serves patients in 47 U.S. states. We do not currently serve California, South Carolina, or New Jersey. See our Compliance page for details.
3. HIPAA Compliance Statement
The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") governs how certain organizations handle protected health information ("PHI"). Under HIPAA:
- The independent medical groups, licensed providers, and pharmacies who deliver care and dispense medication through the platform are generally "covered entities" directly subject to HIPAA.
- Health Rockit, as a technology platform, may not itself be a covered entity. However, when Health Rockit creates, receives, maintains, or transmits PHI on behalf of a covered entity, it may function as a "business associate" and is bound by business associate agreements that require HIPAA-level safeguards.
Regardless of formal classification, we apply HIPAA-conscious safeguards to all health information handled through the platform, as described in the Information Security section below.
4. Information We Collect
Personal Information
Information that identifies you as an individual, such as your name, date of birth, mailing and shipping address, email address, phone number, and account credentials. If you begin a consultation, billing-related details may also be collected in order to administer the service.
Protected Health Information
Health information you provide during your secure online visit or afterward, such as your health history, current medications, allergies, symptoms, weight and vital measurements, photographs or documents you submit, messages exchanged with your care team, and the clinical records created by your providers — including treatment plans and prescriptions, when a provider determines treatment is medically appropriate.
Usage Information
Technical information collected automatically when you visit healthrockit.com, such as IP address, browser and device type, pages viewed, referring pages, and general interaction data, including through cookies or similar technologies. We use this information to operate, secure, and improve the site. Usage information collected on the public website is not combined with your medical records.
5. How We Use Your Information
For Treatment
Your health information is shared with the licensed providers who review your intake so they can evaluate your health history, determine whether treatment is medically appropriate, issue a prescription only when clinically warranted, and provide follow-up care. If a prescription is issued, relevant information is shared with the dispensing pharmacy so it can fill and ship your medication.
For Payment
Information may be used to administer billing for services rendered, verify charges, and process refunds or adjustments, consistent with applicable law. We do not submit claims to Medicare or other insurers on your behalf.
For Healthcare Operations
Information may be used for quality assurance, clinical review and audit, compliance monitoring, customer support, training, and improving the safety and reliability of the platform.
Other Permitted Uses
We may use or disclose information when required by law; to respond to lawful requests from public authorities; to prevent a serious threat to health or safety; for public health activities; in connection with a corporate transaction subject to equivalent confidentiality obligations; or with your written authorization, which you may revoke at any time. We do not sell your personal or health information, and we do not use your health information for third-party advertising.
6. How We Share Your Information
Information is shared only as needed to deliver your care and operate the service:
- Licensed providers. Your intake and health records are shared with providers in the LocumTele network (locumtele.org) licensed in your state, for the purpose of medical review and ongoing care.
- Licensed pharmacies. If a provider issues a prescription, the prescription and the information needed to fill and ship it are transmitted to a licensed pharmacy partner, including Rush Pharmacy (rushpharmacy.com). You are free to obtain your prescription from any pharmacy of your choice by contacting support and notifying your prescribing healthcare professional.
- Service providers. Vendors that host, secure, ship, or support the platform may process limited information under contracts — including business associate agreements where PHI is involved — that restrict use to the services they perform for us.
- Legal and safety disclosures. As described under "Other Permitted Uses" above.
7. Your Health Information Rights
With respect to health information held by the covered entities that deliver your care, you have the following rights under HIPAA:
Right to Access
You may request to inspect and obtain a copy of your health records, typically within 30 days of a written request. A reasonable, cost-based fee may apply to copies.
Right to Amendment
If you believe information in your record is incorrect or incomplete, you may request an amendment in writing. A request may be denied in certain circumstances, in which case you will receive a written explanation and may submit a statement of disagreement.
Right to an Accounting of Disclosures
You may request a list of certain disclosures of your health information made in the six years prior to your request, other than disclosures for treatment, payment, and healthcare operations or those you authorized.
Right to Request Restrictions
You may ask for restrictions on how your health information is used or disclosed. The covered entities are not required to agree to every request, but agreed restrictions will be honored except in emergencies.
Right to Confidential Communications
You may request that your care team communicate with you in a specific way or at a specific location — for example, only by email or only at a particular phone number. Reasonable requests will be accommodated.
Right to a Paper Copy
You may request a paper copy of your providers’ notice of privacy practices at any time, even if you agreed to receive it electronically.
Right to Breach Notification
You have the right to be notified if a breach occurs that compromises the privacy or security of your unsecured health information.
Right to File a Complaint
You may file a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. See the Complaints section below.
8. Exercising Your Rights
To exercise any of the rights above, contact us through the contact form on our home page and describe your request. We may need to verify your identity before acting on a request. We will respond within the timeframes required by applicable law, and your care will not be conditioned on whether you exercise these rights.
9. State-Specific Privacy Rights
Some U.S. states grant residents additional privacy rights, such as the right to know what categories of personal information are collected, the right to request deletion of certain information, and the right to opt out of the sale or sharing of personal information. Health Rockit does not sell personal information. If your state provides such rights, you may exercise them using the process described in "Exercising Your Rights" above, and we will honor them to the extent required by the law of your state. Note that health records are subject to independent medical-record retention laws that may limit deletion.
10. Information Security
We maintain administrative, technical, and physical safeguards designed to protect your information, including:
- Encryption of data in transit and at rest;
- Role-based access controls that limit information to personnel who need it to perform their duties;
- Workforce privacy and security training;
- Business associate agreements with vendors that handle protected health information;
- Monitoring, logging, and incident-response procedures.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If a breach affecting your unsecured health information occurs, you will be notified as required by law.
11. Data Retention
We retain personal information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Medical records created by your providers are retained in accordance with state medical-record retention requirements, which typically require retention for a number of years after your last visit. When information is no longer required, it is deleted or de-identified using secure methods.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The effective date at the top of this page indicates when it was last revised. Material changes will be posted on this page, and where required by law we will provide additional notice. Your continued use of the site or services after an updated policy takes effect constitutes acceptance of the revised policy.
13. Complaints
If you believe your privacy rights have been violated, you may file a complaint with us through the contact form (please reference "Privacy Complaint" in your message). You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at hhs.gov/ocr or by calling 1-877-696-6775.
We will not retaliate against you for filing a complaint.
14. Contact Information
Questions about this Privacy Policy or our privacy practices may be directed to our Privacy Officer through the contact form on our home page. Please do not include detailed medical information in general inquiries.
Health Rockit is not for medical emergencies. If you are experiencing a medical emergency, call 911 or go to the nearest emergency room.
This Privacy Policy is effective as of July 7, 2026. Related documents: Terms of Service · Telehealth Consent · Compliance.