CORVANHEALTH
Apply Now

HIPAA Notice

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Effective Date: [Effective Date TBD]

1. WHO THIS NOTICE COVERS This Notice is the standard form adopted by the network of independent, physician-owned medical practices ("the affiliated practices") that deliver clinical care to patients through the Corvan Health LLC telehealth platform. Each affiliated practice is a HIPAA-covered entity; each adopts this Notice (or a substantially similar one) for its own operations and is required by law to protect the privacy of your protected health information ("PHI"). At intake, you will be matched with a specific affiliated practice based on your state of residence; that practice's Notice of Privacy Practices governs the specific care you receive.

Corvan Health LLC is not itself a HIPAA-covered entity. Corvan Health LLC provides non-clinical technology and operational services to the affiliated practices as a Business Associate under written Business Associate Agreements (BAAs) and is contractually bound to protect your PHI in accordance with HIPAA. Other vendors (lab vendors, compounding pharmacies, electronic health record systems, payment processors, communications providers, etc.) may also act as Business Associates of the affiliated practices under BAAs.

2. THE PRACTICE'S COMMITMENT TO YOU Your affiliated practice is required by law to (a) maintain the privacy of your PHI, (b) provide you with this Notice of its legal duties and privacy practices, (c) abide by the terms of the Notice currently in effect, and (d) notify you in the event of a breach of your unsecured PHI.

3. HOW PHI MAY BE USED AND DISCLOSED WITHOUT YOUR AUTHORIZATION

For Treatment. PHI is used and disclosed to provide, coordinate, and manage your healthcare. Examples: a physician reviews your lab results, prescribes medication, and shares relevant information with the dispensing pharmacy; a care coordinator handles lab orders, scheduling, and follow-up.

For Payment. PHI is used and disclosed to bill for and collect payment for services. Examples: communicating with payment processors to process card transactions; issuing receipts that may be submitted to HSA/FSA administrators on your request.

For Healthcare Operations. PHI is used and disclosed for quality assessment, clinical training, credentialing, compliance audits, business planning, and management of the affiliated practice. Examples: reviewing physician performance; conducting internal audits; planning capacity for new clinical services.

To Business Associates. PHI may be disclosed to vendors who perform services on an affiliated practice's behalf under written Business Associate Agreements requiring HIPAA-compliant safeguards. Corvan Health LLC is one such Business Associate.

As Required by Law. PHI will be used or disclosed when required to do so by federal, state, or local law (including public-health reporting, response to judicial orders or subpoenas, and reports of abuse, neglect, or domestic violence as required).

For Public Health and Safety. PHI may be disclosed to public-health authorities for disease prevention or control; to the FDA regarding adverse events related to medications or medical devices; to law enforcement under specific legally permitted circumstances; or to prevent a serious threat to health or safety.

To You and Persons Involved in Your Care. With your agreement (or your reasonable opportunity to object), PHI relevant to your care may be shared with a family member or other person you have identified.

4. USES AND DISCLOSURES THAT REQUIRE YOUR WRITTEN AUTHORIZATION The following uses and disclosures will be made only with your written authorization, which you may revoke at any time in writing (revocation does not affect uses already made in reliance on the authorization):

• Most uses or disclosures of psychotherapy notes. • Use or disclosure of PHI for marketing purposes, except for face-to-face communications and certain promotional gifts of nominal value. • Sale of PHI. • Other uses and disclosures not described in this Notice.

5. NO TRACKING TECHNOLOGIES ON PAGES THAT COLLECT PHI Consistent with the December 2022 HHS Office for Civil Rights bulletin on tracking technologies, no third-party advertising trackers (such as Meta Pixel, Google Ads conversion pixels, or TikTok pixels) are deployed on any page where you submit health information, complete the patient application, or interact with patient portal content. Marketing-related tracking is restricted to non-PHI marketing surfaces only.

6. YOUR INDIVIDUAL RIGHTS

Right to Access. You have the right to inspect and obtain a copy of your PHI maintained by your affiliated practice (including a copy in an electronic format if readily producible). We may charge a reasonable, cost-based fee. Requests will be acted upon within 30 days.

Right to Amend. You have the right to request amendment of PHI you believe is inaccurate or incomplete. We may deny the request under specific circumstances permitted by HIPAA.

Right to an Accounting of Disclosures. You have the right to request a list of certain disclosures your affiliated practice has made of your PHI in the six years prior to your request (other than disclosures for treatment, payment, healthcare operations, or those made with your authorization).

Right to Request Restrictions. You have the right to request that your affiliated practice restrict how it uses or discloses your PHI for treatment, payment, or healthcare operations. Your affiliated practice is not required to agree to most requested restrictions, but will comply where required by law (for example, restricting disclosure to a health plan for services you paid for in full out of pocket).

Right to Confidential Communications. You have the right to request that your affiliated practice communicate with you about your health matters in a particular way or at a particular location (for example, by mail to a P.O. box rather than your home address). Your affiliated practice will accommodate reasonable requests.

Right to a Paper Copy of This Notice. You have the right to request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

Right to be Notified of a Breach. You have the right to be notified following a breach of your unsecured PHI in accordance with HIPAA and HITECH.

7. STATE LAW PREEMPTION In some cases, state law provides greater privacy protection than federal HIPAA requirements. Where state law is more stringent, your affiliated practice will comply with the more protective requirement.

8. COMPLAINTS If you believe your privacy rights have been violated, you may file a written complaint with your affiliated practice's Privacy Officer (contact information below) or with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. You will not be retaliated against for filing a complaint.

9. CHANGES TO THIS NOTICE Each affiliated practice reserves the right to change this Notice and to make the revised version effective for PHI it already maintains as well as any PHI received in the future. The current version of this Notice is always posted at /hipaa. A copy of any revised Notice will be made available on request.

10. PRIVACY OFFICER CONTACT Each affiliated practice in the Corvan Health LLC network designates its own Privacy Officer. The specific Privacy Officer responsible for your care is identified at intake; their contact information is also available on request through the Contact page on this site.

For non-clinical inquiries about Corvan Health LLC's technology and operational services, see the site's Contact page.

CORVAN HEALTH

GLP-1 weight management for women 35–64

Program
Company
Contact
Legal
© 2026 Corvan Health LLC. All rights reserved. Clinical care is provided by independent, physician-owned medical practices licensed in each state where patients are seen. The specific affiliated physician matched to your care is identified at intake.
Corvan Health LLC operates as a non-clinical technology and operational platform. Medical services, including diagnosis, treatment, and prescribing, are provided by independent, licensed physicians and affiliated medical practices. You must be 18 years of age or older to use these services. Completing an application, laboratory testing, or medical evaluation does not guarantee qualification for treatment. Only a licensed prescribing clinician, exercising independent medical judgment, can determine whether treatment is appropriate. Information on this website is for educational purposes only and is not a substitute for professional medical advice. Individual results may vary based on medical history and adherence to prescribed protocols. Compounded medications are not FDA-approved but are prepared by licensed compounding pharmacies in accordance with applicable regulations.