Privacy Policy
Overview
Newfield Health LLC takes your privacy seriously. We collect health information to connect you with licensed physicians — and we treat that information with the same discretion you'd expect from any medical provider. This policy explains what we collect, how we use it, and your rights as a patient.
This Privacy Policy applies to Newfield Health LLC ("Newfield Health," "we," "our," or "us") and governs the collection, use, and disclosure of information we receive from users of our website and telehealth platform (collectively, the "Services").
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please do not use our Services.
Information we collect
Information you provide directly
When you use our Services, you may provide us with the following types of information:
- Account information: Name, email address, mailing address, date of birth, and phone number
- Health intake information: Responses to health questionnaires, medical history, current medications, allergies, and symptoms
- Payment information: Credit card or payment information processed through our third-party payment processor. We do not store full payment card details on our servers.
- Communications: Messages exchanged with physicians or our customer support team through the platform
- Identity verification: Government-issued ID information where required for clinical purposes
Information collected automatically
When you visit our website, we automatically collect certain technical information, including:
- IP address and approximate geographic location
- Browser type and version, operating system
- Pages visited, time spent, and navigation paths
- Referring URL (the page that directed you to our site)
- Device identifiers and advertising identifiers
Protected health information (PHI)
Health information you provide in connection with a physician consultation is considered Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). The independent licensed physicians who use our platform to provide you with care are the covered entities responsible for your PHI under HIPAA.
Newfield Health acts as a Business Associate to these physicians. In this capacity, we handle PHI only as necessary to facilitate your care and operate our platform, consistent with a Business Associate Agreement (BAA) in place with each physician network participant.
Your PHI will not be sold. It will not be used for advertising purposes. It will not be disclosed to third parties except as described in this policy or as required by law.
A full Notice of Privacy Practices, as required by HIPAA, will be provided to you at the time of your consultation and is available upon request.
Plain language: The health information you share with us stays with us and your physician. We do not sell it, share it with advertisers, or disclose it to anyone who is not directly involved in your care — except where required by law.
How we use your information
We use the information we collect for the following purposes:
- To facilitate your care: Transmitting your intake information to the licensed physician assigned to your case, enabling physician-patient communications, and coordinating prescription fulfillment with licensed pharmacies
- To operate the platform: Processing payments, sending appointment and order notifications, and providing customer support
- To improve our services: Analyzing aggregate, de-identified usage data to improve the intake experience and platform functionality
- To communicate with you: Sending transactional emails, prescription status updates, and — where you have opted in — follow-up health communications
- To comply with legal obligations: Meeting applicable federal and state telehealth, pharmacy, and healthcare regulations
- To prevent fraud and ensure safety: Verifying identity and detecting potentially fraudulent or unsafe activity
We do not use your health information for targeted advertising. We do not sell your personal information to third parties.
Information sharing
We share your information only in the following circumstances:
With licensed physicians
Your intake information is shared with the independent licensed physician assigned to review your case. This physician operates independently and is bound by their own HIPAA obligations and professional ethical duties.
With pharmacy partners
If a prescription is issued, the necessary information to fill and ship your prescription is transmitted to a licensed pharmacy partner. This includes your name, address, and prescription details.
With service providers
We work with third-party vendors who assist in operating our platform, including payment processors, cloud infrastructure providers, and communication tools. These vendors are contractually prohibited from using your information for any purpose other than providing services to us, and are required to maintain appropriate data security standards.
As required by law
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to prevent harm, investigate fraud, or protect our legal rights.
In a business transfer
If Newfield Health LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any material changes to this Privacy Policy.
Data security
We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS) and at rest
- Access controls limiting employee access to PHI to those with a need to know
- Regular security assessments of our platform and infrastructure
- Business Associate Agreements with all vendors who may access PHI
No system is completely secure. If you believe your account has been compromised, please contact us immediately at privacy@newfieldhealth.com.
Data retention
We retain your personal information for as long as necessary to fulfill the purposes described in this policy, comply with applicable law, resolve disputes, and enforce our agreements. Medical records and PHI are subject to state-specific retention requirements, which typically range from 5–10 years.
You may request deletion of non-PHI personal information by contacting us at the address below. Certain information cannot be deleted where retention is required by law or necessary to complete a transaction you initiated.
Your rights
Depending on your state of residence, you may have the following rights with respect to your personal information:
- Right to access: Request a copy of the personal information we hold about you
- Right to correction: Request correction of inaccurate personal information
- Right to deletion: Request deletion of personal information, subject to applicable legal retention requirements
- Right to opt out of sale: We do not sell personal information. If this changes, you will have the right to opt out.
- HIPAA rights: As a patient, you have specific rights under HIPAA with respect to your PHI, including the right to access, amend, and receive an accounting of disclosures. These rights are described in our Notice of Privacy Practices.
To exercise any of these rights, contact us at privacy@newfieldhealth.com. We will respond within the timeframe required by applicable law.
California residents may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Cookies and tracking technologies
We use cookies and similar tracking technologies to operate our website and, where you have consented, to measure the performance of our advertising. Specifically:
- Essential cookies: Required for the website and platform to function. Cannot be disabled.
- Analytics cookies: Used to understand how visitors interact with our website in aggregate. We use analytics providers with IP anonymization enabled.
- Advertising pixels: Where you have visited our site through an advertising channel, we may use advertising pixels to measure campaign performance and, where permitted, to reach you with relevant advertising. These pixels do not transmit your health information.
You can control cookie preferences through your browser settings. Disabling certain cookies may affect your ability to use parts of our platform.
We pass advertising click identifiers through our intake funnel for the sole purpose of attributing conversions to advertising campaigns. This information is used internally and is not combined with your health information for advertising purposes.
Minors
Our Services are intended for adults 18 years of age and older. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected information from a minor, we will delete it promptly. If you believe we have inadvertently collected information from a minor, please contact us at privacy@newfieldhealth.com.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the Services we offer. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you directly. Your continued use of our Services following any changes constitutes acceptance of the updated policy.
Contact us
If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a potential privacy concern, please contact us:
- Email: privacy@newfieldhealth.com
- Mail: Newfield Health LLC, Attn: Privacy Officer
- Phone: (888) 555-0123
For HIPAA-related inquiries, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr.