Privacy Policy
Last updated: February 27, 2026
1. Introduction
Oz Health ("we," "our," or "us") is committed to protecting the privacy and security of personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our electronic health record platform, patient portal, mobile application, and communication services (collectively, the "Services").
2. HIPAA Compliance
Oz Health operates as a Business Associate under HIPAA and maintains administrative, technical, and physical safeguards to protect PHI in accordance with HIPAA and the HITECH Act.
3. Information We Collect
Name, date of birth, contact details, medical records, insurance/billing information, and appointment history.
Patient portal registration data, messages, communication preferences, and survey responses.
Device and browser information, IP address, general location, usage data, and cookies/similar technologies.
4. How We Use Your Information
We use information for treatment, communications, operations, billing, security, fraud prevention, and legal compliance.
5. SMS and Email Communications
When you opt in to SMS or email communications, we may send healthcare-related transactional messages.
Daily limits, quiet hours (default 9 PM to 8 AM), and cooldown periods to reduce excessive messaging.
Reply STOP to SMS, update preferences in the portal, or contact your provider office.
We do not sell personal information or share phone/email data with third parties for marketing purposes. Mobile information and SMS opt-in data will not be shared with or sold to third parties or affiliates for marketing or promotional purposes.
6. Information Sharing and Disclosure
We do not sell personal or health information. We disclose information only as needed for treatment/payment/ operations, to contracted service providers under confidentiality and BAA requirements, when required by law, or with explicit authorization.
7. Data Security
Security controls include encryption in transit and at rest, multi-factor authentication, role-based access, audit logging, regular security testing, and automatic session timeouts.
8. Data Retention
Health records are retained per applicable federal/state retention laws (typically 7-10 years from last encounter). Communication logs are retained for operational needs and archived for compliance.
9. Your Rights
Under HIPAA, you may have rights to access records, request corrections, request restrictions, receive an accounting of disclosures, receive a copy of this policy, and file a complaint if rights were violated. California residents may have additional rights under the CCPA.
10. Children's Privacy
The patient portal is intended for users 18 and older. Minor patient information is handled through parents or legal guardians via the provider office.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes may be communicated by email or through the Services. The date above reflects the latest revision.
12. Contact Us
For privacy questions or requests, contact Oz Health at privacy@ozhealth.com or (646) 204 5726.