LafiaSign in

Notice of Privacy Practices

Effective Date: March 1, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Commitment

Lafia Health Technologies is committed to protecting your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HITECH Act.

How We May Use and Disclose Your PHI

Treatment: We may use or disclose your PHI to facilitate treatment by healthcare providers on our Platform. This includes sharing relevant health information with your care team.

Payment: We may use or disclose your PHI to process payments for healthcare services received through our Platform.

Healthcare Operations: We may use your PHI for quality assessment, training, and improving our services.

Uses and Disclosures That Require Your Authorization

Except as described above, we will not use or disclose your PHI without your written authorization. You may revoke an authorization at any time in writing.

Your Rights Regarding Your PHI

  • Right to Access: You may request copies of your PHI
  • Right to Amend: You may request corrections to your PHI
  • Right to an Accounting: You may request a list of disclosures we have made
  • Right to Request Restrictions: You may request limits on how we use or disclose your PHI
  • Right to Request Confidential Communications: You may request that we communicate with you through specific means or at specific locations
  • Right to a Paper Copy: You may request a paper copy of this notice

Our Responsibilities

  • Maintain the privacy and security of your PHI
  • Notify you promptly if a breach occurs that may have compromised your PHI
  • Follow the terms of this notice currently in effect
  • Not use or disclose your PHI for marketing purposes without your authorization
  • Not sell your PHI

Safeguards

We implement administrative, physical, and technical safeguards to protect your PHI, including:

  • End-to-end encryption for data in transit and at rest
  • Role-based access controls
  • Comprehensive audit logging
  • Regular security risk assessments
  • Workforce training on privacy and security practices
  • Business Associate Agreements with all third-party service providers

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@lafia.io or with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

Contact Information

Privacy Officer: privacy@lafia.io

Lafia Health Technologies
Dallas, TX, United States

Last updated: March 9, 2026