Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Effective Date: January 1, 2026

1. Our Commitment to Your Health Data

MedsAi™ is committed to protecting your Protected Health Information (PHI). In providing our Service, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act. We act as a Business Associate to your healthcare providers ("Clinicians") and maintain the highest standards of clinical-grade security.

2. How We Use and Disclose Your PHI

We may use or share your health information for the following purposes:

Treatment: We share information with your Clinicians to manage your care plan and medication adherence.
Health Care Operations: We use data to run our platform, improve the AI scan accuracy, and ensure our Service is working correctly for you.
Family & Guardians: With your explicit consent, we disclose adherence logs to your nominated Guardians.
Law Enforcement & Safety: We may share information if required by law or to avert a serious threat to health or safety.

3. Your Rights Regarding Your PHI

Under HIPAA, you have the following rights:

Right to Access: You can request an electronic copy of your medical records and adherence history.
Right to Amend: You can ask us to correct health information you think is incorrect or incomplete.
Right to Restrict: You can ask us not to use or share certain health information for treatment or operations.
Right to Breach Notification: We will notify you promptly in the event of any breach that compromises the privacy or security of your PHI.

4. Zero-Trust Security Standards

To fulfill our legal duties, we implement the following technical safeguards:

AES-256 Encryption: All data is encrypted at rest.
TLS 1.3: All data is encrypted in transit.
Identity Verification: Multi-factor authentication is required for all administrative access.

5. February 2026 Regulatory Compliance

In accordance with the 2026 HHS updates, we explicitly state that your records shall only be used or disclosed for judicial proceedings based on a valid court order after you have been provided an opportunity to be heard, as required by 42 CFR Part 2.

6. Contact & Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer at privacy@medsai.us or with the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.