This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Effective Date: February 2026
TrueEval Medical Group PLLC ("CareCoachMD," "we," "us," or "our") is committed to protecting the privacy of your protected health information (PHI). We are required by law to maintain the privacy of your PHI, provide you with this notice of our legal duties and privacy practices, and follow the terms of the notice currently in effect. We reserve the right to change the terms of this notice and to make new provisions effective for all PHI we maintain.
We may use and disclose your PHI for the following purposes without your written authorization:
We may use your PHI to provide, coordinate, or manage your healthcare and related services. This includes sharing information with licensed providers (physicians, nurse practitioners, physician assistants) who review your lab results, prescribe medications (GLP-1s, TRT, HRT, peptides), and provide telehealth consultations. Your AI coach uses your health data to provide personalized wellness guidance within its defined safety tiers.
We may use and disclose your PHI to bill and collect payment for services provided. This includes sharing information with your health plan, insurance company, or other third-party payers as necessary to obtain payment for services rendered.
We may use and disclose your PHI for our healthcare operations, including quality assessment and improvement, reviewing provider performance, conducting training programs, business planning, customer service, and resolving complaints and grievances.
We may disclose your PHI to third-party business associates who perform services on our behalf, such as laboratory services (CLIA-certified labs processing your at-home collection kits), pharmacy services, data hosting, and analytics. All business associates are required to sign agreements protecting your PHI.
We may use or disclose your PHI when required to do so by federal, state, or local law. This includes reporting to public health authorities, responding to court orders, and cooperating with law enforcement when legally required.
We may use or disclose your PHI to prevent or lessen a serious and imminent threat to your health or safety or the health or safety of the public or another person. Our 5-tier safety system includes emergency escalation (Tier 5) for situations involving immediate danger to life.
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described above, including marketing purposes, sale of PHI, and most uses of psychotherapy notes. You may revoke your authorization at any time by submitting a written request to our Privacy Officer.
You have the right to inspect and obtain a copy of your PHI maintained by us, including medical records, lab results, biomarker data, and billing records. We will provide your records in electronic format upon request. We may charge a reasonable fee for copying costs.
You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. We may deny your request in certain circumstances, but we will provide a written explanation.
You have the right to request a list of disclosures we have made of your PHI for purposes other than treatment, payment, and healthcare operations. The first request within a 12-month period is free; subsequent requests may incur a reasonable fee.
You have the right to request restrictions on certain uses and disclosures of your PHI. While we are not required to agree to all restrictions, we must comply with your request to restrict disclosures to a health plan for services you paid for in full out of pocket.
You have the right to request that we communicate with you about your health information in a particular way or at a particular location. For example, you may request that we contact you only at a specific phone number or email address.
You have the right to be notified if there is a breach of your unsecured PHI. We will notify you promptly if a breach occurs that may have compromised the privacy or security of your information.
You have the right to obtain a paper copy of this notice upon request, even if you have previously agreed to receive it electronically.
AES-256 encryption for all stored health data
TLS 1.3 for all data transmissions
Role-based access with multi-factor authentication
Comprehensive audit trails for all PHI access
All vendors handling PHI sign BAAs
Periodic risk assessments and penetration testing
All staff complete HIPAA privacy and security training
Documented breach notification and response procedures
CareCoachMD uses artificial intelligence to provide personalized health coaching. The following additional privacy practices apply to our AI and telehealth services:
Conversations with your AI health coach are stored securely and may be reviewed by licensed providers as part of clinical oversight (Tier 3–4 escalations). AI-generated insights are not shared with third parties for marketing purposes.
Health data synced from wearable devices (smartwatches, fitness bands, CGMs) is treated as PHI and protected accordingly. We only access data you explicitly authorize through device connection settings.
Lab specimens collected at home (blood, saliva, urine, vaginal, fecal) are processed by CLIA-certified laboratories under business associate agreements. Results are transmitted securely and stored in your encrypted health record.
Video and audio telehealth consultations with our providers are conducted over encrypted channels. Consultation notes are documented in your medical record and subject to the same privacy protections as in-person visits.
If you have any questions about this notice or believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.
Office for Civil Rights
hhs.gov/ocr/privacy