top of page

Privacy Policy & Notice of  Privacy Practices

​

Effective Date: February 14, 2026
Tharros Medical, PLLC

Tharros Medical, PLLC (“we,” “our,” or “the Practice”) is a telemedicine-only medical practice. We provide remote medical services to patients located in Alabama, Mississippi, Hawaii, Pennsylvania, Texas, Colorado, Wisconsin, Missouri, and Florida.

This Privacy Policy and Notice of Privacy Practices explains how we collect, use, disclose, and safeguard personal information and Protected Health Information (“PHI”) in compliance with:

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

  • The HITECH Act

  • Applicable federal telehealth regulations

  • Applicable state medical privacy and consumer data protection laws in the states listed above

This policy applies to all patients and website users.

 

1. Telemedicine-Specific Privacy Practices

​

Because our services are delivered exclusively via telemedicine:

  • All clinical encounters occur through HIPAA-compliant, encrypted telehealth platforms.

  • Electronic intake forms are submitted through secure, encrypted systems.

  • Audio/video sessions are encrypted in transit.

  • Telehealth sessions are not recorded without explicit written patient authorization.

  • Electronic prescribing is conducted through secure, certified e-prescribing systems.

We do not provide in-person services.

 

2. Protected Health Information (HIPAA Notice)

Uses and Disclosures of PHI

​

We may use and disclose PHI for:

  • Treatment (clinical care, lab coordination, pharmacy communication)

  • Payment (insurance billing, payment processing, claims review)

  • Health care operations (quality assurance, credentialing, compliance monitoring)

  • Public health reporting as required by law

  • Legal obligations (court orders, subpoenas, mandatory reporting)

  • Business associates who perform services on our behalf under signed HIPAA-compliant Business Associate Agreements

We do not sell PHI.
We do not use PHI for marketing without written authorization.

 

3. Patient Rights

​

Under HIPAA and applicable state laws, patients have the right to:

  • Access and receive a copy of their medical record

  • Request corrections or amendments

  • Request an accounting of disclosures

  • Request confidential communications

  • Request restrictions on certain disclosures

  • Receive breach notification if unsecured PHI is compromised

  • File a complaint with our Privacy Officer or the U.S. Department of Health and Human Services

Requests must be submitted in writing using the contact information below.

 

4. Information We Collect

​

In the course of telemedicine operations, we may collect:

  • Name, date of birth, address, phone number, email

  • Government-issued identification (when required for telehealth verification)

  • Insurance information (if applicable)

  • Medical history and clinical data

  • Prescription and laboratory information

  • Payment information

  • IP address, device type, browser type, and session metadata

Information is collected through secure patient portals, telehealth platforms, laboratories, pharmacies, and electronic prescribing systems.

 

5. Website and Digital Privacy

​

Our website:

  • Uses SSL/TLS encryption

  • May use cookies for essential functionality and analytics

  • Does not sell personal information

  • Does not engage in targeted behavioral advertising using PHI

If analytics tools are used, they do not collect PHI.

Residents of Colorado, Texas, and Florida may have additional consumer data rights as described below.

 

6. State-Specific Consumer Data Rights

​

Where applicable (including Colorado, Texas, and Florida), residents may have the right to:

  • Confirm whether we process their personal data

  • Access personal data

  • Correct inaccuracies

  • Request deletion (subject to medical record retention laws)

  • Obtain a portable copy of certain personal data

  • Opt out of targeted advertising (if applicable)

Medical records are retained in accordance with professional and state record retention requirements and may not be deleted when retention is legally required.

We do not sell personal data.

 

7. Data Security Safeguards

​

We implement administrative, technical, and physical safeguards including:

  • HIPAA-compliant Electronic Health Record systems

  • Encrypted telehealth platforms

  • Encrypted data transmission

  • Role-based access controls

  • Multi-factor authentication where appropriate

  • Business Associate Agreements with vendors

  • Workforce HIPAA and privacy training

  • Periodic security risk assessments

  • Secure cloud hosting environments

Access to PHI is limited to authorized personnel.

 

8. Data Retention

​

Medical records are maintained according to applicable state laws and medical board requirements in each state where services are provided. Records are securely destroyed when retention requirements are met.

 

9. Breach Notification

​

If a breach of unsecured PHI occurs, affected individuals will be notified in accordance with HIPAA and applicable state breach notification laws.

 

10. Minors and Consent

​

Telemedicine services are provided only to individuals legally able to consent to treatment or to minors with legally authorized parental or guardian consent in accordance with applicable state law.

 

11. Changes to This Policy

We reserve the right to update this policy. The current version will always be available on our website with the effective date clearly posted.

 

12. Contact Information

Privacy Officer
Tharros Medical, PLLC
Email:drjimgrady@gmail.com
Phone:9709750866

Complaints may be submitted without fear of retaliation.

bottom of page