AnthologyRX is committed to protecting your personal information and health data. This policy explains what we collect, how we use it, and the rights you hold as a patient and consumer.
When you use AnthologyRX — including our website, intake assessment, patient portal, and any communications with our clinical team — we collect the following categories of information:
Personal Identifiers
Protected Health Information (PHI)
Payment & Financial Information
Device & Usage Data
We collect information you provide directly, information generated through your use of our platform, and information received from authorized third parties such as licensed laboratories and pharmacy partners.
AnthologyRX uses the information we collect for the following purposes:
We do not use your protected health information for marketing purposes without your express written authorization, as required under HIPAA.
AnthologyRX is a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164). As a covered entity, we are required by law to maintain the privacy of your protected health information (PHI), to provide you with notice of our legal duties and privacy practices, and to abide by the terms of this notice.
Your HIPAA Rights. As a patient of AnthologyRX, you have the following rights with respect to your protected health information:
Right to Access. You have the right to inspect and obtain a copy of your PHI maintained in our designated record sets, including your intake assessment, provider notes, prescription records, and lab results. We will respond to access requests within 30 days. A reasonable cost-based fee may apply for copies.
Right to Amend. If you believe that PHI we hold about you is inaccurate or incomplete, you may request an amendment. We will review your request and either make the amendment or provide a written denial with the reason for the denial and your right to submit a statement of disagreement.
Right to Request Restrictions. You may request that we restrict how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to all restriction requests, but we will consider each request seriously and notify you of our decision.
Right to an Accounting of Disclosures. You have the right to receive a list of disclosures of your PHI that we have made for purposes other than treatment, payment, healthcare operations, and certain other exceptions, for the six years prior to your request.
Right to a Paper Copy of This Notice. You have the right to receive a paper copy of our Notice of Privacy Practices upon request, even if you have received it electronically.
Right to File a Complaint. If you believe your privacy rights have been violated, you may file a complaint with AnthologyRX directly or with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.
To exercise any of your HIPAA rights, or to request a full Notice of Privacy Practices, contact our Privacy Officer at privacy@anthologyrx.com. We will acknowledge your request in writing and respond within the timeframes required by applicable law.
We are required by law to follow the privacy practices described in our Notice of Privacy Practices. We reserve the right to change our practices and to make the new practices effective for all PHI we maintain. We will provide notice of any material changes as described in Section 10 of this policy.
AnthologyRX shares your information only as necessary to provide our services and as permitted or required by law. We do not sell your personal information — ever. The following describes who may receive your information and why:
Licensed Healthcare Providers (Prescribing Physicians)
Your health intake, medical history, and assessment responses are shared with licensed independent physicians in our provider network who evaluate your eligibility and issue prescriptions. These providers operate under their own professional and legal obligations, including HIPAA, and are bound by business associate agreements with AnthologyRX.
Bask Health (Clinical Infrastructure Partner)
AnthologyRX uses Bask Health as its clinical infrastructure and technology partner to operate the telehealth intake flow, provider coordination, and prescription management system. Bask Health processes PHI on our behalf as a HIPAA business associate and is contractually required to protect your information using the same standards we apply.
Licensed 503B Compounding Pharmacy
Once a prescription is issued, your name, address, prescription details, and relevant health information are transmitted to our licensed 503B outsourcing facility for the compounding and dispensing of your medication. This disclosure is necessary for treatment and is permitted under HIPAA without additional authorization.
Payment Processors
Your payment information is shared with our PCI DSS-compliant payment processor to facilitate transactions. We do not store raw credit card numbers. Our payment processor is prohibited from using your financial data for any purpose other than processing your transactions.
Laboratory Partners
Where lab work is required or recommended as part of your protocol, we may share necessary identifying information with a CLIA-certified laboratory to facilitate specimen collection or result retrieval, with your consent.
Legal and Regulatory Authorities
We may disclose your information when required by law, such as in response to a court order, subpoena, or lawful request from a government authority, or when necessary to prevent imminent harm or fraud.
Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will provide notice of any such transfer and require the successor entity to honor the commitments in this policy.
We do not sell, rent, or trade your personal information or protected health information to any third party for commercial purposes.
If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"), grants you specific rights regarding your personal information. This section supplements the rest of this Privacy Policy and applies only to California residents.
Right to Know. You have the right to request that we disclose what personal information we have collected about you in the past 12 months, including the categories of personal information, the categories of sources from which it was collected, the business or commercial purpose for collecting it, the categories of third parties with whom it was shared, and the specific pieces of personal information we hold about you. You may submit up to two such requests per 12-month period at no charge.
Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions. Exceptions include information we are required to retain under HIPAA, state medical records law, tax law, or other applicable legal obligations, as well as information necessary to complete a transaction, detect security incidents, or comply with a legal obligation.
Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you. We will use commercially reasonable efforts to honor correction requests, subject to verification of your identity.
Right to Opt Out of Sale or Sharing. AnthologyRX does not sell your personal information, nor do we share it for cross-context behavioral advertising purposes. You therefore do not need to opt out of a sale that does not occur. If our practices change, we will update this policy and provide a "Do Not Sell or Share My Personal Information" mechanism at that time.
Right to Limit Use of Sensitive Personal Information. We use sensitive personal information — including health data and precise geolocation — only as necessary to provide the telehealth services you have requested. We do not use sensitive personal information for inferring characteristics about you or for secondary commercial purposes.
Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights. You will not receive a different level of service, higher price, or reduced quality of care as a result of submitting a privacy request.
To exercise your CCPA rights, contact us at privacy@anthologyrx.com. We will verify your identity before processing your request and will respond within 45 days, with an option to extend by an additional 45 days where reasonably necessary.
Note: Certain information collected and maintained by AnthologyRX in connection with the provision of healthcare services is exempt from CCPA to the extent it is subject to HIPAA. Where HIPAA applies, HIPAA governs and the CCPA exemption applies.
AnthologyRX uses cookies and similar tracking technologies to operate our website, understand how visitors interact with our content, and maintain session state in our patient portal. We do not use cookies to build advertising profiles or sell your behavioral data to third parties.
Types of Cookies We Use
Third-Party Tracking
We do not permit third-party advertising networks to place tracking cookies on our site without your prior consent. If we ever introduce retargeting or paid social advertising pixels, we will obtain your consent through a cookie consent mechanism before any such tracking is activated.
How to Opt Out
You may control cookie behavior through your browser settings. Most browsers allow you to view, block, or delete cookies. Note that blocking strictly necessary cookies may prevent you from accessing your patient portal. You may also opt out of Google Analytics measurement by installing the Google Analytics Opt-out Browser Add-on. California residents may also exercise rights under the CCPA as described in Section 5.
AnthologyRX implements technical and organizational safeguards designed to protect your personal information and PHI against unauthorized access, disclosure, alteration, and destruction. Our security program is aligned with HIPAA Security Rule requirements and SOC 2 Type II principles.
Breach Notification. In the event of a breach of unsecured PHI affecting your information, AnthologyRX will notify you in accordance with the HIPAA Breach Notification Rule (45 C.F.R. Part 164, Subpart D) — generally within 60 days of discovery, and sooner where required by applicable state law. Notification will be provided by first-class mail or email, depending on your contact preferences on file.
No system is perfectly secure. While we work diligently to protect your information, we cannot guarantee that unauthorized parties will never be able to defeat our security measures. If you have reason to believe your account has been compromised, contact us immediately at privacy@anthologyrx.com.
AnthologyRX retains your information for as long as necessary to fulfill the purposes described in this policy, comply with applicable legal and regulatory obligations, and resolve disputes.
Medical and Prescription Records. Medical records — including your intake assessment, provider notes, prescription history, and lab results — are retained for a minimum of seven (7) years from the date of the last patient encounter, or longer where required by the laws of your state. Some states impose longer minimum retention periods for adult medical records (for example, California requires retention of patient records for a minimum of 10 years following the last date of service). We apply the longer of the applicable state or federal requirement.
Financial and Transaction Records. Payment and transaction records are retained for a minimum of seven years as required by federal and state tax law.
Account and Profile Data. If you have not initiated a treatment protocol and wish to have your account data deleted, you may submit a deletion request to privacy@anthologyrx.com. We will process your request within 30 days, subject to any applicable legal holds. Accounts associated with active or completed prescriptions are subject to the medical records retention schedule described above and cannot be fully deleted until that period has expired.
Marketing and Analytics Data. Non-PHI marketing interaction data (such as email open rates and website session records) is retained for up to 36 months and then purged or anonymized.
When retention periods expire, we delete or irreversibly de-identify information in accordance with HIPAA's de-identification standards and our internal data lifecycle policy.
AnthologyRX's telehealth services are intended exclusively for adults who are 18 years of age or older. We do not knowingly provide services to, collect personal information from, or maintain health records for individuals under the age of 18.
Our intake assessment includes an age verification step, and any submission from a person who indicates they are under 18 is rejected without processing. If you are a parent or guardian and believe that a minor has submitted personal or health information to AnthologyRX, please contact us immediately at privacy@anthologyrx.com so that we may locate and delete that information.
We do not knowingly collect information from children under 13 as defined by the Children's Online Privacy Protection Act (COPPA), and the age restriction described above ensures that children do not access or use our platform.
AnthologyRX may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or technology. We distinguish between material and non-material changes and treat them differently:
Material Changes. A material change is any modification that meaningfully affects how we use your PHI or personal information, the rights you hold, or the parties with whom we share your data. For material changes, we will:
Non-Material Changes. Minor corrections, clarifications, or formatting updates that do not affect the substance of our data practices will be posted on this page without advance notice. The "Last Updated" date will reflect the date of the revision.
Your continued use of AnthologyRX services after a change becomes effective constitutes your acceptance of the revised policy. If you do not agree to a material change, you may close your account and request deletion of your non-PHI data as described in Section 8.
If you have questions, concerns, or requests related to this Privacy Policy, your rights under HIPAA or the CCPA, or our data practices, please contact our Privacy Officer:
AnthologyRX Privacy Officer
Email: privacy@anthologyrx.com
Mailing Address:
AnthologyRX
Los Angeles, CA
We aim to acknowledge all privacy-related inquiries within 2 business days and to resolve them within the timeframes required by applicable law (30 days for HIPAA requests; 45 days for CCPA requests, with one permitted extension).