Privacy & HIPAA Notice · Medlock Pharmacy

This page covers two related but distinct things:

Section A — Notice of Privacy Practices (HIPAA). How Medlock Pharmacy uses and discloses your protected health information, your rights, and how to file a complaint. This is our HIPAA notice required by federal law.
Section B — Website Privacy Policy. How this website handles information collected from visitors (analytics, contact forms, cookies).

Section A — Notice of Privacy Practices (HIPAA)

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities.

Get an electronic or paper copy of your medical record

You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your medical record

You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
We may say "no" to your request, but we'll tell you why in writing within 60 days.

Request confidential communications

You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
We will say "yes" to all reasonable requests.

Ask us to limit what we use or share

You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say "no" if it would affect your care.
If you pay for a service or healthcare item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say "yes" unless a law requires us to share that information.

Get a list of those with whom we've shared information

You can ask for a list (accounting) of the times we've shared your health information for six years prior to the date you ask, who we shared it with, and why.
We will include all the disclosures except for those about treatment, payment, and healthcare operations, and certain other disclosures (such as any you asked us to make). We'll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
We will make sure the person has this authority and can act for you before we take any action.

File a complaint if you feel your rights are violated

You can complain if you feel we have violated your rights by contacting our Compliance Officer using the information at the end of this section.
You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
We will not retaliate against you for filing a complaint.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

You have both the right and choice to tell us to:

Share information with your family, close friends, or others involved in your care
Share information in a disaster relief situation
Include your information in a hospital or pharmacy directory

If you are not able to tell us your preference (for example, if you are unconscious), we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In these cases we never share your information unless you give us written permission:

Marketing purposes
Sale of your information
Most sharing of psychotherapy notes

Our Uses and Disclosures

How do we typically use or share your health information?

As a community pharmacy, we typically use or share your health information in the following ways.

To treat you

We use your health information to dispense your medications, counsel you on use and side effects, and identify potential interactions or duplications.
We coordinate with your prescriber about your therapy, including dosage clarifications, prior authorizations, refill renewals, and clinically appropriate alternatives.
We share information with other healthcare providers involved in your care when needed for your treatment.
If you elect prescription delivery, we share your name and delivery address with our delivery courier so we can get your medication to you.

To run our pharmacy

We use and share your health information to operate our pharmacy, improve your care, and contact you when necessary — including for refill reminders, prescription pickup notifications, and updates about medications we have dispensed to you.
We notify you of drug recalls or manufacturer safety alerts affecting medications we have dispensed to you.

To bill for your services

We use and share your health information to bill and obtain payment from health plans and other entities.
We communicate with your insurance company's pharmacy benefit manager (PBM) to verify coverage, process claims, and resolve billing issues.

How else can we use or share your health information?

We are allowed or required to share your information in other ways — usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html.

Help with public-health and safety issues

Preventing disease
Helping with product recalls
Reporting adverse reactions to medications
Reporting suspected abuse, neglect, or domestic violence
Preventing or reducing a serious threat to anyone's health or safety

Comply with the law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we're complying with federal privacy law.
We report controlled-substance dispensing to the Georgia Prescription Drug Monitoring Program (PDMP) as required by Georgia law.

Do research

We can use or share your information for health research, only as permitted by law and after appropriate review.

Respond to organ and tissue donation requests

We can share your health information with organ procurement organizations.

Work with a medical examiner or funeral director

We can share information with a coroner, medical examiner, or funeral director when an individual dies.

Address workers' compensation, law enforcement, and other government requests

We can use or share information about you:

For workers' compensation claims
For law-enforcement purposes or with a law-enforcement official
With health-oversight agencies for activities authorized by law
For special government functions such as military, national security, and presidential protective services

Respond to lawsuits and legal actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Our Responsibilities

We are required by law to maintain the privacy and security of your protected health information.
We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
We must follow the duties and privacy practices described in this notice and give you a copy of it.
We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information see www.hhs.gov/hipaa/for-individuals/notice-privacy-practices/index.html.

Changes to the Terms of This Notice

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our pharmacy, and on this website.

HIPAA Compliance Officer Contact

If you have questions about this notice, want to exercise any of the rights described above, or want to make a complaint, contact our designated Compliance Officer:

Theresa Usta, PharmD
Compliance Officer
Medlock Pharmacy
11035 Medlock Bridge Road, Suite 40
Johns Creek, GA 30097
Phone: (678) 691-1375
Email: info@medlockrx.com

Section B — Website Privacy Policy

This section explains how the medlockrx.com website handles information collected from visitors. It is separate from the HIPAA Notice above — the HIPAA Notice covers protected health information for our patients; this section covers website analytics, contact form data, and cookies.

What we collect

Analytics

When configured, we use Plausible Analytics, a privacy-respecting service. Plausible is cookieless, does not collect personal information, does not track you across websites, and does not store IP addresses. Plausible aggregates basic page-view metrics — country (not city), referrer, browser, and operating system — in a form that cannot identify individual visitors.

Form submissions

Our prescription transfer, contact, and free medication review forms are hosted by JotForm, a HIPAA-compliant service operating under a Business Associate Agreement. All submissions are encrypted in transit and at rest. Submissions go directly to JotForm; the medlockrx.com website server does not receive or store the contents of those submissions. JotForm forwards a secure link to our pharmacy inbox so we can review and respond.

For information about how protected health information submitted through these forms is handled, see Section A above.

What we do not collect

No tracking cookies.We don't use cookies for advertising, retargeting, or cross-site tracking.
No third-party advertising pixels. No Google Ads, Meta Pixel, TikTok pixel, or similar.
No session replay tools.We don't record your interactions on the website.
No data brokers. We do not sell, rent, or share form submissions with marketers.

Cookies

Because we don't use tracking cookies and our analytics provider is cookieless, we don't display a cookie consent banner. The website uses no non-essential cookies. If you explicitly dismiss the floating "free medication review" prompt on the homepage, that dismissal is stored in your browser's sessionStorage so the prompt doesn't reappear during the same session; it is cleared when you close the tab.

How long we keep data

Form submissions are retained by JotForm per their HIPAA-compliant retention policy and in our pharmacy inbox per our normal email retention policy. They are deleted when no longer needed to respond to or follow up on your inquiry, subject to applicable record-retention laws for pharmacy records.
Aggregated Plausible analyticsare retained per Plausible's data-retention policy.
Server logsfrom our hosting provider (Vercel) capture standard request metadata and are retained per Vercel's default retention. They contain IP address and timestamp; they do not contain form contents.

Your rights regarding website data

You may ask us to access, correct, or delete information you have submitted through our website. To exercise these rights, contact our Compliance Officer using the information in Section A. We will respond within a reasonable time and may verify your identity before acting on requests. For protected health information governed by HIPAA, please refer to the more specific rights listed in Section A.

Children's privacy

Our website is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top of this page reflects the most recent revision. Material changes will be communicated on this page.

Contact

Questions about this Privacy Policy or about how the website handles your information — or about how we handle your protected health information under HIPAA — should be directed to: