Notice of Privacy Practices

Effective Date: June 26 2025

1. Introduction

Treble Health is committed to protecting the privacy of your health information. We are required by law (the Health Insurance Portability and Accountability Act, or HIPAA) to maintain the privacy of your Protected Health Information (PHI) and to provide you with this Notice of Privacy Practices (“Notice”). This Notice explains how we may use and disclose your PHI, your rights regarding your information, and our obligations under HIPAA.

2. Scope of This Notice

This Notice applies to all PHI that Treble Health creates, receives, maintains, or transmits in any form or media, including:

• Information collected through our website and mobile applications (“Services”) when used by our patients and users.

• Information obtained or created by our clinicians in connection with your care.

3. Our Legal Duties

Treble Health is a “covered entity” under HIPAA. We are legally required to:

• Maintain the privacy of your PHI.

• Provide you with this Notice of our legal duties and privacy practices with respect to PHI.

• Abide by the terms of this Notice currently in effect.

• Notify you in writing if a breach of unsecured PHI occurs.

• Accommodate your reasonable requests to communicate PHI by alternative means or at alternative locations.

4. Permitted Uses and Disclosures of PHI

We may use or disclose your PHI for the following purposes without your written authorization: 

a. Treatment:

To provide, coordinate, or manage your tinnitus treatment, including communications and referrals among clinicians, labs, and other healthcare providers.

b. Payment:

To obtain payment for healthcare services we provide, including sharing information with insurance companies or payment processors (e.g., Stripe, RevenueCat) under HIPAA-compliant Business Associate Agreements.  

c. Healthcare Operations:

For quality assessment, case management, training, accreditation, licensing, and business management.  

d. Required by Law:

When disclosure is required by federal, state, or local law (e.g., public health reporting, law enforcement).

e. Public Health Activities:

To prevent or control disease, injury, or disability; report adverse events.

f. Research:

Under strict protocols and approvals, we may use PHI for research that meets HIPAA requirements.  

g. Threat to Health or Safety:

To avert a serious threat to health or safety of a person or the public.  

h. Specialized Government Functions:

For military and veterans’ activities, national security, etc., as required.

5. Uses and Disclosures Requiring Your Written Authorization

Except as described above, we will obtain your written authorization before using or disclosing PHI for:

• Marketing purposes (unless permitted by HIPAA).  

• Sale of PHI.  

• Most uses of psychotherapy notes.  

• Any other purposes not described in this Notice.

You may revoke an authorization in writing at any time, except to the extent we have already relied upon it.

6. Your Rights Regarding PHI

You have the following rights concerning your PHI. To exercise any of these rights, send a written request to our Privacy Officer (see Section 8).  

a. Right to Inspect and Copy:

Inspect and obtain a copy of your PHI in a designated record set, with certain exceptions. A reasonable fee may apply.

b. Right to Amend:

Request that we amend PHI in the record if you believe it is incorrect or incomplete. We may deny if the information is accurate and complete.

c. Right to an Accounting of Disclosures:

Receive a list of disclosures of your PHI made for purposes other than treatment, payment, or operations, for up to six years prior to your request.

d. Right to Request Restrictions:

Request restrictions on uses or disclosures of PHI for treatment, payment, or operations. We are not required to agree except in certain cases (e.g., if you pay out-of-pocket for services).

e. Right to Confidential Communications:

Request communication of PHI by alternative means or at alternative locations (e.g., email instead of mail). We will accommodate reasonable requests.

f. Right to a Paper Copy of This Notice:

Even if you agreed to receive this Notice electronically, you have the right to obtain a paper copy.

7. Business Associates

We may disclose PHI to third-party “Business Associates” that perform services on our behalf (e.g., Firebase, Stripe, RevenueCat). We require these Business Associates to sign HIPAA-compliant agreements ensuring they protect your PHI.

8. Complaints and Contact Information

If you believe your privacy rights have been violated, you may file a complaint with Treble Health or the U.S. Department of Health and Human Services Office for Civil Rights.

Treble Health Privacy Officer

Privacy Officer Email: contact@treblehealth.com  

Mailing Address: 490 43rd St, Unit 106, Oakland, CA, 94609

To file a complaint with HHS: 

https://www.hhs.gov/hipaa/filing-a-complaint/index.html

No retaliation will be taken against you for filing a complaint.

9. Changes to This Notice

We reserve the right to change the terms of this Notice at any time. The revised Notice will be effective for all PHI we maintain. The date of the most recent revision will appear at the top of this Notice. You may request a copy of any revised Notice.