**Last Updated: August 22, 2025**
1. Introduction
DirectMed.care (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information, including Protected Health Information (PHI), when you visit our website at https://directmed.care/, use our services, or interact with our platform.
This Privacy Policy has been developed in accordance with applicable privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable state and federal regulations.
2. Information We Collect
2.1 Protected Health Information (PHI)
As a healthcare provider, we may collect PHI, which includes but is not limited to:
- Personal identifiers (name, date of birth, address, email, phone number)
- Medical record numbers and healthcare identifiers
- Health insurance information
- Medical history and conditions
- Treatment information and records
- Payment information
2.2 Personal Information
We may also collect personal information that is not considered PHI, such as:
- Account credentials
- Communication preferences
- Survey responses
- Testimonials or feedback you provide
2.3 Non-Personal Information
We automatically collect certain non-personal information when you visit our website:
- Browser type and version
- Operating system
- IP address
- Referring website
- Pages visited on our site
- Time spent on our site
- Date and time of visits
- Other analytics data
2.4 Cookies and Tracking Technologies
We use cookies, web beacons, and similar tracking technologies to enhance your experience on our website. These technologies help us understand how you interact with our site and allow us to improve our services. You can control cookie settings through your browser preferences & you may also choose to block javascript however some portions of the website functionality will not work if you do block javascript.
3. How We Collect Information
We collect information through:
- Direct interactions (when you create an account, fill out forms, or communicate with us)
- Patient intake and medical forms
- Automated technologies when you use our website
- Third-party sources (with your consent or as permitted by law)
4. How We Use Your Information
4.1 For Healthcare Services
- Providing healthcare services and treatment
- Managing your patient account
- Processing payments and handling billing
- Coordinating your care with other healthcare providers
- Contacting you about appointments, treatment, and follow-up care
4.2 For Business Operations
- Improving our services and website functionality
- Analyzing usage patterns to enhance user experience
- Responding to your inquiries and requests
- Sending administrative information
- Conducting quality assessment and improvement activities
- Complying with legal and regulatory requirements
4.3 For Marketing (With Your Consent)
- Sending newsletters and promotional materials (only with explicit consent)
- Informing you about new services or features
- Inviting you to participate in surveys or provide feedback
5. HIPAA Compliance
5.1 Business Associate Agreements (BAAs)
We maintain Business Associate Agreements (BAAs) with our service providers who have access to PHI, including Google Workspace, GoHighLevel, and Atlas.md, to ensure HIPAA compliance.
5.2 Google Workspace HIPAA Compliance
We use Google Workspace for business operations and maintain a BAA with Google. Under this agreement, we may use the following Google services with PHI:
- Gmail (for secure communications)
- Google Drive (for secure document storage)
- Google Calendar (for appointment scheduling)
- Google Meet (for telehealth services)
- Other Google Workspace services covered under our BAA
All PHI processed through Google Workspace is protected according to HIPAA requirements and our BAA with Google. For more information about Google’s privacy practices, please visit Google Workspace Privacy Policy and Google Cloud HIPAA Compliance.
5.3 GoHighLevel CRM
We use GoHighLevel as our customer relationship management (CRM) platform. GoHighLevel helps us manage patient communications, marketing automation, and appointment scheduling. We maintain a BAA with GoHighLevel to ensure that any PHI processed through their platform is appropriately protected. For more information about GoHighLevel’s privacy practices, please visit GoHighLevel Privacy Policy and GoHighLevel HIPAA Compliance.
5.4 Atlas.md EMR System
We utilize Atlas.md as our Electronic Medical Record (EMR) system to manage patient health records securely. Atlas.md is designed specifically for direct primary care practices and offers:
- HIPAA-compliant electronic health records management
- Secure patient data storage with encryption and authentication protocols
- Appointment scheduling and management
- Prescription management and electronic prescribing
- Secure billing and payment processing
- Role-based access controls to ensure only authorized personnel can access sensitive information
Our implementation of Atlas.md includes robust security measures such as automatic logouts, two-step authentication on login, and password reset requirements to protect your health information. For more information about Atlas.md’s privacy practices, please visit Atlas.md Privacy Policy and Atlas.md Security Information.
6. Disclosure of Your Information
We may disclose your information in the following circumstances:
6.1 With Your Authorization
- When you give us written permission to share your information
6.2 For Treatment, Payment, and Healthcare Operations
- With healthcare providers involved in your care
- With insurance companies or other payers to process claims
- For internal quality improvement and business operations
6.3 Business Associates
- With vendors and service providers who need access to your information to perform services on our behalf (subject to BAAs)
6.4 As Required by Law
- For public health activities
- For health oversight activities
- In response to lawful requests and legal processes
- To prevent or reduce a serious threat to anyone’s health or safety
6.5 Special Protections for Reproductive Health Information
We provide enhanced protections for reproductive health information in accordance with applicable laws and HIPAA regulations.
7. WordPress Website
Our website is built using WordPress and incorporates various plugins and features to enhance your experience. In connection with our WordPress website:
7.1 Comments and User Contributions
If you leave comments or provide user-generated content on our site, that information may be publicly visible. Please be careful not to share sensitive personal information or PHI in public areas of the website.
7.2 WordPress Plugins
Our website uses various WordPress plugins that may collect data. We ensure that all plugins are configured to comply with our privacy practices and, where applicable, our HIPAA obligations. You can find more information about WordPress’s privacy practices at WordPress Privacy Policy.
7.3 Forms and Contact Information
When you complete forms on our website, including contact forms or appointment request forms, we collect the information you provide to respond to your inquiries and provide our services.
8. Data Security
We implement appropriate technical, administrative, and physical safeguards to protect your information, including:
- Encryption of electronic PHI in transit and at rest
- Access controls and authentication measures
- Regular security assessments and vulnerability testing
- Staff training on privacy and security practices
- Physical security for our facilities and equipment
- Secure configuration of our WordPress website, Google Workspace, GoHighLevel, and Atlas.md implementations
9. Patient Communication Preferences
9.1 Standard HIPAA-Compliant Communications
By default, all patient communications containing PHI will be conducted through HIPAA-compliant channels, including our secure patient portal, encrypted email, or telephone.
9.2 Optional Alternative Communication Methods
Patients may opt in to receive certain communications through non-HIPAA-compliant methods for convenience. These optional methods may include:
- SMS text messaging
- Unencrypted email
- Other electronic messaging platforms
If you choose to opt in to these communication methods, you acknowledge the potential privacy risks associated with transmitting your information through these channels. You can modify your communication preferences at any time through your patient portal or by contacting our office.
10. Your Rights
Depending on your location and applicable laws, you may have certain rights regarding your personal information:
10.1 HIPAA Rights
- Right to access and receive copies of your health records
- Right to request amendments to your health information
- Right to an accounting of certain disclosures of your PHI
- Right to request restrictions on certain uses and disclosures
- Right to request confidential communications
- Right to receive notice of a breach of unsecured PHI
- Right to file a complaint if you believe your privacy rights have been violated
To learn more about your HIPAA rights, visit the HHS Office for Civil Rights.
10.2 Additional Rights (CCPA, GDPR, and State Laws)
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information held by us
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising your rights
- Right to data portability
For California residents, visit California Consumer Privacy Act (CCPA) for more information about your rights.
11. Children’s Privacy
Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 18, please contact us immediately.
12. International Data Transfers
If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our servers are located. By using our services, you consent to the transfer of information to countries that may have different data protection rules than your country.
For users in the European Economic Area (EEA), you can find more information about the GDPR at the European Commission’s GDPR website.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website with a new effective date. We encourage you to review this Privacy Policy regularly.
14. Contact Information
If you have questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer at:
DirectMed.care
Privacy Officer
3502 Wild Cherry Drive
Building 3
Lakeway, TX 78738
Email: info@directmed.care
Phone: (512) 842-7MED (7633)
15. Effective Date
This Privacy Policy is effective as of August 22, 2025.