Notice of Privacy Practices (HIPAA)

Last Updated: May 27, 2026

Important Disclosure

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

SofiaRX LLC ("SofiaRX") is committed to protecting your health information. This Notice of Privacy Practices ("Notice") describes your rights and our obligations under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA") with respect to your Protected Health Information ("PHI").

PHI is information that identifies you (or could reasonably be used to identify you) and relates to your past, present, or future physical or mental health condition, the provision of healthcare to you, or payment for healthcare services.

Our Legal Duties

SofiaRX is required by law to:

  • Maintain the privacy of your PHI;
  • Provide you with this Notice describing our legal duties and privacy practices;
  • Abide by the terms of the Notice currently in effect; and
  • Notify you in the event of a breach of your unsecured PHI.

How We May Use and Disclose Your Health Information

1. Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare. This includes sharing your health information with:

  • Licensed clinicians who evaluate your eligibility and manage your treatment;
  • Nurses and other members of your care team;
  • Licensed compounding pharmacies that fill your prescriptions; and
  • Laboratory partners that process your at-home lab tests.

2. Payment

We may use and disclose your PHI to obtain payment for healthcare services, such as sharing information with payment processors (e.g., Stripe) or HSA/FSA administrators.

3. Healthcare Operations

We may use and disclose your PHI for our own healthcare operations, including quality assessment, clinical protocol development, and outcomes review.

4. Sofia AI Health Coach

The Sofia AI health coach uses your PHI to provide personalized coaching responses. This is part of our healthcare operations. SofiaRX will not use your individually identifiable PHI to train AI models for purposes other than your individual care without your separate written authorization.

Your Rights Regarding Your Health Information

  • Right to Request Restrictions: You may request that we limit how we use or disclose your PHI for treatment, payment, or operations.
  • Right to Receive Confidential Communications: You may request that we communicate with you by a specific means or at a specific location.
  • Right to Inspect and Copy Your PHI: You have the right to inspect and receive a copy of your PHI maintained in a designated record set.
  • Right to Request Amendment: You may request that we amend PHI that you believe is inaccurate or incomplete.
  • Right to an Accounting of Disclosures: You may request an accounting of certain disclosures made over the six years prior to your request.
  • Right to Be Notified of a Breach: You have the right to be notified without unreasonable delay if a breach of your unsecured PHI occurs.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or the U.S. Department of Health and Human Services:

SofiaRX Privacy Officer
legal@sofiarx.com
8 The Green, Suite 25729, Dover, DE 19901

Office for Civil Rights (HHS OCR)
hhs.gov/ocr/privacy/hipaa/complaints/

Contact Us

SofiaRX LLC — Privacy Officer
8 The Green, Suite 25729
Dover, DE 19901
legal@sofiarx.com