HIPAA Notice of Privacy Practices

    Effective date: February 2026

    This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.

    Our Commitment to Your Privacy

    Continuum Overnight Primary Care ("Continuum"), operated by RPK Health PLLC, is required by law to maintain the privacy and security of your Protected Health Information (PHI), to provide you with this notice of our legal duties and privacy practices, and to follow the terms of the notice currently in effect. We are committed to protecting your health information and complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and all applicable state privacy laws.

    How We Deliver Care

    Continuum provides clinical services exclusively via telehealth. Our practitioner may be located outside the United States; however, all clinical systems, electronic health records, and patient data are hosted on HIPAA-compliant, US-based infrastructure protected by signed Business Associate Agreements and encrypted network connections. No patient data is stored outside the United States.

    How We May Use and Disclose Your PHI

    The following categories describe the ways we may use and disclose your health information without your written authorization:

    Treatment

    We may use and share your health information to provide, coordinate, or manage your medical care. For example, we may share information with other physicians, specialists, pharmacies, or healthcare facilities involved in your care when you authorize care coordination.

    Payment

    We may use and share your health information to bill and collect payment for services provided. As a direct primary care practice, this primarily involves processing membership fees and visit payments through our secure payment processor.

    Healthcare Operations

    We may use and share your health information for activities necessary to run our practice, including quality assessment, compliance activities, and professional development.

    As Required by Law

    We will disclose your health information when required to do so by federal, state, or local law, including for public health activities, reporting abuse or neglect, health oversight activities, judicial proceedings, and law enforcement purposes.

    To Avert a Serious Threat

    We may use and disclose your health information when necessary to prevent or lessen a serious and imminent threat to your health or safety or the health or safety of another person or the public.

    Personal Representatives

    We may disclose your PHI to a person who has legal authority to make healthcare decisions on your behalf, such as a parent of a minor child, a legal guardian, or an individual designated under a healthcare power of attorney, to the extent permitted by applicable law.

    Uses and Disclosures Requiring Your Authorization

    We will obtain your written authorization before using or disclosing your PHI for purposes other than those described above, including:

    • Marketing purposes
    • Sale of your health information
    • Most uses of psychotherapy notes, if applicable
    • Any other purpose not described in this notice

    You may revoke your authorization at any time in writing, except to the extent that we have already taken action in reliance upon it.

    Your Rights Regarding Your PHI

    Under HIPAA, you have the following rights regarding your health information:

    • Right to Access: You may request to inspect and obtain a copy of your PHI maintained by Continuum. We will provide electronic records within 15 days of your request, or within 30 days for other formats. If we need additional time, we will notify you in writing with the reason for the delay.
    • Right to Amend: You may request an amendment to your PHI if you believe it is incorrect or incomplete. We may deny the request under certain circumstances but will provide a written explanation.
    • Right to an Accounting of Disclosures: You may request a list of instances where we have disclosed your PHI for purposes other than treatment, payment, or healthcare operations.
    • Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI. We are not required to agree to all requests but will honor restrictions for disclosures to health plans for services you paid for in full out of pocket.
    • Right to Request Confidential Communications: You may request that we communicate with you about health matters in a particular way or at a certain location.
    • Right to a Paper Copy: You may request a paper copy of this notice at any time.
    • Right to Be Notified of a Breach: You have the right to be notified if there is a breach of your unsecured PHI.
    • State-Specific Rights: Depending on your state of residence, you may have additional privacy rights under state law that exceed HIPAA's protections. Contact us if you have questions about your rights under your state's privacy laws.

    Our Security Practices

    We take the following measures to protect your health information:

    • All telehealth communications are conducted over encrypted, HIPAA-compliant platforms
    • Business Associate Agreements are in place with all third-party vendors that handle PHI
    • Access to PHI is limited to the treating clinician on a need-to-know basis
    • Audit logs are maintained for all access to electronic health records
    • Regular security assessments are conducted and security policies are reviewed annually
    • All data is encrypted at rest and in transit using industry-standard encryption protocols
    • All clinical data is stored on US-based, HIPAA-compliant infrastructure

    Record Retention

    We retain your medical records for a minimum period in accordance with the laws of the state where you received care, or longer if required by other applicable regulations. After the retention period expires, records are securely destroyed. Contact us if you have questions about the retention period that applies to your records.

    Changes to This Notice

    We reserve the right to change this notice and make the revised notice effective for PHI we already have about you as well as any information we receive in the future. The current notice will be posted on our website with the effective date.

    Complaints

    If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

    To file a complaint with HHS, visit hhs.gov/hipaa/filing-a-complaint.

    Contact Us

    For questions about this notice, to exercise your rights, or to file a complaint, please contact:

    Continuum Overnight Primary Care — Privacy Officer

    Email: partners@overnightprimary.care