Privacy Policy & Notice of Privacy Practices

Last updated: April 2026

1. Introduction

Bloom Metabolics (“we,” “us,” or “our”) is committed to protecting the privacy and security of your health information. This Notice of Privacy Practices describes how we collect, use, and disclose your Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state privacy laws.

2. Information We Collect

We collect the following categories of information to provide telehealth services:

  • Personal Information: Name, date of birth, address, email address, phone number, and state of residence
  • Protected Health Information (PHI): Medical history, symptoms, diagnoses, lab results, prescriptions, treatment records, and health goals
  • Payment Information: Payment details processed securely through Stripe. We do not store credit card numbers on our servers
  • Technical Data: IP address, browser type, pages visited, and usage patterns collected to improve our platform

3. How We Use Your Information

We may use and disclose your PHI for the following purposes without requiring your additional authorization:

  • Treatment: To provide, coordinate, and manage your medical care, including sharing information with your prescribing physician, pharmacies, and laboratory partners
  • Payment: To process payments and manage billing for services rendered
  • Healthcare Operations: To conduct quality assessments, training, compliance activities, and improve our services
  • Legal Requirements: To comply with applicable federal and state laws, court orders, or lawful government requests
  • Business Associates: We share PHI with third-party service providers (including OptiMantra EHR, Stripe, and laboratory partners) who operate under Business Associate Agreements (BAAs) requiring them to protect your information in accordance with HIPAA

All other uses or disclosures of your PHI not described above require your written authorization.

4. How We Protect Your Information

We implement the following safeguards to protect your PHI:

  • HIPAA-compliant data handling, storage, and transmission
  • Encrypted data transmission using TLS/SSL technology
  • Secure cloud infrastructure with role-based access controls
  • Regular security risk assessments and monitoring
  • Staff training on HIPAA privacy and security requirements
  • Business Associate Agreements with all third-party vendors who access PHI

5. Your Rights Under HIPAA

You have the following rights regarding your Protected Health Information:

  • Right to Access: Request a copy of your medical records and PHI in our possession
  • Right to Amend: Request correction of inaccurate or incomplete PHI
  • Right to Restrict Disclosures: Request restrictions on how we use or disclose your PHI (we will accommodate reasonable requests)
  • Right to Confidential Communications: Request that we contact you through specific means or at specific locations
  • Right to an Accounting of Disclosures: Request a list of disclosures of your PHI made for purposes other than treatment, payment, and operations
  • Right to Receive a Copy of This Notice: You may request a paper copy of this notice at any time
  • Right to Opt Out of Marketing: We will not use your PHI for marketing purposes without your written authorization

To exercise any of these rights, contact us at privacy@bloommetabolics.com.

6. Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals within 60 days of discovery as required by the HIPAA Breach Notification Rule. Notification will be provided via email or written notice and will include a description of the breach, the types of information involved, steps you should take to protect yourself, and actions we are taking to address the breach.

7. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@bloommetabolics.com or with the U.S. Department of Health and Human Services Office for Civil Rights at:

  • Website: hhs.gov/ocr/privacy/hipaa/complaints
  • Phone: 1-800-368-1019

We will not retaliate against you for filing a complaint.

8. Cookies and Analytics

We use essential cookies necessary to operate our platform and analytics tools to improve the patient experience. You may manage cookie preferences through your browser settings. Analytics data is aggregated and does not contain PHI.

9. Changes to This Notice

We reserve the right to update this Notice of Privacy Practices at any time. The updated notice will be posted on our website with a revised effective date. Material changes will be communicated to active patients via email.

10. Contact Information

For privacy-related questions, requests, or to exercise your HIPAA rights:

  • Email: privacy@bloommetabolics.com
  • Mailing address: Bloom Metabolics, Irvine, CA