HIPAA Notice of Privacy Practices
United States — Protected Health Information
Version: v1.0 | Effective Date: March 2026
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. Who We Are and Who This Notice Covers
Script Unlock, Inc. ('Script Unlock') operates a prescription price comparison marketplace. To the extent Script Unlock receives, maintains, or transmits Protected Health Information (PHI) on behalf of Covered Entity pharmacy partners, it acts as a Business Associate under HIPAA. This Notice describes Script Unlock's privacy practices for PHI received in connection with the Platform.
2. How We May Use and Disclose Your PHI
2.1 Treatment, Payment, and Healthcare Operations
We may use and disclose PHI for the purposes of facilitating the provision, coordination, or management of healthcare treatment (prescription fulfilment), payment activities (processing bids and transactions), and healthcare operations (quality assurance, compliance, training).
2.2 With Your Authorization
For uses or disclosures not otherwise permitted, we will obtain your written authorisation. You may revoke such authorisation at any time in writing, except where we have already acted in reliance on it.
2.3 Without Your Authorisation (Permitted by Law)
- As required by federal, state, or local law
- To public health authorities for disease reporting, product recalls
- To report abuse, neglect, or domestic violence as required by law
- For health oversight activities (inspections, audits, investigations)
- For judicial or administrative proceedings in response to lawful orders
- To law enforcement as permitted or required by law
- To coroners, medical examiners, or funeral directors as necessary
- For organ, eye, or tissue donation purposes
- For research that has been approved by an Institutional Review Board
- To avert a serious threat to health or safety
- For specialised government functions (national security, military)
- For Workers' Compensation as authorised by law
3. Your Rights Regarding Your PHI
3.1 Right to Access
You have the right to inspect and obtain a copy of PHI maintained about you in our designated record sets, subject to certain exceptions. Requests must be submitted in writing to privacy@scriptunlock.com. We will respond within 30 days.
3.2 Right to Amend
You have the right to request that we amend PHI that you believe is incorrect or incomplete. We may deny your request if we determine the information is accurate and complete.
3.3 Right to Accounting of Disclosures
You have the right to request a list of disclosures we have made of your PHI for purposes other than treatment, payment, and healthcare operations, for the six years prior to your request.
3.4 Right to Request Restrictions
You have the right to request that we restrict certain uses and disclosures of your PHI. We are not required to agree to restrictions except as required by HIPAA §164.522.
3.5 Right to Confidential Communications
You have the right to request that we communicate with you through alternative means or at alternative locations if you believe standard communications could endanger you.
3.6 Right to Receive Breach Notifications
If there is a breach of your unsecured PHI, we will notify you as required by the HIPAA Breach Notification Rule, within 60 days of discovery of the breach.
3.7 Right to a Paper Copy of This Notice
You may request a paper copy of this Notice at any time by contacting privacy@scriptunlock.com.
4. Our Duties
Script Unlock is required to: (1) maintain the privacy of your PHI; (2) provide you with this Notice of our legal duties and privacy practices; (3) notify you following a breach of unsecured PHI; (4) abide by the terms of this Notice currently in effect; and (5) not use or disclose genetic information for underwriting purposes.
5. Minimum Necessary Standard
When using or disclosing PHI or requesting PHI from another covered entity, we will make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose.
6. Safeguards
We maintain administrative, technical, and physical safeguards to protect the privacy of your PHI including: role-based access controls, AES-256 encryption, audit logging, HIPAA security training for all staff with PHI access, and Business Associate Agreements with all service providers that handle PHI.
7. Complaints
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. You will not be penalised for filing a complaint.
- Script Unlock Privacy Officer: privacy@scriptunlock.com
- U.S. Department of Health and Human Services, Office for Civil Rights: www.hhs.gov/ocr
- Toll-free: 1-800-368-1019
8. Changes to This Notice
We reserve the right to change this Notice. Revised Notices will be effective for PHI already maintained as well as PHI received after the effective date. The current Notice will be posted on our website and available upon request.
© 2026 Script Unlock, Inc. All rights reserved.