Privacy Policy

Effective Date: March 27, 2026

InnoCre ("InnoCre," "we," "us," or "our") operates the telehealth platform at innocre.org. This Privacy Policy explains what information we collect, how we use and protect it, and your rights regarding your data. We are committed to safeguarding your privacy in compliance with the Health Insurance Portability and Accountability Act (HIPAA), applicable state laws, and other relevant regulations.

1. Information We Collect

Personal Information

When you create an account, schedule a visit, or contact us, we may collect your name, date of birth, email address, phone number, mailing address, insurance details, and payment information.

Health Information

During your telehealth visits, we collect health-related information including your medical history, symptoms, diagnoses, treatment plans, prescriptions, lab results, and any other information you share with your provider. This information is considered Protected Health Information (PHI) under HIPAA.

Device and Usage Information

We automatically collect certain technical data when you use our website, including your IP address, browser type, operating system, pages visited, time spent on our site, and referring URLs. This information helps us improve our platform and ensure security.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Treatment: To provide, coordinate, and manage your telehealth care, including consultations, diagnoses, prescriptions, and referrals.
• Payment: To process payments, generate superbills, and handle billing-related communications.
• Healthcare Operations: To maintain quality of care, conduct internal audits, and improve our services.
• Communication: To send appointment reminders, follow-up care instructions, and respond to your inquiries.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Protect Your Information

We take the security of your information seriously and implement administrative, technical, and physical safeguards in accordance with HIPAA requirements. These include:

• Encryption of data in transit and at rest
• Secure, HIPAA-compliant electronic health record (EHR) systems
• Role-based access controls limiting who can view your information
• Regular security assessments and workforce training
• Business Associate Agreements (BAAs) with all third-party service providers who handle PHI

4. Third-Party Service Providers

We work with trusted third-party partners to deliver our services. These partners are bound by Business Associate Agreements and are required to protect your information under HIPAA. Our key partners include:

• CharmHealth / CharmTracker: Our HIPAA-compliant electronic health record (EHR) and patient portal system used to manage your medical records, appointments, and communications.
• Pharmacies: We transmit prescription information electronically to your chosen pharmacy for fulfillment.
• Laboratories: When lab work is ordered, relevant health information is shared with the performing laboratory.
• Payment Processors: We use secure, PCI-compliant payment processors to handle financial transactions.

We do not sell your personal information or PHI to any third party.

5. Your Rights

You have the following rights regarding your personal and health information:

• Access: You may request a copy of your medical records and personal information we hold.
• Correction: You may request that we amend inaccurate or incomplete information in your records.
• Deletion: You may request deletion of your personal information, subject to legal and regulatory retention requirements.
• Restriction: You may request restrictions on certain uses or disclosures of your health information.
• Accounting of Disclosures: You may request a list of certain disclosures we have made of your health information.

To exercise any of these rights, please contact us at atulsv@innocre.org.

6. Cookies and Analytics

Our website uses cookies and similar technologies to enhance your browsing experience, analyze site traffic, and understand usage patterns. Cookies are small text files stored on your device. You can manage your cookie preferences through your browser settings. Please note that disabling cookies may affect some features of our website.

We may use third-party analytics tools to collect anonymized usage data. This data does not include PHI and is used solely to improve our website and services.

7. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at atulsv@innocre.org and we will take steps to delete the information promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the effective date at the top of this page and may notify you by email or through our website. We encourage you to review this page periodically.

9. Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Pennsylvania, without regard to its conflict of law principles, in addition to applicable federal regulations including HIPAA.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: