Privacy Policy

Introduction and Data Controller

Your privacy is very important to us. Teleios Clinic (“Teleios” or “we”) is committed to protecting your personal and health information. This Privacy Policy explains how we collect, use, and safeguard your information when you use our telehealth services or website. Teleios, LLC – a Delaware, USA company – is the data controller for your personal data under this policy, meaning we are responsible for deciding how your information is processed and protected. We offer telehealth services primarily to residents of the United States, and we handle all personal data in compliance with applicable privacy laws and best practices as described below. By using Teleios Clinic’s services, you acknowledge that you have read and agree to the practices outlined in this Privacy Policy.

‍

Compliance with Privacy Laws and Regulations

Teleios Clinic adheres to strict global privacy standards to protect your data. In particular, we comply with the following laws and frameworks:

• HIPAA (Health Insurance Portability and Accountability Act) – U.S. healthcare privacy law governing Protected Health Information. Teleios Clinic is fully HIPAA-compliant, implementing all required safeguards for patient health information. Even though Teleios does not bill insurance companies for services, we still operate under and voluntarily comply with HIPAA regulations due to our telehealth operations and handling of health data. This means your health information is protected with the same strict standards as any covered medical provider.
  
  
• U.S. Healthcare Privacy Best Practices – In addition to HIPAA, we follow recognized industry best practices and guidelines in the United States for handling medical information. For example, telehealth appointments, messages, and related records are safeguarded to the same degree as in-person medical visits. We also abide by relevant state laws for health data privacy, where applicable.
  
  
• Mexico’s Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) – For users in Mexico or data processed in Mexico, we comply with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares, Mexico’s data protection law. This includes respecting the principles of notice, consent, privacy rights, and cross-border data protection as required by that law.
  
  

These frameworks ensure that no matter where you are located, your personal information is handled lawfully, fairly, and securely. We maintain compliance with all applicable regulations and update our practices as needed to remain current with changes in privacy laws worldwide.

Protected Health Information (PHI) and HIPAA Compliance

Because we are a telehealth provider, much of the information we collect and use is considered Protected Health Information (PHI) under HIPAA. PHI includes any individually identifiable health information — such as medical history, treatment notes, diagnoses, or other data that relates to your health or healthcare services. Teleios Clinic treats all PHI with the highest degree of confidentiality and care.

Use and Disclosure of PHI: We only use your health information for purposes related to providing you with care and services, and for other purposes allowed by law. This includes uses like diagnosis and treatment, scheduling appointments, providing follow-up care, patient support, and internal operations (quality assurance, record-keeping, etc.). We do not share your PHI with third parties for marketing or other uses unrelated to your care without your explicit consent. In fact, Teleios Clinic will not use or disclose your personal information in any way that is not permitted by this Policy or by law. Your information is never sold or rented to outside parties. Any disclosures of PHI (for example, sending a prescription to your chosen pharmacy, coordinating with a specialist at your request, or if required by law or public health authority) are done in compliance with HIPAA’s Privacy Rule and other applicable regulations. We also abide by the minimum necessary rule, meaning we only disclose the minimum amount of information needed for a given purpose. If you have provided us with emergency contact information or if a family member is involved in your care, we will only share relevant PHI with them as allowed by law and with your consent when required.

Importantly, Teleios Clinic’s HIPAA compliance is maintained even though we do not bill insurance. Under HIPAA, health providers must protect patient information regardless of payment model. Teleios chooses to meet all HIPAA requirements as a matter of policy and ethics. (For example, HIPAA requires covered providers to use secure, encrypted communication platforms for telehealth, and we strictly follow this.) You can expect the same level of privacy from Teleios as you would from any traditional doctor’s office or hospital.

Data Security and Safeguards for Personal Information

To keep your personal data and health information safe, Teleios Clinic employs a comprehensive set of administrative, technical, and physical safeguards in line with HIPAA and international standards. We design our systems and procedures with your privacy and data security as a top priority. Key measures we take include:

• Secure Communications: All telehealth consultations, video calls, and electronic communications between you and Teleios Clinic are conducted over secure, encrypted channels. We use HIPAA-compliant telehealth platforms that ensure your sessions and messages cannot be intercepted or accessed by unauthorized parties. For example, our video conferencing tools and chat systems meet HIPAA security criteria (encryption, access controls, audit logs, etc.).
  
  
• Encryption and Data Storage: Your data is encrypted both in transit and at rest. This means that whether your information is being sent over the internet or stored on our servers, it is encoded so that only authorized systems or personnel can read it. We store electronic health records (EHR) and other personal data on secure servers located in access-controlled facilities. Strong encryption, firewalls, and network security monitoring are in place to prevent unauthorized access.
  
  
• Access Controls and Confidentiality: We restrict access to your PHI and personal data strictly to those Teleios workforce members who need that information to perform their duties (for example, the healthcare providers treating you or the support staff assisting with scheduling). Each authorized staff member has unique login credentials, and multi-factor authentication is used for systems containing sensitive data. We train all employees and contractors on privacy and confidentiality duties. Every team member at Teleios is bound by strict confidentiality agreements and HIPAA obligations – viewing or handling your data without authorization is prohibited and can result in disciplinary action.
  
  
• Physical Safeguards: In addition to digital security, we protect any physical records or environments. Although Teleios operates mainly with electronic records, any paperwork or physical copies of records (for example, if we must print something for legal or backup reasons) are kept in locked, secure areas. Our offices and data centers have access controls (key-card or badge entry, security monitoring) to prevent unauthorized entry. Devices that contain PHI (such as secure laptops or backup drives) are encrypted and stored safely when not in use. If physical documents are no longer needed, we dispose of them securely through shredding or certified destruction.
  
  
• Administrative Policies: Teleios Clinic maintains written policies and procedures to guide how we protect privacy. We periodically assess risks and update our security practices. We have an appointed privacy and/or security officer who oversees compliance with HIPAA and other data protection laws. Regular training is provided to staff, and we perform audits to ensure policies are followed. In the event of any incident that might threaten the privacy of your information (for example, a security breach), we have an incident response plan. You would be notified of any significant breaches of your PHI as required by the HIPAA Breach Notification Rule and other laws.
  
  

These measures collectively ensure the confidentiality, integrity, and availability of your personal health information at all times. We continuously improve our security practices to adapt to new threats and to incorporate the latest best practices in healthcare data protection.

‍

International Data Transfers

Teleios, LLC is based in the United States, and the primary storage and processing of data occur in the U.S. If you are using our services from outside the U.S. (for example, from Mexico, the EU, or elsewhere), be aware that your personal information, including health data, may be transferred to and stored on servers in the United States. We take steps to ensure that such international data transfers comply with all applicable laws and that your data remains protected throughout the transfer process. For instance, for personal data originating from the European Union, we implement appropriate safeguards such as Standard Contractual Clauses or other approved transfer mechanisms under the GDPR to lawfully transfer data to the U.S. Similarly, if Mexican privacy law (LFPDPPP) applies to certain data, we will only transfer that data out of Mexico in accordance with the requirements of that law (which may include obtaining your consent or other legal bases for transfer). Our goal is to ensure that **no matter where your data is processed, it receives a consistent high level of protection.

By using Teleios Clinic’s services and providing information to us, you consent to the transfer of your data to the United States (and potentially other jurisdictions where we or our service providers operate), under the safeguards described in this Policy. We understand that privacy expectations and legal requirements can vary by country, and we strive to meet or exceed those expectations globally.

Your Privacy Rights

Teleios Clinic believes in transparency and empowering our patients/users with control over their personal information. Depending on your jurisdiction, you have certain rights regarding your personal data. We honor applicable privacy rights under laws such as HIPAA, GDPR, and LFPDPPP, which may include the following:

• Access and Portability: You have the right to request a copy of the personal data we hold about you. For health data, this means you can ask for access to your medical records or other PHI we maintain. We will provide this information in a readily accessible format, and for EU residents, you may also request that it be provided in a portable electronic format. Under HIPAA, you can ask for an electronic or paper copy of your health record, and we will supply it to you (or a designated third party) within a reasonable time.
  
  
• Rectification (Correction): If any of your information is inaccurate or outdated, you have the right to ask us to correct it. For example, if you see an error in your contact details or in your medical history, we will correct it upon verification. HIPAA also gives you the right to request an amendment to your health records if you believe something is incorrect or incomplete. Teleios will make corrections as appropriate and inform you once done.
  
  
• Erasure (Deletion): Subject to applicable law, you may request that we delete your personal data. GDPR grants individuals the “right to be forgotten” in certain cases. If you are an EU patient and no longer want us to have certain information, you can request deletion. We will honor such requests to the extent possible – for instance, if the data is no longer needed for the purpose it was collected. Please note: Due to healthcare regulations, we may be required to retain certain health records for a period of time (for legal, compliance, or patient safety reasons). In such cases, we will inform you if we cannot delete specific data and why (e.g., medical record retention laws in the U.S. typically require keeping records for a set number of years). We will, however, delete or de-identify any data that we are not obligated to keep.
  
  
• Restriction and Objection: You have the right to request that we restrict processing of your data in certain circumstances (for example, if you contest the accuracy of the data or if you object to our processing). You may also object to certain types of data uses – for instance, if we were to use your data for research or analytical purposes beyond your care, you can object (if those uses are based on legitimate interest or consent under GDPR). Teleios does not engage in much processing beyond healthcare provision, but if you have concerns, we will gladly discuss and accommodate your objection as required by law.
  
  
• Withdrawal of Consent: If we process some of your data based on consent (for example, if you gave consent to receive newsletters or to share information with a third-party specialist), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the legality of any processing we did prior to your withdrawal, and it won’t affect care we provide (however, note that for core medical services we rely on legal bases like provision of care, not consent). If you withdraw consent for something like marketing emails, we will stop those communications.
  
  
• LFPDPPP ARCO Rights (for Mexico): If you are in Mexico, your law provides rights known as “ARCO” rights – Access, Rectification, Cancellation, and Opposition. These align closely with the rights listed above. Teleios Clinic will facilitate your exercise of ARCO rights as well, such as giving you access to your data, correcting it, canceling (deleting) it when permissible, or objecting to certain processing.
  
  
• HIPAA Privacy Rights: As a patient, you also have specific rights under HIPAA’s Privacy Rule. These include the right to receive a Notice of Privacy Practices (describing in detail how we use and share your PHI), the right to request confidential communications (for example, asking us to contact you at a certain phone number or address), and the right to request accounting of disclosures (a list of certain disclosures we may have made of your PHI). Teleios Clinic honors all these rights. We provide our patients with a HIPAA Notice of Privacy Practices when you begin services with us (and it is available upon request at any time), which gives more information about your HIPAA rights. We will never retaliate or deny you service for exercising any of your privacy rights.
  
  

Exercising Your Rights: If you wish to exercise any of the rights above, you can contact us (see the “Contact Us” section below). We may need to verify your identity before fulfilling certain requests (for your protection, we want to ensure it’s actually you or an authorized representative making the request). We will respond to your request within the timeframe required by law. For example, under GDPR we typically have one month to respond, and under HIPAA we generally have 30 days (with a possible extension) to provide medical records. We will inform you if we need an extension or if any request cannot be met (with reasons, such as a legal requirement to retain data or an exemption under law). Rest assured, Teleios Clinic will not discriminate against or penalize you for exercising your privacy rights.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or to keep up with legal requirements. If we make significant changes, we will notify users through our website or via email. The “last updated” date at the top of the policy will always indicate when the last changes were made. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of Teleios Clinic’s services after any modifications to the Privacy Policy constitutes acceptance of those changes.

‍

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us. We are here to help and will respond as promptly as possible. You can reach Teleios Clinic’s privacy team at:

Email: privacy@teleiosclinic.com (for general privacy inquiries or to exercise your data rights)
Mail: Teleios, LLC – Privacy Officer
1234 Healthcare Drive, Suite 100
Wilmington, DE 19801, USA

You may also contact us through our website contact form or via phone at our customer service line, as listed on our website. Please indicate that your inquiry is related to privacy so we can direct it to the appropriate staff.

International Users: If you are contacting us from the EU or Mexico regarding your data, you may also reach out to our designated representative or local contact (if we have one, as required by GDPR Article 27 or Mexican law) – we will provide that information upon request. In any event, our U.S.-based team will work with you to address your concerns in accordance with all applicable laws.

We hope this Privacy Policy provides a clear understanding of how Teleios Clinic protects your privacy. Your trust is paramount to us, and we will continue to uphold the highest standards of confidentiality, security, and transparency in all our operations. If you have any further questions, please do not hesitate to contact us. Thank you for choosing Teleios Clinic for your healthcare needs.

‍