HIPAA Notice of Privacy Practices

How Legion Health uses and protects your health information. Last updated: January 2025.

Your Privacy Rights Under HIPAA

Legion Health, Inc. is required by federal law to maintain the privacy of your protected health information (PHI) and to provide you with notice of its legal duties and privacy practices with respect to PHI.

How We Use and Disclose Your Health Information

Legion Health may use and disclose your PHI for the following purposes without your authorization:

  • Treatment: To provide, coordinate, or manage your healthcare, including sharing information with your assigned provider, any consulting providers, and pharmacies for e-prescribing via Surescripts.
  • Payment: To obtain payment for healthcare services provided, including insurance claims submission via Availity, prior authorization requests, and billing coordination.
  • Healthcare Operations: To support clinical quality review, provider credentialing, legal compliance, and administrative functions necessary to operate the platform.

Uses and Disclosures Requiring Your Authorization

Except as described above, Legion Health will not use or disclose your PHI without your written authorization. You may revoke your authorization at any time in writing, except where we have already acted in reliance on it. The following uses require written authorization:

  • Most uses and disclosures of psychotherapy notes (where applicable)
  • Uses and disclosures for marketing purposes
  • Sales of your PHI

Your Rights Regarding Your Health Information

You have the following rights regarding your PHI maintained by Legion Health:

  • Right to Inspect and Copy: You may request access to your medical records and receive copies in electronic format via the patient portal.
  • Right to Request an Amendment: If you believe your PHI is incorrect or incomplete, you may request that we amend it.
  • Right to an Accounting of Disclosures: You may request a list of disclosures of your PHI made by Legion Health, except for disclosures for treatment, payment, and healthcare operations.
  • Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations.
  • Right to Confidential Communications: You may request that we communicate with you about your health information only in certain ways or at certain locations.
  • Right to a Paper Copy of This Notice: You may request a paper copy of this notice at any time.

State Licensure and Service Availability

Legion Health providers are licensed in the states where they practice. Services may not be available in all states. Please check eligibility during intake. For a complete list of states where Legion Health is currently licensed to provide psychiatric services, contact our care team at [email protected].

Electronic Systems and Data Security

Legion Health uses HIPAA-covered business associate agreements (BAAs) with all technology partners handling PHI, including Zoom for Healthcare (video visits), Epic MyChart (records), Surescripts (e-prescribing), Availity (insurance billing), and Stripe (payment processing). All PHI is encrypted in transit and at rest.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with Legion Health by contacting [email protected] or by writing to Legion Health, Inc., 2028 E Ben White Blvd, Suite 240, Austin, TX 78741. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

Contact Information

For questions regarding this notice or your privacy rights, contact Legion Health's Privacy Officer at [email protected] or +1 512 409 6338.