Skip to main content

Health Data Privacy Notice

Effective Date: 2026-05-26 • Last Updated: 2026-05-26

Hollis Health is not a medical provider and does not practice medicine. This notice explains how we handle health information that you share with Hollis Health or authorize independent providers to share with us for coaching, dashboard, and care-coordination purposes.

Health Data Privacy Notice

Effective Date: May 26, 2026

This Health Data Privacy Notice ("Notice") explains Hollis Health LLC's role when we handle health information that you share with Hollis Health or authorize independent licensed physicians, laboratories, imaging providers, or other healthcare providers to share with us for coaching, dashboard, and care-coordination purposes.

This Notice is narrower than our general Privacy Policy. It is intended to address health information that Hollis Health may receive, maintain, display, or transmit in coordination workflows involving independent providers.

This Notice does not serve as a Notice of Privacy Practices ("NPP") for Hollis Health or for any independent provider. Hollis Health is not a medical provider and does not practice medicine. Each independently licensed physician, laboratory, or other Covered Entity remains responsible for its own NPP and its own direct clinical privacy obligations.

1. Hollis Health's Health Data Role

1.1 Coordination and Service-Provider Functions. In certain workflows, Hollis Health may create, receive, maintain, or transmit health information that you share directly or authorize independent providers to share with us. If a workflow requires additional privacy contracts, Hollis Health will use the appropriate contractual protections before operating that workflow.

1.2 Limited Scope. This Notice applies only to health information handled in those coordination workflows. Information you provide directly to Hollis Health through consumer-facing wellness features may be governed by our general Privacy Policy and by laws other than HIPAA.

1.3 No Direct Clinical Practice Representation. Nothing in this Notice means that Hollis Health is itself your physician or a Covered Entity for all Services. Hollis Health's role depends on the workflow and the relationship under which the information was collected or received.

2. Categories of PHI We May Handle

When received from you or from an independent provider with your consent or as otherwise permitted by law, health information handled by Hollis Health may include categories such as:

  • laboratory and biomarker results;
  • body composition or imaging summaries transmitted by an independent provider;
  • diagnoses, impressions, and clinician-authored directives;
  • medication, supplement, or protocol instructions issued by an independently licensed clinician;
  • scheduling, ordering, coordination, and administrative records tied to clinical workflows;
  • secure messages or records transmitted through covered clinical coordination workflows.

3. How We Use and Disclose PHI in Those Workflows

Where health information is handled in a provider-coordination workflow, Hollis Health may use or disclose that information only as permitted by:

  • your written consent or authorization;
  • the applicable service, privacy, or data-sharing agreement;
  • HIPAA and other applicable law where applicable; and
  • instructions of the Covered Entity where required.

Examples may include:

  • routing and displaying results;
  • care coordination support;
  • scheduling and administrative support;
  • technical hosting, security, storage, and access management;
  • audit logging, incident response, and lawful compliance activities.

Hollis Health does not use health information handled in these workflows for unrelated advertising or data sale.

4. Your Rights

4.1 Rights Through the Covered Entity. If your request concerns PHI maintained by an independently licensed physician, laboratory, or other Covered Entity, your HIPAA rights are generally exercised through that Covered Entity.

4.2 Requests We May Route or Coordinate. For convenience, you may send an access, amendment, accounting, restriction, or confidential communications request to Hollis Health. We may forward, route, or coordinate the request with the appropriate Covered Entity rather than responding independently where the law or applicable agreement requires that workflow.

4.3 Direct-to-Consumer Data Is Different. If your request concerns information you provided directly to Hollis Health in a consumer-facing wellness workflow, that request may instead be handled under our general Privacy Policy and other applicable law.

5. Safeguards

Hollis Health applies administrative, technical, and physical safeguards designed to protect health information in provider-coordination workflows, which may include:

  • encryption in transit and at rest where appropriate;
  • role-based access controls;
  • audit logging and access monitoring;
  • identity and authentication controls;
  • vendor contractual controls where applicable;
  • incident response and workforce training.

No safeguard can guarantee absolute security, but Hollis Health is committed to using commercially reasonable and legally appropriate measures for health information handled in these workflows.

6. Subcontractors and Vendors

Hollis Health may use subcontractors and vendors to support health-information workflows, including cloud hosting, secure communications, infrastructure, monitoring, and other operational services. Where a vendor creates, receives, maintains, or transmits regulated health information for Hollis Health in a workflow requiring additional contractual protections, Hollis Health will seek to have appropriate protections in place.

7. Breach and Incident Handling

If Hollis Health discovers a breach of unsecured PHI or other regulated health information in a covered workflow, we will respond in accordance with applicable law and the governing service or data-sharing arrangement, including notice to the affected Covered Entity where required.

Where a single incident affects both:

  • PHI maintained by or shared from a Covered Entity; and
  • direct-to-consumer data collected by Hollis Health,

different notification laws may apply to different parts of the incident. In that situation, Hollis Health may provide or support multiple notice workflows under HIPAA, state breach law, consumer privacy law, or other applicable law.

8. Complaints

If you believe your HIPAA rights have been violated in connection with PHI handled in a Covered Entity workflow, you may:

  • contact the applicable Covered Entity directly;
  • contact Hollis Health so that we can route or coordinate the concern where appropriate; or
  • file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

HHS OCR complaint information is available at:

https://www.hhs.gov/hipaa/filing-a-complaint

Hollis Health will not retaliate against any person for making a good-faith privacy complaint.

9. Contact Information

For questions or requests related to this Notice, please contact:

Hollis Health LLC
Attn: Privacy Team
691 S Seguin
New Braunfels, TX 78130
(Current administrative office; not a representation that member services are provided at this address.)

Email: legal@hollis.health
Phone: (210) 891-9005

This Health Data Privacy Notice was last updated on May 26, 2026.

Privacy PolicyTerms of ServiceContact Us