Privacy Policy

Chris Meyer FNP PLLC | www.chrisfnp.com | Effective: April 27, 2026

This Privacy Policy describes how Chris Meyer FNP PLLC, operating as ChrisFNP ("we," "our," or "the Practice"), collects, uses, stores, and protects your personal and health information when you visit www.chrisfnp.com or use our telehealth services. By using our services you agree to the practices described in this Policy.

This Practice is a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and is committed to maintaining the privacy and security of your Protected Health Information (PHI).

1. Information We Collect

Personal Identification Information

Full legal name, date of birth, and gender

Residential address (street, city, state, ZIP code)

Email address and phone number

Payment information (processed by our payment processor — we do not store card numbers)

Protected Health Information (PHI)

Medical history, current conditions, and past surgeries

Current medications, supplements, and known drug allergies

Responses to clinical intake questionnaires

Prescription history and clinical notes

Secure messages exchanged through our clinical platform

Website Usage Information

Browser type, IP address, and device type

Pages visited and time spent on the site

Referral source and referring codes

2. How We Use Your Information

We use your information solely for the following purposes:

To provide clinical telehealth services and prescribe appropriate medications

To communicate with you through our HIPAA-compliant messaging platform (Spruce Health)

To send your prescription to your designated pharmacy

To process your monthly subscription payment

To maintain accurate and complete patient records as required by law

To comply with Arizona state law and federal healthcare regulations

To send administrative communications such as prescription confirmations and renewal reminders

We do not use your information for marketing purposes, sell your information to third parties, or share your information with advertisers.

3. How We Share Your Information

Permitted Disclosures

We may share your PHI only in the following limited circumstances:

With your designated pharmacy for the purpose of filling your prescription

With our business associates who provide services necessary to operate the Practice, each of whom has signed a Business Associate Agreement (BAA) requiring HIPAA-compliant handling of your PHI

As required by Arizona state law or federal law

In response to a valid court order, subpoena, or legal process

In situations involving imminent threat to your safety or the safety of others

Business Associates

Our current business associates who may have access to your PHI include:

Spruce Health — HIPAA-compliant clinical communication and payment platform (BAA in place)

Our designated e-fax service provider used to transmit prescriptions to pharmacies

We Never

Sell your personal or health information to any third party

Share your information with advertisers or data brokers

Use your PHI for any purpose beyond your direct care and practice operations

4. HIPAA Rights

As a patient of this Practice you have the following rights under HIPAA:

Right to access — You may request a copy of your medical records

Right to amend — You may request corrections to your health information

Right to accounting of disclosures — You may request a list of disclosures of your PHI

Right to restrict — You may request restrictions on how we use or disclose your PHI

Right to confidential communications — You may request we communicate with you in a specific way

Right to complain — You may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights

To exercise any of these rights please contact us at the email or address listed at the end of this Policy.

5. Data Security

We implement the following safeguards to protect your PHI:

All clinical communications occur through Spruce Health, a HIPAA-compliant platform with SOC 2 auditing and HITRUST certification

All patient data is encrypted in transit and at rest

Access to patient records is limited to authorized personnel only

We maintain a signed Business Associate Agreement with all vendors who handle your PHI

Passwords and two-factor authentication are required to access any platform containing PHI

In the event of a data breach involving your PHI we will notify you as required by the HIPAA Breach Notification Rule within 60 days of discovery.

6. Data Retention

We retain patient records for a minimum of 6 years from the date of creation or the date they were last in effect, whichever is later, in compliance with Arizona state law and HIPAA requirements. Payment records are retained as required for tax and accounting purposes.

When you terminate your subscription your clinical records are retained for the legally required period. You may request a copy of your records at any time by contacting us.

7. Cookies and Website Tracking

Our website (www.chrisfnp.com) may use basic analytics to understand how visitors use the site. We do not use advertising cookies, behavioral tracking, or sell website visitor data. Any analytics data is anonymized and used solely to improve the patient experience.

8. Minors

Our services are intended for adults 18 years of age and older. We do not knowingly collect personal information from individuals under 18. If we become aware that a minor has submitted information we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do we will update the effective date at the top of this document. Continued use of our services after any update constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.

10. Contact Us

For questions about this Privacy Policy, to exercise your HIPAA rights, or to file a complaint:

Chris Meyer, FNP-BC

Chris Meyer FNP PLLC

4539 N 22nd St STE N, Phoenix, AZ 85016

Email: support@chrisfnp.com

Website: www.chrisfnp.com

To file a complaint with the federal government:

U.S. Department of Health and Human Services

Office for Civil Rights

www.hhs.gov/ocr/privacy/hipaa/complaints