How we protect you.

1. Introduction & Scope

This combined Notice serves as both our HIPAA Notice of Privacy Practices and our website privacy policy. It explains how VYRA Medical Corporation and VYRA Management, Inc. (together, "VYRA," "we," "us") collect, use, disclose, and protect information about patients, prospective patients, members, and visitors to vyra.clinic and vyra.health.

2. Who We Are

VYRA Medical Corporation is a California Professional Medical Corporation that delivers all clinical care. VYRA Management, Inc. is a California corporation that provides non-clinical administrative, technology, and facility services to the practice under a Management Services Agreement. Both entities operate from 3430 Fifth Avenue, San Diego, California 92103.

3. Protected Health Information

Protected Health Information ("PHI") is information about you, including demographic details, that may identify you and that relates to your past, present, or future physical or mental health condition, the care provided to you, or payment for that care. We are required by federal law (HIPAA), the California Confidentiality of Medical Information Act (CMIA), and other applicable law to maintain the privacy of your PHI, to provide you with this Notice of our legal duties and privacy practices, and to abide by the terms of the Notice currently in effect.

4. How We Use & Disclose Your Information

Without your written authorization, we may use or disclose your PHI for the following purposes:

• Treatment — to provide, coordinate, or manage your care, including consultations with other providers, pharmacies, and laboratories.
• Payment — to bill and collect for services, including verifying coverage, processing payment, and pursuing reimbursement.
• Health Care Operations — for internal quality assessment, credentialing, training, accreditation, licensing, and general practice administration.
• Business Associates — to vendors who perform services on our behalf (electronic health records, telehealth platforms, billing, IT, secure messaging) under written Business Associate Agreements that require them to protect your PHI.
• Appointment Reminders & Care Communications — to remind you of upcoming visits, share lab or prescription updates, and communicate with you about your care via phone, secure portal, email, or SMS.
• Required by Law — to comply with federal, state, or local law, including mandatory reporting of suspected abuse, neglect, communicable disease, or court orders and subpoenas.
• Public Health & Safety — to public health authorities, the FDA, or others authorized by law to prevent or control disease, report adverse events, or address serious threats to health or safety.
• Health Oversight, Law Enforcement, Coroners — to government agencies authorized to audit, investigate, or license health care providers, and as otherwise permitted by HIPAA.

5. Uses That Require Your Written Authorization

The following uses and disclosures will be made only with your written authorization, and you may revoke that authorization at any time in writing:

• Most uses and disclosures of psychotherapy notes.
• Uses and disclosures of PHI for marketing purposes, beyond face-to-face communications and de-minimis promotional gifts.
• Any sale of PHI.
• Other uses and disclosures not described in this Notice.

6. Your Rights Under HIPAA

You have the following rights regarding PHI we maintain about you:

• Inspect & copy your medical and billing records, in paper or electronic form.
• Request an amendment if you believe information is incorrect or incomplete; we may deny in limited circumstances and will explain in writing.
• Accounting of disclosures we have made for purposes other than treatment, payment, or operations.
• Request restrictions on certain uses and disclosures; we will agree where required by law (including disclosures to a health plan for services you paid for in full out-of-pocket) and consider all other requests.
• Confidential communications — to ask us to contact you at a specific address or phone number.
• Paper copy of this Notice on request, even if you have agreed to receive it electronically.
• Breach notification if your unsecured PHI is involved in a breach.
• File a complaint with VYRA or with the U.S. Department of Health and Human Services without retaliation.

7. Your Rights Under California Law

California provides additional protections. Under the CMIA, your medical information generally cannot be disclosed without your authorization, except as the statute permits. Under the California Consumer Privacy Act and California Privacy Rights Act ("CCPA/CPRA"), you have the right to know what personal information we collect about you, to request deletion or correction of certain non-medical personal information, to limit the use of sensitive personal information, and to be free from discrimination for exercising these rights. PHI governed by HIPAA and CMIA is generally exempt from CCPA/CPRA, but non-medical website data is covered. We do not sell or share your personal information for cross-context behavioral advertising.

8. Website & Online Privacy

When you visit vyra.clinic or vyra.health, we collect information you submit through forms (such as your name, email, phone, and any notes you write) and a limited amount of automatic information about your visit (browser type, device, IP address, pages viewed). We use this information to respond to inquiries, schedule appointments, improve the site, and meet legal obligations. We do not knowingly collect information from children under 13.

9. Cookies & Analytics

We use a small number of essential cookies to operate the site and may use privacy-respecting analytics to understand how visitors use it. We do not use cross-site tracking pixels for advertising. You can control cookies through your browser settings; disabling them may affect some site features.

10. Mobile Messaging

If you opt in to SMS, we treat your phone number and message content as PHI when it pertains to your care, and as confidential personal information at all other times. Full details — including how to opt out — are in our SMS Terms.

11. Data Security

We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI and other personal information. This includes role-based access controls, encryption in transit and at rest where applicable, secure messaging, workforce privacy training, and Business Associate Agreements with our vendors. No system is perfectly secure, and we cannot guarantee absolute security.

12. Breach Notification

If we discover a breach of unsecured PHI, we will notify affected individuals without unreasonable delay and within the timeframes required by HIPAA, CMIA, and applicable California law, and will report to regulators and the media when required.

13. Minors

VYRA generally treats adults aged 18 and older. For permitted services involving minors, parental or legal-guardian consent is required, and we comply with California law governing the privacy rights of minors, including conditions under which a minor may consent to certain care and access their own records.

14. Out-of-State & International Visitors

Our services are offered from California and intended for residents of states where we are licensed to practice. Information you submit is processed in the United States. If you visit our site from outside the United States, you consent to that processing.

15. Changes to This Notice

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have as well as PHI we receive in the future. The current Notice always lives at vyra.clinic, with the effective date noted at the bottom. A printed copy is available at the practice on request.

16. How to Exercise Your Rights or File a Complaint

To exercise any of the rights described in this Notice, contact our Privacy Officer using the information below. Most requests must be in writing — we will provide a form. We will not retaliate against you for filing a complaint. You may also file a complaint with the U.S. Department of Health & Human Services, Office for Civil Rights at 200 Independence Avenue SW, Washington, DC 20201, or with the California Attorney General.

17. Contact the Privacy Officer

Privacy Officer
VYRA Medical Corporation
3430 Fifth Avenue, San Diego, California 92103
privacy@vyra.clinic · 1·888·810·2897