Contact Us

hipaa-notice

HIPAA Notice of Privacy Practices

Effective Date: October 09, 2025
This Notice Describes How Medical Information About You May Be Used and Disclosed and How You Can Get Access to This Information. Please Review It Carefully.

Who Must Follow This Notice

This Notice applies to:

  • Reisaan Health (Aasaan Health LLC)
  • Dr. Roshani Sanghani, MD, US Board-Certified Endocrinologist
  • All healthcare professionals authorized to enter information into your medical record
  • All employees, staff, and personnel of Reisaan Health
  • All Business Associates and their subcontractors

Note: This Notice applies only to US patients receiving services from Reisaan Health. For non-US patients, please see our general Privacy Policy.

Our Pledge Regarding Your Medical Information

We understand that medical information about you and your health is personal. We are committed to protecting your health information. We create a record of the care and services you receive at Reisaan Health to provide quality care and comply with legal requirements.

This Notice will tell you about the ways we may use and disclose your medical information. It also describes your rights and certain obligations we have regarding the use and disclosure of your medical information.

We are required by law to:

  • Maintain the privacy of your Protected Health Information (PHI)
  • Give you this Notice of our legal duties and privacy practices
  • Follow the terms of the Notice currently in effect
  • Notify you if we are unable to agree to a requested restriction
  • Accommodate reasonable requests to receive communications of PHI by alternative means or locations

How We May Use and Disclose Your Medical Information

The following categories describe different ways we use and disclose your medical information. Not every use or disclosure will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of these categories.

Uses and Disclosures for Treatment, Payment, and Healthcare Operations

We may use and disclose your medical information without your written authorization for:

1. Treatment

We may use your medical information to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, health coaches, or other personnel who are involved in taking care of you.

Examples:

  • Dr. Roshani reviews your medical history to develop your treatment plan
  • Health coaches access your records to provide lifestyle guidance
  • We share information with your local physician (with your authorization)
  • We coordinate your care with specialists or lab facilities

Different Locations: If you receive services from multiple Reisaan Health providers or programs, we may share information among them for treatment purposes.

2. Payment

We may use and disclose your medical information to bill and collect payment for services we provide to you.

Examples:

  • Submitting claims to your health insurance (if applicable – note: we typically don’t bill insurance)
  • Processing your payment through our payment processor (Stripe)
  • Verifying insurance coverage or benefits
  • Collecting payment for services rendered
  • Responding to payment disputes

3. Healthcare Operations

We may use and disclose your medical information for healthcare operations, which include internal activities necessary to run Reisaan Health and ensure quality care.

Examples:

  • Quality assessment and improvement activities
  • Training healthcare providers and students
  • Credentialing and peer review activities
  • Business planning and development
  • Customer service and satisfaction surveys
  • Resolving grievances
  • Creating de-identified health information for research and public health
  • Compliance, legal, and audit functions

Other Uses and Disclosures Without Authorization

We may also use and disclose your medical information without your authorization in the following circumstances:

4. As Required By Law

We will disclose your medical information when required to do so by federal, state, or local law.

5. To Avert a Serious Threat to Health or Safety

We may use and disclose your medical information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.

Examples:

  • Warning someone who may be in danger
  • Reporting abuse or neglect to appropriate authorities
  • Notifying authorities about potential violence

6. Business Associates

We may disclose your medical information to our Business Associates who perform functions on our behalf or provide us with services if the information is necessary for such functions or services.

Examples:

  • Cloud hosting providers storing your medical records
  • Video conferencing platforms for telehealth consultations
  • Payment processors handling billing
  • Technology vendors maintaining our systems

All Business Associates must sign agreements to safeguard your information and comply with HIPAA.

7. Organ and Tissue Donation

If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation, or to an organ donation bank, as necessary to facilitate donation and transplantation.

8. Military and Veterans

If you are a member of the armed forces, we may release medical information about you as required by military command authorities.

9. Workers’ Compensation

We may release medical information about you for workers’ compensation or similar programs that provide benefits for work-related injuries or illness.

10. Public Health Activities

We may disclose your medical information for public health activities, including:

  • Preventing or controlling disease, injury, or disability
  • Reporting births and deaths
  • Reporting child abuse or neglect
  • Reporting reactions to medications or problems with products
  • Notifying people of recalls of products they may be using
  • Notifying a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition

11. Health Oversight Activities

We may disclose medical information to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the healthcare system, government programs, and compliance with civil rights laws.

12. Lawsuits and Disputes

If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process, subject to appropriate safeguards.

13. Law Enforcement

We may release medical information if asked to do so by a law enforcement official:

  • In response to a court order, subpoena, warrant, summons, or similar process
  • To identify or locate a suspect, fugitive, material witness, or missing person
  • About the victim of a crime under certain limited circumstances
  • About a death we believe may be the result of criminal conduct
  • About criminal conduct at Reisaan Health
  • In emergency circumstances to report a crime

14. Coroners, Medical Examiners, and Funeral Directors

We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.

15. National Security and Intelligence Activities

We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.

16. Protective Services for the President and Others

We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state or conduct special investigations.

17. Inmates

If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official if necessary for:

  • The institution to provide you with healthcare
  • Your health and safety or the health and safety of others
  • The safety and security of the correctional institution

Uses and Disclosures That Require Your Written Authorization

Other uses and disclosures will be made only with your written authorization.

These include:

Psychotherapy Notes

If we maintain psychotherapy notes (which we typically don’t), we need your authorization to use or disclose them, with limited exceptions.

Marketing

We need your authorization to use or disclose your PHI for marketing purposes, except for face-to-face marketing communications or promotional gifts of nominal value.

Sale of PHI

We need your authorization if we receive direct or indirect payment in exchange for your PHI (we do NOT sell your information).

Most Uses and Disclosures of Highly Confidential Information

Certain state and federal laws provide additional protections for specific types of health information. For example:

  • HIV/AIDS information
  • Mental health information
  • Genetic information
  • Alcohol and substance abuse treatment information
  • Sexually transmitted disease information

Uses and disclosures of these types of information may require your specific written authorization.

Your Right to Revoke Authorization

You may revoke any authorization you give us at any time by submitting a written revocation to:

Reisaan Health – Privacy Officer
Email: connect@aasaanhealth.com

Important: The revocation will not apply to actions we already took in reliance on your authorization before we received your revocation.

Your Rights Regarding Your Medical Information

You have the following rights regarding the medical information we maintain about you:

1. Right to Inspect and Copy

You have the right to inspect and obtain a copy of your medical information that may be used to make decisions about your care.

This includes:

  • Medical and billing records
  • Visit notes and treatment plans
  • Lab results and diagnostic reports
  • Medication lists
  • Educational materials provided

This does NOT include:

  • Psychotherapy notes (if any)
  • Information compiled in anticipation of litigation
  • Certain information restricted by law

How to Request: Submit a written request to:

  • Email: connect@aasaanhealth.com
  • Subject: “Medical Records Request”
  • Include: Your name, date of birth, dates of service, specific records requested

Our Response:

  • We will respond within 30 days (may extend by 30 days with written notice)
  • We will provide copies in the format you request if readily producible
  • We may charge a reasonable, cost-based fee for copies (labor, supplies, postage)
  • Electronic copies will be provided if requested and available

Denial: We may deny your request in certain circumstances. If we deny your request, we will provide a written explanation and inform you of your right to have the denial reviewed.

2. Right to Amend

If you believe that medical information we have about you is incorrect or incomplete, you may ask us to amend the information.

How to Request: Submit a written request to:

  • Email: connect@aasaanhealth.com
  • Subject: “Request to Amend Medical Records”
  • Include: The information you want amended and your reason for the request

Our Response:

  • We will respond within 60 days (may extend by 30 days with written notice)
  • We may approve or deny your request

We may deny your request if:

  • The information was not created by us (unless the creator is unavailable)
  • The information is not part of the records we maintain
  • The information is not available for inspection (as described above)
  • The information is accurate and complete

If Denied: We will provide a written explanation. You may submit a statement of disagreement, which we will include in your medical record.

If Approved: We will make the amendment and inform you. We will also notify others who need to know about the amendment.

3. Right to an Accounting of Disclosures

You have the right to request an “accounting of disclosures,” which is a list of certain disclosures we made of your medical information.

What’s Included: Disclosures for purposes OTHER than treatment, payment, or healthcare operations, and disclosures not made with your authorization.

What’s NOT Included:

  • Disclosures for treatment, payment, or healthcare operations
  • Disclosures made with your authorization
  • Disclosures made to you or your personal representative
  • Disclosures for national security or intelligence purposes
  • Disclosures to correctional institutions or law enforcement (in some cases)
  • Disclosures that are part of a limited data set
  • Disclosures made prior to April 14, 2003

How to Request: Submit a written request to:

  • Email: connect@aasaanhealth.com
  • Subject: “Accounting of Disclosures Request”
  • Specify the time period (may not exceed 6 years prior to request)

Our Response:

  • We will respond within 60 days (may extend by 30 days with written notice)
  • First accounting in a 12-month period is free
  • We may charge a reasonable fee for additional requests

4. Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your medical information for treatment, payment, or healthcare operations. You also have the right to request limits on medical information we disclose about you to someone who is involved in your care or payment for your care.

Examples of restrictions you might request:

  • Don’t disclose information about a specific treatment to your family member
  • Don’t use or disclose information for certain healthcare operations
  • Limit what we tell your insurance company (if applicable)

How to Request: Submit a written request to:

  • Email: connect@aasaanhealth.com
  • Subject: “Request for Restriction”
  • Specify: What information you want restricted and how you want it restricted

Important:

  • We are NOT required to agree to your request (with one exception below)
  • If we do agree, we will comply with your request unless the information is needed for emergency treatment
  • We will notify you if we cannot agree to the restriction

Exception – We MUST Agree If: You request that we not disclose information to your health plan for payment or healthcare operations purposes, AND:

  • The disclosure is not otherwise required by law, AND
  • The information pertains solely to a healthcare item or service for which you (or someone on your behalf) has paid us in full out-of-pocket

5. Right to Request Confidential Communications

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.

Examples:

  • Request we contact you only at home, not at work
  • Request we send information to a different address
  • Request we contact you by email instead of phone
  • Request we leave messages only with certain individuals

How to Request: Submit a written request to:

  • Email: connect@aasaanhealth.com
  • Subject: “Confidential Communications Request”
  • Specify: How or where you wish to be contacted

We will accommodate reasonable requests without asking the reason for the request.

6. Right to a Paper Copy of This Notice

You have the right to a paper copy of this Notice at any time, even if you have agreed to receive the Notice electronically.

How to Request:

  • Email: connect@aasaanhealth.com
  • Subject: “Request for Paper Notice”
  • We will mail a copy to your address on file

You may also obtain a copy:

  • Download from our website: reisaanhealth.com/hipaa-notice
  • Request during any appointment or contact with our office

7. Right to Be Notified of a Breach

You have the right to be notified if we (or one of our Business Associates) discover a breach of your unsecured PHI.

What is a breach? A breach is an impermissible use or disclosure of PHI that compromises the security or privacy of the information.

How we’ll notify you:

  • Within 60 days of discovering the breach
  • By first-class mail to your address on file
  • Or by email if you’ve agreed to electronic notice
  • For breaches affecting 500+ individuals, we’ll also notify prominent media outlets

What the notice will include:

  • Description of what happened
  • Types of information involved
  • Steps you should take to protect yourself
  • What we’re doing in response
  • Contact information for questions

How to Exercise Your Rights

To exercise any of the rights described above, please:

Contact our Privacy Officer:

  • Email: connect@aasaanhealth.com
  • Subject Line: Indicate which right you’re exercising
  • Phone: +91 8291173280

All requests must be in writing (email acceptable).

Include in your request:

  • Your full name
  • Date of birth
  • Contact information (email and phone)
  • Specific description of your request
  • Your signature (electronic signature acceptable)
  • Proof of identity if requested

Response timeline:

  • Most requests: Within 30-60 days
  • Extensions possible with written notice
  • We’ll communicate in writing about our decision

Changes to This Notice

We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well as any information we receive in the future.

How we’ll notify you of changes:

  • Post the new Notice on our website: reisaanhealth.com/hipaa-notice
  • Post the new Notice in our patient portal
  • Make new copies available upon request
  • The Notice will contain the effective date on the first page

Material changes: We will notify you directly by email for material changes that significantly affect your rights or our practices.

Your rights: If you disagree with changes, you may request account deletion (subject to legal retention requirements) or discontinue services.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

1. Reisaan Health

Privacy Officer
Email: connect@aasaanhealth.com
Subject: “Privacy Complaint”
Phone: +91 8291173280

What to include:

  • Your name and contact information
  • Description of the privacy concern
  • Date(s) of the incident
  • Any supporting information

We will:

  • Acknowledge receipt within 5 business days
  • Investigate your complaint
  • Respond within 30 days
  • Take corrective action if needed

2. U.S. Department of Health and Human Services

Office for Civil Rights (OCR)
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
Online complaint form available
Toll-free: 1-877-696-6775

Filing deadline: Within 180 days of when you knew (or should have known) of the violation. OCR may extend this deadline for good cause.

Important Assurances

You will NOT be retaliated against for filing a complaint.

We will not:

  • Terminate your services
  • Take any retaliatory action
  • Intimidate, threaten, or discriminate against you
  • Penalize you in any way

Your right to file a complaint is protected by federal law. We support your right to report concerns and will work to address any legitimate privacy issues.

Additional Information

For California Patients

California law provides additional privacy protections. You have the right to:

  • Request information about information sharing with third parties
  • Opt-out of certain disclosures
  • Additional notice of certain uses

See our Privacy Policy for California-specific rights under CCPA/CPRA.

For Patients in States with Additional Protections

Some states have enacted privacy laws that provide additional protections beyond HIPAA. If your state law provides greater privacy protection, we will comply with the stricter requirement.

States with additional protections include: California, Texas, Vermont, Washington, and others.

Minimum Necessary Standard

We will make reasonable efforts to limit the use, disclosure, or request of PHI to the minimum necessary to accomplish the intended purpose.

Exceptions:

  • Disclosures to healthcare providers for treatment purposes
  • Disclosures to you or your authorized representative
  • Disclosures made with your authorization
  • Disclosures required by law
  • Disclosures to HHS for compliance investigations

De-identified Information

We may use and disclose de-identified health information (information from which all identifying information has been removed) without restriction. This information cannot reasonably be used to identify you.

Uses include:

  • Quality improvement research
  • Public health research
  • Medical education
  • Business analytics

Limited Data Set

We may use and disclose a limited data set (PHI with certain identifiers removed) for research, public health, or healthcare operations purposes, provided we have a data use agreement with the recipient.

Patient Safety and Quality Improvement

We may use and disclose your PHI in connection with patient safety activities and quality improvement initiatives to improve the quality and safety of healthcare.

Telehealth-Specific Considerations

Technology and Security

Telehealth platforms we use:

  • Secure, encrypted video conferencing
  • HIPAA-compliant messaging systems
  • Secure patient portal

Security measures:

  • End-to-end encryption
  • Secure authentication
  • Automatic session timeouts
  • Regular security audits

Your responsibilities:

  • Use secure internet connection (not public WiFi for sensitive communications)
  • Keep your login credentials secure
  • Don’t allow others to observe your consultations
  • Use updated software and browsers

Recordings

Video consultations:

  • NOT recorded by default
  • Recording only with your explicit written consent
  • If recorded, becomes part of your medical record
  • You can request a copy of recordings

You may NOT:

  • Record consultations without prior written consent
  • Share recordings with unauthorized parties

Interstate Telehealth

If you receive services across state lines:

  • Dr. Roshani is licensed in [specify states]
  • State medical board rules apply
  • Interstate medical licensure compacts may apply
  • Privacy laws of both states may apply

Business Associates

We work with Business Associates who perform services on our behalf and have access to your PHI. We require all Business Associates to:

Sign Business Associate Agreements requiring them to:

  • Safeguard your PHI
  • Use PHI only as permitted
  • Report any breaches or security incidents
  • Comply with HIPAA requirements
  • Allow audits and inspections
  • Return or destroy PHI when services end

Current Business Associates include:

  • Cloud hosting providers
  • Video conferencing platforms
  • Payment processors (Stripe)
  • Email delivery services
  • Technology vendors

Your rights: You may request a list of our current Business Associates by contacting our Privacy Officer.

Data Security Measures

We implement comprehensive safeguards to protect your PHI:

Technical Safeguards

  • Encryption of data in transit and at rest
  • Firewalls and intrusion detection
  • Secure authentication and access controls
  • Automatic logout after inactivity
  • Regular security updates and patches
  • Vulnerability scanning and testing

Physical Safeguards

  • Secure facilities with restricted access
  • Device encryption
  • Secure disposal of equipment and records
  • Visitor logs and escort requirements

Administrative Safeguards

  • Privacy and security policies and procedures
  • Workforce training and management
  • Incident response procedures
  • Regular risk assessments
  • Contingency planning and disaster recovery
  • Business associate management

International Patients

This HIPAA Notice applies only to US patients.

For international patients:

  • This HIPAA Notice does NOT apply
  • See our general Privacy Policy
  • Your country’s privacy laws apply
  • We comply with international data transfer requirements
  • GDPR, LGPD, or other regional laws may apply

Data transfers:

  • Your information may be stored in the United States
  • Appropriate safeguards are in place for international transfers
  • Standard Contractual Clauses or other mechanisms used as required

Effective Date and Acknowledgment

Effective Date: October 09, 2025

Acknowledgment: We will ask you to acknowledge receipt of this Notice. Your acknowledgment (or our good faith efforts to obtain it) will be documented in your medical record.

Refusal to sign acknowledgment:

  • Does NOT prevent you from receiving treatment
  • We will document our good faith efforts to obtain acknowledgment
  • Services will not be conditioned on signing

Questions about acknowledgment? Contact our Privacy Officer.

Definitions

Protected Health Information (PHI): Information about you, including demographic information, that may identify you and relates to:

  • Your past, present, or future physical or mental health or condition
  • The provision of healthcare to you
  • Payment for the provision of healthcare to you

Use: Sharing, employment, application, utilization, examination, or analysis of PHI within Reisaan Health.

Disclosure: Release, transfer, provision of access to, or divulging PHI outside of Reisaan Health.

Treatment: Provision, coordination, or management of healthcare and related services, including consultations between healthcare providers and referrals.

Payment: Activities to obtain or provide reimbursement for healthcare, including billing, collections, claims management, and determining eligibility or coverage.

Healthcare Operations: Administrative, financial, legal, and quality improvement activities necessary to run our practice and ensure quality care.

Business Associate: A person or entity that performs functions or activities on behalf of Reisaan Health involving the use or disclosure of PHI.

Minimum Necessary: The least amount of PHI necessary to accomplish the intended purpose of a use, disclosure, or request.

De-identified Information: Health information from which all identifiers have been removed and that cannot reasonably be used to identify an individual.

Contact Information

Privacy Officer

Name: Neeraj Sanghani
Email: connect@aasaanhealth.com
Phone: +91 8291173280
Hours: Monday-Friday, 9:00 AM – 6:00 PM IST

General Inquiries

Email: connect@aasaanhealth.com
Phone: +91 8291173280
Website: https://reisaanhealth.com

For Complaints

Internal: Privacy Officer (contact above)

External – U.S. Department of Health and Human Services: Office for Civil Rights
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
Phone: 1-877-696-6775

Additional Resources

Learn more about HIPAA and your privacy rights:

  • HHS Office for Civil Rights: www.hhs.gov/ocr/privacy
  • Your rights under HIPAA: www.hhs.gov/hipaa/for-individuals
  • Reisaan Health Privacy Policy: reisaanhealth.com/privacy-policy

Request this Notice in alternative formats:

  • Large print
  • Audio recording
  • Other accessible formats Contact us to request

Acknowledgment of Receipt

For our records, please acknowledge receipt of this Notice by:

Online: Check the box during enrollment: “I acknowledge receipt of the HIPAA Notice of Privacy Practices”

Email: Reply to enrollment email confirming receipt

Written: Sign and return the acknowledgment form provided

Important: Your treatment is NOT conditioned on providing this acknowledgment. However, we are required by law to make good faith efforts to obtain it.

PLEASE KEEP THIS NOTICE FOR YOUR RECORDS

You may request a paper copy at any time by contacting us.

Thank you for choosing Reisaan Health. We are committed to protecting your privacy and providing you with excellent healthcare services.

Document Information:

  • Document Title: HIPAA Notice of Privacy Practices
  • Version: 1.0
  • Effective Date: October 09, 2025
  • Applies To: US patients only
  • Governing Law: HIPAA Privacy Rule (45 CFR Part 164)
  • Entity: Aasaan Health LLC d/b/a Reisaan Health

This Notice of Privacy Practices describes how we may use and disclose your Protected Health Information to carry out treatment, payment, or healthcare operations and for other purposes permitted or required by law. It also describes your rights regarding health information we maintain about you and a brief description of how you may exercise these rights. This Notice was last updated on October 10, 2025.

Scroll to Top