Last Updated: 11/1/2023

Scope of Notice

This Protected Health Information Privacy Notice (“PHI Privacy Notice”) applies solely to individuals (“consumers” or “you”) who are using our product offerings at the direction of a healthcare provider or health plan (“Mytonomy Customer”).

This PHI Privacy Notice describes how we collect, use, disclose, and otherwise process protected health information (“PHI”) covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

This PHI Privacy Notice does not apply to information collected through the use of our websites and mobile applications that is not PHI.  For more information on how we process non-PHI, please review our Mytonomy Privacy Policy available here. For clarity, to the extent consumers are using our product offerings at the direction of Mytonomy Customers, the Mytonomy Privacy Policy will not apply as that policy only covers non-PHI.   

Protected Health Information

When we use the term “protected health information” in this PHI Privacy Notice, we mean individually identifiable information relating to the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a HIPAA-covered entity in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations (PHI healthcare business uses). This information may include demographic information, medical histories, test and laboratory results, mental health conditions, insurance information, and other data that a healthcare professional or health plan collects to identify an individual and determine appropriate care.

For the purposes of this PHI Privacy Notice, protected health information does not include deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with, or linked to, you.

Limits on the Collection, Use, and Disclosures of

Protected Health Information

When you use our products or offerings at the direction of Mytonomy Customers, we collect health-related information including medical condition and diagnosis, treatment, and medications.

Please note the following in connection with the processing of PHI collected:

  • We will only use or disclose protected health information as permitted or required by our agreements with Mytonomy Customers, including business associate agreements, or as required by law. This may include providing our Mytonomy Customers, such as your healthcare provider and health plans, with information about the content that you have viewed to help analyze the effectiveness of their education programs;
  • We will not combine protected health information with information from other sources;
  • We will not use or transfer the protected health information for serving Mytonomy advertising, including retargeting, personalized, or interest-based advertising.
  • We will only use de-identified protected health information for our own internal purposes as permitted under our agreements with Mytonomy Customers, and for no other purpose.


We seek to use reasonable organizational, technical and administrative measures to protect PHI within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.


We retain PHI only for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.

The criteria used to determine our retention periods include:

  • The length of time required by our agreements with Mytonomy Customers.
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Updates to PHI Privacy Notice

We will update This PHI Privacy Notice from time to time. When we make changes, we will change the "Last Updated" date at the beginning of the PHI Privacy Notice. If we make material changes, we will notify you by email to your registered email address, by prominent posting on our online services, or through other appropriate communication channels as required by law. All changes shall be effective from the date of publication unless otherwise provided in the notification.

Contact Us

If you have any questions or requests in connection with this PHI Privacy Notice, please send an email to Alternatively, inquiries may be addressed to:


4550 Montgomery Ave, Suite 200N

Bethesda, MD 20814

Because email communications are not always secure, please do not include sensitive information in your emails to us.