HIPAA Compliance Statement

Effective Date: August 31, 2025

Company Information

Lucido LLC
7901 4th St N, Ste 300
St. Petersburg, FL 33702
United States

Our Commitment to HIPAA Compliance

Lucido LLC, doing business as Another Doctor, is fully committed to protecting your protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

🛡️

HIPAA Compliant

Certified Data Protection

How We Protect Your Health Information

Administrative Safeguards

  • Privacy Officer: Dedicated HIPAA compliance officer overseeing all privacy practices
  • Employee Training: All staff trained on HIPAA requirements and privacy protocols
  • Access Controls: Role-based access to PHI on a minimum necessary basis
  • Incident Response: Formal procedures for handling any potential breaches
  • Business Associate Agreements: All vendors handling PHI are HIPAA-compliant with signed BAAs

Physical Safeguards

  • Secure Facilities: Physical access controls to systems containing PHI
  • Workstation Security: Secured computers and devices accessing PHI
  • Media Controls: Secure handling of storage media containing PHI
  • Equipment Disposal: Secure destruction of hardware containing PHI

Technical Safeguards

  • Encryption: 256-bit AES encryption for all PHI in transit and at rest
  • Access Controls: Multi-factor authentication for all system access
  • Audit Logs: Comprehensive logging of all PHI access and modifications
  • Automatic Logoff: Systems automatically log out inactive users
  • Data Integrity: Controls to ensure PHI is not improperly altered or destroyed

Your HIPAA Rights

Under HIPAA, you have the following rights regarding your protected health information:

Right to Access

You have the right to request and receive copies of your PHI that we maintain. We will provide access within 30 days of your request.

Right to Amendment

You may request amendments to your PHI if you believe it is inaccurate or incomplete.

Right to Restriction

You may request restrictions on how we use or disclose your PHI, though we are not required to agree to all restrictions.

Right to Accounting

You may request an accounting of disclosures of your PHI that we have made for purposes other than treatment, payment, or healthcare operations.

Right to Request Confidential Communications

You may request that we communicate with you about your PHI in a particular way or at a particular location.

How We Use and Disclose Your PHI

Permitted Uses (with your authorization)

  • Service Delivery: Creating Case Briefs and matching you with specialists
  • Specialist Introductions: Sharing relevant information with matched specialists
  • Quality Assurance: Internal review to ensure service quality
  • Customer Support: Responding to your questions and requests

Required Disclosures

  • To you, upon your request for access to your PHI
  • To the Department of Health and Human Services for HIPAA compliance investigations
  • When required by law (court orders, public health requirements, etc.)

Data Minimization and Deletion

Automatic PHI Deletion

All protected health information is permanently deleted immediately after you confirm your specialist match. This exceeds HIPAA requirements and demonstrates our commitment to your privacy.

What Gets Deleted

  • All uploaded medical records and documents
  • Case Briefs and clinical summaries
  • Treatment histories and diagnostic information
  • Any health-related communications

Information Retention

  • Minimal billing information (required for tax compliance, not PHI)
  • Service delivery confirmations (anonymized, not PHI)
  • Contact preferences (until you request deletion)

Business Associate Agreements

All third-party vendors who may access PHI have signed HIPAA-compliant Business Associate Agreements (BAAs), including:

  • Cloud storage providers (AWS, Google Cloud)
  • AI processing services
  • Payment processors
  • Email and communication platforms
  • Customer support tools

Security Incident Response

In the unlikely event of a security incident involving PHI:

  • We will investigate and contain the incident immediately
  • Affected individuals will be notified within 60 days
  • We will report breaches to HHS as required by law
  • We will implement additional safeguards to prevent future incidents

Complaints and Contact Information

File a Complaint with Us

If you believe your privacy rights have been violated, you may file a complaint:

HIPAA Privacy Officer
Lucido LLC
Email: privacy@another.doctor
Subject: HIPAA Complaint

No Retaliation

We will not retaliate against you for filing a complaint or exercising your HIPAA rights.

Updates to This Notice

We reserve the right to update this HIPAA compliance statement. Material changes will be communicated to you via email, and the effective date will be updated accordingly.

Our Privacy Commitment

At Another Doctor, protecting your health information is not just a legal requirement—it's fundamental to who we are. We implement privacy-by-design principles, ensuring your PHI is protected at every step of our service delivery process.