Privacy policy.

Effective Date: June 5, 2023

Expo Medical is committed to protecting the privacy and security of your personal health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our telehealth weight loss services, including our website, patient portal, mobile applications, and virtual consultations (collectively, “Services”).

By using our Services, you agree to the practices described in this Privacy Policy.

We may collect the following types of information:

A. Personal Identifiable Information (PII)

  • Name, date of birth, address, phone number, email address

  • Insurance information and payment details

B. Protected Health Information (PHI)

  • Medical history, current health conditions, medications, allergies

  • Weight management goals, treatment plans, and progress notes

  • Laboratory results and diagnostic reports

C. Technical Information

  • Device information (IP address, browser type, operating system)

  • Usage data (pages visited, features used)

  • Audio, video, and chat logs from telehealth sessions (if applicable)

We use your information to:

  • Provide telehealth and weight loss services

  • Diagnose, treat, and monitor your health conditions

  • Coordinate care with other healthcare providers or pharmacies

  • Process payments and insurance claims

  • Communicate with you about appointments, services, and follow-up care

  • Improve our website, apps, and services

  • Comply with legal, regulatory, and accreditation requirements

We may share your information only as permitted or required by law:

  • With Your Consent: Sharing with family members, other providers, or coaches at your request

  • Healthcare Operations: Sharing with staff, business associates, and telehealth platform vendors

  • Insurance & Billing: Sharing with payers, clearinghouses, and billing companies

  • Legal Requirements: Sharing when required by court order, subpoena, or law

  • Emergency Situations: Sharing when necessary to prevent serious harm

We do not sell your personal information to third parties.

We use HIPAA-compliant platforms for all video consultations, messaging, and electronic health records (EHR). Data is encrypted in transit and at rest, and access is restricted to authorized personnel only.

You have the right to:

  • Access and obtain a copy of your medical records

  • Request corrections to your health information

  • Request a list of disclosures we’ve made of your PHI

  • Request restrictions on certain uses or disclosures

  • Request confidential communication methods

  • File a complaint with us or the U.S. Department of Health and Human Services (HHS) if you believe your privacy rights have been violated

We retain your medical records and related data for a minimum period required by federal and state law (typically 6–10 years), after which they may be securely destroyed.

We maintain administrative, physical, and technical safeguards to protect your data, including:

  • Secure authentication and role-based access control

  • Encrypted storage and transmission of PHI

  • Regular risk assessments and staff training on HIPAA compliance

We may use cookies or similar technologies to improve user experience, track website performance, and enhance security. You may choose to disable cookies in your browser settings.

Our services are intended for adults 18 years or older. We do not knowingly collect personal data from children under 13.

We may update this Privacy Policy at any time. Changes will be posted on our website with an updated effective date.