Dr. Refills Medical Group operates drrefills.com, an asynchronous telehealth service for chronic medication refills in California. We are a covered entity under HIPAA. Contact us at [email protected].
This Notice describes how we use and protect your Protected Health Information (PHI) as required by HIPAA and California law.
Treatment: We use your health information to evaluate your refill request, verify your prescription history, make clinical decisions, and transmit your prescription to your pharmacy.
Operations: We maintain records of your encounters for quality assurance and to fulfill our legal obligations as a healthcare provider.
De-Identified Research: We may use de-identified health information consistent with HIPAA Safe Harbor standards (45 CFR §164.514(b)) for quality improvement and analytics. Your identifiable health information will never be sold or used for marketing purposes.
This service uses an AI-assisted intake system called Maya, powered by Anthropic Claude. Maya is an administrative intake tool only — it does not diagnose, treat, or prescribe. All clinical decisions are made exclusively by a California-licensed board-certified physician. As required by California AB 3030, we notify you that generative AI is used in our intake process.
We share your information only with vendors who have signed Business Associate Agreements (BAAs) as required by HIPAA:
Mobile messaging data will never be shared with third parties. Mobile opt-in data, including phone numbers and SMS consent, will not be shared with, sold to, or transferred to any third parties, affiliates, or lead generators for marketing or promotional purposes at any time. SMS opt-in consent and data are not sold, shared, or transferred to any third party under any circumstance. All categories of personal information disclosed in this Privacy Policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties or affiliates for any reason, including marketing, promotional, or analytics purposes.
SMS notifications are entirely optional. Patients receive all service communications (refill status, payment links, prescription confirmations) via email as the primary channel. At the start of the intake — after a separate, required telehealth consent that contains no SMS language — patients are asked how they would like to be contacted and may optionally choose to also receive SMS notifications. Email is offered as an equal option; choosing email completes the entire service with no SMS. SMS opt-in is never a condition of creating an account, completing the intake, or receiving service.
If you choose to opt in to SMS: Message frequency is 1–3 messages per refill request. Message and data rates may apply. To opt out, reply STOP to any message. To re-subscribe, reply START. For help, reply HELP.
California residents have additional rights under CMIA and CCPA. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California physicians are regulated by the Medical Board of California. Verify license status at breeze.ca.gov. To file a complaint: (800) 633-2322 or mbc.ca.gov.
Patient records are retained for a minimum of seven (7) years from the date of service, consistent with California Health & Safety Code §123111. Records for minor patients are retained until age 19 or seven years, whichever is longer.
If you believe your privacy rights have been violated, contact:
You will not be penalized for filing a complaint.
We may update this policy at any time. Changes will be posted at drrefills.com/privacy with an updated effective date. Questions? Email [email protected]