HIPAA Compliance

Updated: May 7, 2024

As part of providing the ReferWell Services, ReferWell may collect, use, share, and exchange your health history forms and other health-related information with Your Healthcare Providers. Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some of this health and health-related information may be considered “protected health information” or “PHI” if such information is received from or on behalf of Your Healthcare Providers.

HIPAA protects the privacy and security of your PHI by limiting the uses and disclosures of PHI by most healthcare providers and by health plans (called “Covered Entities”) as well as companies, like ReferWell, that provide certain types of assistance to Covered Entities (called “Business Associates”). Under certain circumstances described in HIPAA, an individual needs to sign an Authorization form before a Covered Entity, like Your Healthcare Provider(s), can disclose protected health information to a third party.

ReferWell’s Privacy Policy explains how ReferWell processes and shares information received from you that is not covered by HIPAA (“Non-PHI”).

PHI Authorization

The purpose of this ReferWell Authorization (“Authorization”) is to request your written permission to allow ReferWell to use and disclose your PHI in the same way as we use and disclose your Non-PHI. If ReferWell is a Business Associate of Your Healthcare Providers, ReferWell needs your Authorization to be able to use and disclose your PHI in the same way it can currently use and disclose your Non-PHI when ReferWell is not working on behalf of Your Healthcare Providers, but is instead working on its own behalf. Therefore, when ReferWell relies on this Authorization, and uses and discloses PHI as described in this Authorization, it is not working as a Business Associate and the HIPAA requirements that apply to Business Associates will not apply to such uses and disclosures. By signing this Authorization, often at your medical provider, you give your permission to ReferWell to retain your PHI and to use and/or disclose your PHI in the same way that you have agreed that your Non-PHI can be used and disclosed.

Specifically, you agree that ReferWell can use your PHI to:

  • enable and customize your use of the ReferWell Services;
  • provide you alerts or other ReferWell Services regarding future appointments;
  • notify you regarding providers we think you may be interested in learning more about;
  • provide you with updates and information about the ReferWell Services;
  • market to you about ReferWell and third party products and services;
  • conduct analysis for ReferWell’s business purposes;
  • support development of the ReferWell Services; and
  • create de-identified information and then use and disclose this information in any way permitted by law, including to third parties in connection with their commercial and marketing efforts.


If ReferWell discloses your PHI, ReferWell will require that the person or entity receiving your PHI agrees to only use and disclose your PHI to carry out its specific business obligations to ReferWell or for the permitted purpose of the disclosure (as described above). ReferWell cannot, however, guarantee that any such person or entity to which ReferWell discloses your PHI or other information will not re-disclose it in ways that you or we did not intend or permit.

Expiration And Revocation of Authorization

Your Authorization remains in effect until you provide written notice of revocation to ReferWell.


If you wish to revoke this Authorization, you must notify ReferWell by submitting a revocation through your account settings page. Your decision not to execute this Authorization or to revoke it at any time will not affect your ability to use certain of the ReferWell Services. A Revocation of Authorization is effective after you submit it to ReferWell, but it does not have any effect on ReferWell’s prior actions taken in reliance on the Authorization before revoked.

Once ReferWell receives your Revocation of Authorization, ReferWell can only use and disclose your PHI as permitted in ReferWell’s agreements with Your Healthcare Provider(s). Your Revocation of Authorization does not affect ReferWell’s use of your Non-PHI.

We will make available to Your Healthcare Provider(s), current and past, your agreement to or revocation of this Authorization.

Contact Information

To ask questions or comment about this HIPAA Policy and our privacy practices, contact us at: 800-970-5875 or support@referwell.com.