Privacy Policy

1. Introduction

Virgo Moon Assistant ("we," "us," or "our") is committed to protecting the privacy and security of the personal health information (PHI) we may access in the course of providing administrative and virtual assistant services to covered entities or their business associates, in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

This Privacy Policy outlines how we collect, use, protect, and disclose client information in a manner compliant with HIPAA regulations.

2. What is PHI?

Protected Health Information (PHI) refers to individually identifiable health information transmitted or maintained in any form or medium, including but not limited to names, addresses, medical records, appointment details, billing information, and insurance data.

To learn more about this, check out our article "Creating a Privacy Policy".

3. How We May Receive PHI

We may receive PHI when providing services such as:

• • Insurance verification and eligibility
• • Claim status follow-up
• • Medical or therapy appointment scheduling
• • Client communication on behalf of providers
• • Data entry into Electronic Health Records (EHR) systems
• • File management or calendar coordination involving patient names or info

4. Our Role Under HIPAA

Virgo Moon Assistant operates as a Business Associate under HIPAA when working with Covered Entities (e.g., licensed healthcare providers). As such, we are required to comply with HIPAA standards and enter into a Business Associate Agreement (BAA) with all Covered Entities before accessing PHI.

5. Use and Disclosure of PHI

We will only use or disclose PHI:

• • As permitted under the terms of the BAA
• • To perform contracted services
• • As required by law
• • With explicit written permission from the Covered Entity

We do not sell or share PHI for marketing or other non-service-related purposes.

6. Safeguards to Protect PHI

We implement physical, administrative, and technical safeguards to protect the confidentiality, integrity, and availability of PHI, including but not limited to:

• • Secure password-protected devices and platforms
• • HIPAA-compliant cloud storage (e.g., Google Workspace with BAA, Dropbox Business)
• • Encrypted email and file transmission when handling PHI
• • Access controls and client-specific confidentiality protocols

7. Data Retention and Destruction

We retain PHI only for the minimum necessary period required to fulfill service obligations or as required by law or contract. When no longer needed, PHI is permanently deleted or securely destroyed per HIPAA guidelines.

8. Client Rights

Clients or Covered Entities may:

• • Request an audit log or accounting of disclosures
• • Ask for corrections or deletions (as appropriate)
• • Revoke permissions at any time
• • Request a copy of our internal privacy practices

Please email us at virgomoonasssitant@gmail.com to make any such requests.

9. Breach Notification

In the event of a potential or actual breach involving unsecured PHI, we will:

• • Notify the Covered Entity without unreasonable delay and no later than 60 days after discovery
• • Provide details about the nature and extent of the breach
• • Assist in mitigation and required reporting as outlined in HIPAA breach notification rules

10. Changes to This Policy

We may update this policy periodically to reflect changes in regulations or business practices. The most current version will always be available upon request.