Maro is a telehealth platform and patient experience brand. Independent licensed healthcare providers make their own clinical decisions, and licensed pharmacies handle dispensing and shipment where applicable. This Notice explains how Protected Health Information may be used and disclosed where HIPAA applies, and it should be read together with Maro’s Privacy Policy and Telehealth Consent.
HIPAA Notice of Privacy Practices
Maro Rx LLC HIPAA Privacy Statement
Effective Date: June 4, 2026
This Notice of Privacy Practices (“Notice”) describes how Maro Rx LLC (“Maro,” “we,” “us,” or “our”) may use and disclose Protected Health Information (“PHI”) to carry out treatment, payment, healthcare operations, and other purposes permitted or required by law. This Notice also describes your rights regarding PHI.
Where HIPAA applies, we are required by law to maintain the privacy of PHI, provide this Notice of our legal duties and privacy practices, and follow the terms of the Notice currently in effect.
Uses and disclosures of PHI
We may use and disclose PHI for the following purposes:
Treatment. We may use and disclose PHI to provide, coordinate, or manage healthcare and related services. This may include communication with independent licensed healthcare providers, pharmacies, support teams, and other persons involved in your care.
Payment. We may use and disclose PHI to obtain or process payment for healthcare services and related products. Maro’s semaglutide program is designed as a cash-pay experience and does not require insurance, but payment-related uses may still include billing, refunds, collections, payment processing, and payment support.
Healthcare operations. We may use and disclose PHI for healthcare operations, including quality assessment, improvement activities, case management, accreditation, licensing, credentialing, compliance, audits, medical reviews, legal services, and platform operations.
As required by law. We may use and disclose PHI when required to do so by federal, state, or local law.
Public health and safety. We may use and disclose PHI to prevent or control disease, injury, or disability, to report child abuse or neglect, to report reactions to medications or problems with products, and to notify persons who may have been exposed to a communicable disease or may be at risk of spreading a disease or condition.
Health oversight activities. We may disclose PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.
Judicial and administrative proceedings. We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
Law enforcement. We may disclose PHI for law enforcement purposes, such as to report certain types of wounds or injuries, or to comply with a court order, warrant, or other legal process.
Research. We may use and disclose PHI for research purposes only when permitted by law, such as when an institutional review board has approved the research and appropriate privacy protections are in place, or when you have provided any authorization required by law.
Organ and tissue donation. If applicable, we may disclose PHI to organizations that handle organ procurement, transplantation, or donation as permitted by law.
Workers’ compensation. We may disclose PHI for workers’ compensation or similar programs that provide benefits for work-related injuries or illnesses as permitted by law.
Military and veterans. If you are a member of the armed forces, we may disclose PHI as required by military authorities and applicable law.
Correctional institutions and custody situations. If you are an inmate or otherwise in lawful custody, we may disclose PHI to the correctional institution or law enforcement official having custody of you as permitted or required by law.
Your rights regarding PHI
You have the following rights with respect to PHI, subject to limits and exceptions under applicable law:
Right to inspect and copy. You have the right to inspect and copy PHI that we maintain, with certain exceptions. To request access, submit a written request to our Privacy Officer. We may charge a reasonable fee for copying, mailing, or other supplies associated with your request where permitted by law.
Right to amend. You have the right to request an amendment to PHI if you believe it is incorrect or incomplete. To request an amendment, submit a written request to our Privacy Officer and explain what information you believe is incorrect and why. We may deny your request if we believe the information is accurate and complete, or if we did not create the information.
Right to an accounting of disclosures. You have the right to request an accounting of certain disclosures of PHI made by us in the past six years, except for disclosures made for treatment, payment, healthcare operations, and certain other disclosures excluded by law.
Right to request restrictions. You have the right to request a restriction on our use or disclosure of PHI for treatment, payment, or healthcare operations. We are not required to agree to every request, but we will consider it. If you pay out of pocket in full for a healthcare item or service, you may have the right to request that information about that item or service not be disclosed to a health plan for payment or healthcare operations, unless the disclosure is required by law.
Right to request confidential communications. You have the right to request that we communicate with you about PHI in a certain way or at a certain location. To request confidential communications, submit a written request to our Privacy Officer specifying how or where you wish to be contacted.
Right to a paper or electronic copy of this Notice. You have the right to receive a copy of this Notice, even if you have agreed to receive it electronically. You may access this Notice on our website or contact our Privacy Officer for a copy.
Right to be notified of a breach. You have the right to be notified if we discover a breach of unsecured PHI requiring notification under applicable law.
Transmission and security of PHI
We are committed to protecting the privacy and security of PHI. Where HIPAA applies, we use administrative, technical, and physical safeguards designed to protect electronic PHI, including encrypted transmission technologies such as SSL/TLS where appropriate, access controls, and other security measures for online transmissions of PHI.
No website, application, or electronic transmission can be guaranteed to be completely secure. If you believe your information may have been compromised, contact us promptly at hello@marorx.com.
Changes to this Notice and complaints
Changes to this Notice. We reserve the right to change this Notice. A revised Notice will be effective for PHI we already have about you and information we receive in the future. We will post the current Notice on our website, and the Notice will include its effective date.
Complaints. If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.
Contact information
To exercise your rights, request a copy of this Notice, or ask a question about our privacy practices, please contact:
Maro Rx LLC Privacy Officer
Website: marorx.com
Email: hello@marorx.com
State-specific provisions
Certain states may provide additional privacy protections for medical information, health information, or sensitive categories of PHI. We comply with state-specific privacy laws that apply to our services and your information.
California residents. California residents may have additional rights under the Confidentiality of Medical Information Act (CMIA) and other California privacy laws, including rights related to access, restrictions on certain disclosures, marketing, sale of PHI, and certain minor privacy rights. Where applicable, we will obtain required authorizations before disclosing protected information.
New York residents. New York law may provide additional privacy protections for certain categories of information, including HIV-related information, mental health records, and genetic testing information. Where applicable, we will follow consent and disclosure requirements required by New York law.
Texas residents. Texas law may provide additional privacy protections beyond HIPAA, including protections for certain disclosures of PHI, electronic PHI, destruction of PHI, mental health records, and substance use treatment records. Where applicable, we will follow Texas privacy requirements.
Florida residents. Florida law may provide additional protections for mental health records, HIV/AIDS-related information, and substance use treatment records. Where applicable, we will follow Florida consent and security requirements.
Illinois residents. Illinois law may provide additional privacy protections for mental health records, HIV/AIDS-related information, and genetic testing information. Where applicable, we will follow Illinois consent, disclosure, and breach-notification requirements.
Massachusetts residents. Massachusetts law may provide additional privacy protections for mental health records, HIV/AIDS-related information, and genetic testing information. Where applicable, we will follow Massachusetts consent and security requirements.
If you live in another state, additional privacy protections may also apply. You may contact our Privacy Officer for more information about rights that may apply to your PHI.