Home/HIPAA Notice

HIPAA Notice of Privacy Practices

This notice explains how your protected health information may be used, shared, and safeguarded through The Original Peptide Fairy and our licensed healthcare and pharmacy partners.

Effective June 11, 2026 Questions [email protected]
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This notice is provided on behalf of the licensed healthcare providers who deliver clinical services to patients enrolled through The Original Peptide Fairy. Those providers practice through the MyOrbit Health platform and are the HIPAA covered entities responsible for your protected health information (PHI). The Peptide Fairy operates the enrollment platform and website. It is not a healthcare provider and receives PHI only to the limited extent needed to support enrollment, scheduling, and billing.

1. Your Protected Health Information

Protected health information is information that identifies you and relates to your health, the care you receive, or payment for that care. It includes your intake responses, medical history, lab results, prescriptions, and billing records. Your treating providers are required by law to:

  • Maintain the privacy and security of your PHI.
  • Provide you with this notice of their legal duties and privacy practices with respect to your PHI.
  • Abide by the terms of this notice currently in effect.
  • Notify you following a breach of unsecured PHI, as required by applicable law.

2. When Information May Be Shared

The categories below describe the ways your PHI may be used and disclosed without your specific written authorization. Not every use or disclosure is listed, but all permitted uses and disclosures fall within one of these categories.

Treatment

Your PHI is used to provide, coordinate, and manage your healthcare. For example, a licensed provider may review your intake responses, lab results, and medical history to determine whether a medication is appropriate for you, and may share information with a licensed pharmacy partner to dispense your prescription.

Payment

Your PHI may be used to bill for your care and collect payment, including verifying payment authorization with the payment processor (Stripe), sharing the minimum necessary information with the dispensing pharmacy, and determining eligibility for services.

Healthcare Operations

Your PHI may be used to run the practice, improve your care, and contact you when necessary. Examples include quality assessment, clinician training and credentialing review, regulatory compliance, and activities to improve treatment outcomes.

Appointment Reminders and Care Communications

Your PHI may be used to contact you with appointment reminders, follow-up prompts, refill notifications, and program updates by email, portal message, or SMS, subject to your communication preferences. See our Electronic Communications Consent and SMS Terms for details on how these messages work and how to opt out.

Individuals Involved in Your Care

With your permission, information may be shared with a family member, personal representative, or other person you designate as relevant to their involvement in your care.

As Required by Law

Your PHI will be disclosed when required by federal, state, or local law. This includes reporting to state medical and pharmacy boards, the U.S. Drug Enforcement Administration, or public health authorities for purposes authorized by law.

Public Health, Safety, and Oversight

Your PHI may be disclosed for public health activities (such as disease reporting and adverse drug event reporting to the FDA), health oversight activities (such as audits and investigations), and to prevent or lessen a serious and imminent threat to health or safety.

Judicial and Administrative Proceedings, Law Enforcement

Your PHI may be disclosed in response to a valid court order, subpoena, or other lawful process, and to law enforcement in the limited circumstances permitted by HIPAA.

Business Associates

Third parties ("business associates") perform certain services on behalf of your providers, such as the enrollment platform operated by The Peptide Fairy, electronic medical record hosting, secure communications, e-prescribing, and billing. These business associates are bound by written agreements to protect your PHI to the same standards required of your providers.

Uses That Require Your Written Authorization

Uses and disclosures not described in this notice will be made only with your written authorization. This includes most uses and disclosures of psychotherapy notes (if any exist), uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI. You may revoke your authorization in writing at any time, except to the extent it has already been relied upon.

3. Your Privacy Rights

  • Right to request restrictions: you may request a restriction on how your PHI is used or disclosed for treatment, payment, or healthcare operations, or to individuals involved in your care. Your providers are not required to agree, except that they must agree to restrict disclosure of PHI to a health plan for payment or healthcare operations when you have paid for the related item or service in full out-of-pocket.
  • Right to amend: you may request an amendment of your PHI if you believe it is incorrect or incomplete. Requests must be made in writing and include a supporting reason. A request may be denied in certain circumstances, with a written explanation provided.
  • Right to an accounting of disclosures: you may request an accounting of certain disclosures of your PHI made within the six (6) years prior to your request, excluding disclosures for treatment, payment, healthcare operations, and certain other categories.
  • Right to a paper copy of this notice: you may receive a paper copy of this notice upon request, even if you agreed to receive it electronically.
  • Right to notification of a breach: you will be notified following a breach of your unsecured PHI, as required by the HIPAA Breach Notification Rule.

4. Accessing Medical Records

You have the right to inspect and obtain a copy of your medical record and billing record, in paper or electronic form. Requests may be submitted through the patient portal or by emailing [email protected], and a reasonable, cost-based fee may apply for copies as permitted by law.

5. Confidential Communications

You have the right to request that communications about medical matters reach you in a certain way or at a certain location, for example by mail to a specific address or only through the patient portal. Reasonable requests will be accommodated.

6. Filing Privacy Concerns

If you believe your privacy rights have been violated, you may file a complaint by contacting [email protected], and your concern will be routed to the appropriate privacy officer. You may also file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights:

U.S. Department of Health & Human Services
Office for Civil Rights
200 Independence Avenue, SW
Washington, D.C. 20201
Toll-Free: 1-800-368-1019 (TDD: 1-800-537-7697)
Online: hhs.gov/ocr/complaints

You will not face retaliation for filing a complaint. The terms of this notice may change, and the new provisions will apply to all PHI maintained. When a material change is made, the revised notice will be posted on this page with an updated effective date.

Receipt of this notice is acknowledged electronically at the time of enrollment as part of your intake consents. A paper copy is available at any time upon written request.
Notice version: 2026-06-11-v1