Our Privacy Policy

Houston Rx Pharmacy Privacy Policy

Effective Date: February 26, 2026
Last Updated: February 26, 2026

Houston Rx Pharmacy (“Houston Rx,” “we,” “us,” or “our”) is a U.S.-based pharmacy (mail-order/fulfillment and retail) committed to protecting the privacy and security of our patients’ personal information and health information. We serve patients in multiple states (TX, AZ, CO, DE, FL, HI, ID, IL, IA, LA, ME, MD, MN, MO, MT, NH, NM, NY, ND, PA, RI, SD, UT, VT, WA, WI, WY) and only U.S. patients (no international services). This Privacy Policy explains how we collect, use, disclose, and safeguard your information – including Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) – in compliance with applicable federal and state privacy laws and LegitScript Certification Standard 6: Privacy. By using our pharmacy services or website, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

Information We Collect
We collect only the information necessary to provide pharmacy services and comply with legal obligations. This includes:

Personal Information: For example, your name, date of birth, mailing address, phone number, email, and other basic contact details required to identify and communicate with you.

Health Information (PHI): Information related to your health or healthcare that can identify you. This includes prescription details, medications you receive from us, your healthcare provider’s information, and any medical history or conditions relevant to dispensing your prescriptions. PHI may also include insurance information and any health data you or your providers supply to us (e.g. diagnoses or treatment notes on a prescription).

Payment Information: Billing and payment details necessary to process your transactions. For example, credit/debit card information (handled via secure payment processors – we do not store full card numbers), billing address, and insurance claim information if we bill your insurance.

Website & Technical Data: When you use our website, we may collect limited technical information such as your IP address, browser type, device identifiers, and cookies for basic functionality and analytics. This helps us improve our website experience. We do not use this data to personally identify you for any purposes unrelated to your use of our services.

We do not knowingly collect any information from children under 18, as our services are intended for adults. We also do not collect any unnecessary personal data beyond what is needed to serve you and meet our obligations.
HIPAA & Protected Health Information (PHI)

Houston Rx is a “covered entity” under HIPAA, which means we follow strict federal rules to protect your PHI. PHI includes any individually identifiable health information about your past, present, or future physical or mental health, the healthcare provided to you, or payment for your healthcare. In practice, this covers details like your prescriptions, health conditions, and other data that can identify you. We handle all PHI in accordance with the HIPAA Privacy Rule and Security Rule requirements.

Use and Disclosure of PHI under HIPAA: We only use or disclose your PHI as permitted or required by HIPAA and applicable law. In general, we may use and share PHI for purposes of Treatment, Payment, and Health Care Operations (TPO) without your separate authorization. This means:

Treatment: We use PHI to dispense medications and coordinate your care. For example, we may communicate with your physicians or other healthcare providers to clarify a prescription or coordinate refills. We may also contact you with prescription refill reminders, information about treatment alternatives, or other health-related benefits and services that may be of interest to you as part of your care (these communications are allowed as treatment-related communications under HIPAA).

Payment: We use PHI to process payments for your prescriptions. This can include using your health information to bill your insurance or you directly, and to obtain payment or reimbursement for the medications we dispense.
Health Care Operations: We use PHI for activities necessary to run our pharmacy and ensure quality service. This includes tasks like internal quality assessment, staff training on privacy, licensing and accreditation activities, audit and compliance checks, and other operational purposes.

Outside of TPO, any other use or disclosure of your PHI will require your written Authorization unless an exception under law applies. For instance, we would seek your authorization to use your PHI for marketing purposes beyond basic communications or to share your information with third parties for purposes other than providing you service. If you provide an authorization, you may revoke it at any time, and we will honor that going forward (to the extent we haven’t already acted in reliance on it).

Your Rights Regarding PHI: Under HIPAA, you have several important rights with respect to your Protected Health Information:
Right to Access and Obtain a Copy: You have the right to see and get a copy of your health records and other PHI that we maintain, with limited exceptions. This generally includes prescription records and billing records. We will provide this information within the timeframe required by law (typically within 30 days under HIPAA, or faster if state law requires) and may charge a reasonable, cost-based fee as allowed.

Right to Request Amendment: If you believe that any information in your records is incorrect or incomplete, you have the right to request a correction or amendment. If we agree, we will amend your records; if we deny the request (for example, if the information was not created by us or we determine it is accurate), we will provide an explanation and let you include a statement of disagreement in the record.

Right to an Accounting of Disclosures: You have the right to request a list (accounting) of certain disclosures of your PHI that we have made outside of routine TPO uses. This accounting will include disclosures made in the period requested (up to the past six years) as required by HIPAA, except for disclosures for treatment, payment, healthcare operations, and certain other exclusions under the law.

Right to Request Restrictions: You have the right to ask for additional restrictions on how we use or disclose your PHI beyond what HIPAA allows. For example, you could request that we not share information with a certain family member. While we will consider all reasonable requests, please understand that we are not required to agree to a requested restriction in most cases. If we do agree, we will abide by it (except in an emergency).

Special Case: If you pay for a service or prescription in full out-of-pocket, you can request that we not share information about that particular service with your health insurer for payment or operations, and we must honor that request if it’s feasible.

Right to Confidential Communications: You have the right to request that we contact you by alternative means or at alternative locations (for example, sending correspondence to a P.O. Box instead of your home address). We will accommodate reasonable requests to protect your privacy.

Right to a Copy of This Policy/Notice: You can request a paper copy of this Privacy Policy (or our full HIPAA Notice of Privacy Practices) at any time, even if you have agreed to receive it electronically. We will provide you a copy promptly.
Right to Complain Without Retaliation: If you believe your privacy rights have been violated, you have the right to file a complaint with us and/or with the U.S. Department of Health and Human Services’ Office for Civil Rights. We welcome you to contact our Privacy Officer (see Contact Information below) with any concerns. We will not retaliate against you for making a complaint in good faith.

Breach Notification: In the unlikely event of a breach of unsecured PHI, we will notify you without unreasonable delay and within any timeframes required by law. This notification will include information about what happened and what information was involved, as well as steps you can take to protect yourself. We will also report such incidents to government authorities (such as the U.S. Department of Health and Human Services) as required under HIPAA’s Breach Notification Rule. Your trust is important to us, and we take any privacy incident very seriously.
How We Use and Disclose Information

Uses of Information
We use the information we collect (including personal information and PHI) to carry out our pharmacy services and operate our business. The primary uses of your information are to:

Provide Pharmacy Services: We use your information to fill and dispense your prescriptions accurately, provide pharmacy counseling or support, and deliver medications to you (including via mail/overnight delivery to the states we serve). This includes using your health and personal information to verify prescriptions, prevent harmful drug interactions, and ensure you receive the correct medication.
Coordinate Care: We may use and share your information to coordinate with other healthcare professionals involved in your care. For example, we might consult with your doctor regarding your prescription or share necessary PHI with another pharmacy if you transfer a prescription. We only share the minimum necessary information with other providers or facilities as needed for your treatment.

Communicate with You: We use your contact information to communicate with you about your medications and health. This includes sending you notifications or reminders (e.g. that a prescription is ready or due for refill), responding to your inquiries or requests, and providing information about your medication therapy. We may also contact you with health-related offers or alternatives such as information on cheaper generic options or new services we provide, but only as permitted by law. We will not send you marketing communications unrelated to your healthcare without your consent.

Process Payments and Billing: We use personal and health information as needed to process your payments. This could involve charging your credit card for a mail-order prescription or submitting claims to your insurance or third-party payor to obtain payment on your behalf. We also use information to resolve billing inquiries, handle reimbursements, or obtain prior authorizations from insurers when required for your medication.

Operate and Improve Our Services: We use information for our internal operations and to improve our services. For example, we might review prescription dispensing records and customer feedback to ensure quality control, safety, and to enhance your experience. We may use aggregated, de-identified data (which cannot identify you) to analyze trends or the effectiveness of our services. Any analytics or evaluations we perform will not identify individual patients.
Legal and Regulatory Compliance: We use and retain information as necessary to comply with our legal obligations. This includes adhering to pharmacy record-keeping laws, controlled substance tracking, and reporting obligations. For instance, we may use your information to submit required reports to state Prescription Drug Monitoring Programs (PDMPs) for controlled substances, or to verify your identity as required by certain state laws when dispensing particular medications. We also use information to cooperate with licensing authorities and to ensure we meet standards set by laws and regulations that apply to pharmacies across different states.

We do not sell, rent, or trade your personal information or PHI to third parties. Any uses of your data beyond those described above would be done only with your authorization or as otherwise allowed or required by law.

Disclosures of Information

We will only disclose (share) your information with third parties in ways that are permitted by HIPAA and other applicable laws. The types of disclosures we may make include:
To Healthcare Providers Involved in Your Care: We may share relevant PHI with doctors, clinics, hospitals, or other pharmacies that are treating you or involved in your care, to help coordinate your treatment (for example, clarifying a prescription or confirming your medication history). We will disclose only what is necessary for your care, and these disclosures are part of providing you with effective treatment. Similarly, if a family member or friend is involved in picking up your medication or caring for you, we may, using professional judgment, disclose PHI to them as relevant to their involvement, unless you have advised us otherwise.

To Our Service Providers (Business Associates): We may share information with third-party companies that help us run our business – for example, companies providing prescription fulfillment software, payment processing, shipping/delivery services, or electronic health record hosting. If any such third party needs access to PHI, they are considered a Business Associate under HIPAA. We require all Business Associates to sign a Business Associate Agreement (BAA) obligating them to safeguard your information in compliance with HIPAA and this Privacy Policy. These partners are only allowed to use your information to perform services for us and not for their own purposes.
For Payment Processing: We may disclose necessary information to your insurance company, health plan, or pharmacy benefits manager to process claims and payments for your prescriptions. For example, we will share prescription details and your identifying information on a claim form so your insurer can pay for your medication. We may also verify your coverage or prior authorization with your insurer using your health information.

When Required by Law or for Public Safety: We will disclose information when we are required by law to do so, or when permitted by law for specific important purposes. Such disclosures may include, for example: reporting adverse drug reactions or issues to the U.S. Food and Drug Administration (FDA); reporting communicable diseases, immunization information, or other public health information to authorized public health authorities; cooperating with state and federal regulators or pharmacy boards during inspections or audits; responding to a lawful subpoena, court order, or other valid legal process (after ensuring any required patient notice or protective order is in place); reporting suspected abuse, neglect, or domestic violence as required by law; or disclosing to law enforcement officials when required by law (for example, to report a crime or imminent threats). In each case, we will only disclose the minimum amount of information necessary and only if all legal conditions are met.

For Health Oversight Activities: We may disclose information to government oversight agencies that monitor the healthcare system, licensing of pharmacies, and compliance with regulations (e.g. state pharmacy boards, the U.S. Department of Health & Human Services). These disclosures may occur for activities such as audits, inspections, or investigations of our pharmacy, and are permitted by law to ensure we are providing safe, legal services.
In Connection with a Sale or Merger: In the event that Houston Rx undergoes a corporate change such as a merger, acquisition, or sale of assets, your information (including PHI) may be transferred to the successor entity as part of that transaction, as allowed by law. In such cases, we would require the new owner to continue to uphold the privacy protections described in this policy.

With Your Authorization: Other than the circumstances described above, we will not disclose your personal information or PHI to third parties unless you give us explicit permission. If you authorize us to share information with a third party (for instance, to a family member not otherwise involved in your care, or to an app or service you use), we will only disclose the information specified in your authorization. You have the right to revoke any such authorization at any time, as described in the HIPAA & PHI section above.

When we disclose PHI, we adhere to the “minimum necessary” rule, disclosing only the amount of information needed for the purpose and nothing more. All third parties receiving PHI are expected and often legally required to protect it. We do not share your identifiable health information with any third-party marketers or advertisers. And as stated, we never sell your personal information or health information to third parties.

Information Safeguards
We take the security of your information very seriously. Houston Rx has implemented a comprehensive set of administrative, technical, and physical safeguards to protect your personal information and PHI from unauthorized access, use, or disclosure.

Technical Safeguards: We use industry-standard encryption technology to protect data. All electronic PHI is stored and transmitted securely – for example, our website and portals use SSL/TLS (HTTPS) encryption for data in transit. Sensitive information (like health records and payment details) is encrypted at rest in our systems whenever feasible. We employ access controls such as unique user IDs, strong passwords, and role-based access restrictions to ensure only authorized staff can access your information. Where appropriate, we utilize multi-factor authentication and other measures to prevent unauthorized system access. Our networks and systems are monitored for security and regularly updated with security patches.

Administrative Safeguards: All of our employees and contractors who handle personal data or PHI are trained in privacy and security practices. New employees receive privacy training within 60 days of hire (as required by Texas law for those handling PHI) and all staff undergo refresher training regularly. We have formal policies and procedures to prevent, detect, and address any privacy violations. We limit access to patient information strictly to personnel who need it to perform their job duties. Each staff member is bound by confidentiality obligations. We also execute Business Associate Agreements with any partner companies that might come in contact with PHI, contractually requiring them to uphold HIPAA-level protections. Regular risk assessments and audits are conducted to evaluate the effectiveness of our privacy and security measures, and we address any identified vulnerabilities promptly.

Physical Safeguards: We maintain secure facilities for both our pharmacy operations and data storage. Prescription records and documents in paper form are stored in controlled areas not accessible to the public. Only authorized personnel may enter areas where sensitive information is present. We use physical access controls such as secure doors, alarm systems, and security monitoring for our pharmacy premises and any server rooms or filing areas. When disposing of any documents or devices that contain personal information or PHI, we do so using secure methods (such as shredding paper records and wiping or destroying electronic media) to prevent any unauthorized retrieval of data.
Despite our strong safeguards, please note that no method of data transmission or storage can be guaranteed 100% secure. However, we continually update and review our security practices to meet or exceed industry standards and legal requirements for protecting your data. If you have reason to believe that your interaction with us or your information is not secure (for example, if you suspect a security issue on our website), please contact us immediately so we can address it.

Compliance With Applicable Laws
We comply with all applicable federal and state privacy laws that govern our operations, even those that are considered the most stringent in the country. This Privacy Policy and our practices are designed to meet the requirements of HIPAA, relevant state laws, and LegitScript’s healthcare certification standards for privacy.

HIPAA provides a federal baseline (“floor”) of privacy protection for health information, but states are allowed to enforce laws that are more protective of privacy than HIPAA. In other words, if a state law grants patients greater privacy rights or protections than federal law, that state law will not be preempted – we must comply with it. We operate our pharmacy across multiple states, so we adhere to all state-specific privacy requirements in each jurisdiction we serve. For example, we follow Texas’s Health Privacy Law (Texas Medical Records Privacy Act, also known as HB 300), which imposes additional obligations such as expedited timelines for releasing records and mandatory employee training on privacy. We similarly comply with privacy rules in states like Florida, Washington, Minnesota, and others as applicable to our pharmacy services.

Furthermore, even in states where we do not currently dispense (such as California or others), we have chosen to voluntarily implement many of the strictest privacy protections from those laws to benefit all our patients. For instance, California’s laws (including the California Consumer Privacy Act (CCPA) and the Confidentiality of Medical Information Act (CMIA)) and certain New York regulations set high standards for how personal and health information is handled. Even though our pharmacy does not offer services outside the U.S. or in every state, we strive to meet or exceed the highest standard of privacy protection nationwide. This means giving you clear notice about how we use your data, honoring your rights to the fullest extent, and never sharing your information with third parties except as allowed by law. We also implement “reasonable security” measures in line with laws like the California and New York data security requirements, ensuring that your personal information is robustly safeguarded.

In summary, our privacy practices are aligned with HIPAA, LegitScript Standard 6: Privacy, and all other applicable U.S. laws and regulations. We regularly review our Privacy Policy and operations to ensure ongoing compliance as laws evolve. If there is ever a conflict between a state law and a federal requirement, we will follow the law that is most protective of your privacy. Your trust is of paramount importance to us, and we are committed to full legal compliance and ethical handling of your data at all times.

(Note: Because we exclusively serve U.S. patients and store data in the U.S., we are not subject to international privacy laws like GDPR. Any information you provide will be handled according to U.S. privacy standards.)

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or to keep up with new privacy requirements. If we make material changes, we will post the updated policy on our website with a new effective date and notify you of the changes (for example, via a notice on our homepage or via email if you have provided one), as required by law or applicable standards. We encourage you to review this policy from time to time to stay informed about how we protect your information. Your continued use of our services after we post any modifications will constitute your acknowledgment of the changes and agreement to abide by the updated policy.
Contact Information (Privacy Officer)

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our Privacy Officer/Compliance Officer. We are here to help and will respond to inquiries or requests (such as exercising your HIPAA rights) promptly.

Privacy Officer – Houston Rx Pharmacy
15340 Vantage Pkwy E, Suite 220
Houston, TX 77032, USA
Phone: 1-(866)-719-4295
Email: privacy@houston-rx.com (please include “Attn: Privacy Officer” in your message.)

You may also send written requests or forms (such as requests for access or amendments) to the above mailing address, Attn: Privacy Officer. For security and identity verification, we may need to contact you to confirm details of your request.

If you believe we have not adequately addressed your privacy-related issue, you have the right to file a complaint with the U.S. Department of Health & Human Services, Office for Civil Rights (OCR). You can find information on how to submit a complaint on the HHS website or contact 1-800-368-1019. We will not retaliate against you for filing a complaint.

Thank you for choosing Houston Rx Pharmacy. Your privacy and the protection of your health information are fundamental to our mission. We are dedicated to safeguarding your information and using it only to serve your health needs in compliance with the law and the highest ethical 


SMS Disclosure Statement and Privacy Policy

No mobile opt-in or text message consent will be shared with third parties or affiliates.

If you consent to receive informational and promotional SMS from Houston-Rx you agree to receive informational and promotional SMS from us.

Reply STOP to opt-out; Reply HELP for support.
Message & data rates may apply.
Messaging frequency may vary.
See our Privacy Policy above for terms and conditions.