Legal & Compliance

Privacy Policy.

Your health information is yours alone. Rx OmniMedLink operates under the strictest privacy and security standards in American healthcare, with full HIPAA compliance and zero commercial use of your data.

Effective May 27, 2026 Version v11.9 HIPAA Compliant
01 · Introduction

Introduction & Scope.

Rx OmniMedLink is a HIPAA-compliant prescription portal owned and operated by Kelshad Cyber Systems And Technologies LLC ("Kelshad", "we", "us", "our"). This Privacy Policy explains how we collect, use, protect, and share information when you use Rx OmniMedLink, whether as a patient, physician, pharmacist, or visitor.

By using Rx OmniMedLink, you agree to the practices described in this policy. If you do not agree with any part of this policy, please do not use our services.

02 · Information We Collect

What We Collect.

We collect information in several categories, each with a specific purpose and a specific level of protection.

Identity Information

  • For all users: Name, email address, phone number, date of birth, and password.
  • For medical professionals: NPI number, license number, medical specialty, and verified credentials via Stripe Identity (IAL2).
  • For patients: Insurance information (only if you choose to provide it), preferred pharmacy, and emergency contact.

Protected Health Information (PHI)

  • Prescription history, dosages, refill counts, and medication names.
  • Drug allergies and interaction warnings.
  • Messages exchanged with your healthcare providers.
  • Pharmacy fulfillment status and pickup history.

Technical Information

  • IP address, browser type, device type, and operating system.
  • Pages visited, features used, and session duration.
  • Audit logs for HIPAA Security Rule compliance.
03 · How We Use It

How We Use Your Information.

We use your information only for purposes that directly serve your healthcare or are required by law.

  • To provide healthcare services: Connecting patients with physicians and pharmacists, transmitting prescriptions, and enabling secure communication.
  • To verify identity: Confirming that medical professionals are who they say they are, protecting patients from unauthorized access.
  • To maintain security: Detecting fraud, preventing unauthorized access, and complying with audit requirements.
  • To improve the platform: Analyzing aggregated, de-identified usage patterns to improve features and user experience.
  • To comply with law: Responding to legal requests, court orders, and regulatory requirements (DEA, FDA, state pharmacy boards).

What we never do: We never sell your data. We never share PHI with advertisers. We never use your health information for marketing purposes. We never train AI models on your PHI.

04 · Sharing & Disclosure

When We Share.

We share your information only in specific, limited circumstances:

  • With your healthcare team: Doctors and pharmacists involved in your care receive only the information they need to provide that care.
  • With Business Associates: Service providers (Stripe Identity, cloud hosting, encryption providers) who have signed Business Associate Agreements (BAAs) and are bound by HIPAA.
  • When legally required: Court orders, subpoenas, DEA investigations, FDA recalls, public health reporting.
  • For emergencies: When necessary to prevent serious harm to you or others.
  • With your explicit consent: For any other purpose, we ask first and you can say no.
05 · Security Measures

How We Protect Your Data.

Rx OmniMedLink uses defense-in-depth security architecture aligned with HIPAA Security Rule technical safeguards and the NIST Cybersecurity Framework.

  • Encryption at rest: AES-256 encryption for all stored PHI.
  • Encryption in transit: TLS 1.3 for all data transmitted between your device and our servers.
  • Identity proofing: Stripe Identity IAL2 verification for medical professionals.
  • Multi-factor authentication: Required for all medical professional accounts and controlled substance prescriptions (DEA 21 CFR Part 1311).
  • Audit logging: Every access to PHI is logged with user, timestamp, and action for the full HIPAA-required retention period.
  • Penetration testing: Annual third-party security assessments.
  • Incident response: Documented procedures for breach detection, containment, and notification within HIPAA's 60-day requirement.
06 · HIPAA Notice

HIPAA Notice of Privacy Practices.

Federally Required Notice

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Rx OmniMedLink is required by law to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of our legal duties and privacy practices, and to follow the terms of the notice currently in effect.

Your HIPAA Rights

  • Right to access: You can request a copy of your PHI at any time, in either paper or electronic format.
  • Right to amend: You can request corrections to your PHI if you believe it is inaccurate or incomplete.
  • Right to accounting: You can request a list of disclosures of your PHI we have made.
  • Right to request restriction: You can ask us to limit how we use or share certain information.
  • Right to confidential communication: You can request that we contact you in a specific way (e.g., only by email, only at home).
  • Right to file a complaint: You can file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights without retaliation.

To exercise any of these rights, contact us at the address below. To file a complaint with HHS, visit hhs.gov/hipaa/filing-a-complaint.

07 · Your Rights

Your Rights & Choices.

Beyond HIPAA, you have additional rights and choices about your information.

  • Access your data: Download your full prescription history at any time from your account dashboard.
  • Correct your data: Edit personal information directly in your profile.
  • Delete your account: Request full deletion of your account and associated data, subject to legal retention requirements.
  • Opt out of communications: Unsubscribe from non-essential emails. Critical health and security notifications cannot be opted out of.
  • Data portability: Export your data in standard FHIR R4 format for transfer to another healthcare platform.
08 · Data Retention

How Long We Keep Data.

We retain your information only as long as necessary for the purposes described in this policy, or as required by law.

  • Active accounts: Data is retained as long as your account is active.
  • Closed accounts: Most personal data is deleted within 90 days of account closure.
  • Prescription records: Retained for the minimum period required by state pharmacy law (typically 7 to 10 years), then securely destroyed.
  • Audit logs: Retained for the HIPAA-required period (6 years from creation or last effective date).
  • Controlled substance records: Retained for the DEA-required period (2 years minimum, longer in some states).
09 · Minors

Minors & Pediatric Care.

Rx OmniMedLink supports pediatric care through parent or legal guardian accounts. We comply with the Children's Online Privacy Protection Act (COPPA) and applicable state laws.

  • Children under 13 cannot create their own accounts.
  • Parents or legal guardians manage prescriptions for minor children through their own verified account.
  • Pediatric PHI is subject to the same protections as adult PHI, with additional safeguards.
  • At age 13 (or 18 in some states), minors gain age-appropriate access to their own health information per state law.
10 · Policy Changes

Changes to This Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will notify you by email and post a prominent notice on Rx OmniMedLink before the changes take effect.

The version and effective date at the top of this policy will always reflect the most recent update. Previous versions are archived and available upon request.

11 · Contact Us

Questions? Contact Us.

If you have any questions about this Privacy Policy, want to exercise your rights, or need to report a privacy concern, contact our HIPAA Privacy Officer.

HIPAA Privacy Officer

CompanyKelshad Cyber Systems And Technologies LLC
ProductRx OmniMedLink
Emailinfo@kelshad.com
Phone(813) 982-8779
Registered Office7901 4th St N, STE 300
St. Petersburg, FL 33702
Subject LineHIPAA Privacy Inquiry
ResponseWithin 30 days of receipt

For breach notifications or urgent privacy concerns, contact us immediately by email. We monitor privacy inquiries continuously and respond to urgent matters within 24 hours.