top of page

Effective Date: May 17, 2023

Endless Health HIPAA notice of privacy practices

Notice of Privacy Practices



Endless Health and its Affiliated Covered Entities (collectively “Endless Health”) are committed to protecting the privacy of your identifiable health information. This information is known as “protected health information” or “PHI.” Examples of documents that may contain your PHI include laboratory test orders, test results and invoices.

Our Responsibilities

Endless Health is required by law to maintain the privacy of your PHI. We are also required to provide you with this Notice of our legal duties and privacy practices upon request. It describes our legal duties, privacy practices and your patient rights as determined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We are required to follow the terms of this Notice currently in effect. We are required to notify affected individuals in the event of a breach involving PHI that is unsecured. PHI is stored electronically and is subject to electronic disclosure.

How We May Use or Disclose Your Health Information

We use your PHI for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your PHI will fall into one of the categories listed below.

We need your authorization to use or disclose your PHI for any purpose not covered by one of the categories below. With limited exceptions, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes or sell your PHI unless you have signed an authorization. You may revoke any authorization you sign at any time. If you revoke your authorization, we will no longer use or disclose your PHI except to the extent we have already taken action based on your authorization.


We may use and disclose your PHI for the following purposes:


Endless Health provides a mobile application, websites under the Endless Health brand, health testing kits, an AI-based coaching system, and other software applications and online services, and we use your PHI in delivering these services. We disclose your PHI to authorized healthcare professionals who order tests or need access to your test results for treatment purposes. Examples of other treatment-related purposes include disclosure to a pathologist to help interpret your test results or use of your PHI to contact you to obtain another specimen, if necessary.



Endless Health may use and disclose your PHI for purposes of billing and payment. For example, we may disclose your PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to obtain payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.


Healthcare Operations

Endless Health may use and disclose your PHI for activities necessary to support our healthcare operations. This includes functions such as performing quality checks on our testing, internal audits, arranging for legal services or developing reference ranges for our tests. It also includes, for example, the sale, transfer, merger, or consolidation of all or part of Endless Health with another covered entity, or an entity that following such activity will become a covered entity and due diligence related to the transaction(s).


Business Associates

We may provide your PHI to other companies or individuals that need it to provide services to us. These other entities, known as "business associates," are required to maintain the privacy and security of PHI. For example, our business associates may use your PHI to conduct billing, collections, imaging, courier, or record storage services on our behalf.


Individuals Involved in Your Care

We may disclose relevant PHI to a family member, friend, caregiver or other individual involved in your healthcare or payment for your healthcare, if you tell us that this is acceptable to you or you do not object; or if in our professional judgment, we believe that you do not object.


As Required by Law

We may use and disclose your PHI as required by law.

Law Enforcement Activities and Legal Proceedings

We may use and disclose your PHI if necessary to prevent or lessen a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI as required to comply with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process in the course of a judicial or administrative proceeding, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information.


We may use or disclose PHI for research purposes when permitted by law, such as when an Institutional Review Board or privacy board has reviewed the research proposal and plans to ensure the privacy of your PHI and determined that your authorization is not required. We may also use or disclose PHI about deceased patients to researchers if certain requirements are met.


De-identified Information
We may use your PHI to create “de-identified” information, which means that we remove information that can be used to identify you. There are specific rules under the law about what type of information needs to be removed before information is considered de-identified. Once information has been de-identified as required by law, it is no longer PHI and we may use it for any lawful purpose.


Other Uses and Disclosures

As permitted by HIPAA, we may disclose your PHI to:

  • Social Services Agencies

  • Public Health Authorities

  • The Food and Drug Administration

  • Health Oversight Agencies

  • Military Command Authorities

  • National Security and Intelligence Organizations

  • Correctional Institutions

  • Organ and Tissue Donation Organizations

  • Coroners, Medical Examiners and Funeral Directors

  • Workers Compensation Agents

We may also disclose PHI to those assisting in disaster relief efforts so that family or friends can be notified about your condition, status and location.

Note Regarding State Law

For all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.

Your Patient Rights

Receive Test Information

You have the right to access your PHI. You may:

  • Obtain your test results online or on your smartphone using our mobile app by visiting our website and creating or accessing your account. You may also obtain billing information via that website; or

  • Submit a written request of your own to our Customer Service team at to obtain your PHI (requests must be signed and include enough demographic and other information necessary for us to authenticate you and identify your records).


If your request for test information is denied, you may request that the denial be reviewed.


Amend Health Information

You may request amendments (changes) to your PHI by making a written request. However, we may deny the request in some cases (such as if we determine the PHI is accurate). If we deny your request to change your PHI, we will provide you with a written explanation of the reason for the denial and let you know about further actions you may take.


Accounting of Disclosures

With limited exceptions, you have the right to request a written accounting of every disclosure of your health information we have made for up to six years prior to your request, other than disclosures to you, disclosures authorized by you in writing, and disclosures for treatment, payment and health care operations as described in this Notice. Your request must specify a time period, which may not be longer than six years and may not include dates before April 14, 2003.


Request Restrictions

You may request that we agree to restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except for requests to limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket and in full and when the uses or disclosures are not required by law.

Request Confidential Communications

You have the right to request that we send your health information by alternative means or to an alternative address, and we will accommodate reasonable requests.


Copy of this Notice

You have the right to obtain a paper copy of this Notice upon request.


How to Exercise Your Rights

You may write or send an email to us with your specific request. Please refer to the Contact Information below. Endless Health will consider your request and provide you a response.


Complaints/Questions/Contact Information

If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. Endless Health will not retaliate against any individual for filing a complaint.  To file a complaint with us, or should you have any questions about this Notice, send an email to us at or write to us at the following address:


Endless Health Inc.

ATTN: Privacy Office

7012 Rufus Dr.

Austin, TX, 78752



We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.

bottom of page