HIPAA Notice of Privacy Practices

Effective Date: April 16, 2026 · Last Revised: April 16, 2026

🔒 Your health information is private. MedBid never shares your personal health details with providers until you explicitly accept or engage a bid. This Notice explains your full HIPAA rights and our obligations.

Who This Notice Applies To

This Notice of Privacy Practices applies to MedBid Inc. ("MedBid," "we," "our," or "us") and covers health information you provide when using the MedBid platform (medbid.ai) to post healthcare service requests, receive bids, and interact with verified providers.

MedBid functions as a Business Associate under HIPAA when it handles protected health information (PHI) on behalf of HIPAA-covered providers. When you post a request, certain information you provide — such as the type of procedure, body part, or health condition details — may constitute PHI that we are obligated to protect.

⚕️ MedBid is not itself a covered healthcare provider. Once you book with a provider through MedBid, that provider's own HIPAA Notice of Privacy Practices governs your PHI in their care.

Your Rights Under HIPAA

When it comes to your health information, you have the following rights:

📋 Right to Access

You can request a copy of the health information you have provided to MedBid. We will respond within 30 days.

✏️ Right to Correct

You can ask us to correct health information you believe is inaccurate or incomplete.

📜 Right to an Accounting

You can request a list of instances where we have shared your health information for purposes other than treatment, payment, or operations.

🚫 Right to Restrict

You can ask us to limit how we use or share your health information. We will consider your request but are not required to agree to all restrictions.

📬 Right to Confidential Communication

You can request that we communicate with you in a specific way or at a specific location if you believe the standard method puts you at risk.

🗑️ Right to Delete

You can request deletion of your health information from MedBid's systems, subject to legal retention requirements.

📋 Right to a Paper Copy

You have the right to a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

⚠️ Right to File a Complaint

If you believe your privacy rights have been violated, you can file a complaint with us or with the U.S. Department of Health & Human Services.

How We Use and Share Your Health Information

Permitted Uses (No Authorization Required)

Matching: We use your request details to identify and notify verified providers in your area who can fulfill your care request. Only anonymized, de-identified request details are shared with providers until you accept a bid.
Platform operations: We use health information to operate the MedBid platform, improve matching algorithms, and maintain service quality.
Legal compliance: We may disclose information as required by law, including to respond to court orders or regulatory inquiries.
Safety: We may share information to prevent or lessen a serious and imminent threat to health or safety.

Uses Requiring Your Authorization

Marketing or sale of your PHI to third parties
Sharing with employers or insurers for eligibility purposes
Any use not described in this Notice

You may revoke any authorization you have given us at any time in writing. Revocation will not affect actions we have already taken in reliance on your authorization.

What We Never Do

We never sell your PHI to data brokers, advertisers, or third-party marketers
We never share your identity or contact information with providers until you explicitly choose to engage their bid
We never disclose PHI to employers without your written authorization

How We Protect Your Health Information

MedBid implements administrative, physical, and technical safeguards required by HIPAA's Security Rule, including:

256-bit SSL/TLS encryption for all data in transit
Encryption of PHI at rest in our databases
Role-based access controls limiting employee access to PHI on a need-to-know basis
Regular workforce training on HIPAA compliance
Business Associate Agreements (BAAs) with all vendors who access PHI on our behalf
Regular risk assessments and security audits
Breach notification procedures — we will notify you within 60 days of discovering a breach that affects your unsecured PHI

Business Associates

We share certain PHI with third-party vendors ("Business Associates") who help us operate MedBid, including cloud hosting providers, email delivery services, and analytics platforms. All Business Associates are required to sign a Business Associate Agreement (BAA) and to protect your PHI in accordance with HIPAA standards.

A copy of our standard BAA template is available at baa-agreement.html.

Changes to This Notice

MedBid reserves the right to change the terms of this Notice at any time. When we make material changes, we will post the revised Notice on medbid.ai and update the effective date. The new Notice will apply to all PHI we maintain, including information created or received before the revision.

How to Exercise Your Rights or File a Complaint

To exercise any of your HIPAA rights or to file a privacy complaint with MedBid:

MedBid Privacy Officer

Email: privacy@medbid.ai

Mail: MedBid Inc., Privacy Officer · San Jose, CA 95138

We will not retaliate against you for filing a complaint.

You also have the right to file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights:

HHS Office for Civil Rights

Website: hhs.gov/ocr/privacy/hipaa/complaints

Phone: 1-800-368-1019 (TDD: 1-800-537-7697)

Mail: 200 Independence Ave., S.W., Washington, DC 20201