Pointe Medical Sales – Privacy, HIPAA, and Payment Security Policy
1. Introduction
At Pointe Medical Sales (“we,” “our,” “us”), your privacy, security, and trust are our highest priorities. We comply with both the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA) to ensure that all personal, financial, and health-related data are collected, used, and stored safely and responsibly. By using https://pointemedsales.com (the “Site”), you consent to the practices described in this policy.
2. Information We Collect
We collect the following types of information to provide and improve our services:
• Personal Information: name, billing and shipping address, email address, phone number.
• Payment Information: processed securely by a PCI DSS–compliant payment processor (e.g., Stripe, Authorize.net, PayPal). We never store full credit or debit card numbers on our servers.
• Protected Health Information (PHI): health-related information necessary to fulfill orders for medical products or coordinate with healthcare providers or insurers (e.g., prescriptions, physician authorizations, insurance claim details, and medical conditions relevant to product suitability).
• Technical Information: IP address, browser type, device information, cookies and analytics data to improve your browsing experience.
3. HIPAA Compliance Statement
We adhere to all applicable HIPAA Privacy, Security, and Breach Notification Rules to protect your Protected Health Information (PHI). All PHI is encrypted, transmitted securely, and handled only by authorized personnel or HIPAA-compliant partners. If we act as a “Business Associate” under HIPAA, we enter into Business Associate Agreements (BAAs) with all third parties who may handle PHI on our behalf.
4. PCI DSS Compliance Statement
We comply with the Payment Card Industry Data Security Standard (PCI DSS) for all payment processing activities, including SSL/TLS encryption for all payment transactions, firewalls and intrusion prevention controls, regular vulnerability scanning and security monitoring, and no storage of full card numbers, CVV, or magnetic stripe data. Your payment is processed through a PCI Level 1–certified payment provider.
5. How We Use Your Information
We use your information to process and fulfill orders; communicate about purchases or inquiries; verify prescriptions or coordinate with healthcare providers (if required); improve our website and customer experience; and meet legal, regulatory, and compliance obligations.
6. Permitted Uses and Disclosures of PHI
We may use or disclose PHI to deliver medical products or services you have requested; to obtain payment or insurance reimbursement; for healthcare operations and internal quality control; and as required by law, including public health reporting or law enforcement requests. We will not use or disclose PHI for marketing or non-treatment purposes without your explicit written authorization.
7. Safeguards and Data Security
We use administrative, physical, and technical safeguards to secure your data, including staff training, access controls, confidentiality agreements, secure facilities, encryption, password protection, and secure data backups. We continuously monitor our systems and update our security controls to meet or exceed HIPAA and PCI DSS standards.
8. Breach Notification
If a data breach occurs that compromises your PHI or personal data, we will notify you promptly via email or mail, notify the U.S. Department of Health and Human Services (if applicable), and take corrective actions to mitigate risks and prevent future breaches.
9. Your Rights (HIPAA Privacy Rule)
You have the right to access and obtain copies of your PHI; request corrections; request restrictions on certain uses or disclosures; receive an accounting of disclosures; and file a complaint with the Office for Civil Rights (OCR) if you believe your rights have been violated. Requests may be submitted in writing to the contact information below.
10. Cookies and Analytics
We use cookies and similar tools to enhance your browsing experience, analyze performance, and remember preferences. You can disable cookies in your browser settings at any time.
11. Data Retention
We retain data only as long as necessary to fulfill orders and comply with healthcare or payment regulations and to meet our legal and business obligations. Once no longer required, data is securely deleted or anonymized.
12. Sharing Information
We may share information with payment processors, shipping providers, and healthcare partners (as needed), and with legal authorities when required by law. All third parties must comply with HIPAA and PCI DSS standards through written agreements. We do not sell or rent your information to third parties.
13. Updates to This Policy
We may update this Policy periodically to reflect new laws, technology, or services. The Effective Date above indicates the most recent version.
14. Contact Us
Pointe Medical Sales
1113 White St
Houston, TX 77007
Email: privacy@pointemedsales.com
Phone: (281) 660-1249
Suggested placement: Link in footer titled “Privacy, HIPAA & Security Policy.” Reference on checkout pages: “All transactions are processed securely by a PCI DSS-compliant provider. Health information is protected under HIPAA.”