Wholesale Prices (90-day supply):Metformin 500mg - $1.80 (Save 94%)Lisinopril 10mg - $2.70 (Save 90%)Atorvastatin 20mg - $9.90 (Save 81%)Amlodipine 5mg - $1.80 (Save 93%)Omeprazole 20mg - $2.70 (Save 93%)Sertraline 50mg - $6.30 (Save 86%)Levothyroxine 100mcg - $1.80 (Save 93%)Gabapentin 300mg - $3.60 (Save 93%)Metformin 500mg - $1.80 (Save 94%)Lisinopril 10mg - $2.70 (Save 90%)Atorvastatin 20mg - $9.90 (Save 81%)Amlodipine 5mg - $1.80 (Save 93%)Omeprazole 20mg - $2.70 (Save 93%)Sertraline 50mg - $6.30 (Save 86%)Levothyroxine 100mcg - $1.80 (Save 93%)Gabapentin 300mg - $3.60 (Save 93%)
Pillar Drug Club

Notice of Privacy Practices

HIPAA-Compliant Privacy Policy for Pillar Drug Club

Effective Date: October 23, 2025 | Last Updated: October 23, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Pillar Drug Club is committed to protecting your health information. This Notice of Privacy Practices describes our legal duties and privacy practices with respect to your protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).

1. Who We Are & Our Commitment

Pillar Drug Club is a HIPAA-covered entity operating as an online wholesale prescription pharmacy platform. We are required by federal and state law to:

  • Maintain the privacy and security of your protected health information (PHI)
  • Provide you with this Notice of our legal duties and privacy practices
  • Follow the terms of the Notice currently in effect
  • Notify you if we are unable to agree to a requested restriction on how we use or disclose your PHI
  • Accommodate reasonable requests to communicate health information by alternative means or at alternative locations
2. What is Protected Health Information (PHI)?

Protected Health Information (PHI) is information about you, including demographic information, that may identify you and relates to:

  • Your past, present, or future physical or mental health condition
  • The provision of healthcare services to you
  • Past, present, or future payment for healthcare services
  • Prescription information and medication history
  • Insurance information and billing records
  • Communication with your healthcare providers
3. How We May Use and Disclose Your Health Information

A. Uses and Disclosures for Treatment, Payment, and Healthcare Operations

We may use and disclose your PHI without your written authorization for the following purposes:

Treatment

We may use and disclose your PHI to coordinate your pharmacy services, including:

  • Communicating with your prescribing physicians and other healthcare providers
  • Providing medication counseling and drug interaction warnings
  • Coordinating prescription refills and medication therapy management
  • Conducting medication adherence monitoring
  • Sharing information about potential drug allergies or adverse reactions

Payment

We may use and disclose your PHI to obtain payment for services, including:

  • Processing membership subscription payments through Square
  • Billing for prescription medications dispensed
  • Verifying insurance coverage and benefits
  • Submitting claims to insurance companies or benefit plans
  • Collecting payment and conducting collection activities
  • Coordinating with third-party payment processors

Healthcare Operations

We may use and disclose your PHI for our business operations, including:

  • Quality assessment and improvement activities
  • Training pharmacy staff and healthcare professionals
  • Conducting internal audits and compliance reviews
  • Business planning and development
  • Customer service and support activities
  • Managing referral programs and membership benefits

B. Other Permitted Uses and Disclosures

We may also use or disclose your PHI without your authorization for the following purposes:

  • Appointment Reminders: To contact you with prescription refill reminders via email, SMS, or phone
  • Health-Related Benefits and Services: To inform you about treatment alternatives, drug recalls, or health-related benefits and services that may be of interest
  • As Required by Law: When federal, state, or local law requires disclosure
  • Public Health Activities: To public health authorities for disease prevention and control
  • Health Oversight Activities: To health oversight agencies for audits, investigations, and inspections
  • Judicial and Administrative Proceedings: In response to court orders, subpoenas, or discovery requests
  • Law Enforcement: To law enforcement officials as required or permitted by law
  • Coroners, Medical Examiners, and Funeral Directors: For identification purposes and to determine cause of death
  • Serious Threats: To avert a serious threat to health or safety
  • Prescription Drug Monitoring Program (PDMP): Reporting to state PDMP databases as required by law

C. Uses and Disclosures Requiring Your Written Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes other than treatment, payment, healthcare operations, or as otherwise permitted by law. This includes:

  • Marketing communications (except appointment reminders and health-related information)
  • Sale of PHI (we do not sell your health information)
  • Psychotherapy notes (if applicable)
  • Uses and disclosures not described in this Notice

You may revoke your authorization at any time by submitting a written request to our Privacy Officer. The revocation will not affect any disclosures already made in reliance on your authorization.

4. Your Rights Regarding Your Health Information

You have the following rights regarding your protected health information:

Right to Access and Obtain Copies

You have the right to inspect and obtain copies of your PHI maintained by Pillar Drug Club. To request access:

  • Submit a written request to our Privacy Officer
  • We will respond within 30 days (or notify you of a 30-day extension)
  • We may charge a reasonable fee for copying and mailing costs
  • We may deny access in limited circumstances as permitted by law

Right to Request Amendments

You may request that we amend your PHI if you believe it is incorrect or incomplete:

  • Submit a written request with the reason for the amendment
  • We may deny your request if the information was not created by us, is not part of our records, or is accurate and complete
  • You may submit a statement of disagreement if your request is denied

Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI:

  • We are not required to agree to your request
  • If we do agree, we will comply with your request unless the information is needed for emergency treatment
  • Special Right: If you pay for a prescription out-of-pocket in full, you can request that we not share information about that prescription with your health plan, and we must agree

Right to Request Confidential Communications

You may request that we communicate with you by alternative means or at alternative locations:

  • Request must be in writing and specify how or where you wish to be contacted
  • We will accommodate all reasonable requests
  • You do not need to provide a reason for your request

Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI made by us:

  • The accounting covers the six years prior to your request (or shorter period if specified)
  • Does not include disclosures for treatment, payment, healthcare operations, or made to you
  • The first accounting in a 12-month period is free; we may charge a reasonable fee for additional requests

Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice at any time, even if you previously agreed to receive it electronically. Contact our Privacy Officer to request a copy.

Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint:

  • With Pillar Drug Club's Privacy Officer (contact information below)
  • With the U.S. Department of Health and Human Services Office for Civil Rights
  • You will not be penalized or retaliated against for filing a complaint
5. Our Responsibilities

Pillar Drug Club is required by law to:

  • Maintain the privacy and security of your protected health information
  • Notify you following a breach of unsecured PHI
  • Follow the duties and privacy practices described in this Notice
  • Not use or disclose your PHI other than as described in this Notice without your written authorization
6. How We Protect Your Information

We implement comprehensive security measures to protect your PHI, including:

Technical Safeguards

  • Encryption of data in transit and at rest
  • Secure authentication with multi-factor authentication support
  • Automated session timeouts
  • Audit controls tracking access to PHI
  • Regular security testing and vulnerability assessments

Physical Safeguards

  • Secure facilities with access controls
  • Workstation security policies
  • Secure disposal of PHI (shredding, data destruction)

Administrative Safeguards

  • Designated Privacy and Security Officers
  • Regular workforce training on HIPAA compliance
  • Business Associate Agreements with all vendors handling PHI
  • Incident response and breach notification procedures
  • Regular risk assessments and audits
7. Breach Notification

In the event of a breach of your unsecured protected health information, we will notify you as required by law. Notification will include:

  • Description of what happened and when
  • Types of information involved
  • Steps you should take to protect yourself
  • What we are doing in response to the breach
  • Contact information for questions
8. Changes to This Notice

We reserve the right to change this Notice and make the new provisions effective for all PHI we maintain. If we make material changes to our privacy practices, we will:

  • Post the revised Notice on our website
  • Make the revised Notice available upon request
  • Include the effective date on the revised Notice

You may obtain a copy of the current Notice at any time from our website at pillardrugclub.com/privacy-policy or by contacting our Privacy Officer.

9. Contact Information

For questions about this Notice or to exercise your rights, contact our Privacy Officer:

Privacy Officer

Pillar Drug Club

Email: privacy@pillardrugclub.com

Phone: 1-800-PHARMACY (1-800-727-4279)

Address: Pillar Drug Club Privacy Office, [Address to be provided]

To file a complaint with the U.S. Department of Health and Human Services:

Office for Civil Rights

U.S. Department of Health and Human Services

200 Independence Avenue, S.W.

Washington, D.C. 20201

Phone: 1-877-696-6775

Website: www.hhs.gov/ocr/privacy/hipaa/complaints

This Notice of Privacy Practices complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (45 CFR Part 160 and Part 164, Subparts A and E) and applicable state privacy laws. We are committed to protecting your privacy and maintaining the confidentiality of your health information.

Effective Date: October 23, 2025
Version: 1.0