HIPAA Notice of
Privacy Practices
How protected health information about you may be used and disclosed in connection with your clinical care with Rakesh Jotwani, MD, PC, and your rights under federal and California law.
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Who this applies to. This Notice applies to you if you are a clinical patient of Rakesh Jotwani, MD, PC. If you only subscribe to our newsletter, listen to the podcast, use the RAK Your Life app for wellness, or attend events, your information is governed by our Privacy Policy, not this Notice.
Contents
1. Who we are
This Notice is provided by Rakesh Jotwani, MD, PC (d/b/a "RAK Your Life," "we," "us," or "our"), a California professional corporation. We are a covered entity under the Health Insurance Portability and Accountability Act ("HIPAA").
Dr. Rakesh "Rak" Jotwani is the founder and serves as the medical director. We provide direct lifestyle medicine care by telehealth to adult patients (18 years of age and older) in states where Dr. Jotwani is licensed. We work alongside our patients' primary care physicians and other clinicians; we are not their primary care provider. As of the effective date above, the states where we provide care are California, Colorado, Florida, Indiana, Kansas, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Tennessee, and Texas. Our practice does not accept minor patients.
2. What is "protected health information"
"Protected health information" (PHI) is individually identifiable information about your health, your health care, or payment for your health care, that we create or receive as part of providing your medical care. Examples include your name, contact information, date of birth, medical history, diagnoses, lab results, medications, telehealth visit notes, secure messages with your clinician, and bills.
3. How we use and disclose your PHI
Federal law allows us to use and disclose your PHI without your written authorization for the following purposes:
For your treatment
We use your PHI to provide, coordinate, and manage your care. For example, your clinician reviews your history before a visit, documents your visit notes, orders labs, prescribes medications, and refers you to specialists or other providers when appropriate. We may share PHI with other licensed clinicians, pharmacies, laboratories, and treatment facilities involved in your care.
For payment
We use and disclose PHI to bill and collect payment for the services we provide. Because we operate as a direct lifestyle medicine practice, we typically bill members directly rather than insurers. If you ask us to submit a superbill or assist with insurance reimbursement, we may share the minimum necessary PHI with your health plan for that purpose, with your consent.
For health care operations
We use PHI to run the practice safely and effectively. This includes quality improvement, credentialing, training, internal audits, accreditation, legal and compliance activities, and arranging services with our business associates (for example, our electronic health record vendor (Charm Health), secure-messaging platform, and accounting providers). Each business associate is bound by a signed Business Associate Agreement and is contractually required to protect your PHI to the same standard we do.
Other uses and disclosures permitted or required by law
HIPAA permits or requires us to use or disclose PHI without your authorization in limited circumstances, including:
- Required by law (court orders, subpoenas with proper notice, mandated reporting)
- Public health activities (disease reporting, FDA-regulated product safety, immunization registries)
- Victims of abuse, neglect, or domestic violence as required by law
- Health oversight activities (audits, investigations, licensure)
- Judicial and administrative proceedings
- Law enforcement in narrowly defined circumstances
- Coroners, medical examiners, and funeral directors
- Organ, eye, or tissue donation
- Research approved by an Institutional Review Board or Privacy Board, or where identifiers are removed
- To avert a serious threat to health or safety
- Specialized government functions (military, national security, protective services)
- Workers' compensation
We disclose only the minimum amount of information necessary for the purpose.
Family, friends, and others involved in your care
If you tell us it is okay, or if you are present and do not object, we may share PHI relevant to your care with a family member, friend, or other person you identify. In an emergency, or if you are unable to express a preference, we may use our professional judgment to share information that is in your best interest.
4. Uses and disclosures that require your written authorization
The following uses and disclosures require your specific written authorization:
- Marketing communications that would qualify as marketing under HIPAA
- Sale of PHI (we do not sell PHI)
- Most uses and disclosures of psychotherapy notes (separate from your regular medical record)
- Any use or disclosure not otherwise described in this Notice
You may revoke an authorization at any time in writing. Revocation does not affect any action we took in reliance on it before we received your written revocation.
5. Telehealth, the wellness app, and RAK AI
Because our practice operates by telehealth, your clinical care happens over secure video, voice, and messaging. We use HIPAA-compliant infrastructure (our electronic health record, secure-messaging platform, and video provider) and require business associate agreements with each vendor that handles PHI on our behalf.
The RAK Your Life app and RAK AI
The RAK Your Life app at app.rakyourlife.com is a separate, general wellness product, not a clinical service. RAK AI (the conversational coach in the app) is not a doctor, does not provide medical advice, and does not create a physician-patient relationship.
The app is not a medical monitoring service. Messages, journals, uploads, check-ins, and AI conversations submitted to the app may not be reviewed by clinicians or staff in real time, or at all. Nothing about the app creates a duty on Rakesh Jotwani, MD, PC or any clinician to monitor your activity or communications. Do not use the app to communicate clinical concerns. See RAK AI & App Terms, Section 4.
- Information you submit to the app for wellness use (journal entries, RAK AI chats, check-ins, uploads) is governed by our Privacy Policy and the RAK AI & App Terms, not this HIPAA Notice. Unless a licensed clinician has separately incorporated specific content into your clinical chart, app content is not part of your designated medical record.
- If you are also a clinical patient and you choose to share clinical information through the app, do not use RAK AI or in-app journaling as a substitute for clinical communication. Time-sensitive concerns, symptoms, medication issues, and refill requests must go through the clinical channels in your patient packet.
- We do not transmit clinical PHI to RAK AI's underlying language model. If you want a piece of information to be part of your medical record, share it through a clinical channel.
Channel status
For clarity, the following table identifies which communication channels are clinical (governed by this Notice) and which are not. The same table appears in our RAK AI & App Terms, Section 9:
| Channel | Status |
|---|---|
| EHR patient portal | HIPAA clinical · part of your medical record |
| Telehealth visits with Dr. Jotwani | HIPAA clinical · part of your medical record |
| Secure messages sent through the clinical channels listed in your patient packet | HIPAA clinical · part of your medical record |
| Clinical intake forms required for care | Becomes PHI when you become a patient |
| RAK Your Life app (journals, RAK AI chats, check-ins, uploads) | Non-clinical wellness product · not PHI, not a medical record |
| RAK ON Tribe and other community spaces | Non-clinical community · not PHI |
| Newsletter subscriptions, replies, and unsubscribes | Non-clinical marketing · not PHI |
Public contact forms and email to support@ | Non-clinical · non-emergency |
6. California-specific protections
California law, including the Confidentiality of Medical Information Act (Cal. Civ. Code § 56 et seq.) and the Patient Access to Health Records Act (Cal. Health & Safety Code § 123100 et seq.), gives California residents additional protections that may be stronger than HIPAA. Where California law is more protective, we follow California law. Areas where California law provides additional protections include:
- Disclosures of mental health, substance use, HIV/AIDS, and reproductive health information
- Access to your medical records (we will provide access promptly and at no charge for the first copy in most cases)
- Communications with minors regarding sensitive services as permitted by California law
- Restrictions on the sale of medical information for marketing
7. Your rights
You have the following rights with respect to your PHI:
Right to inspect and copy
You have the right to inspect and obtain a copy of your medical and billing records, with limited exceptions. We will provide a copy in the format you request (electronic or paper) where readily producible. We will respond within 30 days. A reasonable cost-based fee may apply for copies as permitted by law.
Right to amend
You have the right to request that we amend PHI you believe is incorrect or incomplete. We may deny your request in certain circumstances (for example, the information was not created by us, or it is accurate and complete). If we deny your request, we will explain why in writing and you may submit a statement of disagreement that will be included in your record.
Right to an accounting of disclosures
You have the right to request a list of certain disclosures of your PHI we have made. This right does not extend to disclosures for treatment, payment, health care operations, or disclosures you authorized. The first accounting in any 12-month period is free; we may charge a reasonable cost-based fee for additional requests, and we will tell you the cost before incurring it.
Right to request restrictions
You may request that we restrict how we use or disclose your PHI for treatment, payment, or health care operations, or that we limit what we tell family or friends about your care. We are not required to agree to every request. However, if you pay for a specific service out of pocket in full and ask us not to share information about that service with a health plan, we will agree, except where disclosure is required by law.
Right to confidential communications
You may ask us to communicate with you about your care in a specific way or at a specific location (for example, a different email address or phone number). We will accommodate reasonable requests.
Right to a paper copy of this Notice
You have the right to a paper copy of this Notice at any time, even if you originally received it electronically. Email privacy@rakyourlife.com to request one.
Right to be notified of a breach
You have the right to be notified if there is a breach of your unsecured PHI, as required by federal and California law.
Right to choose someone to act for you
If you have given someone medical power of attorney, or if someone is your legal guardian, that person can exercise your rights and make decisions about your PHI. We will verify the person's authority before taking action.
How to exercise your rights
To exercise any of these rights, email privacy@rakyourlife.com or write to us at the address in Section 11. We may ask you to make your request in writing and to verify your identity. We will respond within the time required by law.
8. Our duties
We are required by law to:
- Maintain the privacy and security of your PHI
- Provide you with this Notice describing our legal duties and privacy practices
- Follow the terms of the Notice currently in effect
- Notify you if there is a breach of your unsecured PHI
- Honor restrictions you have requested where we have agreed, except where disclosure is required by law
9. Changes to this Notice
We may change this Notice at any time. We reserve the right to make the revised Notice effective for PHI we already have and for PHI we receive in the future. When we make material changes, we will:
- Update the Effective Date and version number at the top of this Notice
- Post the revised Notice on our website
- Make paper copies of the revised Notice available on request
- Notify active patients of significant changes by secure message or email
10. Complaints
If you believe your privacy rights have been violated, you may file a complaint with us by emailing privacy@rakyourlife.com or writing to the address in Section 11. We will not retaliate against you for filing a complaint.
You may also file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights:
- Online: hhs.gov/ocr/complaints
- Phone: 1-800-368-1019 (TDD: 1-800-537-7697)
- Mail: 200 Independence Avenue SW, Room 509F HHH Building, Washington, DC 20201
California residents may also file a complaint with the California Department of Justice at oag.ca.gov/privacy/file-complaint or, for clinical privacy concerns, with the Medical Board of California at mbc.ca.gov.
11. Contact & effective date
Effective date: May 25, 2026
Privacy Officer: Rakesh Jotwani, MD. All privacy-related requests, complaints, and rights requests should be sent to privacy@rakyourlife.com.
Rakesh Jotwani, MD, PC
Privacy email: privacy@rakyourlife.com
General support: support@rakyourlife.com
Mail:
1347 Linda Mar Shopping Ctr, Unit #2020
Pacifica, CA 94044
Acknowledgment of receipt. At intake, we ask patients to acknowledge receipt of this Notice in writing. Acknowledgment is required by HIPAA. If you have not received a paper copy and would like one, email privacy@rakyourlife.com.