Privacy Policy | FRAME Medicine
FRAME Medicine ← Back to Home
Legal

Privacy Policy

Effective Date: March 27, 2026 • FRAME Medicine • Richmond Hill, GA

FRAME Medicine is committed to protecting your health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and protected health information (PHI). Please read it carefully. By using our services, you agree to the practices described here.

1. Who We Are

FRAME Medicine (“FRAME,” “we,” “our,” or “us”) is a men’s health telemedicine practice co-founded by Tom Rubenstein and Dr. Colin Sheffield, DO. We are located in Richmond Hill, Georgia and provide services in Florida, Georgia, Washington, Nebraska, and North Carolina.

Privacy Officer: Tom Rubenstein • tom@framemedicine.com • (904) 494-8330

2. Information We Collect

We collect information you provide directly and information generated through your use of our services:

  • Identity Information: Name, date of birth, sex, address, email, phone number
  • Health Information (PHI): Medical history, symptoms, lab results, medications, prescriptions, treatment records
  • Payment Information: Billing details processed through our secure payment processor (we do not store full card numbers)
  • Communications: Messages, emails, SMS texts, and records of interactions with our staff and physicians
  • Technical Information: IP address, browser type, device information, and usage data collected when you access our website or patient portal

3. How We Use Your Information

We use your information for the following purposes:

  • To provide, manage, and improve our telemedicine services
  • To fulfill prescriptions and coordinate pharmacy services
  • To communicate with you about your treatment, lab results, and care plan
  • To process payments and manage your account
  • To send appointment reminders, refill notifications, and care-related messages via SMS (with your consent)
  • To comply with applicable laws and regulations, including HIPAA
  • To protect the rights, safety, and property of FRAME Medicine and our patients

4. HIPAA Notice of Privacy Practices

As a healthcare provider, FRAME Medicine is subject to the Health Insurance Portability and Accountability Act (HIPAA). Your protected health information (PHI) will only be used and disclosed as permitted or required by HIPAA.

Permitted uses of your PHI include:

  • Treatment: Sharing with Dr. Sheffield, our compounding pharmacy, or other treating providers involved in your care
  • Healthcare Operations: Quality assurance, compliance, training, and operational activities
  • As Required by Law: Reporting obligations to public health authorities or law enforcement as required

All other uses and disclosures of your PHI require your written authorization, which you may revoke at any time.

5. Your HIPAA Rights

Right to Access
Request a copy of your medical records and PHI in electronic or paper format
Right to Amend
Request corrections to your health information if you believe it is inaccurate
Right to Restrict
Request restrictions on certain uses or disclosures of your PHI
Right to Accounting
Request a list of disclosures of your PHI made by FRAME Medicine
Right to Complain
File a complaint with FRAME Medicine or HHS if you believe your privacy rights have been violated
Right to Revoke
Revoke any authorization you have given us to use or disclose your PHI

To exercise any of these rights, contact our Privacy Officer at tom@framemedicine.com.

6. Business Associates and Third-Party Vendors

We share your information with third-party service providers (Business Associates) who help us deliver our services. All Business Associates are contractually required to protect your PHI and comply with HIPAA. Key vendors include:

  • JaneApp (Jane Software Inc.): Our Electronic Health Record (EHR) system. A Business Associate Agreement (BAA) is in place. JaneApp processes your intake forms, visit records, and clinical documentation.
  • Google Workspace (Google LLC): Email and operational communications. A Business Associate Agreement (BAA) is in place with Google for our Google Workspace account.
  • Twilio Inc.: SMS messaging platform used for appointment reminders, refill notifications, and two-way patient communications. Messages are sent only to patients who have provided consent through JaneApp or our website intake forms.
  • Hallandale Pharmacy: Our compounding pharmacy partner. Your prescription information is shared for dispensing purposes only.

7. SMS / Text Message Communications

FRAME Medicine uses Twilio to send SMS messages for appointment reminders, prescription refill alerts, check-in prompts, and care-related communications. By providing your mobile number and selecting notification preferences during intake:

  • You consent to receive text messages from FRAME Medicine at the number provided
  • Message frequency varies based on your care plan (typically 2-6 messages per month)
  • Message and data rates may apply
  • Reply STOP at any time to opt out. Reply HELP for assistance
  • Your mobile number and SMS consent data are never shared with third parties for marketing purposes

Our SMS program is registered under the A2P 10DLC framework and complies with CTIA messaging standards.

8. Website and Technical Data

Our website may use cookies, analytics tools, and session tracking to improve user experience and measure site performance. We do not sell your personal data to advertisers. You may disable cookies in your browser settings, though some site functions may be limited as a result.

9. Data Security

We implement administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, or destruction. These include encrypted data transmission (HTTPS/TLS), access controls, and secure cloud-based storage through our BAA-covered vendors. No system is 100% secure; if you believe your information has been compromised, contact us immediately.

10. Data Retention

We retain patient health records for a minimum of seven (7) years from the date of last service, or longer as required by applicable state law. Non-clinical data (e.g., billing records, website logs) is retained as operationally necessary and then securely deleted.

11. Children’s Privacy

FRAME Medicine’s services are intended for adults aged 18 and older. We do not knowingly collect personal information from individuals under 18. If you believe a minor has submitted information to us, please contact us immediately.

12. Telehealth Disclosure

Services at FRAME Medicine are delivered via telemedicine. Telehealth consultations involve electronic transmission of health information and carry inherent privacy limitations compared to in-person care. By participating in telehealth services, you acknowledge and accept these limitations. We take all reasonable steps to ensure secure transmission of your health information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or notice on our website. The effective date at the top of this page reflects the most recent revision. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or your health information:

Privacy Officer: Tom Rubenstein
Email: tom@framemedicine.com
Phone: (904) 494-8330
Address: FRAME Medicine, Richmond Hill, GA 31324

To file a complaint with the federal government: U.S. Department of Health and Human Services, Office for Civil Rights, hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.

© 2026 FRAME Medicine • Privacy PolicyTerms of ServiceHome

FRAME Medicine • Richmond Hill, GA • (904) 494-8330