1-888-959-0072
Shop →
HIPAA Compliance

Notice of Privacy Practices

Effective Date: May 10, 2026  ·  BlueBay Mobility Inc

Important — Please Read

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. Who We Are and Why This Notice Applies

BlueBay Mobility Inc is a Complex Rehab Technology (CRT) and durable medical equipment (DMEPOS) supplier operating in California and nationwide. Because we provide healthcare services and transmit health information electronically in connection with Medicare and insurance transactions, we are a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations at 45 C.F.R. Parts 160 and 164.

This Notice of Privacy Practices (NPP) explains your rights and our legal duties regarding your Protected Health Information (PHI) — any individually identifiable health information we create, receive, maintain, or transmit.

2. Our Legal Duties

We are required by law to:

  • Maintain the privacy and security of your PHI
  • Provide you with this Notice of our privacy practices
  • Notify you if a breach occurs that may have compromised the privacy or security of your PHI
  • Follow the terms of this Notice while it is in effect
  • Not use or disclose your PHI except as described in this Notice or as otherwise permitted by law

3. How We May Use and Disclose Your PHI

The following categories describe the ways we are permitted to use and disclose PHI without your written authorization.

Treatment

We use and share PHI to provide, coordinate, and manage your care and any related services. Example: We share your diagnosis, physician orders, and mobility assessment with an OT or PT who is participating in your evaluation and equipment selection.

Payment

We use and share PHI to bill and collect payment for services we provide. Example: We submit a claim to Medicare or your insurance carrier that includes your diagnosis, equipment ordered, and supplier information.

Health Care Operations

We use and share PHI for internal operations necessary to run our business and improve quality of care. Example: We review client records to evaluate whether our CRT evaluation process is producing appropriate outcomes and to train staff on documentation requirements.

Other Permitted Uses and Disclosures Without Authorization

We may also use or disclose your PHI without your written authorization in the following circumstances:

  • Required by law — when federal, state, or local law requires disclosure
  • Public health activities — to authorized public health authorities for activities such as reporting disease, injury, or product recalls
  • Health oversight activities — to government agencies conducting audits, inspections, investigations, or licensure reviews (e.g., CMS, California Department of Health Care Services)
  • Judicial and administrative proceedings — in response to a court order, subpoena, or other lawful process
  • Law enforcement — to law enforcement officials under specific legal circumstances
  • Serious threat to health or safety — to prevent or lessen a serious and imminent threat to your health or safety or the health or safety of another person
  • Abuse, neglect, or domestic violence — to government authorities authorized to receive reports of abuse or neglect
  • Workers’ compensation — for workers’ compensation claims as authorized by law
  • Business associates — we share PHI with vendors and service providers (called Business Associates) who help us operate. All Business Associates are required to sign a Business Associate Agreement (BAA) protecting your PHI.

4. Uses and Disclosures That Require Your Written Authorization

We will not use or share your PHI for the following purposes without your signed written authorization:

  • Marketing communications about products or services (except in limited circumstances)
  • Sale of your PHI
  • Most uses of psychotherapy notes
  • Any other use or disclosure not described in this Notice

You may revoke an authorization you have given us at any time, in writing. Your revocation will not affect actions we already took in reliance on the authorization.

5. Your Rights Regarding Your PHI

You have the following rights with respect to your PHI. To exercise any of these rights, submit a written request to our Privacy Officer using the contact information in Section 7.

Right to Access and Obtain Copies

You have the right to inspect and obtain a copy of PHI that we maintain about you in a designated record set. We will respond within 30 days. We may charge a reasonable, cost-based fee for copies.

Right to Request Amendment

If you believe PHI we hold about you is inaccurate or incomplete, you may request that we amend it. We may deny the request if the information was not created by us or if we determine the record is accurate. We will respond within 60 days.

Right to an Accounting of Disclosures

You have the right to receive a list of certain disclosures of your PHI that we made during the past six years (excluding disclosures for treatment, payment, or health care operations).

Right to Request Restrictions

You may ask us to restrict how we use or share your PHI for treatment, payment, or operations. We are not required to agree in most cases, but if we do agree, we will honour the restriction. We are required to honour a restriction if you pay out of pocket in full and ask us not to share the information with your health plan.

Right to Request Confidential Communications

You may request that we contact you about health matters in a particular way or at a specific location. We will honour reasonable requests.

Right to a Paper Copy of This Notice

You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically. Contact us at the information in Section 7.

Right to Be Notified of a Breach

If a breach of your unsecured PHI occurs, we will notify you as required by the HIPAA Breach Notification Rule (45 C.F.R. Part 164, Subpart D) within 60 days of discovering the breach.

6. How to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services (HHS). You will not be retaliated against for filing a complaint.

File with BlueBay Mobility Inc

Contact our Privacy Officer (see Section 7 below). Complaints may be submitted in writing by email or mail.

File with HHS Office for Civil Rights

U.S. Department of Health & Human Services — Office for Civil Rights

200 Independence Avenue S.W., Washington, D.C. 20201

📞 Phone: 1-800-368-1019  ·  TDD: 1-800-537-7697

🌐 www.hhs.gov/ocr/complaints

7. Privacy Officer Contact Information

Questions about this Notice or our privacy practices should be directed to:

Privacy Officer — BlueBay Mobility Inc

📍 3002 Dow Ave Unit 312, Tustin, CA 92780, United States

📧 info@bluebaymobility.com

📞 Toll Free: 1-888-959-0072  ·  Main: 949-522-3276

8. Changes to This Notice

We reserve the right to change this Notice and to apply the revised Notice to PHI we already hold about you. If we make a material change, we will post the updated Notice on our website at bluebaymobility.com with the new effective date. You may request a current paper copy from our Privacy Officer at any time.

Effective Date: May 10, 2026  ·  BlueBay Mobility Inc  ·  3002 Dow Ave Unit 312, Tustin, CA 92780