Privacy Policy
PRIVACY POLICY
LAST REVISED: 05/12/26
It is VYTAL OPTIONS’ policy to respect your privacy regarding any information we may collect while operating our website. This Privacy Policy applies to https://vytaloptions.com (hereinafter, “us”, “we”, or “https://vytaloptions.com“). We respect your privacy and are committed to protecting personally identifiable information you may provide us through the website.
We have adopted this privacy policy (“Privacy Policy”) to explain what information may be collected on our website; how we use this information; and under what circumstances we may disclose the information to third parties. This Privacy Policy applies only to information we collect through the website and does not apply to our collection of information from other sources.
This Privacy Policy, together with the terms and conditions posted on our website, set forth the general rules and policies governing your use of our website. Depending on your activities when visiting our website, you may be required to agree to additional terms and conditions.
WEBSITE VISITORS
Like most website operators, VYTAL OPTIONS collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. VYTAL OPTIONS’ purpose in collecting non-personally identifying information is to better understand how VYTAL OPTIONS’ visitors use its website.
From time to time, VYTAL OPTIONS may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website. VYTAL OPTIONS also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged-in users and for users leaving comments on https://vytaloptions.com blog posts. VYTAL OPTIONS only discloses logged-in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below.
GATHERING OF PERSONALLY-IDENTIFYING INFORMATION
Certain visitors to VYTAL OPTIONS’ website choose to interact with VYTAL OPTIONS in ways that require VYTAL OPTIONS to gather personally-identifying information. The amount and type of information that VYTAL OPTIONS gathers depend on the nature of the interaction. For example, we ask visitors who sign up for a blog at https://vytaloptions.com to provide a username and email address.
SECURITY
The security of your personal information is important to us, but remember that no method of transmission over the internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
COOKIES
To enrich and perfect your online experience, VYTAL OPTIONS uses “Cookies,” similar technologies, and services provided by others to display personalized content, appropriate advertising, and store your preferences on your computer.
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. VYTAL OPTIONS uses cookies to help VYTAL OPTIONS identify and track visitors, their usage of https://vytaloptions.com, and their website access preferences.
VYTAL OPTIONS visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using VYTAL OPTIONS’ websites, with the drawback that certain features of VYTAL OPTIONS’ websites may not function properly without the aid of cookies. By continuing to navigate our website without changing your cookie settings, you hereby acknowledge and agree to VYTAL OPTIONS’ use of cookies.
ADVERTISEMENTS
Ads appearing on our website may be delivered to users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer.
This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers the use of cookies by VYTAL OPTIONS and does not cover the use of cookies by any advertisers.
LINKS TO EXTERNAL SITES
Our website may contain links to external sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy and terms and conditions of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites, products, or services.
AGGREGATED STATISTICS
VYTAL OPTIONS may collect statistics about the behavior of visitors to its website. VYTAL OPTIONS may display this information publicly or provide it to others. However, VYTAL OPTIONS does not disclose your personally-identifying information.
PRIVACY POLICY CHANGES
Although most changes are likely to be minor, VYTAL OPTIONS may change its Privacy Policy from time to time, which is in VYTAL OPTIONS’ sole discretion.
VYTAL OPTIONS encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.
PHI/PII Confidentiality Policy
PA Options for Wellness, Inc. (“the Company”) is committed to safeguarding the privacy and security of all Protected Health Information (“PHI”) and Personally Identifiable Information (“PII”) collected in the course of providing medical cannabis services and conducting clinical or observational research. This policy describes the categories of information we collect, how we use and protect that information, and the rights available to patients under HIPAA and applicable federal privacy laws.
1. Information We Collect
a)Protected Health Information (PHI)
The Company collects limited categories of PHI necessary to provide pharmacist‑guided medical cannabis care and to support internal clinical research activities. This includes qualifying medical conditions, medical history when voluntarily provided by the patient, medication lists when voluntarily provided, all medical cannabis purchases, past cannabis use history when voluntarily provided, and cannabis product laboratory results (but no patient laboratory results).
b)Personally Identifiable Information (PII)
We also collect certain identifiers necessary for patient verification and compliance with state medical cannabis regulations, including address, date of birth, and state‑issued medical cannabis identification numbers.
2. How We Obtain PHI
The Company primarily receives PHI directly from patients during consultations, onboarding, or follow‑up interactions. We also receive limited information from the Pennsylvania Department of Health (DOH) for the purpose of verifying patient eligibility and accessing the correct patient record. On rare occasions, with patient consent, a pharmacist may contact a healthcare provider and receive relevant clinical information.
3. How We Use PHI
The Company uses PHI solely for purposes permitted under HIPAA and applicable state law. These purposes include providing pharmacist‑guided patient care, developing individualized cannabis regimens, verifying patient identity and eligibility in the DOH system, supporting internal clinical or observational research activities, and improving internal operations and patient services. PHI received from the DOH is used only to access patient records and confirm identity. We do not use PHI for marketing or the sale of information.
4. Disclosures to Third Parties
The Company does not disclose PHI to external research partners, universities, sponsors, or government agencies. Only de‑identified data is shared externally. We do use third‑party vendors who may have access to PHI for purposes of secure data hosting, IT support, or analytics. These vendors operate under Business Associate Agreements (BAAs) where required and/or implement their own safeguards.
5. Substance Use Disorder Information
To the extent any information collected qualifies as substance use disorder (SUD) information under 42 CFR Part 2, the Company complies with heightened confidentiality requirements.
6. Safeguards and Security Measures
The Company maintains administrative, technical, and physical safeguards to protect PHI and PII. These include HIPAA‑compliant environments with BAAs and multi‑factor authentication (MFA), OAuth‑based authentication, firewall protection, and access controls limiting PHI access to authorized personnel only.
7. Breach Notification
The Company maintains a breach response process overseen by its cybersecurity insurance provider. In the event of a suspected or confirmed breach, the incident will be investigated, and notifications will be issued in accordance with HIPAA breach notification rules.
8. Data Retention and Destruction
PHI is retained only as long as necessary to fulfill the purposes described in this policy or as required by law.
9. Patient Rights
Patients may ask to see or get a copy of their health records. They may also ask us to correct their health records if they believe the information is incomplete or inaccurate. In addition, patients may ask us not to use or share certain health information. We will review these requests and respond in accordance with applicable law.
10. Commitment to Compliance
The Company will not use or disclose PHI except as described in this policy or as permitted or required by law. Any future changes to this policy will apply to all PHI maintained by the Company.
