System notice:We're temporarily pausing new orders for scheduled maintenance. Please bear with us — we'll be back shortly. Your existing subscription and medication schedule are unaffected.

Compliance

HIPAA Compliance Statement

Last updated: February 2026

GLPFlo — a registered trade name (d/b/a) of LabFlo LLC — is a HIPAA-compliant telehealth platform. We safeguard your protected health information (PHI) in accordance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule, and maintain Business Associate Agreements with every service provider that may handle PHI on our behalf.

Encryption everywhere

All PHI is encrypted in transit and at rest using industry-standard algorithms. Backups are encrypted.

Strict access controls

Role-based access, multi-factor authentication, and idle-timeout protections limit PHI access to authorized staff on a need-to-know basis.

Audited & monitored

Every PHI access event is recorded in an append-only audit log. We review activity regularly and have a documented incident-response process.

Vendor BAAs in place

Each third-party service that may touch PHI (hosting, payments, email, pharmacy) is governed by a signed Business Associate Agreement.

Your rights under HIPAA

As a GLPFlo patient, you have the right to:

  • Access and obtain a copy of your medical records
  • Request corrections to inaccurate or incomplete information
  • Receive an accounting of disclosures of your PHI
  • Request restrictions on how we use or share your PHI
  • File a complaint with GLPFlo or with the U.S. Department of Health and Human Services Office for Civil Rights without fear of retaliation

See our full Privacy Policy for additional detail on how we collect, use, and protect your information.

Get in touch

Privacy questions or PHI requests

privacy@glpflo.org

Suspected security issue

security@glpflo.org

HIPAA / compliance officer

compliance@glpflo.org

HHS Office for Civil Rights

hhs.gov/ocr

Vendor due-diligence reviewers — pharmacy partners, payment processors, and integrating healthcare networks may request our detailed vendor compliance packet (covering control-by-control implementation, BAA registry, and incident-response timeline) by emailing compliance@glpflo.org with your organization name and intended use. The packet is provided under NDA.

We respect your privacy.

We use cookies for essential site functionality (always on), and — only with your permission — for product analytics that help us improve your experience. We do not use advertising trackers and we never share Protected Health Information with third-party trackers. Privacy policy · Online tracking disclosure