Remful is a physician-directed at-home sleep apnea testing service. We facilitate the ordering, fulfillment, and interpretation of home sleep tests (HSTs) under the supervision of board-certified sleep physicians. As a healthcare services company, we are a HIPAA Covered Entity and are required to maintain the privacy and security of your Protected Health Information (PHI).

Protected Health Information (PHI):

• Full name, date of birth, and contact information
• Sleep assessment responses (STOP-BANG questionnaire, Epworth Sleepiness Scale)
• Body measurements (height, weight, BMI)
• Medical history relevant to sleep disorders
• Home sleep test results and AHI (Apnea-Hypopnea Index) scores
• Physician orders, clinical notes, and diagnosis information

Non-PHI Information:

• Account credentials (username, hashed password)
• IP address and browser/device information for security purposes
• Website usage and navigation data
• Payment information (processed securely; we do not store full card numbers)

We use and disclose your PHI for the following purposes:

• Treatment: Sharing your assessment results and test data with the ordering physician and interpreting sleep specialist to provide diagnosis and treatment recommendations.
• Payment: Processing your self-pay transaction and providing billing records.
• Healthcare Operations: Quality assurance, staff training, and ensuring clinical accuracy of our platform.
• Shipping & Fulfillment: Sharing your name and address with our fulfillment partner solely to ship and retrieve your test kit. Our shipping partners are bound by Business Associate Agreements.
• Legal Compliance: Responding to lawful requests by public authorities, including national security or law enforcement requirements.

Remful will never sell, rent, or trade your personal health information to third parties for marketing purposes. We do not use your PHI for advertising or commercial data enrichment.

You have the following rights regarding your health information:

• Right to Access: You may request a copy of your PHI held by us. We will respond within 30 days.
• Right to Amend: If you believe your records are incorrect or incomplete, you may request an amendment.
• Right to an Accounting: You may request a list of disclosures we have made of your PHI.
• Right to Restrict Use: You may request restrictions on certain uses or disclosures of your PHI.
• Right to Confidential Communications: You may request that we contact you only in certain ways or at certain locations.
• Right to a Paper Copy: You may request a paper copy of this Notice at any time.

To exercise any of these rights, contact our Privacy Officer at privacy@remful.com.

We implement administrative, physical, and technical safeguards to protect your PHI as required by the HIPAA Security Rule. This includes encrypted data storage and transmission (TLS/SSL), access controls and audit logging, session-based authentication, and regular security reviews. All staff with access to PHI receive HIPAA training.

We retain your medical records for a minimum of 7 years from the date of service, or longer if required by state law. Audit logs are retained indefinitely for compliance purposes. You may request deletion of non-PHI account data; however, we are legally required to retain medical records for the prescribed retention period.

Our website uses session cookies strictly for authentication and security. We do not use third-party tracking cookies, advertising pixels, or behavioral analytics tools that could expose your health-related browsing activity.

We reserve the right to update this Notice at any time. Changes will be posted on this page with an updated effective date. If changes are material, we will notify registered users by email.

For privacy questions, concerns, or to file a complaint, contact us at: