Opening Summer 2026 on University Ave in Madison.

Qual-i-tee Pharmacy HIPAA Notice of Privacy Practices

Last updated: February 1, 2026

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

In connection with your use of Qual-i-tee Pharmacy’s healthcare services, website, mobile application, products, and other technology platforms (collectively, the “Services”), we may collect your health information and other identifiable information. Individually identifiable health information is known as “protected health information” or “PHI”. Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Qual-i-tee Pharmacy is required to provide you with this Notice of Privacy Practices (this “Notice”) that describes how we may use and share your PHI for treatment, payment, or other purposes; how you can access your PHI that we collect; and a description of your HIPAA rights and how to exercise them. Please review this Notice carefully.

Note that when we say “us“, “we”, “our”, or “Qual-i-tee ” in this Notice, we mean Madison Pharmacy and Apothecary, LLC dba as Qual-i-tee Pharmacy, a covered entity.

1. Purpose

To ensure compliance with the federal Health Insurance Portability and Accountability Act (HIPAA) and relevant Wisconsin state laws governing health information confidentiality and access in order to protect the privacy, security, and rights of patients’ Protected Health Information (PHI) and health records.

2. Scope

This policy applies to:

  • All workforce members (employees, contractors, volunteers)
  • All PHI in any format (electronic, paper, oral)
  • All systems and processes creating, receiving, using, maintaining or disclosing PHI

3. Compliance Authorities

This policy is based on:

  • HIPAA Privacy and Security Rules (federal standards)
  • Wisconsin Statutes Chapter 146: Confidentiality of patient health care records and access rights under state law (more protective than HIPAA).
  • Wisconsin data breach notification statutes (Wis. Stat. §134.98) requiring prompt notice of unauthorized acquisition of personal information (including certain health data).
  • Any other applicable Wisconsin administrative rules, professional standards, and legal obligations.

4. Definitions

PHI (Protected Health Information): Individually identifiable health information created or received by Qual-i-tee that relates to an individual’s health condition, treatment or payment for health care.

State Health Care Records: Under Wisconsin law, patient health care records are confidential and may only be released as permitted by statute, patient consent, or by law.

Minimum Necessary: Limiting access, use, and disclosure of PHI to the least amount necessary to accomplish the intended purpose.

5. State-Aligned Privacy Standards

5.1 Confidentiality of Records

Under Wisconsin law, patient health care records are confidential and generally must not be released unless:

  • Permitted by HIPAA;
  • The patient authorizes the release;
  • A statutory exception applies;
  • A court or legal order permits release.

This state standard applies in addition to HIPAA’s protections and generally controls when it is more restrictive.

6. Uses & Disclosures

6.1 Permitted Without Patient Authorization

  • Treatment, payment, and health care operations consistent with HIPAA.
  • Required public health reporting.
  • Mandatory state reporting (e.g., certain communicable diseases, abuse/neglect per Wisconsin law).

6.2 Authorization Requirements

Written authorization is required when using/disclosing PHI not permitted by HIPAA or state law. Under Wisconsin law, patient consent is required to release health information to family, friends, and advocates unless an emergency exception applies.

7. Patient Rights (Federal + Wisconsin)

Patients have the right to:

  • Inspect and obtain copies of their medical and billing records.
    • Wisconsin statute requires providing access upon request, and details how fees may (or may not) be charged.
  • Request corrections (amendments).
  • Request restrictions on uses and disclosures.
  • Receive an accounting of disclosures.

Note: Under Wisconsin law, informed consent may be necessary before discussing health information with a designated representative, including family or advocates.

8. State Breach Notification Compliance

In addition to HIPAA’s breach notification obligations, Wisconsin’s general breach statute requires notification to affected individuals within a reasonable time, not to exceed 45 days, when personal information is acquired without authorization.

If more than 1,000 residents are affected, notice to statewide consumer reporting agencies may be required.

9. Safeguards

9.1 Administrative

  • HIPAA and Wisconsin law training at hire and annually
  • Role-based access
  • Clear policy dissemination

9.2 Technical

  • Strong access controls, encryption, secure messaging

9.3 Physical

  • Secure storage of paper records
  • Controlled access to facilities

10. Business Associates

All vendors accessing PHI must sign a Business Associate Agreement consistent with HIPAA. If state law imposes additional restrictions, they must also be honored contractually.

11. Sanctions & Enforcement

Violations of this policy, whether under HIPAA or Wisconsin law, may result in disciplinary action, up to termination, and possible civil or criminal penalties.

12. Review & Update

This policy will be reviewed at least annually or when new federal or Wisconsin law changes occur.