Notice of Privacy Practices

Effective Date: July 20, 2021

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Warby Parker takes the confidentiality of your health information very seriously. We are required by law to provide you with this Notice of Privacy Practices (“Notice”) and follow the terms of this Notice while it is in effect. This Notice is intended to cover Warby Parker Inc., which does business as Warby Parker, as health care provider covered by HIPAA (“Warby Parker”), and its affiliate eye practices as health care providers covered by HIPAA (“We,” “Us,” or “Our”). Although these affiliate eye practices are separate corporations from Warby Parker, We may work together to provide you with Services.

This Notice is a summary of your privacy rights, and your use of Our Services evidences your acceptance of the terms of this Notice. “Services” means any of the services Warby Parker or We offer, including eye exams, refraction testing through our Prescription Check mobile application and/or in-store service (collectively, “Prescription Check”), and the prescribing and dispensing of prescription eyeglasses. Warby Parker also operates the website warbyparker.com, the website myvisiondirectory.com, an e-commerce mobile application, and other related websites and mobile applications that contain links to this Notice. In this Notice, “health information”, “protected health information”, and “PHI” refer to individually identifiable health information that We obtain from you in connection with the Services. Individual information that We receive from you which is not covered by HIPAA is covered by Our Terms of Use and Privacy Policy.

1. Our use and Disclosure of PHI

Generally, We use and disclose your PHI for the normal business activities that fall in the categories of treatment, payment, and healthcare operations, in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Below are a few examples of those activities (but note that not every use or disclosure that falls within each category is included!).

Treatment. Treatment includes providing, coordinating, and managing your care. We keep record of the PHI you provide to us in the course of using the Services. This record may include the results of your eye exam, information We receive in connection with your use of Prescription Check, your prescription information, the prescription products that you purchase, information related to your vision insurance plan, and other information We learn about your health or vision through our provision of the Services. We may disclose this information so that doctors, nurses, other optical dispensers, and other entities like laboratories can meet your healthcare needs.

Payment. Payment includes billing, coverage, and claims activities. We document the Services that you receive when We provide care to you so that you (or, if applicable, your vision insurance plan or another third party) can pay Us for the Services. If applicable, We may share information with your vision insurance plan about upcoming treatment or Services that require prior approval by the plan.

Healthcare Operations. We use PHI to improve the Services and train staff, and for case management, care coordination, business management, quality improvement, performance evaluation, marketing activities permitted under HIPAA, customer service activities, and other internal business purposes.

Consistent with HIPAA, We may also use or disclose your PHI to:

  • Comply with requirements of federal, state, or local laws
  • Assist in public health and safety activities, such as tracking diseases or medical devices
  • Inform authorities in order to protect victims of abuse, neglect, or domestic violence
  • Comply with federal and state health oversight activities, audits, inspections and investigations
  • Respond to law enforcement officials, report crimes or emergencies, or pursuant to judicial or administrative orders, subpoenas, or other lawful process (such as lawsuits or legal actions)
  • Work with coroners, medical examiners, and funeral directors of information necessary for them to fulfill their duties or as authorized by law
  • Facilitate organ, eye, or tissue donation or procurement
  • Conduct research or research-related purposes (following internal review protocols to balance privacy and research needs)
  • Prevent or reduce a serious threat to anyone’s health or safety
  • Assist in specialized government functions, such as national security, intelligence, and protective services
  • Perform military and veteran activities, if you are an armed forces member or veteran
  • Inform a correctional institution or in custodial situations, such as if you are an inmate
  • Serve workers’ compensation purposes, such as to carriers or your employer if you are injured at work, as authorized by and as necessary to comply with relevant laws
  • Tell you about health-related products and services
  • Tell you about alternative treatments, therapies, health care providers, or care settings
  • Conduct case management, care coordination, or related functions
  • Send appointment confirmations and reminders
  • Communicate with individuals, such as friends and family, who are involved in your care or involved in the payment for that care
  • Communicate for notice or disaster relief purposes, included regarding decedents
  • Communicate within Our organization for treatment, payment, or healthcare operations.
  • Communicate with other providers, health plans, or their related entities for their treatment, payment, or healthcare operations activities
  • Provide services to affiliated eye practices to assist them in providing Services to you
  • Provide information to other third parties with whom We do business in order to allow those third parties to provide services to Us or on Our behalf (Don’t worry—in these situations, We require third parties to provide Us with assurances that they will safeguard your PHI.)

Any other uses or disclosures not set forth in this Notice may only be performed with your written permission. Consistent with HIPAA, We will also obtain your written permission (also called an “authorization”) before We use or disclose your PHI for purposes which require an authorization, such as for certain types of marketing or sale of PHI. You may revoke your permission, in writing, at any time. If you do so, We will no longer use or disclose your PHI for the reasons covered by your written permission, but note that We are unable to take back any disclosures We have already made with your permission, and that We are required to retain Our records of the care that We’ve provided to you.

2. Our Responsibilities with Respect to your PHI

We're required by HIPAA to:

  • Maintain the privacy and security of your PHI
  • Provide this Notice setting forth Our legal duties and privacy practices regarding PHI
  • Abide by the terms of the version of this Notice currently in effect
  • Tell you if there has been a security breach that compromises the privacy or security of your PHI

Please note that some states have laws that may require that we apply extra protections to some of your health information.

3. Your HIPAA Rights with Respect to your PHI

You have the following rights with respect to your PHI maintained by Us.

  • Inspect and copy. You have the right to ask to inspect and copy certain portions of your PHI, whether electronic or in paper. We may, in certain limited circumstances, deny your request to inspect or copy your PHI. If We do so, We will inform you of the reason for the denial. We will provide a copy or a summary of your PHI, usually within 30 days of receiving your request. We may charge a reasonable fee.
  • Amend. You have the right to ask Us to amend your PHI if you feel that it is incorrect or incomplete. We may, in certain limited circumstances, deny your request to amend your PHI. If We do so, we will tell you why in writing within 60 days and about your right to submit a statement of disagreement for inclusion in your records.
  • Accounting of disclosures. You have the right to request a list (an accounting) of Our disclosures of your PHI made over the past six years, who We shared your PHI with, and why. This right does not apply to disclosures made for treatment, payment, or healthcare operations; disclosures made to you about your treatment; disclosures made pursuant to an authorization (disclosures you asked Us to make); and certain other disclosures. We’ll provide one accounting a year for free but will charge a reasonable cost-based fee if you ask for another one within 12 months.
  • Restrictions on disclosure. You have the right to request restrictions on how We use or disclose your PHI for treatment, payment or Our operations. We’re not required to comply with such requests, and We may say “no” if it would affect your care. If you pay for a Service or health care item out of pocket in full, you can ask Us not to share that information for the purpose of payment or Our operations with your health insurer. We will say “yes” unless a law requires us to share that information, such as in certain emergency situations.
  • Confidential Communication. You have the right to request that we communicate with you in a specific way, such as at a specific telephone number, or to send mail to a different address. We will say “yes” to all reasonable requests.
  • Paper copy. You have the right to obtain a paper copy of this Notice at any time (even if you’re currently reading it electronically!). We will provide you with a paper copy promptly.
  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your HIPAA rights and make choices about your PHI. We will make sure the person has this authority and can act for you before We take any action.

4. Changes to this Notice

We occasionally review this Notice to make sure it complies with applicable laws and conforms to changes in Our business. We may need to update this Notice, and we reserve the right to do so at any time. If We change the terms of this Notice, the new terms will apply to all PHI that We maintain about you, including PHI that was created or received before such changes were made. We will post the new Notice on Our websites and mobile applications, and will update the “Effective Date” at the top of this page so you can tell if it has changed since your last visit. We will make the new Notice available upon request. Your continued use of the Services constitutes your acceptance of the terms of such revised Notice.

5. Complaints

If you believe that your privacy rights have been violated or that We have not followed Our obligations under HIPAA, you may file a complaint with Us and with the Secretary of Health and Human Services. We will not retaliate against you or penalize you for filing any such complaint.

To file a complaint with us, email [email protected] or write to 233 Spring Street, 6th Floor East, New York City, NY 10013, Attn: Legal Department, or call 888.492.7297.

To file a complaint with the Secretary of Health and Human Services, call 877.696.6775 or write to 200 Independence Avenue S.W., Washington, D.C. 20201, or visit www.hhs.gov/ocr/privacy/hipaa/complaints.

6. Contacting Warby Parker

To exercise any of your rights set forth in this Notice, or for more information about Our privacy practices, email [email protected], write to 233 Spring Street, 6th Floor East, New York City, NY 10013, Attn: Legal Department, or call 888.492.7297 and ask to speak with the Legal Department.