MyRxWallet was designed from day one around a single, non-negotiable principle: your health data belongs to you — not your insurance company, not your hospital, not MyRxWallet. We are a conduit that enables you to access, share, protect, and monetize your own health information on your own terms.
This document summarizes your rights under the HIPAA Privacy Rule (45 CFR Part 164), the 21st Century Cures Act, ONC Information Blocking Rules (45 CFR Part 171), and MyRxWallet's own Patient Data Ownership Policy. These rights are not abstract — every one of them can be exercised directly in your Patient Portal.
You have the right to inspect and receive a copy of your PHI in our designated record set. This includes your medical history, lab results, prescriptions, imaging reports, clinical notes, and all other health information we maintain about you.
Timeline: We must respond within 30 days. One 30-day extension is permitted with written notice.
Format: You may request records in electronic format (FHIR R4 JSON, PDF, CSV) at no charge for the first copy.
If you believe your PHI is incorrect or incomplete, you may request that we amend the record. You must provide the reason for the requested amendment in writing.
Timeline: We will respond within 60 days. If we deny your request, you have the right to submit a statement of disagreement and request that it accompany future disclosures.
We may deny an amendment request if: the information was not created by us; the record is accurate and complete; the information would not be available for inspection; or it is not part of the designated record set.
You may request restrictions on how we use or disclose your PHI for Treatment, Payment, and Healthcare Operations purposes. While we are not required to agree to all restriction requests, we must agree to restrict disclosure to a health plan for services you paid for entirely out-of-pocket.
Once we agree to a restriction, we are bound by it except in emergency situations requiring treatment.
You have the right to a full accounting of disclosures of your PHI made for purposes other than Treatment, Payment, and Healthcare Operations, for the previous 6 years. This accounting must include the date, recipient, purpose, and description of each disclosure.
MyRxWallet's blockchain audit trail provides a real-time, tamper-proof accounting of every data access event anchored to our Hyperledger Fabric ledger.
Under the 21st Century Cures Act and ONC HTI-1 Final Rule, you have the right to electronically access your complete health records in a standardized format. MyRxWallet supports full FHIR R4 export covering all USCDI data elements.
You may also authorize any SMART on FHIR-compatible third-party application to access your health records directly from our FHIR API. Revoke application access at any time from Consents.
FHIR Endpoint: https://ehr.myrxwallet.io/fhir/r4
MyRxWallet does not engage in information blocking as defined at 45 CFR Part 171. If you believe we have blocked your access to your information, you may report it to the ONC at info-blocking@hhs.gov.
You may request that we communicate with you about health matters only through certain channels or at a specific location (e.g., "only contact me by email," "only use this phone number," "do not send mail to my home address"). We will accommodate reasonable requests without requiring an explanation.
You may revoke any authorization you have provided — including access granted to providers, third-party applications, payer data connections, or data sharing agreements — at any time, in writing or electronically. Revocation takes effect immediately except to the extent action has already been taken in reliance on the authorization.
Revocation is recorded on the blockchain audit trail with a timestamp and is legally effective. The provider or application will be immediately unable to access new data; previously accessed data may remain with them per their own policies.
If you believe your privacy rights have been violated, you have the right to file a complaint with MyRxWallet or directly with the HHS Office for Civil Rights (OCR). We will never retaliate against you for filing a complaint in good faith.
With MyRxWallet: Email info@myrxwallet.io or use the Help → Feedback form in the Patient Portal.
With HHS OCR: ocrportal.hhs.gov or 1-800-368-1019 (TDD: 1-800-537-7697).
Information Blocking Complaints: info-blocking@hhs.gov (ONC) or healthit.gov/topic/informationblocking.
You have the right to exercise any of the rights described in this document without being subjected to retaliation, discrimination, or any adverse action in your healthcare or access to Platform services. MyRxWallet complies with all applicable anti-discrimination laws including Section 1557 of the Affordable Care Act, which prohibits discrimination on the basis of race, color, national origin, sex, age, or disability in health programs.
Under the 21st Century Cures Act, you have the right to access your electronic health information (EHI) without interference. Healthcare providers, EHR developers, and health information networks are prohibited from engaging in "information blocking" — practices that interfere with the access, exchange, or use of EHI.
MyRxWallet is committed to full compliance with ONC's Information Blocking Rules. Our FHIR R4 API is publicly accessible for all USCDI data elements. We do not charge excessive fees, impose unreasonable restrictions, or delay access to your data.
If any provider using MyRxWallet engages in information blocking against you, you may report it to ONC at healthit.gov/topic/informationblocking.
MyRxWallet operates a blockchain-anchored consent management system that gives you granular, auditable control over who can access your health data and for what purpose.
| Consent Type | Required For | How to Grant/Revoke | On-Chain? |
|---|---|---|---|
| Treatment Authorization | Provider access to your records | Patient Portal → Consents | Yes |
| Third-Party App Access (SMART) | FHIR app authorization | OAuth2 consent screen + Portal → Apps | Yes |
| Payer Data Connection | CMS Blue Button, BCBS, etc. | Patient Portal → Consents → Payer Connections | Yes |
| Research Authorization | PHI use for research (IRB required) | Separate written authorization required | Yes |
| Data Royalty Participation | Optional data monetization program | MyRx-Royalty section → Opt-In required | Yes |
| 42 CFR Part 2 Consent | Any SUD record disclosure | Separate patient-specific consent (stricter than HIPAA) | Yes |
| Marketing Authorization | Any marketing use of your PHI | Separate written authorization required (we will not solicit) | Yes |
All consent events — grants, modifications, and revocations — are recorded as immutable SHA-256 hashes on the Hyperledger Fabric blockchain. You can view your complete consent history in the Blockchain tab of your Patient Portal at any time.
Certain categories of health information receive enhanced legal protections beyond standard HIPAA. MyRxWallet implements these protections automatically:
Every consent event on MyRxWallet is anchored to our Hyperledger Fabric 2.5 blockchain as a SHA-256 cryptographic hash. This creates an immutable, timestamped, independently verifiable record of every grant, revocation, data access, and disclosure — something no traditional EHR system provides.
What is stored on-chain (as SHA-256 hash only — no PHI):
You can view your complete blockchain audit trail at any time in the Patient Portal → Blockchain tab. The audit trail can be exported in CSV or JSON format for personal records or legal purposes.
| Action | How | Timeline |
|---|---|---|
| Access your records | Patient Portal → Medical Records → Download | Immediate (digital) / 30 days (formal) |
| Request record amendment | Patient Portal → Profile → Request Amendment | 60 days response |
| Revoke provider access | Patient Portal → Consents → Revoke | Immediate |
| Revoke app access | Patient Portal → Settings → Authorized Apps → Revoke | Immediate |
| Request restrictions | Patient Portal → Consents → Add Restriction | 10 business days |
| Request accounting | Patient Portal → Blockchain tab (real-time) or written request | Immediate / 60 days formal |
| Export FHIR data | Patient Portal → Medical Records → Export FHIR R4 | Immediate |
| Request account deletion | Email info@myrxwallet.io with subject: DELETE MY ACCOUNT | 30 days |
| File a privacy complaint | Patient Portal → Help → Feedback / Email info@myrxwallet.io | 10 days acknowledgment |
| Report information blocking | info-blocking@hhs.gov or healthit.gov/topic/informationblocking | ONC jurisdiction |
For any questions, concerns, or formal requests regarding your patient rights: