Patient login
Provider login
Privacy Policy for Miiskin
Home / HIPAA information statement

HIPAA Information Statement

Miiskin acts as a Business Associate to HIPAA Covered Entities. This information statement describes handling of Protected Health Information (“PHI”) by Miiskin in that role. It is not a HIPAA Notice of Privacy Practices and does not replace the Notice of Privacy Practices provided by your health care provider or other Covered Entity. Your Covered Entity’s Notice of Privacy Practices explains how your PHI may be used and disclosed and how you may exercise your HIPAA rights.

Miiskin Group ApS (“Miiskin”) creates, receives, maintains, transmits, uses, and discloses PHI as a HIPAA Business Associate in accordance with the Health Insurance Portability and Accountability Act (HIPAA), as amended, including the Health Information Technology for Economic and Clinical Health (HITECH) Act (collectively, “HIPAA/HITECH”). This is done with or on behalf of the HIPAA Covered Entity with whom you have a relationship for health care services, and in order to perform functions or services for that Covered Entity.

1. Important Definitions

●      Business Associate: An entity that performs functions or activities on behalf of a Covered Entity when those services involve access to, or the use or disclosure of, Protected Health Information. For purposes of this statement, Miiskin is the Business Associate.

●      Business Associate Agreement (BAA): A formal written contract between a Business Associate and a Covered Entity that requires the Business Associate to comply with specific requirements related to PHI.

●      Covered Entity: A health plan, healthcare provider, or healthcare clearinghouse subject to HIPAA. For purposes of this statement, the “Covered Entity” is the U.S. health care provider, health plan, or other HIPAA-regulated entity that has entered into a Business Associate Agreement with Miiskin and on whose behalf Miiskin creates, receives, maintains, transmits, uses, or discloses PHI.

●      Protected Health Information (PHI): Identifiable health information about you (such as your name, social security number, or address) that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care.

2. Uses and Disclosures of PHI

Miiskin will use or disclose PHI on behalf of, or to provide services to, Covered Entities only to the extent permitted or required by the applicable Business Associate Agreement, HIPAA/HITECH, applicable law, and, where applicable, the Covered Entity’s instructions.

Miiskin may use PHI only to the extent such use is permitted or required by the applicable Business Associate Agreement, HIPAA/HITECH, applicable law, and, where applicable, the Covered Entity’s instructions. Miiskin may create or use de-identified information derived from PHI only where permitted by the applicable Business Associate Agreement, HIPAA, and applicable data protection law.

Where required by HIPAA, Miiskin makes reasonable efforts to limit PHI used, disclosed, or requested to the minimum necessary to accomplish the intended purpose.

Miiskin may disclose PHI in response to legal process, law enforcement requests, or other legal requirements only as permitted or required by HIPAA, the applicable Business Associate Agreement, Covered Entity instructions, and applicable law.

Miiskin may disclose PHI to downstream subcontractors or agents that provide supporting services to Miiskin. Miiskin will require such subcontractors and agents to agree to substantially the same restrictions, conditions, and safeguard requirements that apply to Miiskin under the applicable Business Associate Agreement. Other uses and disclosures not described in this statement will be made only with written authorization or as otherwise permitted or required by the applicable Business Associate Agreement, HIPAA/HITECH, and applicable law.

3. Your Rights and Requests related to HIPAA

Your HIPAA rights are generally exercised through your Covered Entity. As a Business Associate, Miiskin supports the Covered Entity in responding to such requests as required by HIPAA/HITECH and the applicable Business Associate Agreement. For EU residents, HIPAA-related rights described below are separate from, and may be in addition to, rights available under the GDPR:

●      Right to Access: Through your Covered Entity, you may have the right to access and obtain a copy of PHI maintained by or on behalf of the Covered Entity, with certain limited exceptions.

●      Right to Request Restrictions: Through your Covered Entity, you may have the right to request restrictions on certain uses or disclosures of your PHI, with certain limited exceptions.

●      Right to Request Confidential Communications: Through your Covered Entity, you may have the right to request that communications about your PHI be made in a certain way or at a certain location.

●      Right to Request Amendment: Through your Covered Entity, you may have the right to request amendment of your PHI if you believe it is incorrect or incomplete, with certain limited exceptions.

●      Right to an Accounting of Disclosures: Through your Covered Entity, you may have the right to request an accounting of certain disclosures of your PHI. Right to File a Complaint: You may file a complaint with the applicable Covered Entity, with Miiskin, or with the Secretary of the U.S. Department of Health and Human Services if you believe your HIPAA rights have been violated. Miiskin will not retaliate against any person for filing a complaint, participating in an investigation, or opposing an act or practice believed to be unlawful under HIPAA.

Miiskin will make available to Covered Entities information necessary for the Covered Entity to give individuals the ability to exercise their rights in accordance with HIPAA/HITECH regulations. Miiskin may respond directly to an individual request only where permitted or required by the applicable Business Associate Agreement, HIPAA/HITECH, or the Covered Entity’s instructions.

Patients who wish to exercise HIPAA rights concerning PHI maintained through Miiskin on behalf of a provider should contact their provider or other applicable Covered Entity. Patients may also contact Miiskin using the contact information below, and Miiskin will route or support the request as appropriate.

Upon request, Miiskin will make our internal practices, books, and records, including policies and procedures relating to the use and disclosure of PHI received from, or created or received by the Business Associate on behalf of a Covered Entity, available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BAA and HIPAA/HITECH regulations.

4. Our Responsibilities

As a Business Associate, Miiskin has a number of privacy responsibilities, including:

●      Entering into written Business Associate Agreements with Covered Entities that require Miiskin to maintain the privacy of PHI, limit uses and disclosures of PHI to those authorized by the Covered Entity, and assist Covered Entities in responding to requests concerning PHI;

●      Making PHI available for amendment, and incorporating amendments to PHI, as required by the applicable Business Associate Agreement and HIPAA/HITECH;

●      Making certain information about disclosures available to a Covered Entity in order for the Covered Entity to fulfil its obligations to individuals and to provide accountings of such disclosures;

●      Entering into written agreements with subcontractors that create, receive, maintain, or transmit PHI on Miiskin’s behalf and requiring such subcontractors to comply with applicable Business Associate requirements;

●      Complying with HIPAA Privacy Rule provisions applicable to Business Associates, including rules governing permitted uses and disclosures of PHI and support for individual rights concerning PHI;

●      Performing a Security Rule risk analysis;

●      Implementing Security Rule safeguards;

●      Limiting uses, disclosures, and requests for PHI to the minimum necessary where required by HIPAA;

●      Training personnel on the HIPAA Rules and sound compliance practices;

●      Investigating and responding to suspected security incidents, impermissible uses or disclosures, and breaches in accordance with HIPAA/HITECH, the applicable Business Associate Agreement, and Miiskin’s incident response procedures;

●      Timely reporting security incidents and breaches to the Covered Entity or other appropriate party as required by HIPAA/HITECH, the applicable Business Associate Agreement, and applicable law;

●      Returning or destroying PHI at termination of the applicable agreement where feasible, or continuing to protect PHI if return or destruction is infeasible, as required by the applicable Business Associate Agreement; and

●      Maintaining all required documentation.

5. Mitigation of Harm

If Miiskin becomes aware of a use or disclosure of PHI not permitted by the applicable Business Associate Agreement or HIPAA/HITECH, Miiskin will mitigate, to the extent practicable, any known harmful effect and will report the incident to the Covered Entity or other appropriate party as required by HIPAA/HITECH and the applicable Business Associate Agreement. Such mitigation will include the following:

●      Reporting any use or disclosure of PHI not provided for by the applicable Business Associate Agreement, and any security incident of which Miiskin becomes aware, to the Covered Entity or other appropriate party as required by HIPAA/HITECH and the applicable Business Associate Agreement;

●      Documenting such disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request for an accounting of disclosures of PHI in accordance with HIPAA/HITECH. Providing information reasonably available to Miiskin that the Covered Entity needs to assess and, where required, notify affected individuals or regulators of a breach.

6. Status

Last updated: April 26 – 2026.

Privacy contact: [email protected]

Miiskin is an online dermatology consultations platform that connects patients with independent dermatologists.

All consultations are provided by independent online dermatologists on a cash-pay-only basis. Miiskin does not practice medicine or pharmacy. Prescriptions, if medically appropriate, are sent to third-party pharmacies, which are paid directly for any medication. Medication images on the website are for illustrative purposes only and images of people are not actual patients. Medical information on miiskin.com is for informational purposes and not medical advice. Consult a healthcare provider for any concerns.

Verify Approval for Miiskin.com HIPAA Compliance Verification - Miiskin.com


Terms of Service · Privacy Information · Cookie Information · HIPAA · GDPR · Miiskin © 2026