Privacy policy.

Effective Date: October 24, 2025
Last Updated: October 24, 2025

This Privacy Policy explains how Orion Medical Solutions (“Orion,” “we,” “us,” or “our”) collects, uses, protects, and discloses personal and health-related information when you visit our website www.omssupplies.com, place an order, or otherwise interact with us.

We are committed to protecting your information in compliance with all applicable laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Georgia Personal Identity Protection Act (O.C.G.A. § 10-1-910 et seq.).

1. Scope

This Privacy Policy applies to all data collected from:

  • Visitors to our website and online store

  • Customers, healthcare professionals, and business clients

  • Communications via email, phone, or contact forms

If you provide or transmit any Protected Health Information (PHI) in connection with healthcare product orders or clinical support, that information is handled under HIPAA and applicable Georgia health privacy regulations.

2. Information We Collect

a) Personal and Business Information

We may collect:

  • Name, title, company, and professional credentials

  • Contact details (email, phone, address)

  • Billing and shipping information

  • Payment information (processed securely via third-party providers)

  • Account login details (if you register an account)

  • Communications or inquiries submitted to us

b) Protected Health Information (PHI)

If you are a healthcare provider, facility, or organization submitting patient-related information for product fulfillment, Orion may receive PHI such as:

  • Patient identifiers (names, dates, prescription or order references)

  • Clinical data necessary to process or support a medical device order

All PHI is handled in strict accordance with HIPAA and Georgia state privacy laws.

c) Automatically Collected Data

When you visit our site, we may collect:

  • IP address, browser type, device type

  • Pages visited, time on site, and referring URLs

  • Cookies and analytics data (see Section 6)

This data is used only for analytics and site functionality — not to identify individuals.

3. How We Use Your Information

We may use collected information for the following lawful purposes:

  • Fulfillment of orders and product delivery

  • Customer support and service improvement

  • Verification of healthcare licenses or credentials

  • Payment processing and recordkeeping

  • Regulatory compliance (FDA, HIPAA, OSHA, state boards)

  • Internal analytics to enhance our services

  • Optional marketing communications, if you consent

We do not sell or trade your personal or health information.

4. HIPAA & Georgia Law Compliance

Orion Medical Solutions maintains full compliance with HIPAA and Georgia privacy statutes.
Our safeguards include:

  • Encryption of all transmitted data (SSL/TLS)

  • Secure, access-controlled storage of PHI and personal data

  • HIPAA-compliant cloud and data hosting providers

  • Business Associate Agreements (BAAs) with third-party vendors who handle PHI

  • Employee training on HIPAA and Georgia medical privacy laws

  • Secure data disposal and breach-response procedures

If a data breach occurs that compromises your personal information, we will promptly notify you in accordance with Georgia’s Personal Identity Protection Act (O.C.G.A. § 10-1-912).

5. Information Sharing

We only share information when necessary and lawful:

  • With healthcare providers, business associates, or vendors essential to fulfilling orders

  • With shipping and logistics partners (limited to name and address data)

  • With payment processors, IT, or compliance vendors who meet HIPAA and Georgia data-security standards

  • When required by law, subpoena, or government regulation

  • In the event of a business merger or transfer, with appropriate confidentiality safeguards

We do not share or disclose PHI or personal data for unrelated third-party marketing.

6. Cookies and Analytics

We use cookies and similar tools to:

  • Maintain shopping carts and login sessions

  • Analyze site performance and usage trends

  • Remember user preferences

You can control cookie settings through your browser. We do not use cookies to track medical or PHI data.

7. Data Retention

We retain records only as long as necessary to:

  • Complete orders and transactions

  • Meet HIPAA, FDA, and Georgia record-keeping laws

  • Comply with business and tax requirements

Once no longer needed, data is securely deleted or anonymized per HIPAA disposal standards (45 C.F.R. § 164.530).

8. Your Rights (HIPAA + Georgia)

You have the right to:

  • Access and receive a copy of your personal or PHI data

  • Request corrections to inaccurate or incomplete information

  • Request deletion or restriction of use (as allowed by law)

  • Opt out of marketing communications

  • Receive a list of certain disclosures of PHI

  • File a complaint if you believe your rights have been violated

To make a request, email privacy@omssupplies.com or write to us at the address below.
We will verify your identity before processing requests.

You may also file complaints directly with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights or the Georgia Attorney General’s Consumer Protection Division.

9. Data Security

We implement layered security measures including:

  • Encryption at rest and in transit

  • Firewalls and intrusion detection systems

  • Access logging and audit controls

  • Multi-factor authentication for internal systems

  • Periodic security audits and penetration testing

While we take extensive precautions, no system is completely invulnerable.
You are responsible for protecting your account credentials and passwords.

10. Children’s Privacy

Our website and products are intended for adults and professionals.
We do not knowingly collect data from individuals under 16 years of age.
If a parent or guardian becomes aware that a child’s data has been provided, please contact us immediately for deletion.

11. Updates to This Policy

We may update this Privacy Policy from time to time.
When we do, we will revise the “Effective Date” above and post the updated version on this page.
If material changes occur, we will notify affected users as required by law.

12. Contact Information

For privacy questions, HIPAA inquiries, or to exercise your rights, please contact:

Orion Medical Solutions
Email: info@omssupplies.com

Additional Notice for Georgia Residents

Under Georgia law, you have the right to:

  • Receive notification in the event of a data breach involving your personal information

  • Request clarification about how your personal data is stored and protected

  • Expect reasonable data-security measures consistent with industry standards

Orion complies fully with the Georgia Personal Identity Protection Act and related consumer protection laws.