Skip to main content

Notice of Privacy Practices

Effective Date: October 13, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Warby Parker takes the confidentiality of your health information very seriously. We are required by law to provide you with this Notice of Privacy Practices (“Notice”) and follow the terms of this Notice while it is in effect. This Notice is provided to you pursuant to the Health Insurance Portability and Accountability Act and its implementing regulations (collectively, “HIPAA”) and is intended to cover how Warby Parker Inc., which does business as Warby Parker, as health care provider covered by HIPAA (“Warby Parker”), and its affiliate eye practices as health care providers covered by HIPAA (“We,” “Us,” or “Our”) use and disclose your health information subject to HIPAA (“PHI”). For information about our collection, use, and disclosure of personal information other than PHI, please click this Privacy Policy Notice link.

Our Use and Disclosure of Your PHI Without an Authorization

The following categories describe different ways that We use and disclosure your PHI. For each category of uses or disclosures, We will explain what We mean and try to give a few examples of those activities (but note that not every use or disclosure that falls within each category is included!).

Treatment. Treatment includes providing, coordinating, and managing your care. We may use and disclose your PHI to provide, coordinate, and manage your treatment or other related services. For example, We may disclose your prescription information to treating providers like doctors, nurses, other optical dispensers, and other entities like laboratories so these providers can meet your healthcare needs.

Payment. Payment includes billing, coverage, and claims activities. We may use and disclose your PHI as needed to bill or obtain payment for the treatment and services We provide. For example, We may share information with your vision insurance plan about upcoming treatment or services that require prior approval by the plan.

Healthcare Operations. We may use or disclose your PHI in order to carry out Our general business activities or certain business activities. These activities include, but are not limited to improving the services and training staff, and for case management, care coordination, business management, quality improvement, performance evaluation, customer service activities, and other business planning purposes. For example, We may use your PHI to evaluate the quality of care We are providing.

Consistent with HIPAA, We may also use or disclose your PHI to:

  • Comply with requirements of federal, state, or local laws
  • Assist in public health and safety activities, such as tracking diseases or medical devices
  • Inform authorities in order to protect victims of abuse, neglect, or domestic violence
  • Comply with federal and state health oversight activities, audits, inspections and investigations
  • To law enforcement officials in limited circumstances (i.e., if the official requests it or to report criminal conduct). Generally, this would have to be in connection with a criminal investigation, court order, warrant or legally authorized national security activity
  • For lawsuits and disputes if ordered by a court, tribunal, subpoena or other lawful process. We only do this after unsuccessful efforts to notify you of the request or obtain an order protecting the information requested
  • Work with coroners, medical examiners, and funeral directors of information necessary for them to fulfill their duties or as authorized by law
  • Facilitate organ, eye, or tissue donation or procurement
  • Conduct certain research or research-related purposes (following internal review protocols to balance privacy and research needs)
  • Prevent or reduce a serious threat to anyone’s health or safety
  • Assist in specialized government functions, such as national security, intelligence, and protective services
  • Military: Perform military and veteran activities, if you are an armed forces member or veteran
  • Correctional Institutions: If you are or become an inmate of a correctional institution or are in the custody of a law enforcement official, We may disclose to the institution or law enforcement official information necessary for the provision of health services to you, your health and safety, the health and safety of other individuals and law enforcement on the premises of the institution and the administration and maintenance of the safety, security and good order of the institution
  • Serve workers’ compensation purposes, such as to carriers or your employer if you are injured at work, as authorized by and as necessary to comply with relevant laws
  • Communicate with individuals, such as friends and family, who are involved in your care or involved in the payment for that care
  • Communicate for notice or disaster relief purposes, included regarding decedents
  • Third parties with whom We contract to provide services on Our behalf. (Don’t worry—in these situations, We require third parties to provide Us with assurances that they will safeguard your PHI.)

Marketing

“Marketing” means to make a communication to you that encourages you to purchase or use a product or service. We will not use or disclose your health information for marketing communications without your prior written authorization, except

  • when permitted by HIPAA.
  • to provide you with information regarding products or services that we offer related to your health care needs if We are not paid or otherwise receive compensation for such communications.

Other Uses and Disclosures

If We seek to use or disclose your PHI for any purpose not set forth in this Notice, We will seek your written permission (also called an “authorization”) You may revoke your permission, in writing, at any time. If you do so, We will no longer use or disclose your PHI for the reasons covered by your written permission, but note that We are unable to take back any disclosures We have already made with your permission. Note that there is a potential that information disclosed to third parties may no longer be protected by HIPAA, and those third parties could re-disclose your information.

Our Responsibilities with Respect to Your PHI

We’re required by HIPAA to:

  • Maintain the privacy and security of your PHI as required by law
  • Provide you with this Notice setting forth Our legal duties and privacy practices regarding your PHI
  • Abide by the terms of the version of this Notice currently in effect
  • Tell you if there has been a breach that compromises the privacy or security of your PHI

Please note that some states have laws that are stricter than HIPAA regarding your health information. If a state law applies to Us and is stricter or places limits on the ways We can use or share your PHI, We will follow the state law. We will not use or disclose your PHI if state law prohibits it.

We will not use or disclose the records We receive subject to 42 C.F.R. Part 2, or testimony relaying the content of such records, in civil, criminal, administrative, or legislative proceedings against you unless We have your written consent or a court order, after notice and an opportunity to be heard in court is provided to you. Any court order We receive for a use or disclosure of these records must be accompanied by a subpoena or other legal obligation before We may use or disclose the record.

Your HIPAA Rights with Respect to Your PHI

You have the following rights with respect to your PHI maintained by Us.

  • Inspect and copy. You have the right to ask to inspect and copy certain portions of your PHI, whether electronic or in paper. We may, in certain limited circumstances, deny your request to inspect or copy your PHI. If We do so, We will inform you of the reason for the denial. If you request a copy of your PHI, We may charge a reasonable fee.
  • Amend. You have the right to ask Us to amend your PHI if you feel that it is incorrect or incomplete. We may deny your request. If We deny your request, We will tell you why in writing and about your right to submit a statement of disagreement for inclusion in your records.
  • Accounting of disclosures. You have the right to request a list (an accounting) of certain disclosures of your PHI We have made over the past six years. We’ll provide one accounting a year for free but will charge a reasonable cost-based fee if you ask for another one within 12 months.
  • Restrictions on certain uses and disclosures. You have the right to request restrictions on how We use or disclose your PHI for treatment, payment or Our operations. While We will consider your request, We are only required to agree to restrict a disclosure to your health plan for purposes of payment or healthcare operations (but not for treatment) if the information applies solely to a healthcare item or service for which We have been paid out of pocket in full. If We agree to a restriction, We will not use or disclose your medical information in violation of that restriction unless it is needed to provide emergency treatment.
  • Confidential Communication. You have the right to request that We communicate with you in a specific way or at a certain location. For example, request that We only contact you at a specific telephone number, or to send mail to a different address. We will say “yes” to all reasonable requests.
  • Paper copy. You have the right to obtain a paper copy of this Notice at any time (even if you’re currently reading it electronically!). We will provide you with a paper copy promptly.
  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your HIPAA rights and make choices about your PHI. We will make sure the person has this authority and can act for you before We take any action.

Changes to this Notice

We may need to update this Notice, and We reserve the right to do so at any time. If We change the terms of this Notice, the new terms will apply to all PHI that We maintain about you, including PHI that was created or received before such changes were made. We will post the new Notice on Our websites and mobile applications, and will update the “Effective Date” at the top of this page so you can tell if it has changed since your last visit. We will make the new Notice available upon request.

Complaints

If you believe that your privacy rights have been violated or that We have not followed Our obligations under HIPAA, you may file a complaint with Us or with the Secretary of Health and Human Services. We will not retaliate against you or penalize you for filing any such complaint.

To file a HIPAA complaint with us, email [email protected] or write to 233 Spring Street, 6th Floor East, New York City, NY 10013, Attn: Legal Department.

To file a complaint with the Secretary of Health and Human Services, call 877.696.6775 or write to 200 Independence Avenue S.W., Washington, D.C. 20201, or visit www.hhs.gov/o cr/privacy/hipaa/complaints.

Contacting Warby Parker

To exercise any of your rights set forth in this Notice, or for more information about Our privacy practices, email [email protected], write to 233 Spring Street, 6th Floor East, New York City, NY 10013, Attn: Legal Department, or call 888.492.7297 and ask to speak with the Legal Department.

;