Legal
Effective Date: January 1, 2026 · Last Updated: February 2026
Sorrell MD ("we," "us," or "our") is a telemedicine medical practice operated by Dr. Luke Sorrell, MD. We provide virtual healthcare services including hormone replacement therapy, body composition optimization, gut health optimization, cardiovascular risk assessment, fertility optimization, and root cause analysis to patients nationwide.
This Privacy Policy explains how we collect, use, share, and protect information obtained through our website at sorrell-md.com (the "Site") and in the course of providing our telemedicine services. By using our Site or services, you agree to the practices described in this policy.
Note: This policy governs information collected through our marketing website. For information about how we handle your Protected Health Information (PHI) as a patient, please refer to our Notice of Privacy Practices provided at the time of enrollment, which is governed separately under HIPAA.
We collect information you voluntarily submit through our Site, including:
When you visit our Site, certain information is collected automatically through standard web technologies:
Our Site integrates with third-party services that may collect information subject to their own privacy policies:
We use the information we collect for the following purposes:
We do not sell your personal information or use it for automated decision-making that produces legal or similarly significant effects.
Sorrell MD is a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). When you become a patient, your Protected Health Information (PHI) — including medical history, diagnoses, lab results, treatment plans, and related communications — is governed by HIPAA and our Notice of Privacy Practices (NPP).
Your PHI will only be used or disclosed as permitted under HIPAA: for treatment, payment, and healthcare operations, or with your written authorization. You have rights under HIPAA including the right to access, amend, and request restrictions on your PHI.
Please note that communications sent through our general contact form on this website are not considered a secure clinical channel and should not include sensitive health information. Once you are an established patient, all clinical communications take place through our secure patient portal.
We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:
We engage trusted third-party vendors who assist in operating our Site and services. These parties are contractually obligated to handle your data securely and only for the purposes we specify:
We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Sorrell MD, our patients, or the public.
In the event of a merger, acquisition, or sale of practice assets, patient information would be transferred subject to applicable HIPAA requirements and state medical records laws. You would be notified of any such change.
We may share your information for any other purpose with your explicit prior consent.
Our Site uses cookies and similar technologies to improve your browsing experience and understand Site usage. Cookies are small text files stored on your device by your browser.
You can control and delete cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that disabling certain cookies may affect the functionality of our Site.
Third-party services embedded in our Site (such as Calendly) may set their own cookies, governed by their respective privacy policies.
We take reasonable administrative, technical, and physical measures to protect the information we hold from unauthorized access, alteration, disclosure, or destruction. These measures include:
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you have reason to believe your interaction with us is no longer secure, please contact us immediately at info@sorrell-md.com.
Depending on your location and applicable law, you may have the following rights regarding your personal information:
You may request access to the personal information we hold about you and ask us to correct any inaccuracies.
You may request that we delete your personal information, subject to legal retention requirements and our obligations under HIPAA and applicable state medical records laws.
You may opt out of receiving marketing communications from us at any time by clicking "unsubscribe" in any email we send, or by contacting us directly. Opting out of marketing does not affect communications related to your care.
Our Site does not currently respond to "Do Not Track" signals from browsers, as no uniform standard for such signals exists. You may use browser settings or privacy extensions to limit tracking.
California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at info@sorrell-md.com.
To exercise any of these rights, please contact us using the information in Section 12.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
Medical records and PHI are retained in accordance with applicable federal and state law, which generally requires retention for a minimum of seven (7) years from the date of service, or longer in the case of minor patients.
Non-clinical contact form submissions and marketing data are typically retained for up to two (2) years unless you request earlier deletion.
Our Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take steps to delete such information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this page.
We encourage you to review this policy periodically. Your continued use of our Site or services after any changes constitutes acceptance of the updated policy. For material changes that affect how we handle existing patient information, we will provide notice through appropriate channels.
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your information, please contact us:
We will respond to all privacy-related inquiries within a reasonable time, and to HIPAA-related requests within the timeframes required by law.