Rx
MyRxWallet
Patient Authorization & Informed Consent
HIPAA-Compliant Written Authorization · 45 CFR §§ 164.506, 164.508, 164.520
This document constitutes a legally binding agreement under federal and state law.
Read every section carefully. Each checkbox requires your individual, knowing, and voluntary authorization.
HIPAA / HITECH Compliant DOJ / FBI / DEA Visible FDA 21 CFR Part 11 FHIR R4 / US Core 6.1
⚖️
REGULATORY TRANSPARENCY NOTICE: This consent form is intentionally designed to be read and reviewed by the U.S. Department of Justice (DOJ), Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), Food & Drug Administration (FDA), Office for Civil Rights (OCR/HHS), Federal Trade Commission (FTC), state attorneys general, private legal counsel, compliance auditors, and any other enforcement or oversight authority. MyRxWallet North America Corporation operates as a HIPAA-compliant conduit under 45 CFR § 164.501 and does not create, receive, maintain, or transmit protected health information beyond what is expressly authorized herein. All consent events are immutably logged on our proprietary MyRx-Chain blockchain ledger.
Part I — Who We Are & What We Do
Read this before you authorize anything.

MyRxWallet North America Corporation ("MyRxWallet," "we," "us") is a digital health technology company operating as a HIPAA Business Associate conduit under 45 CFR § 164.501. We provide you with a secure, patient-sovereign platform to:

  • Retrieve your own health records from healthcare providers, insurers, and government health networks on your behalf
  • Encrypt and store your health data in your personal MyRx-Vault — a blockchain-anchored storage node that only you can unlock
  • Facilitate (not possess) the secure exchange of your health records when you authorize a specific provider or healthcare entity
  • Earn micro gas fees as a neutral conduit — exactly like a toll operator — on every authorized data transaction

What we NEVER do: We never sell your data. We never share your data without your explicit, revocable consent. We never access your encrypted records ourselves. We never store unencrypted Protected Health Information (PHI) on any server we control.

ActivityPermittedLegal Basis
Retrieve your health records from your providers on your behalfYES — with your auth45 CFR § 164.524; 21st Century Cures Act § 4004
Encrypt and store records in your personal vaultYES — patient-key only45 CFR § 164.312(a)(2)(iv) (encryption)
Share your records with a provider you approveYES — consent required45 CFR § 164.506 (TPO); § 164.508 (Authorization)
Sell your health data to third partiesNEVERHITECH § 13405(d); FTC Act § 5
Access your records without your active consent tokenNEVER45 CFR § 164.502; MyRx-DAO consent ledger
Use your data for advertising or profilingNEVERHITECH § 13405(a); FTC Act § 5
Part II — Individual Authorizations
Each checkbox below is a separate, individually-required authorization. You must check every required item to proceed. You may revoke any authorization at any time — revocation is instantaneous and recorded on-chain.
Part III — Your Rights Summary
These rights exist regardless of whether you sign this form.
Right to Revoke
You may revoke any consent or this entire authorization at any time. Revocation is immediate and recorded on-chain. [45 CFR § 164.508(b)(5)]
Right to Inspect & Copy
You have the right to inspect and receive a copy of your complete health record at any time. This right cannot be waived. [45 CFR § 164.524]
Right to File a Complaint
You may file a HIPAA complaint at any time with the HHS Office for Civil Rights at www.hhs.gov/ocr/ or 1-800-368-1019. No retaliation will occur. [45 CFR § 164.530(g)]
Right to Data Portability
You may export your complete health record in FHIR R4 / HL7 format at any time. We facilitate your departure — we do not hold your data hostage. [21st Cures Act § 4004]
Right to Accounting
You are entitled to an accounting of all disclosures of your PHI made by MyRxWallet in the past 6 years (3 years for TPO). [45 CFR § 164.528]
Right to Restrict
You may request restrictions on certain uses and disclosures of your PHI. MyRxWallet must honor requests to restrict disclosures to health plans for services you paid for out-of-pocket in full. [45 CFR § 164.522(a)]
Part IV — Electronic Signature & Certification
By signing below you certify under penalty of perjury that you have read, understood, and voluntarily agreed to each authorization above.
Signing date:  ·  Consent document version: v2026.04.12  ·  IP address: recorded at submission
By clicking "Submit Consent" I certify under 28 U.S.C. § 1746 (penalty of perjury) that: (a) I am the patient named above or their legally authorized representative; (b) I am 18 years of age or older (or have obtained required parental/guardian consent); (c) I have read and voluntarily agree to each authorization checked above; (d) I understand this is a legally binding document and a valid written HIPAA authorization under 45 CFR § 164.508. This document and my electronic signature will be stored on the MyRx-Chain blockchain ledger with an immutable timestamp, SHA-256 document hash, and a 21 CFR Part 11-compliant audit trail.
Complete Statutory Reference Index — All laws cited in this document:
45 CFR Part 164 — HIPAA Privacy & Security Rules
Core federal health privacy law. Governs all PHI use, disclosure, patient rights, and security safeguards.
HITECH Act (Pub. L. 111-5) §§ 13400–13423
Strengthened HIPAA; prohibits sale of PHI; extends obligations to business associates; enhanced breach notification.
21st Century Cures Act § 4004 (Pub. L. 114-255)
Prohibits information blocking; requires interoperable patient access to electronic health information.
42 CFR Part 2 — Confidentiality of SUD Patient Records
Federal law protecting substance use disorder treatment records with heightened consent requirements.
21 U.S.C. § 801 et seq. — Controlled Substances Act
DEA regulation of controlled substance scheduling, prescribing, dispensing, and record-keeping.
21 U.S.C. § 360eee et seq. — DSCSA
Drug Supply Chain Security Act; requires electronic tracing of drug product through the supply chain.
21 CFR Part 11 — Electronic Records & Signatures
FDA standards for trustworthy, reliable, and genuine electronic records; audit trail requirements.
15 U.S.C. § 7001 et seq. — E-SIGN Act
Federal law giving electronic signatures the same legal force as handwritten signatures.
18 U.S.C. § 1030 — Computer Fraud and Abuse Act
Federal criminal statute; unauthorized access to computer systems is a federal crime.
47 U.S.C. § 227 — TCPA
Telephone Consumer Protection Act; governs automated calls and SMS; requires prior express consent.
18 U.S.C. § 2510 et seq. — ECPA
Electronic Communications Privacy Act; prohibits unauthorized interception of electronic communications.
FTC Act § 5 (15 U.S.C. § 45)
Prohibits unfair or deceptive acts; FTC has jurisdiction over privacy practices of non-HIPAA entities and supplements HIPAA protections.
45 CFR § 170.401 — TEFCA / ONC
ONC rule establishing the Trusted Exchange Framework and Common Agreement for nationwide health data interoperability.
45 CFR Part 46 — Common Rule (Human Subjects Research)
Federal policy for protection of human subjects in research; IRB requirements; informed consent standards.
28 U.S.C. § 1746 — Unsworn Declaration Under Penalty of Perjury
Permits electronic certification in lieu of notarized oath; certifier is subject to federal perjury laws.
NIST SP 800-111 / NIST AI RMF
NIST encryption standards for stored data; AI Risk Management Framework for trustworthy AI/ML health systems.
Contact & Enforcement:  MyRxWallet North America Corporation · Privacy Officer: privacy@myrxwallet.io · HHS OCR Complaints: hhs.gov/ocr/complaints · 1-800-368-1019 · FTC Complaints: reportfraud.ftc.gov · DEA Diversion Hotline: 1-800-882-9539 · FDA MedWatch: fda.gov/safety/medwatch · Document Version: v2026.04.12 · Jurisdiction: Federal + State of incorporation (Nevada)