THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
At Haven Medspa, we take the privacy and security of our patient’s personal and medical information very seriously. We comply with all regulations set forth by the Health Insurance Portability and Accountability Act (HIPAA) to protect the confidentiality, integrity, and availability of our patient’s protected health information (PHI).
Our HIPAA compliance program includes the following measures:
- Regular employee training on HIPAA regulations and the importance of maintaining patient privacy
- Strict access controls to ensure that only authorized personnel can access PHI
- Regular security risk assessments to identify and address potential vulnerabilities
- Encryption of PHI both in transit and at rest
- Physical and technical safeguards to protect against unauthorized access, disclosure, alteration, or destruction of PHI
- A comprehensive incident response plan to handle any breaches of PHI
- Compliance monitoring and reporting to ensure ongoing compliance with HIPAA regulations
We understand the trust that our patients place in us to handle their personal and medical information with the utmost care and confidentiality. We are committed to maintaining the highest standards of privacy and security in the handling of PHI and will continue to update our policies and procedures as necessary to ensure compliance with HIPAA regulations.
How We May Use and Disclose Elements of Your Protected Health Information (PHI)
We may use and disclose elements of your PHI without your signed authorization under the following circumstances:
- To doctors, nurses, technicians, or other personnel, including people outside our office, who are involved in your medical care and need the information to provide their services.
- When a release is required or permitted by law, including in judicial settings and to health oversight regulatory agencies and law enforcement.
- To outside companies that assist in operating our medical spa services, including but not limited to accounting, auditing, and other services provided by these “business associates.”
- In emergencies to avert serious health and safety situations or report abuse and neglect.
- To medical examiners, coroners, or funeral directors to help them in performing their duties.
- To organ, tissue, and other donation organizations, upon your death, provided we have no indication on hand about your donation preferences.
- To a family member, relative, or others involved in your health care or payment thereof, unless you object.
- To contact you about appointment reminders, treatment alternatives, and other health-related benefits and services.
- To the sponsor of your health plan.
- If required by international, federal, state, or local law.
Apart from the persons and situations mentioned above, we will require your written authorization before using or sharing your protected health information.
In addition to our HIPAA compliance measures, we also want to ensure that our patients are aware of their rights under HIPAA. These include:
- The right to be notified in the event of a breach of unsecured health information, including your medical information.
- The right to revoke any authorization you have provided for the use or disclosure of your PHI.
- The right to receive an accounting of disclosures made by us of your PHI in the six years prior to your request.
- The right to receive a copy of this notice, either in electronic or paper form, upon request.
- The right to file a complaint with us regarding any perceived violations of your privacy rights without fear of retaliation.
If you wish to exercise any of these rights, please contact us at https://havenmedspa.com/contact/. We will do everything possible to assist you and to ensure that your rights are protected.
At Haven Medspa, we are committed to upholding our legal obligations to protect the privacy of your health information. We are required to abide by the regulations set forth by HIPAA, which includes providing you with notice of our practices and legal responsibilities related to your PHI. We are committed to following the provisions outlined in this notice and any updates to it. We may make changes to this notice and its terms, and those changes will apply retroactively to all PHI we maintain.
For more information, please contact: email@example.com