Privacy Practices

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

UNDERSTANDING YOUR HEALTH RECORD/INFORMATION

This notice outlines the practices of Serene Medical Spa LLC regarding your protected health information created while you are a patient. Serene Medical Spa LLC and authorized personnel with access to your medical records are subject to this notice.

We create a record of the care and services you receive from Serene Medical Spa LLC. We understand that medical information about you and your health is personal. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that all protected health information used or disclosed by Serene Medical Spa LLC, whether electronically, on paper, or orally, be kept confidential. We are committed to protecting your medical information. This notice applies to all records of your care maintained by Serene Medical Spa LLC.

This notice will inform you about the ways we may use and disclose medical information about you. It also describes your rights and our obligations regarding the use and disclosure of medical information.

YOUR HEALTH INFORMATION RIGHTS

While your health record is the physical property of Serene Medical Spa LLC, the information belongs to you. You have the right to:

• Inspect and request a paper or electronic copy of your health record as provided by law.
• Request amendments to your health record as provided by law. We will notify you if we are unable to grant your request.
• Request communication of your health information by alternative means or at alternative locations. We will accommodate reasonable requests.
• Request restrictions on certain uses and disclosures of your information for treatment, payment, health care operations, and disclosures to persons, including family members, involved in your care as provided by law. We are not required by law to agree to a requested restriction unless it relates to disclosures to your health insurer for items or services for which you have paid out-of-pocket and in full.
• Obtain an accounting of disclosures of your health information as provided by law.
• Obtain a paper copy of this notice of information practices.
• Choose someone to act for you if you have given someone medical power of attorney or if someone is your legal guardian. We will verify the person’s authority before taking action.

You may exercise your rights by submitting a written request to Serene Medical Spa LLC at info@serenemedspas.com.

OUR RESPONSIBILITIES

In addition to the responsibilities outlined above, we are also required to:

• Maintain the privacy of your health information.
• Provide notice of any unauthorized acquisition, access, use, or disclosure of your protected health information, subject to certain exceptions under the law.
• Provide you with this notice of our legal duties and privacy practices regarding your information.
• Abide by the terms of this notice.
• Notify you if we are unable to agree to a requested restriction on certain uses and disclosures.

USES AND DISCLOSURES OF MEDICAL INFORMATION THAT DO NOT REQUIRE YOUR AUTHORIZATION

The following categories describe different ways we may use and disclose medical information without your authorization. Not every use or disclosure in a category will be listed, but all ways we are permitted to use and disclose information without your authorization will fall within one of these categories.

Treatment

We may disclose medical information about you to doctors, nurses, technicians, medical students, or other personnel involved in your care. We may share information to coordinate different treatments, such as prescriptions, lab work, and x-rays. We may also provide your physician or a subsequent healthcare provider with copies of various reports to assist in treating you after discharge from our care.

Payment

We may use and disclose your health information for payment purposes. For example, a bill may be sent to you or a third-party payer. The bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used.

Health Care Operations

We may use and disclose your health information for regular health care operations. For example, we may use information in your health record to assess the care and outcomes in your case and others to continually improve the quality and effectiveness of the health care and services we provide.

Other Uses and Disclosures Allowed by Law

We may use and disclose your health information as allowed by law. Examples include:

• Business Associates: We may share information with business associates who perform services for us, such as answering services and copy services. These associates must safeguard your information.
• Notification: Unless you object, we may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care about your location and general condition.
• Individuals Involved in Your Care: Unless you object, we may disclose information to a family member, other relative, a close personal friend, or another person you identify that is relevant to their involvement in your care or payment for your care.
• Disaster Relief: We may use or disclose information to public or private disaster relief organizations to coordinate your care or notify family or friends of your location or condition.
• Research: We may disclose information to researchers when their research has been approved by an institutional review board that has established protocols to protect your privacy.
• Communications: We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may interest you.
• FDA: We may disclose information to the FDA regarding adverse events with respect to food, medications, devices, supplements, product defects, or post-marketing surveillance.
• Worker’s Compensation: We may disclose information to comply with laws relating to worker’s compensation or similar programs.
• Public Health: We may disclose information to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
• Abuse, Neglect, or Domestic Violence: We may disclose information to governmental authorities authorized by law to receive reports of abuse, neglect, or domestic violence.
• Judicial, Administrative, and Law Enforcement Purposes: We may disclose information for judicial, administrative, and law enforcement purposes consistent with applicable law.
• Health Oversight Activities: We may disclose information to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.
• Threats to Health or Safety: We may use or disclose information if we believe it is necessary to prevent or lessen a serious and imminent threat to health or safety.
• Special Government Functions: We may disclose information to authorized federal officials for intelligence, counter-intelligence, and other national security activities, or for protective services to the President or other officials. If you are in the military, we may disclose information to military authorities. If you are an inmate or in the custody of law enforcement, we may disclose information necessary for your health and safety or that of others.
• Required or Allowed by Law: We will disclose information when required or allowed by federal, state, or local law.

Electronic Health Information Exchange

We use a third party to maintain our electronic medical records (EMR) and store your electronic health information. We monitor access to your EMR and limit access to personnel with a legitimate need.

WHEN WE NEED YOUR WRITTEN AUTHORIZATION

Any uses or disclosures outside the scope described above will be made only with your written authorization. Most uses or disclosures of psychotherapy notes, protected health information for marketing purposes, and the sale of protected health information require authorization. You may revoke such authorization in writing at any time, and Serene Medical Spa LLC is required to honor the revocation, except to the extent that it has already taken actions relying on your authorization.

FOR MORE INFORMATION OR TO REPORT A PROBLEM

If you have questions or need additional information, you may contact Serene Medical Spa LLC at (304) 520-0461.

If you believe your privacy rights have been violated, you can send a complaint to Serene Medical Spa LLC at info@serenemedspas.com or by telephone, directing attention to the Privacy Officer. You can also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, Centralized Case Management Operations, 200 Independence Ave., S.W., Suite 515F, HHH Building, Washington, D.C. 20201. You may contact the Customer Response Center at (800) 368-1019, by facsimile at (202) 619-3818, by TDD at (800) 537-7697, or by email at ocrmail@hhs.gov. Complaint forms are available at https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

There will be no retaliation against you for filing a complaint.

THIS NOTICE OF PRIVACY PRACTICES IS EFFECTIVE AS OF JUNE 1, 2024.

We may change our policies and this notice at any time, and such changes will apply to all protected health information we maintain. Serene Medical Spa LLC will periodically post updates, and you may request a written copy of any updated versions of this notice.