Privacy Policy & HIPAA Notice

Effective Date: December 16, 2024
Last Updated: December 16, 2024

Method Wellness & Infusion (“we,” “us,” or “our”) is committed to protecting your privacy and complying with all applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or receive services at our facility.

1. Information We Collect

1.1 Personal Information

We may collect the following personal information:

• Contact Information: Name, email address, phone number, mailing address
• Demographic Information: Date of birth, gender
• Payment Information: Credit/debit card details, billing address
• Account Credentials: Username and password for online booking

1.2 Protected Health Information (PHI)

As a medical service provider, we collect health information protected under HIPAA:

• Medical history and current health conditions
• Medications and allergies
• Treatment records and clinical notes
• Photos (before/after treatment documentation)
• Insurance information
• Any other health-related information you provide

1.3 Website Usage Information

When you visit our website, we automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and time spent
• Referring website addresses
• Cookie data (see Section 7)

2. How We Use Your Information

2.1 Treatment and Healthcare Operations

We use your Protected Health Information to:

• Provide, coordinate, and manage your medical treatments
• Communicate about your appointments, treatments, and follow-up care
• Process payments and insurance claims
• Maintain accurate medical records
• Conduct quality improvement activities
• Train our staff

2.2 Communication and Marketing

We may use your contact information to:

• Send appointment reminders and confirmations
• Provide information about our services
• Send promotional offers and newsletters (with your consent)
• Respond to your inquiries and requests

You may opt out of marketing communications at any time.

2.3 Website Improvement

We use website usage data to:

• Improve our website functionality and user experience
• Analyze website traffic and trends
• Troubleshoot technical issues

3. How We Share Your Information

3.1 HIPAA-Permitted Disclosures

We may share your Protected Health Information without your authorization in the following circumstances:

• Treatment: With other healthcare providers involved in your care
• Payment: With insurance companies for claims processing
• Healthcare Operations: For quality improvement, training, and business operations
• Legal Requirements: When required by law, court orders, or regulatory agencies
• Public Health: To prevent or control disease, injury, or disability
• Law Enforcement: In response to valid legal requests

3.2 Service Providers

We share information with trusted third-party service providers who assist us:

• Booking System: Boulevard (appointment scheduling and management)
• Payment Processors: To process credit card transactions securely
• Email Service: For sending appointment reminders and communications
• Website Analytics: Google Analytics (anonymized data)

All service providers are required to maintain the confidentiality and security of your information and comply with HIPAA Business Associate Agreements where applicable.

3.3 Your Authorized Disclosures

We will share your information with others only when you provide written authorization, except as described above.

4. Your Privacy Rights Under HIPAA

As our patient, you have the following rights regarding your Protected Health Information:

4.1 Right to Access

You have the right to inspect and obtain a copy of your medical records. We may charge a reasonable fee for copying and mailing costs.

4.2 Right to Amend

You may request corrections to your medical records if you believe they are inaccurate or incomplete. We may deny your request if the information is accurate and complete.

4.3 Right to an Accounting of Disclosures

You may request a list of certain disclosures we have made of your Protected Health Information for purposes other than treatment, payment, or healthcare operations.

4.4 Right to Request Restrictions

You may request restrictions on how we use or disclose your information. We are not required to agree to your request except in certain circumstances involving payment to health plans.

4.5 Right to Confidential Communications

You may request that we communicate with you in a specific way or at a specific location (e.g., home phone instead of work phone).

4.6 Right to a Paper Copy

You have the right to receive a paper copy of this Privacy Policy at any time, even if you agreed to receive it electronically.

4.7 Right to Opt Out of Marketing

You may opt out of receiving marketing communications at any time without affecting your treatment.

5. How We Protect Your Information

We implement appropriate security measures to protect your information:

5.1 Physical Safeguards

• Secure facility with restricted access
• Locked storage for physical records
• Secure disposal of documents containing PHI

5.2 Technical Safeguards

• Encrypted data transmission (SSL/TLS)
• Secure password-protected systems
• Regular software updates and security patches
• Firewall and antivirus protection
• Encrypted backups

5.3 Administrative Safeguards

• Staff training on HIPAA compliance and privacy practices
• Access controls limiting who can view your information
• Business Associate Agreements with all vendors
• Regular security risk assessments

Note: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information as follows:

• Medical Records: Minimum of 7 years from last date of service (Arizona law requirement)
• Billing Records: 7 years from date of service
• Marketing Data: Until you request deletion or opt out
• Website Analytics: 26 months (Google Analytics default)

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

7.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality (booking system, forms)
• Analytics Cookies: Google Analytics to understand website usage
• Performance Cookies: To improve website speed and functionality

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

7.3 Do Not Track

Our website does not currently respond to “Do Not Track” signals from browsers.

8. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

9. Children’s Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors without parental consent. If we become aware that we have collected information from a minor without proper consent, we will delete it promptly.

10. State-Specific Privacy Rights

10.1 California Residents (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information we collect, use, disclose, and sell
• Right to delete your personal information (subject to exceptions)
• Right to opt out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

10.2 Other State Laws

We comply with all applicable state privacy laws, including Arizona medical records laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:

• Post the updated policy on our website with a new “Last Updated” date
• Notify you of material changes via email or website notice
• Provide a copy upon request

Continued use of our services after changes indicates your acceptance of the updated policy.

12. Breach Notification

In the event of a breach of your Protected Health Information, we will notify you as required by HIPAA regulations, typically within 60 days of discovering the breach. Notification will include:

• Description of what happened
• Types of information involved
• Steps we are taking to investigate and mitigate harm
• Actions you can take to protect yourself
• Contact information for questions

13. How to Exercise Your Rights

To exercise any of your privacy rights or to file a complaint, please contact us:

When submitting a request, please include:

• Your full name and contact information
• A description of your request
• Verification of your identity (for security purposes)

We will respond to your request within 30 days (or as required by applicable law).

14. Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

14.1 Method Wellness & Infusion

Contact our Privacy Officer using the information above.

14.2 U.S. Department of Health and Human Services

Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201

Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

You will not be penalized or retaliated against for filing a complaint.

15. Consent

By using our website or receiving services at our facility, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

For treatment-related uses of your Protected Health Information, your consent is implied by your receipt of services. For marketing communications, we will obtain your explicit consent.

---

This Privacy Policy complies with the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and Arizona state privacy laws. If you have any questions about this policy or our privacy practices, please contact us using the information provided above.