Notice of Privacy Practices

Our Commitment to Your Privacy

ThinMD MedSpa ("ThinMD," "we," "us," or "our") is committed to protecting the privacy of your protected health information (PHI). This Notice of Privacy Practices describes how we may use and disclose your PHI in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws.

We are required by law to maintain the privacy of your PHI, provide you with this notice of our legal duties and privacy practices, follow the terms of this notice currently in effect, and notify you if a breach of your unsecured PHI occurs.

Your Rights Under HIPAA

You have the following rights regarding your protected health information:

Right to Access

You have the right to inspect and obtain a copy of your medical records and other PHI that we maintain about you. To request access, submit a written request to our Privacy Officer. We may charge a reasonable fee for copying and mailing your records.

Right to Request Amendment

If you believe that information in your records is incorrect or incomplete, you may request that we amend your PHI. Submit your request in writing, explaining why you believe the information should be amended. We may deny your request in certain circumstances, and we will provide you with a written explanation if we do.

Right to an Accounting of Disclosures

You have the right to receive a list of certain disclosures we have made of your PHI. This accounting will not include disclosures made for treatment, payment, or healthcare operations, or disclosures made with your written authorization.

Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request, except that we must agree to restrict disclosures to a health plan if you pay out-of-pocket in full for a service and the disclosure is not required by law.

Right to Request Confidential Communications

You may request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we contact you only at work or by mail. We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Notice of Privacy Practices at any time, even if you have agreed to receive it electronically. Contact our office to request a copy.

How We May Use and Disclose Your PHI

Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This includes consultations with other healthcare providers involved in your care, referrals to specialists, and prescription management.

Payment

We may use and disclose your PHI to obtain payment for services we provide to you. This may include providing information to your health insurance company, billing and collection activities, and utilization review.

Healthcare Operations

We may use and disclose your PHI for our healthcare operations, which include quality assessment and improvement activities, reviewing the competence of our staff, training programs, accreditation, certification, licensing, and credentialing activities.

Appointment Reminders and Health-Related Information

We may use your PHI to contact you with appointment reminders, treatment alternatives, or other health-related benefits and services that may be of interest to you.

Disclosures Required or Permitted by Law

We may use or disclose your PHI without your authorization in the following circumstances:

• As Required by Law: We will disclose PHI when required to do so by federal, state, or local law
• Public Health Activities: To prevent or control disease, injury, or disability; report births and deaths; report child abuse or neglect; report adverse reactions to medications or products
• Victims of Abuse, Neglect, or Domestic Violence: To report suspected abuse, neglect, or domestic violence to appropriate government authorities
• Health Oversight Activities: For audits, investigations, inspections, and licensure by health oversight agencies
• Judicial and Administrative Proceedings: In response to a court order, subpoena, or other lawful process
• Law Enforcement: To assist law enforcement officials in their law enforcement duties
• Coroners, Medical Examiners, and Funeral Directors: To assist these professionals in carrying out their duties
• Organ and Tissue Donation: To organ procurement organizations to facilitate donation and transplantation
• Research: For research purposes when approved by an institutional review board
• Serious Threat to Health or Safety: To prevent or lessen a serious and imminent threat to your health or safety or that of others
• Military and Veterans: For activities deemed necessary by appropriate military command authorities
• Workers' Compensation: As authorized by and necessary to comply with workers' compensation laws

Uses and Disclosures Requiring Your Authorization

For most uses and disclosures of your PHI not described above, we will need your written authorization before we can use or disclose your information. This includes:

• Most uses and disclosures of psychotherapy notes (if applicable)
• Uses and disclosures of PHI for marketing purposes
• Disclosures that constitute a sale of PHI
• Other uses and disclosures not described in this notice

You may revoke your authorization at any time by submitting a written request to our Privacy Officer. Revocation will not affect any uses or disclosures made in reliance on your authorization prior to receiving your revocation.

Your Choices

For certain health information, you can tell us your choices about what we share:

• Sharing information with your family, close friends, or others involved in your care
• Sharing information in a disaster relief situation
• Including your information in a facility directory
• Contacting you for fundraising efforts (you can opt out at any time)

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

Changes to This Notice

We reserve the right to change this Notice of Privacy Practices and to make the new provisions effective for all PHI that we maintain. If we make a significant change to this notice, we will post the revised notice in our office and on our website.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

To File a Complaint with ThinMD:

To File a Complaint with the Department of Health and Human Services:

Contact Information

For more information about this Notice of Privacy Practices or to exercise any of your rights, please contact our Privacy Officer:

Additional Locations