Privacy Policy and The Use of Your Personal Health Information
Last modified: November 18, 2024
Introduction
Aestheticology, LLC, dba Hello You, an Arizona limited liability company (“Company,” “Our” “Us,” or “We”) respects your privacy and is committed to protecting it in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and other applicable state and federal regulations. This Privacy Policy explains how We collect, use, disclose, and protect the personal and health information (“PHI“) and other types of information We may collect from you or that you may provide when you visit the website HelloYOU.life (our “Website“) and Our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information We collect:
- On this Website.
- From third parties, for example, Our business partners, including but not limited to, Vagaro, Klara, and Life File.
- In email, text, and other electronic messages between you and this Website.
Please read this policy carefully to understand Our policies and practices regarding your information and how We will treat it. If you do not agree with Our policies and practices, your choice is not to use Our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time. Your continued use of this Website after We make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
Children Under the Age of 18
Our Website is not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Website. We do not knowingly collect PHI or other personal information from children under 18. If you are under 18, do not use or provide any information on this Website or through any of its features, make any purchases through the Website, or provide any information about yourself to Us, including your name, address, telephone number, or email address. If We learn We have collected or received any PHI or other personal information from a child under 18, We will delete that information. If you believe We might have any information from or about a child under 18, please contact Us at [email protected] or 480-390-1569.
Residents of certain states under 13, 16, or 18 years of age may have additional rights regarding the collection and sale of their PHI or other personal information. Please see Your State Privacy Rights for more information.
Information We Collect About You and How We Collect It
We collect several types of information from and about users of Our Website, including information:
- By which you may be personally identified, such as name, date of birth, home/postal address, email address, telephone number, social security number, or any other identifier by which you may be contacted online or offline (“personal information“).
- Information about any of the following:
- individual health conditions, treatment, diseases, or diagnoses;
- diagnostic testing, treatment, or medication;
- use or purchase of prescribed medication; or
- bodily functions, vital signs, symptoms, or measurements of physical or mental health status.
- Data identifying a consumer seeking health care services. Health care services means any service provided to a person to assess, measure, improve, or learn about a person’s mental or physical health, including but not limited to:
- individual health conditions, status, diseases, or diagnoses;
- social, psychological, behavioral, and medical interventions;
- health-related surgeries or procedures;
- use or purchase of medication;
- bodily functions, vital signs, symptoms, or measurements of the information described in this subsection; or
- diagnoses or diagnostic testing, treatment, or medication.
We collect this information:
- Directly from you when you provide it to Us.
- Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
- From third parties, for example, Our business partners, including but not limited to, Vagaro, Klara, and Life File.
- Payment processors and other financial institutions.
Information You Provide to Us
The information We collect on or through Our Website may include:
- Information that you provide by filling in forms on Our Website. This includes information provided at the time of registering to use Our Website, subscribing to Our service, or requesting further services. We may also ask you for information when you report a problem with Our Website.
- Records and copies of your correspondence (including email addresses), if you contact Us.
- Details of transactions you carry out through Our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through Our Website.
How We Use Your Information
We may also use information that We collect about you or that you provide to Us, including any PHI:
- To present Our Website and its contents to you.
- To provide you with information, products, or services that you request from Us.
- To fulfill any other purpose for which you provide it.
- To provide you with updates and notices about the services provided to you and any federal or state law changes to medication you may be taking.
- To carry out Our obligations and enforce Our rights arising from any contracts entered into between you and Us, including for billing and collection.
- To notify you about changes to Our Website or any products or services We offer or provide through it.
- In any other way We may describe when you provide the information.
- For any other purpose with your consent.
Disclosure of Your Information
We may disclose aggregated information about Our users, and information that does not identify any individual, without restriction.
We may disclose PHI and other personal information that We collect, or you provide as described in this privacy policy:
- To Our subsidiaries and affiliates.
- To contractors, service providers, and other third parties We use to support Our business and who are bound by federal and state laws, and contractual obligations under Business Associate Agreements to comply with HIPAA and safeguard PHI and other personal information and use it only for the purposes for which We disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which PHI and other personal information held by Us about Our Website users is among the assets transferred.
- To fulfill the purpose for which you provide it, including but not limited to, for treatment, payment or healthcare operations.
- For any other purpose disclosed by Us when you provide the information.
- With your consent.
We may also disclose your PHI or other personal information:
- To protect the rights, safety, and health of our patients and employees, as permitted under HIPAA and other applicable laws.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply Our Terms of Use, Terms of Sale, and other agreements, including for billing and collection purposes.
- If We believe disclosure is necessary or appropriate to protect the rights, property, or safety of Us, Our patients, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
We will not sell your PHI or other personal information and will only share it as necessary to comply with our legal and regulatory requirements.
Patient Rights, Accessing, and Correcting Your Information
Under HIPAA, you have the right to:
- Request access to your PHI.
- Request amendments to your health records.
- Receive a list of disclosures of your PHI.
- Restrict certain uses and disclosures of PHI.
You may send Us an email at [email protected] to request access to, correct, or delete any PHI or other personal information that you have provided to Us. We may not accommodate a request to change information if We believe the change would violate any law or legal requirement or cause the information to be incorrect.
Residents of certain states may have additional personal information rights and choices. Please see Your State Privacy Rights for more information.
Your State Privacy Rights
State consumer privacy laws may provide their residents with additional rights regarding Our use of their personal information.
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:
- Confirm whether We process their personal information.
- Access and delete certain personal information.
- Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose (excluding Iowa and Utah).
- Data portability.
- Opt-out of personal data processing for:
- targeted advertising (excluding Iowa);
- sales; or
- profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
- Either limit (opt-out of) or require consent to process sensitive personal data.
The exact scope of these rights may vary by state. To exercise any of these rights please email [email protected]. To appeal a decision regarding a consumer rights request, see your states privacy laws.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: [email protected]. However, please know We do not currently sell data triggering that statute’s opt-out requirements.
Data Security
We have implemented measures designed to secure your PHI or other personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. As part of these safeguards, PHI is encrypted both during storage and transmission.
However, the transmission of information via the internet is not completely secure. Although We do Our best to protect your PHI or other personal information, We cannot guarantee the security of your PHI or other personal information transmitted to Our Website. Any transmission of PHI or other personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Data Breach
In accordance with HIPAA’s data breach notification rule, in the event of a breach involving your PHI, We will notify you via email without unreasonable delay and no later than 60 days after discovery. The notification will include details about the breach, the affected information, recommended steps to protect yourself, and contact information for further assistance.
Changes to Our Privacy Policy
It is Our policy to post any changes We make to Our privacy policy on this page. If We make material changes to how We treat Our users’ PHI or other personal information We will update this Privacy Policy. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring We have an up-to-date active and deliverable email address for you, and for periodically visiting Our Website and this privacy policy to check for any changes.
Filing a Complaint
If you believe your privacy rights under HIPAA have been violated, you have the right to file a complaint with Us or directly with the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”).
To file a complaint with Us, please contact the privacy officer, Nina Zabalza at: [email protected] or 480-390-1569.
Alternatively, you may file a complaint with the HHS OCR. Complaints to the HHS OCR must be filed within 180 days of when you knew that the act or omission occurred. To learn more about filing a complaint or to submit one online, please visit the HHS OCR website at https://www.hhs.gov/hipaa/filing-a-complaint/index.html.
We are committed to protecting your privacy and will not retaliate against you for filing a complaint.
Contact Information
To ask questions or comment about this Privacy Policy and Our privacy practices, contact Our privacy officer, Nina Zabalza at:
[email protected] or 480-390-1569.