Privacy Policy

Last Updated: February 2025

1. Information We Collect

Personal Information

We may collect the following types of personal information:

• Name, address, email address, and telephone number
• Date of birth and Social Security Number (when required for billing)
• Insurance information and billing details
• Emergency contact information

Protected Health Information (PHI)

As a healthcare provider, we collect and maintain Protected Health Information, including:

• Medical history and health records
• Diagnosis and treatment information
• Consultation notes and photographs
• Lab results and imaging studies
• Prescription and medication information
• Payment and insurance claim records

Website Information

When you visit our website, we may automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on our site
• Referring website addresses
• Information provided through contact forms

2. How We Use Your Information

We use your information for the following purposes:

• Treatment: To provide, coordinate, and manage your healthcare and related services
• Payment: To bill and collect payment for services rendered, including insurance claims
• Healthcare Operations: To conduct quality assessments, staff training, and business planning
• Communication: To contact you regarding appointments, treatment plans, and follow-up care
• Legal Compliance: To comply with federal and state laws and regulations
• Marketing: With your explicit consent, to send promotional materials about our services

3. HIPAA Compliance

New Life Cosmetic Surgery & Medspa complies with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the HITECH Act. Our HIPAA compliance includes:

• Privacy Rule: We protect all individually identifiable health information and limit disclosures to the minimum necessary
• Security Rule: We implement administrative, physical, and technical safeguards to protect electronic PHI
• Breach Notification Rule: We will notify you promptly in the event of a breach of unsecured PHI
• Staff Training: All staff members receive regular HIPAA training and sign confidentiality agreements

4. Your Rights Under HIPAA

As a patient, you have the following rights regarding your health information:

• Right to Access: You may request copies of your medical records
• Right to Amend: You may request corrections to your health information
• Right to an Accounting: You may request a list of disclosures we have made of your PHI
• Right to Request Restrictions: You may request limitations on how we use or disclose your information
• Right to Confidential Communications: You may request that we communicate with you in a specific manner or location
• Right to a Paper Copy: You may request a paper copy of this privacy notice at any time
• Right to File a Complaint: You may file a complaint with us or the Department of Health and Human Services if you believe your privacy rights have been violated

5. Information Security

We implement comprehensive security measures to protect your information:

• Encryption: All electronic PHI is encrypted both in transit and at rest using industry-standard AES-256 encryption
• Access Controls: Role-based access ensures only authorized personnel can view patient information
• Secure Systems: Our electronic health records and practice management systems are HIPAA-compliant
• Physical Security: Paper records are stored in locked, access-controlled areas
• Network Security: Firewalls, intrusion detection, and regular security audits protect our systems
• Secure Communications: Patient portal and email communications use secure, encrypted channels
• Regular Backups: Data is backed up regularly to secure, off-site locations

6. Disclosure of Information

We may disclose your information in the following circumstances:

• With Your Authorization: We will obtain your written consent before disclosing PHI for purposes not covered by HIPAA
• Treatment, Payment, Operations: As permitted by HIPAA for healthcare purposes
• Legal Requirements: When required by law, court order, or subpoena
• Public Health: To public health authorities for disease prevention and control
• Health Oversight: To government agencies for audits and investigations
• Emergency Situations: To prevent serious threat to health or safety
• Business Associates: To third parties who perform services on our behalf under HIPAA Business Associate Agreements

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Improve our website functionality and user experience
• Deliver relevant advertising (on non-healthcare pages only)

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

8. Third-Party Services

We may use third-party services that collect information, including:

• Google Analytics for website analytics
• Payment processors for secure transactions
• Scheduling software for appointment booking
• Marketing platforms (with your consent)

These services have their own privacy policies, and we ensure they maintain appropriate security standards and, where applicable, sign Business Associate Agreements.

9. Data Retention

We retain your information in accordance with legal and regulatory requirements:

• Medical Records: Maintained for a minimum of 7 years from the date of last treatment, or longer as required by state law
• Billing Records: Retained for 7 years for tax and audit purposes
• Website Data: Analytics data is retained for up to 26 months

10. Children's Privacy

Our website is not intended for children under 13. We do not knowingly collect personal information from children under 13 through our website. Medical treatment of minors is conducted with appropriate parental or guardian consent.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on our website and updating the "Last Updated" date. We encourage you to review this policy regularly.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your HIPAA rights, or have concerns about our privacy practices, please contact our Privacy Officer:

New Life Cosmetic Surgery & Medspa
Privacy Officer
Email: privacy@newlifeplasticsurgery.com
Phone: (956) 969-8369

To file a complaint with the federal government, contact:

U.S. Department of Health and Human Services
Office for Civil Rights
Website: www.hhs.gov/ocr