Privacy Policy

NOTICE OF PRIVACY PRACTICES & PRIVACY POLICY

Vital Clinic and Spa

Effective Date: 2/2/2022

THIS NOTICE DESCRIBES HOW MEDICAL AND PERSONAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.

1. OUR COMMITMENT TO YOUR PRIVACY

Vital Clinic and Spa (“Vital Clinic and Spa,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal and medical information. This Notice of Privacy Practices and Privacy Policy (“Notice”) applies to information collected through:

  • In-person medical, wellness, and aesthetic services

  • Telehealth and online consultations

  • Our website: www.vitalclinicandspa.com

  • Purchases of medications, supplements, and skincare products

We comply with the Health Insurance Portability and Accountability Act (HIPAA), the Texas Medical Privacy Act (TMPA), and other applicable federal and state privacy laws.

2. OUR LEGAL DUTIES

We are required by law to:

  • Maintain the privacy and security of your Protected Health Information (“PHI”)

  • Provide you with this Notice of our legal duties and privacy practices

  • Follow the terms of this Notice currently in effect

  • Notify you following a breach of unsecured PHI as required by law

3. INFORMATION WE COLLECT

A. Personal Information

  • Name

  • Address

  • Phone number

  • Email address

  • Date of birth

  • Payment and billing information

B. Protected Health Information (PHI)

  • Medical history and intake forms

  • Treatment records and clinical notes

  • Prescriptions and medication information

  • Telehealth consultation records

  • Aesthetic and cosmetic treatment plans

C. Photographs, Videos, and Aesthetic Records

Photographs, videos, and other visual records created in connection with your care (including before-and-after images) are considered Protected Health Information under HIPAA and Texas law.

These materials will not be used for marketing, advertising, education, or promotional purposes without your separate written authorization, even if identifying features are obscured.

D. Website & Technical Information

  • IP address

  • Browser and device information

  • Pages visited and usage data

  • Cookies and similar tracking technologies

4. HOW WE MAY USE AND DISCLOSE YOUR INFORMATION

A. For Treatment

To provide, coordinate, or manage your healthcare.
Examples: medical consultations, aesthetic procedures, prescribing medications, telehealth visits, referrals to labs or pharmacies.

B. For Payment

To bill and collect payment for services and products.
Examples: payment processing, billing, collections, refunds.

C. For Healthcare Operations

For clinic operations, quality improvement, compliance activities, training, audits, and business administration.

5. SUPPLEMENTS, SKINCARE & RETAIL PRODUCTS

Information related to the purchase of supplements, skincare, and other non-prescription products may be used for:

  • Order fulfillment and shipping

  • Payment processing

  • Inventory management

  • Product recalls or safety notifications

Payment processors and fulfillment vendors receive only the minimum necessary information required to complete transactions and are contractually obligated to protect your information.

6. THIRD-PARTY SERVICE PROVIDERS & BUSINESS ASSOCIATES

We may use third-party vendors to support services such as:

  • Appointment scheduling and intake forms

  • Telehealth platforms

  • Electronic medical records

  • Billing and payment processing

  • Pharmacies and laboratories

When these vendors create, receive, maintain, or transmit Protected Health Information on our behalf, they are required to comply with HIPAA and maintain appropriate safeguards through Business Associate Agreements or equivalent protections.

7. OTHER PERMITTED OR REQUIRED DISCLOSURES

We may disclose your PHI:

  • As required by federal, state, or local law

  • For public health and safety activities

  • For health oversight activities

  • In response to court orders or legal proceedings

  • To law enforcement when permitted by law

  • To prevent or lessen a serious threat to health or safety

  • For workers’ compensation or similar programs

8. USES AND DISCLOSURES REQUIRING YOUR AUTHORIZATION

We will not use or disclose your PHI without your written authorization for:

  • Marketing or promotional purposes

  • Sale of your PHI

  • Use of photographs, videos, or testimonials

  • Psychotherapy notes (if applicable)

You may revoke your authorization at any time in writing, except where action has already been taken in reliance on it.

9. MARKETING COMMUNICATIONS (EMAIL & SMS)

We may contact you with:

  • Appointment reminders

  • Service-related communications

  • Educational information

  • Promotional or marketing messages

You may opt out of marketing communications at any time. Opting out will not affect your ability to receive care, services, or non-marketing communications.

10. TELEHEALTH & ELECTRONIC COMMUNICATIONS

If you receive services through telehealth or electronic communication:

  • Secure platforms are used when available

  • Electronic communications carry inherent risks

  • By using these services, you acknowledge and accept those risks

11. WEBSITE COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

  • Improve website functionality

  • Analyze usage and performance

  • Enhance user experience

You may disable cookies through your browser settings, though some website features may not function properly.

12. DATA SECURITY

We maintain administrative, technical, and physical safeguards designed to protect your information. However, no system can guarantee absolute security.

13. YOUR PRIVACY RIGHTS

You have the right to:

  • Access and obtain copies of your medical records

  • Request corrections or amendments

  • Request confidential communications

  • Request restrictions on certain uses or disclosures

  • Receive an accounting of disclosures

  • Obtain a paper or electronic copy of this Notice

  • File a complaint without fear of retaliation

14. MINORS & PARENTAL RIGHTS

Services provided to minors require the consent of a parent or legal guardian, except where otherwise permitted by law. Parents and legal guardians may exercise privacy rights on behalf of minors as allowed under applicable regulations.

15. SOCIAL MEDIA DISCLAIMER

Please do not share personal or medical information with us through social media platforms. Communications via social media are not secure and are not monitored for healthcare-related requests.

16. CHANGES TO THIS NOTICE

We reserve the right to change this Notice. Any changes will apply to all PHI we maintain and will be:

  • Posted on our website

  • Available at our clinic upon request

17. CONTACT INFORMATION

Vital Clinic and Spa
📍 Address: 11590 Barker Cypress Rd, Cypress, TX 77433
📞 Phone: 832-533-8404
📧 HIPAA-Compliant Email: contact@vitalclinicandspa.com
🌐 Website: www.vitalclinicandspa.com

Medical Director:
Harmanpreet Buttar, MD