Privacy Policy
Privacy Policy
This Privacy Policy describes how Harmony Medispa ("we," "us," or "our") collects, uses, and protects your personal and health information. We are committed to safeguarding your privacy and ensuring the confidentiality of your data.
Disclaimer: This document is a general template and is not a substitute for legal advice. It is essential that you consult with a legal professional to ensure this policy fully complies with all applicable federal, state, and local laws, including the Health Insurance Portability and Accountability Act (HIPAA).
1. Information We Collect
To provide you with our services and for administrative purposes, we collect various types of information. This may include:
Protected Health Information (PHI): This is health-related information that can be used to identify you. It includes, but is not limited to:
Medical history, current health status, and a list of your allergies and medications.
Treatment plans, services you have received, and related notes.
Before-and-after photos (with your explicit consent).
Billing and payment information related to your services.
Personal Information: Information that you provide to us directly, such as:
Name, address, phone number, and email address.
Date of birth and gender.
Credit card details (stored securely in a PCI-compliant system).
Website and Online Booking Data: We may use cookies, pixels, and other tracking technologies to collect non-personal information about your browsing activity on our website, such as your IP address, browser type, and pages visited. This helps us improve our website and marketing efforts.
2. How We Use Your Information
We use your information for the following purposes:
Treatment: To provide and manage your medical spa services.
Payment: To process payments, manage your account, and handle billing inquiries.
Healthcare Operations: For internal business purposes, including quality assurance, staff training, and legal and regulatory compliance.
Communication: To send you appointment confirmations, reminders, and information about our services. With your consent, we may also send promotional emails. You can opt out of marketing communications at any time.
3. Disclosure of Your Information
We will not disclose your PHI to outside parties without your explicit authorization, except in the following situations:
Treatment, Payment, and Operations: We may share your information with third-party service providers (e.g., our booking software, billing partners) who perform functions on our behalf. These partners are required to protect your information under a Business Associate Agreement.
Required by Law: We may disclose your information if we are legally required to do so, for example, in response to a subpoena, court order, or to law enforcement.
With Your Authorization: We will not use or share your information for marketing or other purposes not listed here without your written consent. For example, before-and-after photos will only be used in promotional materials with your explicit permission.
4. Your Privacy Rights
As a client, you have the right to:
Access: Request to see and receive a copy of your PHI.
Amend: Request that we amend your records if you believe the information is incorrect or incomplete.
Request Restrictions: Ask us to limit how we use and disclose your PHI. We are not required to agree to all requests, but we will consider them carefully.
Confidential Communications: Request that we communicate with you in a specific manner (e.g., call your mobile phone instead of your work number).
Request an Accounting of Disclosures: Ask for a record of disclosures we have made of your PHI.
Opt-Out: Opt out of receiving marketing communications at any time.
5. Security of Your Information
We are committed to protecting your information from unauthorized access, use, or disclosure. We have implemented a variety of security measures, including:
Secure Systems: We use industry-standard, secure, and encrypted software for our online booking and payment processing.
Physical Safeguards: We maintain physical and procedural safeguards to protect any paper records and hardware.
Employee Training: Our staff is trained on privacy protocols and the proper handling of client information.
In the unlikely event of a data breach that compromises your PHI, we will notify you and all affected parties in accordance with applicable laws.
6. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time. We will post the revised policy on our website and update the "Effective Date" at the top of the document.
7. Contact Information
If you have any questions about this policy or our privacy practices, please contact us at:
Harmony Medispa | 1612 West Gore Boulevard, Lawton, OK, 73501
| 580-280-2201 |
info@myharmonymedispa.com
Effective Date: September 3, 2025