Privacy Policy
PRIVACY POLICY
Effective Date: April 27, 2026 | Last
Updated: April 27, 2026
This Privacy Policy describes how Avinity Health
Clinic, LLC ("Avinity Health," "we," "us," or
"our") collects, uses, discloses, and protects information about you
when you visit our website (avinityhealth.com) or receive clinical or wellness
services at our Scottsdale, Arizona location. This Policy applies to all
individuals who interact with Avinity Health, including website visitors,
registered users, patients, and prospective patients.
Avinity Health is committed to protecting the privacy,
confidentiality, and security of your personal information and health
information. We comply with applicable federal and Arizona privacy laws,
including the Health Insurance Portability and Accountability Act (HIPAA), the
Health Information Technology for Economic and Clinical Health (HITECH) Act,
the Arizona Online Privacy Protection Act (A.R.S. § 18-551 et seq.
["AzOPPA"]), the Arizona data breach notification statute (A.R.S. §
44-7501), and the Federal Trade Commission Act.
PLEASE READ THIS PRIVACY POLICY
CAREFULLY. BY ACCESSING OR USING OUR WEBSITE OR SERVICES, YOU ACKNOWLEDGE THAT
YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE
DO NOT USE OUR WEBSITE OR SERVICES.
Section 1. Who We Are
Avinity Health is a physician-guided longevity, wellness, and
medical aesthetics clinic located at 11000 N. Scottsdale Road, Suite 100,
Scottsdale, Arizona 85254. We provide in-person and telehealth clinical
services, including PlasmaRestore™ Therapeutic Plasma Exchange (TPE), IV
therapy, injectable neurotoxins, dermal fillers, and medical-grade
microneedling, among other wellness services.
Avinity Health operates as a cash-pay, physician-guided clinic.
We are the data controller for personal information we collect directly from
you. For Protected Health Information (PHI) collected in connection with the
delivery of clinical services, Avinity Health is a health care provider subject
to HIPAA. Our Notice of Privacy Practices (NPP), which is provided to patients
separately, governs the use and disclosure of your PHI and is incorporated
herein by reference.
Contact information for privacy-related inquiries:
margin-left:.3in'>
Avinity Health Clinic, LLCmargin-left:.3in'>
11000 N. Scottsdale Road, Suite
100margin-left:.3in'>
Scottsdale, Arizona 85254margin-left:.3in'>
Privacy Contact:
info@avinityhealth.comSection 2. Information We Collect
We collect information about you from multiple sources and in
different ways, depending on how you interact with us.
2.1 Information You Provide
Directly. When you visit our clinic, create an account,
schedule an appointment, complete intake forms, or communicate with us, you may
provide:
=
Identifying
information: full name, date of birth, gender, home address, email address,
telephone number;
=
Account
credentials: username and password for the Digital Platform;
=
Payment
information: credit or debit card numbers, billing address (processed through
secure third-party payment processors — we do not store full payment card
data);
=
Health and
medical information: health history, medications, allergies, prior treatments,
symptoms, and other clinical intake information;
=
Emergency
contact information; and
=
Communications:
emails, messages, or other correspondence you send to us.
2.2 Protected Health Information
(PHI). In connection with the delivery of clinical services,
we collect and maintain Protected Health Information as defined by HIPAA. PHI
includes any health information that identifies or could reasonably be used to
identify you and relates to your physical or mental health condition, the
provision of health care to you, or payment for that care. PHI collected by
Avinity Health may include:
=
Medical
history, diagnoses, and treatment records;
=
Clinical notes
and procedure documentation;
=
Laboratory and
diagnostic results;
=
Photographs
taken for clinical documentation purposes; and
=
Any other
health-related information collected in connection with your care.
The use and disclosure of your PHI is governed by HIPAA, the
HITECH Act, and our Notice of Privacy Practices. Please refer to Section 6 of
this Privacy Policy and your NPP for a full description of your rights
regarding your PHI.
2.3 Information Collected
Automatically. When you visit the Avinity Health website, we automatically
collect certain technical and usage information, including:
=
IP address and
approximate geographic location;
=
Browser type,
version, and operating system;
=
Device
identifiers and device type;
=
Pages visited,
links clicked, and time spent on pages;
=
Referring and
exit URLs;
=
Search queries
entered on the Digital Platform;
=
Session
duration and interaction data; and
=
Error logs and
diagnostic data.
This information is collected through cookies, web beacons,
pixel tags, and similar tracking technologies, as described in Section 7 of
this Privacy Policy.
2.4 Information from Third
Parties. We may receive information about you from third
parties, including:
=
Appointment
scheduling platforms and patient portal providers;
=
Electronic
health record (EHR) system providers;
=
Payment
processors;
=
Analytics and
advertising platforms (e.g., Google Analytics, Meta Pixel); and
=
Referral
sources such as other healthcare providers, with your consent.
Section 3. How We Use Your
Information
Avinity Health uses the information we collect for the following
purposes:
3.1 Providing and Improving
Clinical Services. We use your health information and PHI to evaluate
your clinical needs, develop and implement individualized treatment plans,
schedule and manage appointments, document clinical care, communicate with you
about your treatment, and coordinate with other healthcare providers as
permitted by HIPAA and with your authorization.
3.2 Operating the Digital
Platform. We use technical and account information to operate,
maintain, and improve the Avinity Health website, process account
registrations, authenticate users, provide customer support, and troubleshoot
technical issues.
3.3 Communications. We use your contact information to send appointment reminders
and confirmations, clinical follow-up communications, post-treatment
instructions, and responses to your inquiries. With your consent, we may also
send promotional communications, including information about services, events,
and offers, as well as requests for reviews or feedback regarding your
experience. These communications may be delivered via email, text message, or
other electronic means. You may opt out of promotional communications at any
time using the unsubscribe mechanism provided in the communication or by
contacting us directly. Transactional and service-related communications are
not subject to marketing opt-out.
3.4 Marketing and
Advertising. We may use non-PHI information to deliver targeted
advertising on third-party platforms (such as Google and Meta) and to analyze
the effectiveness of our marketing campaigns. We do not use or disclose
Protected Health Information (PHI) for targeted advertising without your
explicit written authorization. We implement technical and operational
safeguards to prevent the transmission of PHI to advertising platforms. We may
use your contact information to request reviews, testimonials, or feedback
regarding your experience with Avinity Health. These requests will not include
Protected Health Information unless you have provided separate authorization.
We do not use Protected Health Information to personalize advertising or marketing
communications without your explicit written authorization.
3.5 Legal Compliance and
Safety. We may use your information to comply with applicable
law, respond to legal process or government inquiries, enforce our Terms of
Service, investigate suspected fraud or misconduct, and protect the safety,
rights, and interests of Avinity Health, our staff, our patients, and the
public.
3.6 Business Operations. We may use de-identified or aggregated information (from which
all personal identifiers have been removed in accordance with HIPAA’s
de-identification standards) for quality improvement, clinical outcomes
analysis, staff training, and business reporting.
3.7 No Medical Advice. The Digital Platform is not intended to provide medical advice.
Information available through the website is for informational purposes only
and does not constitute medical advice, diagnosis, or treatment.
Section 4. Legal Basis for
Processing (Where Applicable)
Where applicable law requires a legal basis for processing your
personal information, Avinity Health relies on one or more of the following:
=
Performance of
a contract — processing necessary to provide the Services you have requested or
to fulfill obligations under our agreement with you;
=
Compliance with
legal obligations — processing required by HIPAA, Arizona law, and other
applicable statutes and regulations;
=
Legitimate
interests — processing necessary for our legitimate business interests,
including operating and improving our Services, preventing fraud, and ensuring
the security of our systems, provided that such interests are not overridden by
your fundamental rights; and
=
Consent — where
you have given explicit consent for a specific processing purpose, such as
receiving promotional communications or authorizing non-standard uses or
disclosures of your PHI.
Section 5. How We Share Your
Information
Avinity Health does not sell your personal information or PHI.
We share your information only as described in this Privacy Policy and, for
PHI, only as permitted or required by HIPAA and our Notice of Privacy
Practices.
5.1 Service Providers and
Business Associates. We share information with trusted third-party vendors
and service providers who assist us in operating our business and providing the
Services. These providers include, without limitation, electronic health record
(EHR) systems, patient relationship management (CRM) platforms, appointment
scheduling and booking systems, telehealth platforms, payment processors,
communications platforms (including email and messaging providers), and
analytics or marketing service providers. These providers may also include:
=
Website
hosting, cloud storage, and cybersecurity providers; and
=
Legal,
accounting, and compliance advisors.
Where any service provider processes PHI on our behalf, we enter
into a HIPAA-compliant Business Associate Agreement (BAA) before sharing any
such information. All service providers are required to maintain the
confidentiality and security of your information and to use it only for the
purposes we authorize.
5.2 Healthcare Providers and Care
Coordination. With your authorization or as otherwise permitted by
HIPAA, we may share your PHI with other healthcare providers, specialists, or
laboratories involved in your care to ensure coordinated, appropriate
treatment.
5.3 Legal Requirements. We may disclose your information (including PHI, as permitted by
HIPAA) to comply with a court order, subpoena, regulatory investigation, or
other legal obligation; to report suspected child abuse or neglect as required
by Arizona law (A.R.S. § 13-3620); to respond to public health reporting
requirements; or to protect the safety of you, our staff, or the public in
circumstances permitted by HIPAA.
5.4 Business Transfers. If Avinity Health is involved in a merger, acquisition,
restructuring, or sale of all or substantially all of its assets, your personal
information may be transferred as part of that transaction. We will provide
notice of any such transfer and, where required by law, obtain consent before
transferring PHI.
5.5 Aggregate and De-identified
Data. We may share aggregate, de-identified data (data that cannot
reasonably be used to identify you) with partners, researchers, or the public
for quality improvement, educational, or analytical purposes. Such data will
not include your PHI and will be de-identified in accordance with HIPAA’s
de-identification standards (45 C.F.R. § 164.514).
5.6 With Your Consent. We may share your information for purposes not described in this
Privacy Policy with your explicit prior consent, which may be required to be in
writing depending on the nature of the disclosure.
Section 6. HIPAA and Protected
Health Information
IMPORTANT: As a health care provider, Avinity Health
is subject to HIPAA and the HITECH Act. Your Protected Health Information (PHI)
is also governed by our Notice of Privacy Practices (NPP), which describes your
rights and our obligations regarding your PHI in greater detail. The NPP is
provided to you at or before your first clinical visit and is available upon
request.
6.1 HIPAA Covered Entity
Status. Avinity Health is a covered health care provider
under HIPAA to the extent it provides clinical services and transmits health
information electronically in connection with covered transactions. As such,
Avinity Health maintains appropriate administrative, physical, and technical
safeguards to protect the privacy and security of your PHI in compliance with
the HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E) and Security Rule (45
C.F.R. Part 164, Subpart C).
6.2 Permitted Uses and
Disclosures of PHI. Avinity Health may use and disclose your PHI without
your specific authorization for the following purposes, as permitted by HIPAA:
=
Treatment — to
provide, coordinate, or manage your clinical care and related services;
=
Health care
operations — for quality assessment, compliance activities, training, and
business management directly related to providing services;
=
As required by
law — including mandatory reporting obligations under Arizona and federal law;
=
Public health
activities — as required or permitted by applicable law; and
=
Other purposes
described in our Notice of Privacy Practices.
All other uses and disclosures of your PHI require your written
authorization, which you have the right to revoke at any time by notifying
Avinity Health in writing, except to the extent that action has already been
taken in reliance on the authorization.
6.3 Your HIPAA Rights. As a patient, you have the following rights with respect to your
PHI under HIPAA:
=
Right to
access: You may request access to your PHI maintained by Avinity Health in a designated
record set;
=
Right to
request amendment: You may request that we amend PHI that you believe is
inaccurate or incomplete;
=
Right to an
accounting of disclosures: You may request a list of disclosures we have made
of your PHI, subject to HIPAA limitations;
=
Right to
request restrictions: You may request restrictions on certain uses or
disclosures of your PHI, which we will accommodate where feasible;
=
Right to
request confidential communications: You may request that we communicate your
PHI to you by alternative means or at alternative locations; and
=
Right to
receive a copy of the Notice of Privacy Practices: You may request a paper copy
of our NPP at any time.
To exercise any of your HIPAA rights, please submit a written
request to info@avinityhealth.com or in person at our Scottsdale clinic.
Avinity Health will respond to your request within thirty (30) days, or as
otherwise required by HIPAA.
6.4 HITECH Act. The HITECH Act supplements HIPAA by strengthening privacy and
security protections for electronic health information. Avinity Health complies
with HITECH provisions applicable to health care providers, including
requirements for timely breach notification and enhanced penalties for
violations.
Section 7. Cookies and Tracking
Technologies
7.1 Types of Cookies We Use. Avinity Health uses the following categories of cookies and
tracking technologies on the website:
=
Essential /
Strictly Necessary Cookies — required for the operation of our website and
patient portal, including authentication, session management, and security
functions. These cannot be disabled without impairing core functionality;
=
Analytics
Cookies — we use Google Analytics and similar tools to collect information
about how users interact with our website, including pages visited, time spent,
and traffic sources. This information is used to improve our website and
marketing effectiveness;
=
Advertising and
Remarketing Pixels — we may use pixels from advertising platforms including
Google Ads and Meta (Facebook/Instagram) to measure the effectiveness of our
advertising campaigns and to deliver relevant advertisements to individuals who
have visited our website. These pixels may collect technical information about
your visit; and
=
Functional
Cookies — used to remember your preferences and settings to improve your
experience on the website.
7.2 PHI and Advertising
Technologies. Avinity Health takes steps to prevent the inadvertent
transmission of PHI to third-party advertising platforms through tracking
pixels or similar technologies. We do not knowingly allow advertising pixels to
access or collect PHI. Consistent with guidance from the U.S. Department of
Health and Human Services (HHS) Office for Civil Rights (OCR) and FTC
regulations, we configure tracking technologies to minimize the collection of
health-related information without patient authorization.
7.3 Your Cookie Choices. You may control non-essential cookies through your web browser
settings or by using the opt-out mechanisms provided by third-party analytics
and advertising providers:
=
Google
Analytics Opt-Out: tools.google.com/dlpage/gaoptout
=
Meta / Facebook
Ad Preferences: facebook.com/ads/preferences
=
Network
Advertising Initiative (NAI) opt-out: optout.networkadvertising.org
=
Digital Advertising
Alliance (DAA) opt-out: optout.aboutads.info
Please note that opting out of certain tracking technologies
does not mean you will stop seeing advertisements; it means that those
advertisements will not be personalized based on your online behavior.
7.4 Do Not Track. Our website does not currently respond to "Do Not
Track" (DNT) signals from web browsers. We encourage you to manage your
cookie preferences directly through your browser settings.
Section 8. Data Security
Avinity Health implements administrative, physical, and
technical safeguards designed to protect your personal information and PHI from
unauthorized access, use, disclosure, alteration, and destruction. These
measures include:
=
Encryption of
PHI during transmission (TLS/SSL) and at rest where required by the HIPAA
Security Rule;
=
Access controls
and role-based permissions limiting access to PHI to authorized personnel only;
=
Audit logging
of access to electronic health records and the patient portal;
=
Regular staff
training on HIPAA Privacy and Security rules;
=
Business
Associate Agreements with all vendors that access PHI; and
=
Physical
security measures at our clinic location.
Despite these safeguards, no electronic transmission or storage
system is completely secure. Avinity Health cannot guarantee the absolute
security of your information. If you have reason to believe that your
interaction with us is no longer secure, please contact us immediately at
info@avinityhealth.com.
8.1 Data Breach Notification —
Arizona Law. In the event of a security incident involving your
personal information, Avinity Health will investigate and provide notification
as required by applicable law, including Arizona’s data breach notification
statute (A.R.S. § 44-7501). Under Arizona law, individuals whose "personal
information" (as defined in A.R.S. § 44-7501(A)(5)) has been compromised
in a security incident must be notified in the most expedient manner possible
and without unreasonable delay, but not later than forty-five (45) calendar
days after we confirm that a breach has occurred and affected Arizona
residents. Where required, we will also notify the Arizona Attorney General and
consumer reporting agencies. For breaches involving PHI, we will additionally
comply with the HIPAA Breach Notification Rule (45 C.F.R. Part 164, Subpart D),
which generally requires notification within sixty (60) calendar days of
discovery of the breach.
You are responsible for maintaining the security of your own
devices, accounts, and login credentials. Avinity Health is not responsible for
unauthorized access resulting from your failure to safeguard your credentials
or devices.
Section 9. Data Retention
Avinity Health retains your personal information and PHI for as
long as necessary to fulfill the purposes described in this Privacy Policy, to
comply with our legal and regulatory obligations, to resolve disputes, and to
enforce our agreements. Retention periods are determined by:
=
HIPAA and
applicable state medical records retention requirements — Arizona law (A.R.S. §
12-2297) requires medical records to be retained for a minimum of seven (7)
years from the date of service, or in the case of a minor patient, for seven
years after the patient reaches the age of majority, whichever is later;
=
Applicable
federal and state tax and financial record retention requirements;
=
The nature of
the data and the purpose for which it was collected; and
=
Our legitimate
business interests, including the potential need to defend legal claims.
When personal information is no longer needed, we destroy or
de-identify it in accordance with applicable law and secure data disposal
practices.
Section 10. Your Privacy Rights
10.1 Arizona Residents. Avinity Health complies with the Arizona Online Privacy
Protection Act (A.R.S. § 18-551 et seq. ["AzOPPA"]), which requires
operators of commercial websites and online services that collect personally
identifiable information from Arizona residents to post a conspicuous privacy
policy. This Privacy Policy satisfies that requirement. Under AzOPPA, Arizona
residents may request information about the categories of personal information
we collect and how it is used. To submit such a request, contact us at
info@avinityhealth.com.
10.2 General Privacy Rights (All
Users). Regardless of your state of residence, you may have
the right to:
=
Access —
request a copy of the personal information we hold about you;
=
Correction —
request correction of inaccurate personal information;
=
Deletion —
request deletion of your personal information, subject to applicable legal and
clinical record-keeping requirements;
=
Restriction —
request that we restrict processing of your personal information in certain
circumstances; and
=
Opt-Out of
Marketing — unsubscribe from promotional communications at any time.
Residents of certain states, including California, may have
additional privacy rights under applicable law. To the extent such laws apply,
Avinity Health will comply with those requirements. Please contact us to
exercise any applicable rights.
To submit any privacy request, contact us at
info@avinityhealth.com. We will respond within a reasonable time and may
require verification of your identity before processing your request. Note that
certain rights may be limited or unavailable where information is PHI governed
by HIPAA, in which case the procedures described in Section 6.3 apply.
Section 11. Children's Privacy
Avinity Health’s Services are directed to adults age eighteen
(18) and older. We do not knowingly collect personal information from children
under the age of thirteen (13) through the website. Our website is not designed
for or directed to children under 13.
In compliance with the Children’s Online Privacy Protection Act
(COPPA), 15 U.S.C. § 6501 et seq., and the FTC’s COPPA Rule, if we discover
that we have inadvertently collected personal information from a child under 13
without verifiable parental consent, we will promptly delete that information.
If you believe your child under 13 has provided personal information to us
without your consent, please contact us immediately at info@avinityhealth.com.
Note: Clinical services for individuals under 18 may be
available in appropriate circumstances with parental or guardian consent and
physician evaluation. Any such services, and related PHI, are governed by our
Notice of Privacy Practices, applicable Arizona minor consent statutes
(including A.R.S. § 44-132 et seq.), and HIPAA.
Section 12. Third-Party Services
and Links
The website may contain links to third-party websites, social
media pages, or services. This Privacy Policy does not apply to those
third-party sites or services. We encourage you to review the privacy policies
of any third-party services you access through links on our website.
We use the following categories of third-party service providers
that may have access to certain information about your interactions with the
website:
=
Google
Analytics — website traffic and behavior analytics. See Google’s Privacy Policy
at policies.google.com/privacy;
=
Meta
(Facebook/Instagram) — advertising pixel for measuring campaign effectiveness;
=
Payment
processors — PCI DSS-compliant payment processing partners;
=
Telehealth
platform vendors — for virtual consultation delivery; and
=
Patient portal
and EHR vendors — for clinical record management.
Avinity Health does not control the privacy practices of these
third-party providers beyond our contractual agreements with them.
Section 13. Email Communications
and CAN-SPAM Compliance
All commercial email communications sent by Avinity Health
comply with the Controlling the Assault of Non-Solicited Pornography And
Marketing (CAN-SPAM) Act, 15 U.S.C. § 7701 et seq. Our commercial emails will:
=
Clearly
identify Avinity Health as the sender;
=
Include our
valid physical mailing address;
=
Clearly
indicate when the message is an advertisement; and
=
Provide a
functioning opt-out or unsubscribe mechanism that is honored within ten (10)
business days.
To unsubscribe from promotional communications, use the
unsubscribe link in any promotional email or contact us at
info@avinityhealth.com. Transactional emails such as appointment confirmations,
treatment reminders, and clinical communications may not be subject to
marketing opt-out.
Section 14. Arizona-Specific
Disclosures
14.1 Arizona Consumer Fraud
Act. Avinity Health’s privacy practices are consistent with the
Arizona Consumer Fraud Act (A.R.S. § 44-1521 et seq.), which prohibits unfair
or deceptive acts or practices in connection with consumer transactions,
including misrepresentations about data privacy practices. We represent that
our actual data practices are consistent with the representations made in this
Privacy Policy.
14.2 Arizona Medical Records
Law. Patient medical records maintained by Avinity Health are subject
to Arizona’s medical records access statutes (A.R.S. §§ 12-2291 through
12-2296), which govern the right of patients to access and obtain copies of
their medical records. Requests for medical records should be submitted in
writing to info@avinityhealth.com or delivered in person to our Scottsdale
clinic.
14.3 Arizona Telehealth
Privacy. Telehealth consultations conducted by Avinity Health
comply with Arizona’s Telehealth Act (A.R.S. § 36-3601 et seq.), including
requirements for informed consent, patient confidentiality, and secure
transmission of health information during telehealth encounters.
Section 15. Changes to This
Privacy Policy
Avinity Health reserves the right to update or modify this
Privacy Policy at any time. When we make changes, we will update the "Last
Updated" date at the top of this Policy and, where changes are material,
provide notice by posting a prominent announcement on the website or by sending
an email notification to the address associated with your account.
Your continued use of the Services following the posting of a
revised Privacy Policy constitutes your acknowledgment of the changes. If
changes to this Privacy Policy involve a materially different use of your PHI,
we will obtain your written authorization as required by HIPAA before
implementing such changes with respect to your health information.
We encourage you to review this Privacy Policy periodically.
Archived versions of prior Privacy Policies are available upon written request
to info@avinityhealth.com.
Section 16. Contact Us — Privacy
Inquiries and Complaints
If you have questions, concerns, or complaints about this
Privacy Policy or our data practices, or if you wish to exercise any of your
privacy rights, please contact our Privacy Officer:
margin-left:.3in'>
Avinity Health Clinic, LLCmargin-left:.3in'>
Privacy Officermargin-left:.3in'>
11000 N. Scottsdale Road, Suite
100margin-left:.3in'>
Scottsdale, Arizona 85254margin-left:.3in'>
Email: info@avinityhealth.com
HIPAA Complaints: If you believe your health information privacy
rights have been violated, you have the right to file a complaint with the U.S.
Department of Health and Human Services Office for Civil Rights (OCR) at
hhs.gov/ocr/privacy or by calling 1-800-368-1019. You will not be retaliated
against for filing a complaint with Avinity Health or OCR.
Arizona Attorney General: If you believe your rights under
Arizona law have been violated, you may also contact the Arizona Attorney
General’s Office Consumer Information and Complaints at azag.gov or (602)
542-5763.