Book Now
(646) 849-2580
Book Now

Privacy Policy

HIPAA-Compliant Privacy & Patient Data Policy

Effective Date: 05/13/2025
Last Updated: 10/14/2025

Treat Medspa (“we,” “us,” “our”) values the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, protect, and share your information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state laws (including New York state privacy regulations).

Purpose and Scope

This policy applies to all information collected by Treat Medspa in connection with your care, including online, in-person, or via digital communications.
It covers both:

  • Personal Information: data such as name, contact information, and demographic details; and
  • Protected Health Information (PHI): individually identifiable health information related to your medical history, diagnosis, treatment, or payment for services.

Information We Collect

We may collect the following categories of information:

  • Personal Data: name, address, phone number, email, date of birth.
  • Medical & Health Data (PHI): health history, medications, allergies, treatment notes, lab results, photos (if part of care), and payment details.
  • Usage Data: information collected via cookies, appointment systems, or website analytics.
  • Communication Preferences: opt-ins for appointment reminders, marketing, or newsletters.

     

How We Use Your Information

We may use your information for the following lawful purposes:

  • Treatment: coordinating and managing your care.
  • Payment: billing, insurance claims, and financial transactions.
  • Healthcare Operations: quality improvement, staff training, internal audits.
  • Legal & Regulatory Compliance: fulfilling mandatory reporting or law enforcement requests.
  • Communication: appointment reminders, treatment follow-ups, and patient education.
  • Marketing (with Consent): sending optional updates or promotions you’ve subscribed to.

Your Rights Under HIPAA

You have the right to:

  1. Access: Request a copy of your health records.
  2. Amend: Request corrections to your medical record.
  3. Restrict: Limit certain uses or disclosures of your information.
  4. Accounting: Receive a list of disclosures made.
  5. Confidential Communication: Request that we contact you via specific means (e.g., private email or phone).
  6. Revoke Authorization: Withdraw consent for marketing or non-required disclosures.

All requests must be submitted in writing to our Privacy Officer (see contact below).

How We Protect Your Information

We use administrative, physical, and technical safeguards to protect your PHI, including:

  • Role-based access control (only authorized personnel).
  • Encrypted electronic storage and transmission.
  • Secure data backups and access logs.
  • Firewalls and intrusion detection systems.
  • Employee HIPAA training and signed confidentiality agreements.
  • Locked file storage for physical records.

Sharing & Disclosure of Information

We may share your PHI only as permitted by law:

  • With healthcare providers involved in your treatment.
  • With billing companies, insurers, or payment processors.
  • With laboratories, pharmacies, or vendors under Business Associate Agreements (BAAs) that require HIPAA compliance.
  • When legally required (e.g., public health reporting, subpoenas, law enforcement).
  • With your written authorization for marketing or non-routine disclosures.

We do not sell or rent your personal or health data to third parties.

Business Associates

Certain third-party companies (e.g., electronic health record vendors, payment processors, IT providers) assist us in providing services.
All such entities are required by contract (Business Associate Agreement) to safeguard your PHI and use it only for authorized purposes in compliance with HIPAA.

Data Retention & Destruction

We retain medical records for a minimum of six (6) years or longer as required by law.
When no longer needed, records are securely destroyed using methods that protect against unauthorized access (e.g., shredding, secure deletion, or certified disposal).

Data Breach Notification

In the unlikely event of a security breach involving your PHI:

  • We will notify affected individuals within 60 days of discovery.
  • Notifications will include details of the breach, information potentially exposed, and steps you can take for protection.
  • We will also notify the U.S. Department of Health and Human Services (HHS) and, when applicable, state regulators.

Cookies and Website Analytics

Our website uses cookies and analytics tools to understand visitor activity.
No PHI is stored or transmitted via cookies.
Users may disable cookies in their browser without affecting access to care.

Minors’ Privacy

We do not knowingly collect or maintain information from individuals under 18 without parental or guardian consent.

Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted on this page with a revised effective date. Continued use of our website or services after changes constitutes acceptance.

Contact for Privacy Concerns

If you have any questions, requests, or complaints about this policy or our privacy practices, please contact:

Privacy Officer – Treat Medspa
244 Fifth Avenue, 3rd Floor
New York, NY 10001
 Email: [email protected]
 Phone: (646) 849-2580

If you believe your rights under HIPAA have been violated, you may also file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) at www.hhs.gov/ocr/privacy/hipaa/complaints.

SAVE
20% Off

your treatment

Schedule your free consultation

*New Patients Only

This field is for validation purposes and should be left unchanged.
By pressing Submit, I consent to receive text messages from Treat Medspa. I consent to receive marketing text messages from Treat Medspa at the phone number provided. Message frequency varies. Message and data rates may apply. Text HELP for assistance, reply STOP to unsubscribe at anytime. For more information, please see our Privacy Policy.

Privacy Policy​ | Terms and Conditions​

(646) 849-2580
Book Now