HIPAA COMPLIANCE

HIPAA Compliance Statement Effective Date: August 1, 2025

St. George Island MedSpa + Wellness is steadfastly committed to safeguarding your Protected Health Information (PHI) and fully complies with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and all applicable Florida privacy laws. This statement outlines our commitment and your rights concerning your health information, which includes all identifiable health information such as your medical history, diagnoses, treatment plans, and billing records.

1. Your Rights Under HIPAA: As a client, you have specific rights concerning your PHI:

  • Right to Access: You have the right to inspect and receive a copy of your medical and billing records.

  • Right to Amend: You may request corrections or amendments to your records if you believe the information is inaccurate or incomplete.

  • Right to an Accounting of Disclosures: You have the right to receive a list of certain disclosures of your PHI made by us.

  • Right to Request Restrictions: You may request a restriction on certain uses or disclosures of your PHI. We are not required to agree to all requests for restrictions, but we will consider them carefully.

  • Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location (e.g., by phone only, at work address).

  • Right to a Paper Copy of This Notice: You have the right to receive a paper copy of our full Notice of Privacy Practices upon request, even if you have agreed to receive it electronically.

  • Right to File a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint directly with St. George Island MedSpa + Wellness or with the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

2. How We Protect Your PHI: We employ robust administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of your PHI. This includes:

  • Secure electronic health record (EHR) systems.

  • Strict access controls limiting PHI access only to authorized personnel involved in your care or billing.

  • Physical security measures for our premises and data storage.

  • Regular staff training on HIPAA regulations and privacy best practices.

  • Business Associate Agreements (BAAs) with third-party vendors who handle PHI, ensuring they also comply with HIPAA.

3. Breach Notification: In the extremely unlikely event of a breach of unsecured PHI, we will notify you promptly and without unreasonable delay, as required by federal and Florida law. We will also inform the U.S. Department of Health and Human Services and other relevant authorities, as applicable, and outline the steps we are taking to mitigate the breach.

4. Notice of Privacy Practices (NPP): Our comprehensive Notice of Privacy Practices (NPP) provides a detailed description of how your medical information may be used and disclosed, and it outlines all your rights regarding that information. You will receive a copy of our NPP no later than your first service delivery with us, and we will make a good faith effort to obtain your written acknowledgment of its receipt. A copy of our NPP is also always available for your review and to take with you at our physical service delivery site, and it is prominently posted in our facility. It is also available upon request and on our website.

5. Contact Us for HIPAA Inquiries: For questions, concerns, or to exercise your rights under HIPAA, please: Email: contact@stgeorgeislandmedspa.com