This notice is effective as of March 4, 2026. It describes how medical information about you may be used and disclosed, and how you can access this information.
RegenHairSolutions LLC, doing business as ElevateMD Clinic ("ElevateMD," "we," "us," or "our"), is a covered entity under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations at 45 CFR Parts 160 and 164. We are required by law to maintain the privacy of your Protected Health Information ("PHI"), provide you with this Notice of our legal duties and privacy practices, and abide by the terms of the Notice currently in effect.
Protected Health Information (PHI) is individually identifiable health information, including demographic data, that relates to your past, present, or future physical or mental health condition; the provision of health care to you; or payment for health care services provided to you. PHI includes information maintained in any form or medium, including electronic records.
We are required by applicable federal and state law to:
We may use and disclose your PHI for the following purposes without your written authorization:
We may use and disclose your PHI to provide, coordinate, or manage your health care and related services. This includes consultations between health care providers relating to your care and referrals for treatment from one health care provider to another. For example, a physician treating you for a particular condition may need to review your complete medical history, including information related to other treatments.
We may use and disclose your PHI to obtain payment for health care services we provide to you. This may include activities such as billing, claims management, collection activities, review of health care services for medical necessity, and utilization review. For example, we may share information about the treatment you received with billing services in order to process your payment.
We may use and disclose your PHI for operational purposes. These activities include, but are not limited to, quality assessment and improvement, case management, care coordination, conducting or arranging for medical review, legal services, auditing functions, business planning, and general administrative activities. For example, we may use PHI to evaluate the quality and competence of our physicians and staff.
We may disclose your PHI to our Business Associates who perform functions on our behalf or provide us with services. This includes, but is not limited to, our electronic health record (EHR) systems, laboratory partners, pharmacy partners, billing services, and IT providers. All Business Associates are required to enter into a Business Associate Agreement (BAA) with us as required by 45 CFR §§164.502(e) and 164.504(e), which obligates them to appropriately safeguard your PHI and limits how they may use or disclose your information.
We may use or disclose your PHI to the extent that such use or disclosure is required by federal, state, or local law. When we use or disclose PHI pursuant to this provision, the use or disclosure will be limited to the relevant requirements of the law.
We may disclose your PHI for public health activities and purposes to a public health authority authorized by law to collect or receive the information. This includes disclosure to prevent or control disease, injury, or disability; to report vital events such as births and deaths; to report child abuse or neglect; to report adverse events or product defects related to FDA-regulated products; to notify a person who may have been exposed to a communicable disease; and to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence.
We may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities include, but are not limited to, audits, investigations, inspections, licensure activities, and other proceedings related to government regulation of the health care system.
We may disclose your PHI in response to an order of a court or administrative tribunal. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process, provided that certain conditions of applicable law have been satisfied.
We may disclose your PHI, as permitted or required by law, to a law enforcement official for certain law enforcement purposes, including but not limited to: identifying or locating a suspect, fugitive, material witness, or missing person; reporting certain types of wounds or physical injuries; reporting suspected criminal activity on our premises; and complying with a court order, warrant, subpoena, or summons issued by a judicial officer.
We may use and disclose your PHI when necessary to prevent a serious and imminent threat to the health and safety of a person or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
We may disclose your PHI as authorized by and to the extent necessary to comply with laws relating to workers' compensation or other similar programs established by law that provide benefits for work-related injuries or illness without regard to fault.
We may disclose your PHI for certain government functions, including but not limited to military and veterans' activities, national security and intelligence activities, protective services for the President, and medical suitability determinations.
Under certain circumstances, we may use and disclose your PHI for research purposes, provided that specific safeguards have been satisfied, including approval by an Institutional Review Board or Privacy Board and the implementation of protocols to ensure the privacy of your information.
Certain uses and disclosures of your PHI require your written authorization before we may proceed. These include:
You may revoke an authorization at any time, in writing, except to the extent that we have already acted in reliance on your authorization. To revoke an authorization, please submit your request in writing to our Privacy Officer at the contact information provided below.
You have the following rights with respect to your Protected Health Information:
You have the right to inspect and obtain a copy of your PHI contained in a designated record set, which includes medical and billing records. Your request must be submitted in writing. We will respond to your request within thirty (30) days. In certain limited circumstances, we may deny your request. If we deny your request, we will provide you with a written explanation and information regarding your right to have the denial reviewed. To request access to your records, please contact us at [email protected].
If your PHI is maintained in an electronic format, you have the right to request that an electronic copy of your record be provided to you or to a third party you designate. We will make every effort to provide the record in the format you request, provided it is readily producible. If it is not readily producible in the requested format, we will provide it in a mutually agreeable electronic format.
You have the right to request that we amend your PHI contained in a designated record set. Your request must be submitted in writing and must include a reason supporting your request. We may deny your request if the PHI was not created by us, is not part of the designated record set, is not available for inspection, or is accurate and complete. If we deny your request, we will provide you with a written explanation.
You have the right to receive an accounting of certain disclosures of your PHI made by us during the six (6) years prior to the date of your request. This accounting will not include disclosures made for treatment, payment, or health care operations; disclosures made directly to you; disclosures made pursuant to your authorization; or certain other disclosures as permitted by law. Your request must be submitted in writing.
You have the right to request a restriction on certain uses and disclosures of your PHI for treatment, payment, or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for your care. We are not required to agree to your request, except where the disclosure is to a health plan for purposes of payment or health care operations and the PHI pertains solely to a health care item or service for which you have paid in full out of pocket.
You have the right to request that we communicate with you about your health information by alternative means or at alternative locations. For example, you may ask that we contact you only at a specific email address or phone number. We will accommodate reasonable requests.
You have the right to obtain a paper copy of this Notice upon request, even if you have previously agreed to receive this Notice electronically. To obtain a paper copy, please contact us at the information provided below.
You have the right to be notified in the event of a breach of your unsecured PHI, as required by 45 CFR Part 164 Subpart D. In the event of a breach, we will notify you in accordance with applicable federal and state law, including a description of the breach, the types of information involved, steps you should take to protect yourself, what we are doing to investigate and mitigate the breach, and contact information for further questions.
We reserve the right to change the terms of this Notice at any time. Any revised Notice will be effective for all PHI we already maintain, as well as any PHI we create or receive after the effective date of the revised Notice. A current version of this Notice will be posted on our website at elevatemdclinic.com/hipaa and will be available at our practice location. We will provide email notification for material changes to this Notice where required by applicable law.
If you believe your privacy rights have been violated, you may file a complaint with our organization or with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights (OCR).
To file a complaint with the Office for Civil Rights, you may:
To file a complaint with our organization, please contact our Privacy Officer using the information provided below.
Individuals will not experience retaliation for filing a complaint.
If you have any questions about this Notice, wish to exercise any of your rights described herein, or would like to file a complaint, please contact: