THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions or comments about this Notice please contact: Mediluxe 19349 Diamond Lake Drive Leesburg, VA 20176
When receiving MEDICAL services at Mediluxe, our caregivers may gather information about your medical history and current health to provide services to you. This information is called "Protected Health Information" or "PHI" and includes personal identifying information such as your name, birthdate, contact information, as well as information about your health, medical conditions, treatment, and prescriptions. Your PHI also includes payment information. Mediluxe understands that this information about you and your health is sensitive and personal. Mediluxe is required by law to abide by the terms of this Notice, to make sure that information that identifies you is kept private, and to give you this Notice of our legal duties and practices with respect to your PHI. This Notice explains how that information may be used and shared with others. It also explains your privacy rights regarding this information. We are also required to notify you in the event that there is a breach of your PHI.
Uses and Disclosures of Your PHI for Treatment, Payment and Health Care Operations
Mediluxe may use your PHI to carry out treatment, payment and health care operations without your written authorization. The following categories describe and provide some examples of the different ways that we may use and disclose your PHI for these purposes.
Treatment is the provision, coordination or management of health care. We may use and disclose your PHI to provide you with medical treatment and services. For example, we may:
Use and disclose your PHI to provide and coordinate the treatment, medication and services you receive from Mediluxe;
Disclose your PHI to third parties, such as pharmacies, doctors, hospitals, or other health care providers or plans to assist them in providing care to you or for care coordination. In some instances, uses and disclosure of your PHI for
these purposes may be made through a Health Information Exchange or similar shared electronic medical record or system.
Contact you to provide treatment-related services such as appointment reminders, test results, adherence communications, or treatment alternatives.
Payment includes the activities necessary to obtain full payment for the provision of health care. Payment for services provided at Mediluxe is due in full at the time of visit. We may use and disclose your PHI to obtain payment for the services we provide to you or for other payment activities related to the services we provide. We may:
Contact you about a payment or balance due for services you received at Mediluxe if payment not paid in full.
Disclose your PHI to other health care providers, health plans or other HIPAA Covered Entities who may need it for their payment activities.
Health Care Operations:
Health care operations include the activities necessary for Mediluxe to run its business operations. We may use and disclose your PHI to operate our business. For example, we may:
Use and disclose your PHI to review treatment, perform quality assessment activities, monitor the quality of our health care services, evaluate the performance of our staff, provide customer services to you, resolve complaints, and coordinate your care.
Use and disclosure your PHI to contact you about health-related products, services or opportunities that we provide that may be of interest to you, such as programs for our patients.
Disclose your PHI to other HIPAA Covered Entities, or their Business Associates, that have provided services to you so that they can improve the quality and efficacy of the health care services they provide or for their health care operations.
Use your PHI to create de-identified data, which no longer identifies you, and which may be used or disclosed for analytics, business planning or other purposes.
Other Uses and Disclosures of Your PHI that Do Not Require Authorization
We are also allowed or required to share your PHI, without your authorization, in certain situations or when certain conditions have been met.
When we contract with third parties to perform certain services for us, such as billing or consulting, these third party service providers, known as "Business Associates" may need access to your PHI to perform these services. They are required by law and their agreements with us to protect your PHI in the same way we do.
Disclosures to Parents or Legal Guardians:
If you are a minor, we may release your PHI to your parents or legal guardians when we are permitted or required under federal and state law.
Required by Law:
We may disclose your PHI, including to the Department of Health and Human Services, when required by law to do so.
Workers' Compensation: We may disclose your PHI as necessary to comply with laws related to workers' compensation or similar programs
We may disclose your PHI to a law enforcement official for certain law enforcement purposes. For example, we may use or disclose your PHI to report certain injuries, or where we believe the information constitutes evidence of criminal conduct that occurred on our premises. We may also disclose your PHI to a law enforcement official in response to an administrative request, court order, subpoena, warrant, or similar process.
Judicial and Administrative Proceedings:
We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
Public Health Reporting:
We may disclose your PHI to public health agencies as authorized by law. For example, we may report reactions to medications or other products to the U.S. Food and Drug Administration or other authorized entity, and we may use or disclose your PHI in order to help with product recalls or notify individuals of potential exposure to a communicable disease or risk of spreading a disease or condition.
Reporting Victims of Abuse or Neglect:
We may disclose your PHI to the appropriate government authority if we believe you have been the victim of abuse, neglect, or domestic violence. We only make this disclosure if you agree or when we are required or authorized by law to make the disclosure.
Health Oversight Activities:
We may disclose your PHI to an oversight agency for oversight activities authorized by law. Oversight activities include audits, investigations, inspections, licensure or disciplinary actions, or civil, administrative, and criminal proceedings, as necessary for oversight of the health care system, government programs, and civil rights laws.
Under certain circumstances, we may disclose your PHI for research purposes.
We may disclose PHI to coroners, medical directors, or funeral directors so that they can carry out their duties.
To Avert a Serious Threat to Health or Safety:
If there is a serious threat to your health and safety or the health and safety of the public or another person, we may use and disclose your PHI in a limited manner to someone able to help prevent or lessen the threat.
Uses or Disclosures For Purposes that Require Your Authorization
Use and disclosure of your PHI for purposes other than those described above may be made only with your written authorization and unless we have your authorization we will not:
Use or disclose your PHI for marketing purposes.
Sell your PHI to third parties (except for in connection with the transfer of a business to another health care provider required to comply with HIPAA).
Share psychotherapy notes (to the extent we have any).
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice or otherwise permitted by law. You may revoke your authorization at any time by submitting a written notice to the Mediluxe. Your revocation will be effective upon receipt; however, it will not undo any use or disclosure of your PHI that occurred before you notified us, or any actions taken based upon your authorization.
Your Health Information Rights
Obtain a Copy of the Notice:
You have the right to obtain a paper copy of this notice. You may ask us to give you a copy of this notice. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
Inspect and Obtain a Copy of Your PHI:
With a few exceptions, you have the right to see and get a copy of the PHI we maintain about you. To inspect or obtain a copy of your PHI, submit a written request to Mediluxe at the address set forth above. A reasonable fee may be charged for the expense of fulfilling your request as permitted under HIPAA and/or state law. You may also ask us to provide a copy of your PHI to another person or entity. We may deny your request to inspect and copy your record in certain limited circumstances. If we deny your request, we will notify you in writing and let you know if you may request a review of the denial.
Request an Amendment:
If you feel that the PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, submit a written request to Mediluxe at the address set forth above. You must provide a reason that supports your request to have the information changed. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: (i) Was not created by us, unless the person or entity that created the information is no longer available to make the amendment; (ii) is not part of the medical information kept by or for Mediluxe; (iii) is not part of the information which you would be permitted to inspect and copy; or (iv) is accurate and complete
Receive an Accounting of Disclosures:
You have the right to request an accounting of disclosures we make of your PHI for purposes other than treatment, payment, or health care operations and that were made in response to a specific authorization from you. Please note that certain other disclosures need not be included in the accounting we provide to you. To obtain an accounting, submit a written request to the Mediluxe. We will provide one accounting per 12-month period free of charge, but you may be charged for the cost of any subsequent accountings. We will notify you in advance of the cost involved, and you may choose to withdraw or modify your request at that time.
Request a Restriction on Certain Uses and Disclosures:
You have the right to request additional restrictions on our use and disclosure of your PHI by sending a written request to the Mediluxe. We are not required to agree to your request except where the disclosure is to a health plan or insurer for purposes of carrying out payment or health care operations, is not otherwise required by law, and the PHI is related to a health care item or service for which you, or a person on your behalf, has already paid in full.
Request Confidential Communications:
You have the right to request that we communicate with you in a certain way or at a certain location. For example, you may request that we contact you only in writing at a specific address. To request confidential communications, submit a written request to the Mediluxe at the address set forth above. Your request must specify how, where, or when you wish to be contacted. We will accommodate all reasonable requests.
Notification of a Breach:
We will notify you if there is a breach of your unsecured PHI that is governed by HIPAA.
Exercise Rights Through a Personal Representative:
You may exercise your rights through a personal representative as permitted or required by applicable law. Your personal representative may be required to produce evidence of authority to act on your behalf before that person will be given access to your PHI or allowed to take any action for you.
If you believe your privacy rights have been violated, you may file a complaint with Mediluxe at the address set forth above or with the Secretary of the United States Department of Health and Human Services. All complaints must be submitted in writing. You will not be penalized or otherwise retaliated against in any way for filing a complaint.
Changes to this Notice
We reserve the right to make changes to this Notice as permitted by law and to make the revised Notice effective for PHI we already have about you as well as any information we receive in the future, as of the effective date of the revised Notice. If we make material or important changes to our privacy practices, we will promptly revise our Notice. This Notice will be in effect from
July 1, 2020
until the date we publish an amended Notice. If we do publish an amended Notice, we will notify you at your next visit. We will also publish the amended Notice in our office and on our web site if we maintain one. Upon request, Mediluxe will provide a revised Notice to you.
The Mediluxe Spa Privacy Statement
Our Core Beliefs Regarding User Privacy And Data Protection
User privacy and data protection are a necessity and our duty
We have the duty of protecting personal data
Data is a liability, it should only be collected and processed when absolutely necessary
We loathe spam as much as you do!
We will never sell, rent or distribute your personal data
We will not make your personal information public without your consent. Your personal information (name) will be made public only if you wish to make a comment or review on the website.
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
Here we describe what information is collected and reasons for collecting it. The categories of information collected are as follows:
Site Visit Trackers
Reviews and Comments
Should you choose to add a comment or review on our site, the name and email address you enter with your comment will be saved to this website's database, along with your computer's IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third-party data processors detailed below. Only your name and email address that you supplied will be shown on the public-facing website. Your comments and the associated personal data will remain on this site until we see fit to either
Remove the comment or
Remove the blog post.
NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
Forms and Email Newsletter Submissions on The Website
If you choose to subscribe to our email newsletter or submit a form on our website, the email address that you submit to us will be forwarded to a third-party marketing platform service company. Your email address will remain within their database for as long as we continue to use the third-party marketing company’s services for the sole purpose of email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list. Listed below are the pieces of information that we may collect as part of servicing requests on our website:
We do not sell your personal information to third parties. We may share limited amount of data with listed Third-Party data processors only towards servicing your requests or improving our offering.
We only receive an email when a user mails us using an email link. There are no third-party data processors or intermediaries involved. The data is collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by our local computers and devices.
Revenue Recovery Emails
As part of Revenue Recovery model, we work with re-marketing service companies to send notification messages if you have abandoned your cart without making a purchase. This is for the sole purpose of reminding customers to complete the purchase if they’d wish to. The re-marketing service companies do a real-time capture of your email ID and cookies to send an email invite to complete the transaction if the customer abandons the cart. However, the email ID of the customer is deleted from their database as soon as the purchase is complete.
“Do Not Sell My Data” - Why we don’t have it
We do not sell personal information of our customers or of minors below the age of 16 years to third-party data collectors and hence the “Do not sell my data” opt-out button is optional on our website. Reiterating, we may collect your data for the sole purpose of completing a service request or for marketing communications. If you wish to access or erase your personal information, you can do so by submitting your details here.
Important Notice for Minors Sharing Personal Information
If you are under 16 years of age you MUST obtain parental consent before:
Submitting a form
Posting a comment on our blog
Subscribing to our offer
Subscribing to our email newsletter
Making a Transaction
Accessing/Deleting Personal Information
Should you wish to view or delete your personal information, please email us here with the email address used, your name and deletion request. Alternatively, you can fill out the form at the bottom of this page to view and/or delete your data stored with us
Third Party Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section above. If you request for your Personal information to be deleted with us, the request will also be forwarded to the parties below:
Essential Cookies and Similar Technologies
These are vital for the running of our services on our websites and apps. Without the use of these cookies parts of our websites would not function. For example, session cookies allows a navigation experience that is consistent and optimal to user's network speed and choice of device.
Analytics Cookies and Similar Technologies
These collect information about your use of our websites and apps and enable us to improve the way it works. For example, analytics cookies show us which are the most frequently visited pages. They also help identify any difficulties you have accessing our services, so we can fix any problems. Additionally, these cookies allow us to see overall patterns of usage at an aggregated level.
Tracking, Advertising Cookies and Similar Technologies
We will report any unlawful data breach of this website's database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
By entering a valid email address that you have access to, we will inform you any personal information we collect that is associated with that email address and how to manage it.