Skip to main content

Notice of Patient Privacy Practices


If you have any questions or comments about this Notice please contact:
19349 Diamond Lake Drive
Leesburg, VA 20176
When receiving MEDICAL services at Mediluxe, our caregivers may gather information about your medical history and current health to provide services to you. This information is called "Protected Health Information" or "PHI" and includes personal identifying information such as your name, birthdate, contact information, as well as information about your health, medical conditions, treatment, and prescriptions. Your PHI also includes payment information. Mediluxe understands that this information about you and your health is sensitive and personal. Mediluxe is required by law to abide by the terms of this Notice, to make sure that information that identifies you is kept private, and to give you this Notice of our legal duties and practices with respect to your PHI. This Notice explains how that information may be used and shared with others. It also explains your privacy rights regarding this information. We are also required to notify you in the event that there is a breach of your PHI.

Uses and Disclosures of Your PHI for Treatment, Payment and Health Care Operations

Mediluxe may use your PHI to carry out treatment, payment and health care operations without your written authorization. The following categories describe and provide some examples of the different ways that we may use and disclose your PHI for these purposes.
  • Treatment:

    Treatment is the provision, coordination or management of health care. We may use and disclose your PHI to provide you with medical treatment and services. For example, we may:
    • Use and disclose your PHI to provide and coordinate the treatment, medication and services you receive from Mediluxe;
    • Disclose your PHI to third parties, such as pharmacies, doctors, hospitals, or other health care providers or plans to assist them in providing care to you or for care coordination. In some instances, uses and disclosure of your PHI for
    • these purposes may be made through a Health Information Exchange or similar shared electronic medical record or system.
    • Contact you to provide treatment-related services such as appointment reminders, test results, adherence communications, or treatment alternatives.
  • Payment:

    Payment includes the activities necessary to obtain full payment for the provision of health care. Payment for services provided at Mediluxe is due in full at the time of visit. We may use and disclose your PHI to obtain payment for the services we provide to you or for other payment activities related to the services we provide. We may:
    • Contact you about a payment or balance due for services you received at Mediluxe if payment not paid in full.
    • Disclose your PHI to other health care providers, health plans or other HIPAA Covered Entities who may need it for their payment activities.
  • Health Care Operations:

    Health care operations include the activities necessary for Mediluxe to run its business operations. We may use and disclose your PHI to operate our business. For example, we may:
    • Use and disclose your PHI to review treatment, perform quality assessment activities, monitor the quality of our health care services, evaluate the performance of our staff, provide customer services to you, resolve complaints, and coordinate your care.
    • Use and disclosure your PHI to contact you about health-related products, services or opportunities that we provide that may be of interest to you, such as programs for our patients.
    • Disclose your PHI to other HIPAA Covered Entities, or their Business Associates, that have provided services to you so that they can improve the quality and efficacy of the health care services they provide or for their health care operations.
    • Use your PHI to create de-identified data, which no longer identifies you, and which may be used or disclosed for analytics, business planning or other purposes.

Other Uses and Disclosures of Your PHI that Do Not Require Authorization

We are also allowed or required to share your PHI, without your authorization, in certain situations or when certain conditions have been met.
  • Business Associates:

    When we contract with third parties to perform certain services for us, such as billing or consulting, these third party service providers, known as "Business Associates" may need access to your PHI to perform these services. They are required by law and their agreements with us to protect your PHI in the same way we do.
  • Disclosures to Parents or Legal Guardians:

    If you are a minor, we may release your PHI to your parents or legal guardians when we are permitted or required under federal and state law.
  • Required by Law:

    We may disclose your PHI, including to the Department of Health and Human Services, when required by law to do so.
    Workers' Compensation: We may disclose your PHI as necessary to comply with laws related to workers' compensation or similar programs
  • Law Enforcement:

    We may disclose your PHI to a law enforcement official for certain law enforcement purposes. For example, we may use or disclose your PHI to report certain injuries, or where we believe the information constitutes evidence of criminal conduct that occurred on our premises. We may also disclose your PHI to a law enforcement official in response to an administrative request, court order, subpoena, warrant, or similar process.
  • Judicial and Administrative Proceedings:

    We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
  • Public Health Reporting:

    We may disclose your PHI to public health agencies as authorized by law. For example, we may report reactions to medications or other products to the U.S. Food and Drug Administration or other authorized entity, and we may use or disclose your PHI in order to help with product recalls or notify individuals of potential exposure to a communicable disease or risk of spreading a disease or condition.
  • Reporting Victims of Abuse or Neglect:

    We may disclose your PHI to the appropriate government authority if we believe you have been the victim of abuse, neglect, or domestic violence. We only make this disclosure if you agree or when we are required or authorized by law to make the disclosure.
  • Health Oversight Activities:

    We may disclose your PHI to an oversight agency for oversight activities authorized by law. Oversight activities include audits, investigations, inspections, licensure or disciplinary actions, or civil, administrative, and criminal proceedings, as necessary for oversight of the health care system, government programs, and civil rights laws.
  • Research:

    Under certain circumstances, we may disclose your PHI for research purposes.
  • Decedents:

    We may disclose PHI to coroners, medical directors, or funeral directors so that they can carry out their duties.
  • To Avert a Serious Threat to Health or Safety:

    If there is a serious threat to your health and safety or the health and safety of the public or another person, we may use and disclose your PHI in a limited manner to someone able to help prevent or lessen the threat.

Uses or Disclosures For Purposes that Require Your Authorization

Use and disclosure of your PHI for purposes other than those described above may be made only with your written authorization and unless we have your authorization we will not:
  • Use or disclose your PHI for marketing purposes.
  • Sell your PHI to third parties (except for in connection with the transfer of a business to another health care provider required to comply with HIPAA).
  • Share psychotherapy notes (to the extent we have any).
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice or otherwise permitted by law. You may revoke your authorization at any time by submitting a written notice to the Mediluxe. Your revocation will be effective upon receipt; however, it will not undo any use or disclosure of your PHI that occurred before you notified us, or any actions taken based upon your authorization.

Your Health Information Rights

  • Obtain a Copy of the Notice:

    You have the right to obtain a paper copy of this notice. You may ask us to give you a copy of this notice. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
  • Inspect and Obtain a Copy of Your PHI:

    With a few exceptions, you have the right to see and get a copy of the PHI we maintain about you. To inspect or obtain a copy of your PHI, submit a written request to Mediluxe at the address set forth above. A reasonable fee may be charged for the expense of fulfilling your request as permitted under HIPAA and/or state law. You may also ask us to provide a copy of your PHI to another person or entity. We may deny your request to inspect and copy your record in certain limited circumstances. If we deny your request, we will notify you in writing and let you know if you may request a review of the denial.
  • Request an Amendment:

    If you feel that the PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, submit a written request to Mediluxe at the address set forth above. You must provide a reason that supports your request to have the information changed. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: (i) Was not created by us, unless the person or entity that created the information is no longer available to make the amendment; (ii) is not part of the medical information kept by or for Mediluxe; (iii) is not part of the information which you would be permitted to inspect and copy; or (iv) is accurate and complete
  • Receive an Accounting of Disclosures:

    You have the right to request an accounting of disclosures we make of your PHI for purposes other than treatment, payment, or health care operations and that were made in response to a specific authorization from you. Please note that certain other disclosures need not be included in the accounting we provide to you. To obtain an accounting, submit a written request to the Mediluxe. We will provide one accounting per 12-month period free of charge, but you may be charged for the cost of any subsequent accountings. We will notify you in advance of the cost involved, and you may choose to withdraw or modify your request at that time.
  • Request a Restriction on Certain Uses and Disclosures:

    You have the right to request additional restrictions on our use and disclosure of your PHI by sending a written request to the Mediluxe. We are not required to agree to your request except where the disclosure is to a health plan or insurer for purposes of carrying out payment or health care operations, is not otherwise required by law, and the PHI is related to a health care item or service for which you, or a person on your behalf, has already paid in full.
  • Request Confidential Communications:

    You have the right to request that we communicate with you in a certain way or at a certain location. For example, you may request that we contact you only in writing at a specific address. To request confidential communications, submit a written request to the Mediluxe at the address set forth above. Your request must specify how, where, or when you wish to be contacted. We will accommodate all reasonable requests.
  • Notification of a Breach:

    We will notify you if there is a breach of your unsecured PHI that is governed by HIPAA.
  • Exercise Rights Through a Personal Representative:

    You may exercise your rights through a personal representative as permitted or required by applicable law. Your personal representative may be required to produce evidence of authority to act on your behalf before that person will be given access to your PHI or allowed to take any action for you.
  • Complaints:

    If you believe your privacy rights have been violated, you may file a complaint with Mediluxe at the address set forth above or with the Secretary of the United States Department of Health and Human Services. All complaints must be submitted in writing. You will not be penalized or otherwise retaliated against in any way for filing a complaint.

Changes to this Notice

We reserve the right to make changes to this Notice as permitted by law and to make the revised Notice effective for PHI we already have about you as well as any information we receive in the future, as of the effective date of the revised Notice. If we make material or important changes to our privacy practices, we will promptly revise our Notice. This Notice will be in effect from
July 1, 2020
until the date we publish an amended Notice. If we do publish an amended Notice, we will notify you at your next visit. We will also publish the amended Notice in our office and on our web site if we maintain one. Upon request, Mediluxe will provide a revised Notice to you.

The Mediluxe Spa Privacy Statement

Our Core Beliefs Regarding User Privacy And Data Protection

  • User privacy and data protection are a necessity and our duty
  • We have the duty of protecting personal data
  • Data is a liability, it should only be collected and processed when absolutely necessary
  • We loathe spam as much as you do!
  • We will never sell, rent or distribute your personal data
  • We will not make your personal information public without your consent. Your personal information (name) will be made public only if you wish to make a comment or review on the website.

Relevant Legislation

Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

What Personal Information We Collect and Why

Here we describe what information is collected and reasons for collecting it. The categories of information collected are as follows:
  • Site Visit Trackers

    Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to track their journey through the website.
    Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer's IP address, which could be used to personally identify you, but Google does not grant us access to this. We consider Google to be a third-party data processor (see section below).
    GA makes use of cookies, details of which can be found on Google's developer guides. Our website uses the analytics.js implementation of GA. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
    In addition to Google Analytics, this website may collect information (held in the public domain) attributed to the IP address of the computer or device that is being used to access it.
  • Reviews and Comments

    Should you choose to add a comment or review on our site, the name and email address you enter with your comment will be saved to this website's database, along with your computer's IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third-party data processors detailed below. Only your name and email address that you supplied will be shown on the public-facing website.
    Your comments and the associated personal data will remain on this site until we see fit to either
    • Remove the comment or
    • Remove the blog post.
    NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
  • Forms and Email Newsletter Submissions on The Website

    If you choose to subscribe to our email newsletter or submit a form on our website, the email address that you submit to us will be forwarded to a third-party marketing platform service company. Your email address will remain within their database for as long as we continue to use the third-party marketing company’s services for the sole purpose of email marketing or until you specifically request removal from the list.
    You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
    Listed below are the pieces of information that we may collect as part of servicing requests on our website:
    • Name
    • Gender
    • Email ID
    • Phone
    • Mobile
    • Address
    • City
    • State
    • Postal Code
    • Country
    • IP Address
    We do not sell your personal information to third parties. We may share limited amount of data with listed Third-Party data processors only towards servicing your requests or improving our offering.
  • Email Links

    We only receive an email when a user mails us using an email link. There are no third-party data processors or intermediaries involved.
    The data is collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by our local computers and devices.
  • Revenue Recovery Emails

    As part of Revenue Recovery model, we work with re-marketing service companies to send notification messages if you have abandoned your cart without making a purchase. This is for the sole purpose of reminding customers to complete the purchase if they’d wish to. The re-marketing service companies do a real-time capture of your email ID and cookies to send an email invite to complete the transaction if the customer abandons the cart. However, the email ID of the customer is deleted from their database as soon as the purchase is complete.
  • “Do Not Sell My Data” - Why we don’t have it

    We do not sell personal information of our customers or of minors below the age of 16 years to third-party data collectors and hence the “Do not sell my data” opt-out button is optional on our website. Reiterating, we may collect your data for the sole purpose of completing a service request or for marketing communications. If you wish to access or erase your personal information, you can do so by submitting your details here.
  • Important Notice for Minors Sharing Personal Information

    If you are under 16 years of age you MUST obtain parental consent before:
    • Submitting a form
    • Posting a comment on our blog
    • Subscribing to our offer
    • Subscribing to our email newsletter
    • Making a Transaction
  • Accessing/Deleting Personal Information

    Should you wish to view or delete your personal information, please email us here with the email address used, your name and deletion request. Alternatively, you can fill out the form at the bottom of this page to view and/or delete your data stored with us

Third Party Data Processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section above. If you request for your Personal information to be deleted with us, the request will also be forwarded to the parties below:

Cookie Policy

This policy covers the use of cookies and other technologies. The types of cookies we use fall into 3 categories:
  • Essential Cookies and Similar Technologies

    These are vital for the running of our services on our websites and apps. Without the use of these cookies parts of our websites would not function. For example, session cookies allows a navigation experience that is consistent and optimal to user's network speed and choice of device.
  • Analytics Cookies and Similar Technologies

    These collect information about your use of our websites and apps and enable us to improve the way it works. For example, analytics cookies show us which are the most frequently visited pages. They also help identify any difficulties you have accessing our services, so we can fix any problems. Additionally, these cookies allow us to see overall patterns of usage at an aggregated level.
  • Tracking, Advertising Cookies and Similar Technologies

    We use these types of technologies to provide advertisements that are more relevant to your interests. This can be done by delivering online adverts based on your previous web browsing activity. Cookies are placed on your browser which will store details of websites you have visited. Advertising based on what you have been looking at is then displayed to you when you visit websites that use the same advertising networks.
    We may also use cookies and similar technologies to provide you with adverts based on your location, offers you click on, and other similar interactions with our websites and apps.

Data Breaches

We will report any unlawful data breach of this website's database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Changes to Our Privacy Policy

This privacy policy may change from time to time to conform with legislation and/or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.
By entering a valid email address that you have access to, we will inform you about any personal information we collect that is associated with that email address and how to manage it.
By entering a valid email address that you have access to, we will inform you any personal information we collect that is associated with that email address and how to manage it.