← Back to Svelte Bride™

Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Information We Collect

A. Protected Health Information (PHI)

We collect the following health information to provide medical care:

• Medical History: Current and past medical conditions, medications, allergies, surgical history
• Physical Measurements: Height, weight, BMI, blood pressure, vital signs
• Laboratory Results: Blood work, metabolic panels, hormone levels (when applicable)
• Treatment Records: Prescriptions, dosages, progress notes, physician consultations
• Symptom Reports: Side effects, adverse reactions, treatment response
• Photographic Documentation: Progress photos (optional, with explicit consent)

B. Personal Identification Information

• Full name, date of birth, gender
• Mailing address and physical location (Florida residents only)
• Email address and phone number
• Emergency contact information
• Government-issued ID (for identity verification)

C. Payment & Financial Information

• Credit card information (processed securely through third-party payment processors)
• Billing address
• HSA/FSA account information (if applicable)
• Third-party financing information (CareCredit®, Cherry®)

D. Technical & Usage Data

• IP address and device information
• Browser type and operating system
• Website usage patterns and page interactions
• Cookies and similar tracking technologies
• Telehealth video consultation metadata (connection quality, duration)

2. How We Use Your Information

A. Treatment (Primary Purpose)

All clinical activities are managed through our HIPAA-compliant EMR system (Practice Better):

• Evaluating your eligibility for GLP-1 therapy
• Prescribing medications and supplements
• Monitoring treatment progress and safety
• Coordinating care with pharmacies and laboratories
• Providing ongoing medical supervision
• Documenting all clinical encounters and treatment plans
• Secure messaging for medical questions and concerns

B. Payment & Operations

• Processing subscription payments and billing
• Verifying insurance eligibility (HSA/FSA)
• Managing refunds and payment disputes
• Quality improvement and staff training
• Legal compliance and regulatory reporting

C. Healthcare Operations

• Improving service quality and patient outcomes
• Conducting internal audits and quality assurance
• Training healthcare providers
• Compliance with medical board regulations
• Risk management and patient safety initiatives

D. Communication

• Appointment reminders and scheduling
• Treatment updates and medication refills
• Important health and safety notifications
• Program updates and educational content (with consent)
• Customer support and inquiries

3. How We Protect Your Information

A. HIPAA-Compliant Platforms

• Electronic Medical Records (EMR): All patient medical records, clinical notes, prescriptions, and PHI are stored and managed exclusively through Practice Better, a fully HIPAA-compliant EMR system with Business Associate Agreement (BAA) in place
• Telehealth Platform: All video consultations are conducted through a HIPAA-compliant telehealth platform with end-to-end encryption and BAA coverage
• Secure Communications: Patient communications containing PHI are transmitted only through HIPAA-compliant secure messaging within the EMR system
• Data Encryption: All PHI is encrypted both in transit (256-bit SSL/TLS) and at rest on HIPAA-certified servers

B. Platform Security Features

Our HIPAA-compliant platforms provide:

• Access Controls: Role-based permissions ensure only authorized healthcare providers can access your medical records
• Audit Trails: All access to PHI is automatically logged and monitored for security
• Multi-Factor Authentication: Additional security layer for provider and patient portal access
• Automatic Backups: Regular encrypted backups ensure data integrity and availability
• Disaster Recovery: Enterprise-grade redundancy and failover systems

C. Administrative Safeguards

• Mandatory HIPAA training for all staff members and healthcare providers
• Business Associate Agreements (BAAs) with all technology vendors handling PHI
• Annual security risk assessments and compliance audits
• Incident response and breach notification procedures
• Strict confidentiality policies and employee agreements
• Designated Privacy Officer responsible for HIPAA compliance oversight

D. Physical Safeguards

• Secure workstation practices for all staff accessing PHI
• Device encryption and password protection requirements
• No PHI stored on local devices or non-compliant systems
• Secure disposal protocols for any physical records

4. When We Disclose Your Information

We will never sell your personal health information. We only disclose your PHI in the following circumstances:

A. Required by Law

• Court Orders: Subpoenas or legal proceedings
• Law Enforcement: When required by state or federal authorities
• Public Health Reporting: Disease surveillance, FDA adverse event reporting
• PDMP Reporting: Prescription Drug Monitoring Program (E-FORCSE in Florida)

B. With Your Written Authorization

• Sharing records with other healthcare providers (upon your request)
• Marketing communications (opt-in only)
• Testimonials or case studies (with explicit consent and de-identification)
• Research participation (always voluntary)

C. Third-Party Service Providers (Business Associates)

We work exclusively with HIPAA-compliant vendors who have signed Business Associate Agreements (BAAs). All Protected Health Information is transmitted only through these certified platforms:

• Electronic Medical Records (EMR): Practice Better - HIPAA-compliant EMR system where all patient medical records, clinical notes, and PHI are stored and managed
• Telehealth Platform: HIPAA-compliant video consultation platform with end-to-end encryption and BAA coverage
• Pharmacies: FDA-registered 503A/503B compounding pharmacies for medication fulfillment (receive only prescription information necessary for dispensing)
• Laboratories: CLIA-certified labs for diagnostic testing when ordered (receive only necessary clinical information for test processing)
• Payment Processors: Secure payment gateways (Stripe, Square) - receive payment information only, no PHI transmitted
• CRM System: HubSpot with BAA for patient communications and appointment reminders - does not store clinical PHI, only contact information and scheduling data
• Shipping Carriers: For medication delivery - receive name and address only, no medical information or PHI

Important: Marketing platforms, analytics tools, and non-medical systems never receive Protected Health Information (PHI). Only contact information and non-medical data flows to these systems.

D. Emergency Situations

• To emergency responders in life-threatening situations
• To prevent serious harm to you or others
• To report abuse, neglect, or domestic violence (as required by law)

5. Your Rights Under HIPAA

As a patient, you have the following rights regarding your Protected Health Information:

A. Right to Access

You have the right to request and receive a copy of your medical records. We will provide copies within 30 days of your written request. A reasonable fee may be charged for copying costs.

B. Right to Amendment

You may request corrections to your medical records if you believe information is inaccurate or incomplete. We may deny the request if the information is accurate and complete, but we will document your request.

C. Right to an Accounting of Disclosures

You can request a list of certain disclosures of your PHI we have made in the past six years (excluding routine treatment, payment, and operations).

D. Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI. We are not required to agree to your request but will consider it carefully. If we do agree, we will comply with the restriction unless emergency treatment is required.

E. Right to Confidential Communications

You may request that we communicate with you in a specific way or at a specific location (e.g., via email instead of phone calls, or at a work address instead of home).

F. Right to Revoke Authorization

You may revoke any authorization you have given us to use or disclose your PHI, except to the extent we have already acted in reliance on your authorization.

G. Right to Notification of Breach

In the unlikely event of a data breach affecting your PHI, we will notify you promptly as required by law.

6. Patient Portal & Technology

A. Secure Patient Portal (Practice Better EMR)

Your medical records are managed through Practice Better, a HIPAA-compliant EMR platform that provides:

• Secure access to medical records, treatment plans, and clinical notes
• Lab results and health tracking (when applicable)
• Encrypted secure messaging with your care team
• Appointment scheduling and management
• Prescription history and refill requests
• Protected by username, password, and multi-factor authentication
• Mobile-responsive interface accessible from any device

B. HIPAA-Compliant Telehealth Platform

All virtual consultations are conducted through our certified HIPAA-compliant telehealth platform:

• End-to-end encryption for all video consultations
• No recordings are made without explicit patient consent
• Consultations accessible only while physically located in Florida
• Secure waiting room with privacy controls
• Requires secure internet connection and updated web browser
• Business Associate Agreement (BAA) in place with telehealth vendor
• Automatic session timeout for security

C. Data Storage & Access

• All PHI stored exclusively in Practice Better HIPAA-compliant EMR system
• No PHI stored on local devices, personal computers, or non-compliant platforms
• Encrypted data transmission for all patient communications
• Automatic audit trails for all system access
• Enterprise-grade server infrastructure with redundancy

7. Cookies & Tracking Technologies

We use cookies and similar technologies to improve your website experience. Important: Cookies and analytics tools NEVER contain or track Protected Health Information (PHI).

A. Essential Cookies

• Required for website functionality and security
• Session management and authentication
• Shopping cart and form functionality
• Cannot be disabled without affecting site functionality

B. Analytics Cookies (Non-PHI Only)

• Google Analytics (with IP anonymization enabled)
• Website performance and traffic monitoring
• User experience improvements and A/B testing
• Tracks page views, session duration, bounce rates only
• NO medical information, PHI, or patient data collected
• Can be disabled via browser settings or opt-out links

C. Marketing Cookies (Non-PHI Only)

• Facebook Pixel, Google Ads conversion tracking
• Retargeting campaigns for general website visitors
• Advertising performance measurement
• CRITICAL: No PHI, medical information, or patient data is EVER shared with advertising platforms
• Patient portal and EMR systems are completely isolated from marketing tracking
• Can be disabled via browser settings, opt-out links, or privacy tools

Data Separation: Marketing and analytics systems are architecturally separated from our HIPAA-compliant EMR and telehealth platforms. PHI never flows to non-medical systems.

8. Third-Party Links

Our website may contain links to third-party websites (e.g., payment processors, educational resources). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

9. Data Retention

All medical records are stored in our HIPAA-compliant EMR system (Practice Better) according to Florida medical record retention requirements:

• Active Medical Records: Maintained in EMR system for the duration of the physician-patient relationship
• Inactive Records: Retained in secure EMR archive for 7 years after the last treatment date (Florida Statute 456.057 requirement)
• Billing Records: Retained for 7 years for tax and audit purposes
• Marketing Data (Non-PHI): Deleted upon request or after 3 years of inactivity
• Telehealth Session Metadata: Retained for 7 years as part of medical record documentation

Secure Deletion: When retention periods expire, records are securely deleted from our EMR system using certified data destruction methods that render PHI unrecoverable.

10. Children's Privacy

Svelte Bride™ services are intended for adults 18 years and older. We do not knowingly collect information from minors. If we discover that we have inadvertently collected information from someone under 18, we will delete it immediately.

11. State-Specific Rights

Florida Residents

As a Florida-licensed medical practice, we comply with all Florida state privacy laws, including Florida Statute 456.057 (medical records confidentiality) and the Florida Information Protection Act (FIPA).

Other State Privacy Laws

If applicable state privacy laws (e.g., CCPA in California) provide you with additional rights, please contact us to exercise those rights. However, our telehealth services are only provided to patients physically located in Florida.

12. International Users

Our services are provided exclusively within the United States. We do not knowingly collect information from individuals outside the U.S. All data is stored on U.S.-based servers.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated via:

• Email notification to active patients
• Prominent notice on our website
• Updated "Last Updated" date at the top of this policy

Continued use of our services after changes constitutes acceptance of the updated Privacy Policy.

14. Notice of Privacy Practices (NPP)

This Privacy Policy serves as our Notice of Privacy Practices as required by HIPAA. Upon enrollment, you will receive a separate copy of our full NPP document, which you will be asked to acknowledge receipt of.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Privacy Officer
RenuviaMD™
Miami, FL 33132
Email: support@renuviamd.com

By using Svelte Bride™ services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

← Return to Svelte Bride™