Skip to main contentSkip to servicesSkip to contact

Privacy Policy

HIPAA Compliance Statement

LUMERA MEDSPA is committed to protecting your privacy and maintaining the confidentiality of your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its implementing regulations.

As a covered entity under HIPAA, we are required to provide you with this Notice of Privacy Practices, which describes how we may use and disclose your PHI, your rights regarding your PHI, and our obligations concerning the use and disclosure of your PHI.

Information We Collect

Protected Health Information (PHI)

  • Medical history and treatment records
  • Diagnostic test results
  • Treatment plans and progress notes
  • Prescription information
  • Insurance and billing information

Personal Information

  • Name, address, and contact information
  • Date of birth and demographic information
  • Emergency contact information
  • Payment and insurance information

How We Use Your Information

We may use and disclose your PHI for the following purposes:

  • Treatment: To provide, coordinate, or manage your healthcare and related services
  • Payment: To obtain payment for services provided to you
  • Healthcare Operations: To support the business activities of our practice
  • Appointment Reminders: To contact you about appointments and treatment alternatives
  • Health-Related Benefits: To inform you about health-related benefits or services

Your Rights

Under HIPAA, you have the following rights regarding your PHI:

  • Right to Access: You may request to inspect and copy your PHI
  • Right to Amend: You may request amendments to your PHI
  • Right to Restrict: You may request restrictions on certain uses and disclosures
  • Right to Confidential Communications: You may request confidential communications
  • Right to Accounting: You may request an accounting of certain disclosures
  • Right to Complain: You have the right to file a complaint with us or the Secretary of HHS

Data Retention

We retain your PHI for as long as required by law and our record retention policies. Generally, medical records are retained for a minimum of 7 years from the date of last service, or longer as required by state law.

When PHI is no longer needed, it is securely destroyed in accordance with HIPAA requirements.

Security Measures

We implement appropriate administrative, physical, and technical safeguards to protect your PHI against unauthorized access, use, or disclosure. These measures include:

  • Encryption of electronic PHI
  • Access controls and authentication
  • Regular security assessments
  • Employee training on privacy and security
  • Incident response procedures

Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Privacy Officer: Dr. Sarah Johnson

Phone: (555) 123-4567

Email: privacy@lumera-medspa.com

Address: 123 Luxury Lane, Beverly Hills, CA 90210

Updates to This Policy

We may update this Privacy Policy from time to time. The effective date of the current policy is July 22, 2025. We will notify you of any material changes to this policy.