Privacy Policy

1. About This Policy

Ivy Infusions, LLC ("Company," "we," "us," or "our") operates premium IV hydration therapy and wellness services throughout South Florida. We are committed to protecting your privacy and maintaining the confidentiality of your personal and protected health information (PHI) in compliance with all applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA), Florida state privacy laws, and federal regulations governing healthcare providers.

This Privacy Policy applies to all information collected through our services, website, mobile applications, and any other digital platforms we operate. By using our services or providing us with your information, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

2. Information We Collect and Maintain

2.1 Protected Health Information (PHI)

As a covered entity under HIPAA, we collect and maintain protected health information, which includes:

• Personal identifiers (full name, address, telephone numbers, email address, date of birth, Social Security number)
• Medical history, current health conditions, and symptoms
• Current medications, supplements, and known allergies
• Vital signs, physical assessment data, and laboratory results
• Treatment records, IV therapy documentation, and progress notes
• Payment information, insurance details, and billing records
• Emergency contact information and healthcare proxy details
• Communication preferences and appointment history
• Any photos or videos taken during treatment (with explicit consent)

2.2 Digital and Website Information

• Device information (IP address, browser type, operating system)
• Website usage data and analytics through cookies and similar technologies
• Geolocation data (if you enable location services)
• Communication records (emails, text messages, chat logs)
• Social media interactions and referral sources
• Marketing preferences and engagement data
• Payment processing information through third-party processors

2.3 Business and Operational Information

• Customer service interactions and complaint records
• Quality assurance and training materials
• Legal documentation and regulatory compliance records
• Background checks and verification for staff and contractors

3. How We Use Your Information

3.1 Treatment and Medical Care

• Providing IV hydration therapy and wellness services
• Conducting medical assessments and consultations
• Monitoring treatment responses and adjusting protocols
• Coordinating care with other healthcare providers when authorized
• Emergency medical treatment and safety protocols
• Preventive care recommendations and follow-up services
• Clinical research and outcomes measurement (de-identified data only)

3.2 Payment and Financial Operations

• Processing payments and managing billing
• Insurance verification and claims processing
• Collections activities for outstanding balances
• Financial reporting and tax compliance
• Fraud prevention and payment security measures

3.3 Healthcare Operations and Business Management

• Quality assessment and improvement programs
• Staff training and competency evaluations
• Safety monitoring and infection control protocols
• Professional licensing and accreditation compliance
• Business planning, operations management, and strategic development
• Customer service and support activities
• Marketing and promotional activities (with separate consent)
• Legal compliance and regulatory reporting

4. Information Sharing and Disclosure

4.1 Permitted Uses Without Authorization

We may use or disclose your PHI without your written authorization in the following circumstances:

• For treatment, payment, and healthcare operations as defined by HIPAA
• When required by law, including court orders and legal proceedings
• For public health and safety activities, including disease reporting
• To law enforcement agencies when legally required
• For FDA reporting of adverse drug reactions or medical device incidents
• To workers' compensation agencies for covered claims
• To coroners, medical examiners, and funeral directors as necessary
• For organ donation organizations when applicable
• To avert serious threats to health or safety
• For specialized government functions (military, national security)
• To parents or legal guardians (not applicable as we serve adults only)

4.2 Uses Requiring Written Authorization

We will obtain your written authorization before using or disclosing your PHI for:

• Marketing and promotional communications
• Sale of PHI to third parties
• Research studies and clinical trials
• Psychotherapy notes (if applicable to our services)
• Disclosure to family members or friends beyond emergency situations
• Photography or videography for promotional purposes
• Testimonials and case studies
• Any other purpose not specifically permitted by law

4.3 Business Associates and Third Parties

We may share your information with business associates who perform services on our behalf under HIPAA-compliant agreements, including:

• Payment processors and billing companies
• IT support and cloud storage providers
• Legal counsel and compliance consultants
• Accounting and financial advisory services
• Marketing and communications agencies
• Medical waste disposal companies
• Equipment maintenance and calibration services

5. Your Privacy Rights Under HIPAA

5.1 Right to Access Your PHI

You have the right to inspect and obtain copies of your PHI that we maintain. We will respond to your request within 30 days and may charge reasonable copying fees. We may deny access in limited circumstances as permitted by law.

5.2 Right to Request Amendments

You may request amendments to your PHI if you believe it is incorrect or incomplete. We will respond within 60 days and may deny your request if the information was not created by us, is not part of our records, or is accurate and complete.

5.3 Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI. While we will consider your request, we are not required to agree to restrictions except in limited circumstances involving payment to health plans.

5.4 Right to Confidential Communications

You may request that we communicate with you about your PHI through alternative means or at alternative locations. We will accommodate reasonable requests.

5.5 Right to an Accounting of Disclosures

You may request an accounting of certain disclosures of your PHI made during the six years prior to your request, excluding disclosures for treatment, payment, and healthcare operations.

5.6 Right to a Paper Copy

You have the right to obtain a paper copy of this Privacy Policy at any time, even if you have agreed to receive it electronically.

5.7 Right to Revoke Authorization

You may revoke any written authorization at any time by providing written notice, except to the extent we have already acted based on your authorization.

6. Security Safeguards and Data Protection

6.1 Administrative Safeguards

• Designation of a Privacy Officer responsible for HIPAA compliance
• Comprehensive HIPAA training for all workforce members
• Written privacy policies and procedures
• Regular security risk assessments and management
• Incident response and breach notification procedures
• Business associate agreements with all applicable third parties
• Disciplinary actions for privacy violations
• Contingency planning for emergencies and system failures

6.2 Physical Safeguards

• Controlled access to facilities and workstations
• Secure storage and disposal of physical records
• Protected mobile equipment and media controls
• Surveillance systems and security personnel where appropriate
• Locked filing cabinets and restricted access areas
• Clean desk policies and secure workstation protocols

6.3 Technical Safeguards

• End-to-end encryption for data transmission and storage
• Multi-factor authentication and access controls
• Regular software updates and security patches
• Firewall and intrusion detection systems
• Secure backup and disaster recovery procedures
• Audit logs and monitoring of system access
• Data loss prevention and anti-malware software
• Secure communication channels for sensitive information

7. Website Privacy and Digital Services

7.1 Cookies and Tracking Technologies

Our website uses cookies, web beacons, and similar technologies to enhance user experience, analyze website traffic, and provide personalized content. You can manage cookie preferences through your browser settings, though disabling cookies may limit website functionality.

7.2 Third-Party Services and Integrations

We may use third-party services for analytics, appointment scheduling, payment processing, and marketing. These services have their own privacy policies and data handling practices. We maintain business associate agreements where required by HIPAA.

7.3 Social Media and Online Interactions

Any information shared through social media platforms or public forums is not protected by this Privacy Policy. We recommend avoiding sharing personal health information through these channels.

7.4 Email and Electronic Communications

Email communications may not be secure. We will not send sensitive PHI via unencrypted email unless you specifically request it and acknowledge the risks involved.

8. Data Retention and Disposal

We retain your information in accordance with Florida law, professional standards, and business requirements:

• Medical records: Minimum 7 years from last treatment date
• Payment and billing records: 7 years from service date
• Legal and compliance documents: As required by applicable law
• Marketing communications: Until you opt out or withdraw consent
• Website analytics: Typically 26 months, unless anonymized
• Security logs: 1 year or as required for investigations
• Quality assurance records: 3 years or as required by regulations

When information is no longer needed, we dispose of it securely through approved methods, including shredding physical documents and secure deletion of electronic files.

9. Breach Notification and Incident Response

In the event of a breach of unsecured PHI, we will:

• Notify affected individuals within 60 days of discovery
• Report to the U.S. Department of Health and Human Services as required
• Notify the media if the breach affects 500 or more individuals in a single state
• Take immediate steps to mitigate the breach and prevent future occurrences
• Conduct a thorough investigation and document findings
• Provide credit monitoring or other protective services when appropriate

10. Florida-Specific Privacy Rights

As a Florida resident, you may have additional privacy rights under state law, including:

• Florida Patient's Bill of Rights and Responsibilities
• Florida Personal Information Protection Act requirements
• Enhanced consent requirements for certain disclosures
• Right to request information about data sharing practices
• Additional protections for sensitive personal information
• Rights related to automated decision-making processes

11. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time, as permitted by law. Material changes will be effective immediately upon posting on our website. We will notify you of significant changes through appropriate means, which may include email notification or prominent website notices. Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.

For changes that materially affect how we use or disclose PHI created or received before the effective date, we will obtain your consent before implementing such changes.

12. Complaints and Enforcement

12.1 Filing Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

• Our Privacy Officer using the contact information below
• The U.S. Department of Health and Human Services Office for Civil Rights
• The Florida Department of Health
• Your state attorney general's office

12.2 No Retaliation Policy

We prohibit retaliation against any individual who files a privacy complaint, exercises their privacy rights, or participates in privacy-related investigations or proceedings.

12.3 HHS Contact Information

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

13. International Data Transfers

Your information is processed and stored within the United States. If you are accessing our services from outside the United States, you acknowledge that your information will be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction.

14. Age Restrictions

Our services are available exclusively to adults 18 years of age and older. We do not knowingly collect or maintain information from individuals under 18 years of age. If we become aware that we have collected information from someone under 18, we will delete such information immediately.