Privacy policy.

Notice of Privacy Practices

June 2022

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS PLEASE REVIEW IT CAREFULLY.

As required by applicable federal and state laws, Skin Refinery and its employees are dedicated to maintaining the privacy of your personal health information (referred to as “PHI”). These laws require us to provide you with this Notice of Privacy Practices, and to inform you of your obligations concerning Protected Health Information, or PHI, which is information that identifies you and that relates to your physical or mental health condition. We are required to follow the privacy practices described below while this Notice is still in effect.

A. Permitted Disclosures of PHI:

We may disclose your PHI for the following reasons. For each category of uses or disclosures I will explain what I mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways I am permitted to use and disclose information will fall within one of the categories.

1. Treatment. We may disclose your PHI to a physician or other health care provider providing treatment to you. We may disclose health information about you to other healthcare providers who are involved in your treatment. These other providers may include, but are not limited to physicians, nurses, technicians or personnel who are involved with the administration of your care. Doctors and other providers who may treat you at places other than Skin Refinery need to be able to access the most complete information possible in order to make decisions about your care. These providers are able to access your electronic and paper records from Skin Refinery for this purpose. Also, when these providers have referred you to Skin Refinery, they will also be able to access your records and your health information to follow your treatment progress.

2. Payment: If we request payment from your healthcare plan they may need information from us about your medical care. The information provided may include your diagnosis, procedures performed, or recommended care.

3. Health Care Operations. We may disclose your PHI in connection with our health care operations. Health care operations include quality assessment activities, reviewing the competence or qualifications of health care professionals, evaluating provider performance, and other business operations. For example, we may use your PHI to evaluate the performance of the health care services you received. We may also provide your PHI to accountants, attorneys, consultants and others to make sure we comply with the laws that govern us.

4. Incidental Uses and Disclosures. We may use or disclose your health information when it is associated with another use or disclosure that is permitted or required by law. For example, conversations between doctors, nurses or other Skin Refinery personnel regarding your medical condition may, at times, be overheard. Please be assured that we have appropriate safeguards to avoid these situations as much as possible.

5. Appointment Reminders. We may use and disclose health information to remind you of an appointment you scheduled for a treatment or medical service at Skin Refinery.

6. Emergency Treatment. We may disclose your PHI if you require emergency treatment or are unable to communicate with us.

7. Family and Friends. We may disclose your PHI to a family member, friend or any other person whom you identify to us as being involved with your care or payment for care, unless you object.

8. Required by Law. We may disclose your PHI for law enforcement purposes and as required by state or federal law. For example, the law may require us to report instances of abuse, neglect or domestic violence; to report certain injuries such as gunshot wounds; or to disclose PHI to assist law enforcement in locating a suspect, fugitive, material witness or missing person. We will inform you or your representative if we disclose your PHI because we believe you are a victim of abuse, neglect or domestic violence, unless we determine that informing you or your representative would place you at risk. In addition, we must provide PHI to comply with an order in a legal or administrative proceeding. Finally, we may be required to provide PHI in response to a subpoena discovery request or other lawful process, but only if efforts have been made, by us or the requesting party, to contact you about the request or to obtain an order to protect the requested PHI.

9. Serious Threat to Health or Safety. We may disclose your PHI if we believe it is necessary to avoid a serious threat to the health and safety of you or the public.

10. Health Information Exchange. Skin Refinery records transmits health information, including prescription information, electronically. Health information is shared for the purposes outlined in this Notice and is protected electronically through local, state and national health information exchanges.

11. Public Health Risks. We may disclose your PHI to public health or other authorities charged with preventing or controlling disease, injury or disability, or charged with collecting public health data. Disclosure of health information about you for public health activities include to:

· Prevent or control disease, injury or disability · Report births and deaths and participate in disease registries

· Report child abuse or neglect

· Report reactions to medications or problems with products

· Notify people of recalls for products they may be using

· Notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition

· Notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will make this disclosure only if you agree, or when required or authorized by law.

12. Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized by law. These activities include audits; civil, administrative or criminal investigations or proceedings; inspections; licensure or disciplinary actions; or other activities necessary for oversight of the health care system, government programs and compliance with civil rights laws.

13. Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose health information about you in response to a court or administrative order. We also may disclose medical information about you in response to a subpoena, discovery request or other lawful process by someone involved in the dispute, but only if you have agreed to such a release. However, your permission will not be required if the disclosure request has been signed by a judge or ordered by a court of law.

14. Law Enforcement. We may disclose health information if asked to do so by a law enforcement official in the following situations:

· In response to a court order, subpoena, warrant summons or similar process

· To identify or locate a suspect, fugitive, material witness or missing person

· If the information is about a victim of a crime and if, under certain limited circumstances, we are unable to obtain the person’s agreement to the disclosure

· About a death we believe may be the result of criminal conduct

· About criminal conduct at Skin Refinery

· In emergency circumstance to report a crime, the location of the crime or victims, or the identity (description or location) of the person who committed the crime.

5. Research. We may disclose your PHI for certain research purposes, but only if we have protections and protocols in place to ensure the privacy of your PHI.

16. National Security and Intelligence Activities. We may disclose your health information to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.

17. Third Parties. We may disclose your health information to certain third parties with whom we contract to perform services on behalf of Skin Refinery. If so, we will have written assurances from the third party that your information will be protected.

18. Workers’ Compensation. We may disclose your PHI to comply with laws relating to workers’ compensation or other similar programs.

19. Specialized Government Activities. If you are active military or a veteran, we may disclose your PHI as required by military command authorities. We may also be required to disclose PHI to authorized federal officials for the conduct of intelligence or other national security activities.

20. Organ Donation. If you are an organ donor, or have not indicated that you do not wish to be a donor, we may disclose your PHI to organ procurement organizations to facilitate organ, eye or tissue donation and transplantation.

21. Coroners, Medical Examiners, Funeral Directors. We may disclose your PHI to coroners or medical examiners for the purposes of identifying a deceased person or determining the cause of death, and to funeral directors as necessary to carry out their duties.

22. Disaster Relief. Unless you object, we may disclose your PHI to a governmental agency or private entity (such as FEMA or Red Cross) assisting with disaster relief efforts.

B. Disclosures Requiring Written Authorization.

1. Not Otherwise Permitted. In any other situation not described in Section A above, we may not disclose your PHI without your written authorization.

2. Psychotherapy Notes. We must receive your written authorization to disclose psychotherapy notes, except for certain treatment, payment or health care operations activities.

3. Marketing and Sale of PHI. We must receive your written authorization for any disclosure of PHI for marketing purposes or for any disclosure which is a sale of PHI.

C. Your Rights.

1. Right to Receive a Paper Copy of This Notice. You have the right to receive a paper copy of this Notice upon request.

2. Right to Access PHI. You have the right to inspect and copy your PHI for as long as we maintain your medical record. You must make a written request for access to the Privacy Officer at the address listed at the end of this Notice. We may charge you a reasonable fee for the processing of your request and the copying of your medical record pursuant to state law. In certain circumstances we may deny your request to access your PHI, and you may request that we reconsider our denial. Depending on the reason for the denial, another licensed health care professional chosen by us may review your request and the denial.

3. Right to Request Restrictions. You have the right to request a restriction on the use or disclosure of your PHI for the purpose of treatment, payment or health care operations, except for in the case of an emergency. You also have the right to request a restriction on the information we disclose to a family member or friend who is involved with your care or the payment of your care. However, we are not legally required to agree to such a restriction.

4. Right to Restrict Disclosure for Services Paid by You in Full. You have the right to restrict the disclosure of your PHI to a health plan if the PHI pertains to health care services for which you paid in full directly to us. To request restrictions, you must make a written request to the Privacy Officer at the address listed at the end of this Notice.

5. Right to Request Amendment. You have the right to request that we amend your PHI if you believe it is incorrect or incomplete, for as long as we maintain your medical record. We may deny your request to amend if (a) we did not create the PHI, (b) is not information that we maintain, (c) is not information that you are permitted to inspect or copy (such as psychotherapy notes), or (d) we determine that the PHI is accurate and complete.

6. Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures of PHI made by us (other than those made for treatment, payment or health care operations purposes) during the 6 years prior to the date of your request. You must make a written request for an accounting, specifying the time period for the accounting, to the Privacy Officer at the address listed at the end of this Notice.

7. Right to Confidential Communications. You have the right to request that we communicate with you about your PHI by certain means or at certain locations. For example, you may specify that we call you only at your home phone number, and not at your work number. You must make a written request, specifying how and where we may contact you, to the Privacy Officer at the address listed at the end of this Notice.

8. Right to Notice of Breach. You have the right to be notified if we or one of our business associates become aware of a breach of your unsecured PHI.

D. Changes to this Notice.

We reserve the right to change this Notice at any time in accordance with applicable law. Prior to a substantial change to this Notice related to the uses or disclosures of your PHI, your rights or our duties, we will revise and distribute this Notice.

E. Acknowledgment of Receipt of Notice.

We will ask you to sign an acknowledgment that you received this Notice.

F. Questions and Complaints.

If you would like more information about our privacy practices or have questions or concerns, please contact us. If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made regarding the use, disclosure, or access to you PHI, you may complain to us by contacting the Privacy Officer at the address and phone number at the end of this Notice. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file such a complaint upon request. We support your right to the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

Please direct any of your questions or complaints to: privacy@skinrefinery.com

Skin Refinery

Attn: Privacy Officer

100 N Howard St, Ste. W

All complaints must be submitted in writing. You will not be penalized for filing a complaint. This notice is effective June 8, 2022.