​NOTICE OF PRIVACY POLICY

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

UNDERSTANDING YOUR HEALTH RECORD/INFORMATION

Protecting your personal information is important to us. This Privacy Policy applies to the products and services of Erasable Med Spa (“Erasable,” “we,” “us,” or “our” for the rest of this Notice) on all platforms and media (including the website,erasablemedspa.com, our mobile website, apps, emails, social media accounts and agreements.

This notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.

WHAT ARE MY HEALTH INFORMATION RIGHTS?

Although your health record is the physical property of Erasable, the information belongs to you. You have the right to:

  • Inspect and request a paper or electronic copy of your health record as provided by law;
    Request that we amend your health record as provided by law. We will notify you if we are unable to grant your request to amend your health record;
  • Request communication of your health information by alternative means or at alternative locations. We will accommodate reasonable requests.
  • Request a restriction on certain uses and disclosures of your information for treatment, payment, health care operations and as to disclosures permitted to persons, including family members involved with your care and as provided by law. However, we are not required by law to agree to a requested restriction, unless the request relates to a restriction on disclosures to your health insurer regarding health care items or services for which you have paid out-of-pocket and in-full;
  • Obtain an accounting of disclosures of your health information as provided by law;
  • Obtain a paper copy of this notice of information practices; and
  • Choose someone to act for you if you have given someone medical power of attorney or if someone is your legal guardian. We will verify the person’s authority before we take action.

You may exercise your rights set forth in this notice by providing a written request to Erasable Med Spa, 4103 N. Armenia Ave, Tampa, Florida 33607.

WHAT INFORMATION DOES ERASABLE INC. COLLECT ABOUT ME?

The information we collect about you falls into one of two categories, personally identifiable or non-personally identifiable.

Personally Identifiable Information.

Before receiving treatment or a consultation, medical history information will be collected, and as a result, you will provide us with personal information that is linked to you specifically (“Personally Identifiable Information” or “PHI”). This can include:Personal contact information (name, email address)

  • Professional information (company name, position/title)
  • Your birthday
  • Your location
  • Medical History
Non-Personally Identifiable Information.

We may also collect the following data that is not linked to you specifically:

  • Traffic Data. We use a number of internal and third-party tools to recognize visitor data like IP addresses, browser settings and operating systems. We track how often web pages and videos are viewed and the sources of our traffic. We employ Google Analytics Demographic and Interest Reporting, through which Google provides us with general demographic information (like age, gender and affinity categories) about visitors to our website. You can opt out of Google sharing this information at www.google.com/settings/ads.
  • Email Effectiveness Data. We may collect aggregated data about how often the emails we send out are opened and any links in them are clicked.
  • Cookie Data. We may use cookies, which are small pieces of data we place on visitors’ computers to track the web pages they visit before and after coming to our website. We may also use cookies to track the pages they view and the links they click on within Erasable’s website.
  • App Referral and Download Data. We may use internal and third-party tools to determine which sites or emails referred visitors to download the Erasable mobile application.
    • In-App Behavior. We may use internal and third-party tools to gather information about users’ behavior inside our mobile application, such as how much time users spend in the app as well as the frequency and duration with which they use particular features and view particular screens. ERASABLE DOES NOT STORE CREDIT CARD INFORMATION Payment for Erasable’s products and services are processed by Mindbody. Please consult Mindbody’s Security Policy for more information.

WHAT ARE ERASABLE’S RESPONSIBILITIES?

We are also required to:

  • Maintain the privacy of your health information
  • Subject to certain exceptions under the law, provide notice of any unauthorized acquisition, access, use or disclosure of your protected health information to the extent it was not otherwise secured;
  • Provide you with a notice as to our legal duties and privacy practices with respect to information we maintain about you;
  • Abide by the terms of this Notice; and
  • Notify you if we are unable to agree to a requested restriction on certain uses and disclosures.

We reserve the right to change our practices and to make the new provisions effective for all protected health information we maintain, including information created or received before the change. Should our information practices change we are not required to notify you, but we will have the revised notice available upon your request at Erasable.

HOW DOES ERASABLE MED SPA USE AND SHARE MY INFORMATION?

We use the information we collect from you to communicate with you, provide you with our services, and improve those services. For example, we may use your email address to send you reminders about appointments. We may analyze our users’ agreement-related data for purposes like refining the content of our forms.

Erasable will not share your PHI with third parties for the purpose of marketing their products without your prior consent. For example, we do not sell our email lists. But we may share your PHI with companies that provide us with support services (like our email providers) or that help us analyze or market our own products and services. We share this information only if these companies require such information to perform their functions. We do not authorize these companies to use your PHI for any other purpose.

Erasable will share your PHI with the appropriate authorities if we believe in good faith that doing so is required by law or court order, to protect our rights or property, or to protect the safety of our users or the public.

Additionally, if Erasable or substantially all of Erasable’s assets are acquired, or if Erasable goes out of business or enters bankruptcy, user information, including Personally Identifiable Information, may be one of the assets that is transferred to or acquired by a third party.

As for non-PHI, which is not linked to you specifically, we may share it with third parties for various purposes. For example, we may share information with third parties about the number of registered users and unique visitors to our website, or about the types of Erasable treatments that are most often requested.

Uses and Disclosures of Medical Information That Do Not Require Your Authorization

The following categories describe different ways that we may use and disclose medical information without your authorization. For each category of uses or disclosures we will explain what we mean, but not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information without your authorization should fall within one of the categories.

We will use your health information for treatment.

For example: We may disclose medical information about you to doctors, nurses, technicians, medical students, or other personnel who are involved in taking care of you. We may share medical information about you in order to coordinate different treatments. We may also provide your physician or a subsequent health-care provider with copies of various reports to assist in treating you once you are discharged from care at Practice.

We will use your health information for payment.

For example: A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used.

We will use your health information for regular health care operations.

For example: We may use the information in your health record to assess the care and outcome in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and services we provide.

We will use and disclose your health information as otherwise allowed by law. Examples of those uses and disclosures follow:

Business associates: There are some services provided in our organization through agreements with business associates. Examples include answering services and copy services. To protect your health information, however, we require business associates to appropriately safeguard your information.

Notification: Unless you object, we may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care about your location and general condition.

Individuals involved in your care: Unless you object, we may disclose to a family member, other relative, a close personal friend or other person you identify the health information that is directly relevant to that person’s involvement in your health care or payment for your health care. If you are not able to agree or object to such disclosure, we may disclose the information as necessary if we determine it is in your best interest in our professional judgment.

Disaster relief: We may use or disclose your health information to public or private disaster relief organizations to coordinate your care or to notify your family or friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to these disclosures when practical.

Research: We may disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to protect the privacy of your health

Communications regarding treatment alternatives and appointment reminders: We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.

Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse events with respect to food, medications, devices, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.

Worker’s compensation: We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.

Public health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability.

Abuse, neglect or domestic violence: As required by law, we may disclose health information to a governmental authority authorized by law to receive reports of abuse, neglect, or domestic violence.

Judicial, administrative and law enforcement purposes: Consistent with applicable law, we may disclose health information about you for judicial, administrative and law enforcement purposes.

Health oversight activities: We may disclose health information to a health oversight agency for activities authorized by law, such as audits, investigations, inspections and licensure.

Threats to health or safety: We may use or disclose health information as allowed by law if we believe in good faith that it is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or for law enforcement authorities to identify or apprehend an individual involved in a crime.

Special government functions: We may disclose health information to authorized federal officials for intelligence, counter-intelligence and other national security activities authorized by law, or for protective services to the President of the United States or certain other government officials. If you are a member of the military, we may disclose health information to military authorities under some circumstances. If you are an inmate of a jail, prison or other correctional facility or in the custody of law enforcement personnel, we may disclose health information necessary for your health and the health and safety of others.

Required or allowed by law: We will disclose medical information about you when required or allowed to do so by federal, state or local law.

Electronic Health Information Exchange: We use a third party to maintain our electronic medical records (“EMR”), and stores electronic health information about you in the EMR. We monitor who can view your EMR and limit access to the personnel with an actual need to access your information.

When We Need Your Written Authorization

We will not use or disclose your health information without your written authorization, except as described in this notice. Additional uses that might require your additional written authorization are not common, but an example would be uses and disclosures for marketing purposes.

CAN I OPT OUT OF ERASABLE USING MY PERSONALLY IDENTIFIABLE INFORMATION?

We can’t provide you with our core service without you providing us with some PHI.

CAN I OPT OUT OF EMAILS FROM ERASABLE?

You can opt out of emails from Erasable while maintaining an active account by adjusting that option in your profile.

IS MY INFORMATION SECURE?

We strive to maintain the safety of your information. For example, your information is transmitted via Secure Socket Layer (SSL) technology and access to your account information requires a password. You must keep your password confidential. Unfortunately, no internet-based service is completely secure. We cannot guarantee that any confidential or PHI you share while using Erasable is maintained at adequate levels of protection to meet your specific needs or obligations. We assume no responsibility for unauthorized access to your information.

HOW DO I DEACTIVATE MY ACCOUNT?

Should you ever decide to deactivate your Erasable account, you may do so by emailing us at info@erasablemedspa.com. Upon deactivation, you will no longer be able to access your account. Your information and data will remain on Mindbody’s secure servers.

OUR POLICY TOWARDS CHILDREN

Erasable is intended only for individuals 18 and above. We do not knowingly collect PHI from children under the age of 13. If you are under 13, please do not provide us with any PHI. If we learn that we have collected PHI from a child under 13, we will take steps to promptly delete the information.

CONTACTING US

If you have any questions about our Privacy Policy or practices please contact us at info@erasablemedspa.com.