As a medical spa, we are committed to protecting your health information in compliance with federal privacy regulations.
NOTICE OF PRIVACY PRACTICES
Effective Date: May 1, 2026
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Skinovatio Medical Spa – Ohio (the “Practice”) is committed to protecting the privacy and security of your Protected Health Information (PHI) . As a medical service provider in the State of Ohio, we are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its subsequent amendments, as well as applicable Ohio laws, to maintain the privacy of your PHI. This Notice explains your rights and our legal duties regarding your PHI, including our obligations under the Ohio Administrative Code (OAC), the Ohio Revised Code (ORC), and rules set by the State Medical Board of Ohio.
You have the following rights with respect to your PHI. To exercise any of these rights, you must submit a written request using our standardized form, available at our reception desk or by contacting our Privacy Officer at the information provided below. We will respond to all timely requests within 30 days (or 60 days with a valid extension notice).
Right to Access & Obtain a Copy (45 C.F.R. §164.524)
You have the right to inspect and obtain a copy of your PHI maintained in our records. If we maintain your records electronically, you have the right to request an electronic copy in your preferred format.
Right to Amend (45 C.F.R. §164.526)
You may request that we amend your PHI if you believe it is incorrect or incomplete. We may deny your request under certain circumstances, such as if we determine the record is accurate and complete, and we will provide a written explanation.
Right to an Accounting of Disclosures (45 C.F.R. §164.528)
You have the right to request a list of certain disclosures of your PHI made by us for purposes other than treatment, payment, or healthcare operations. This request can apply to disclosures made up to six years prior to the date of your request.
Right to Request Restrictions (45 C.F.R. §164.522(a))
You may ask us to restrict the use or disclosure of your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request, except in one specific case: if you pay for a service or item entirely out-of-pocket and in full, you may request that we not disclose PHI related to that service to a health plan.
Right to Request Confidential Communications (45 C.F.R. §164.522(b))
You may request that we communicate with you about your PHI by alternative means (e.g., email, phone) or at an alternative location (e.g., your work address). Your request must be made in writing and specify the alternative contact method. We will accommodate all reasonable requests.
Right to a Copy of This Notice
You are entitled to receive a paper copy of this Notice upon request, even if you previously agreed to receive it electronically.
Right to Be Notified of a Breach
You have the right to be notified in the event that we discover a breach of your unsecured PHI. You will be notified within 60 days of the discovery of the breach for breaches involving 500 or more individuals, or annually for smaller breaches. For breaches affecting Ohio residents, we will also comply with any applicable notification requirements enforced by the Ohio Attorney General.
Under the law, the Practice is required to:
Maintain the Privacy of Your PHI: We follow all federal (45 C.F.R. Part 160 & 164) and Ohio state laws governing PHI.
Provide This Notice: We are required to give you this Notice of our legal duties and privacy practices and to follow its terms.
Notify You of a Breach: We will notify you if a breach occurs that may have compromised the privacy or security of your information.
Comply with State Law: Where Ohio law provides greater protection of your PHI than federal law, we will follow Ohio law (ORC §3701.17, §3798.04).
Follow Record Retention Laws: We maintain medical records as necessary to verify the information and reports required by statute or regulation for six years from the date of your discharge, as required by the Ohio Department of Health under OAC 3701-84-11 (F).
The following categories describe how we may use and disclose your PHI for purposes of Treatment, Payment, and Healthcare Operations (TPO) . For these purposes, we are permitted to disclose your PHI without your specific written authorization, though you do have the right to request restrictions as noted above.
For Treatment (45 C.F.R. §164.506(c)(2)): We may use your PHI to provide, coordinate, or manage your aesthetic treatments and related care.
For Payment (45 C.F.R. §164.506(c)(3)): We may use and disclose your PHI to bill and collect payment for services provided.
For Healthcare Operations (45 C.F.R. §164.506(c)(4)): We may use your PHI for quality assessment, staff training, compliance monitoring, and other business activities.
With Your Family & Friends: We may disclose relevant PHI to a family member, close friend, or other person involved in your care, provided you have agreed to such disclosure or we have given you the opportunity to object and you have not done so.
As Required by Law: We will disclose your PHI when required to do so by federal, state, or local law.
For Public Health Activities (45 C.F.R. §164.512(b)): We may disclose your PHI to public health authorities for the purpose of preventing or controlling disease, injury, or disability.
For Health Oversight Activities (45 C.F.R. §164.512(d)): We may disclose your PHI to a health oversight agency for activities such as audits, investigations, and inspections. This includes the State Medical Board of Ohio.
For Judicial & Administrative Proceedings (45 C.F.R. §164.512(e)): We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
For Law Enforcement Purposes (45 C.F.R. §164.512(f)): We may disclose your PHI to law enforcement officials for specific purposes, such as to report a crime on our premises or to comply with a court order.
To A Business Associate: We may share your PHI with third-party service providers who perform functions on our behalf (e.g., billing services, IT support). We will have a written Business Associate Agreement with each such provider that contractually obligates them to safeguard your information.
Any other use or disclosure of your PHI not described above, including the use or disclosure of your PHI for marketing purposes or the sale of your PHI, will only be made with your written authorization. You have the right to revoke such authorization in writing at any time. Once revoked, we will no longer use or disclose your PHI for the purposes described in the authorization, except to the extent that we have already taken action in reliance on your prior authorization.
We are required to abide by the terms of this Notice currently in effect. However, we reserve the right to change the terms of this Notice at any time. Any material changes will apply to all PHI we maintain, including information we created or received before the change. The revised Notice will be posted in our office, on our website, and made available upon request. The “Effective Date” at the top of this Notice indicates when it was most recently revised.
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). We will not retaliate against you for filing a complaint.
To file a complaint with us: Please contact our Privacy Officer using the information below.
To file a complaint with HHS:
Phone: 1-800-368-1019
Mail: U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Washington, D.C. 20201
For questions about this Notice, to exercise any of your rights, or to file a complaint, please contact our designated Privacy Officer:
Skinovatio Medical Spa – Ohio
Attn: Privacy Officer
1139 Rockside Rd., Parma, OH 44134
Phone: (216) 712-4605
Email: info@skinovatioohio.com
(You may also contact the corporate office at support@skinovatio.com for general inquiries.)
