TRUE AGE WELLNESS – HIPAA-COMPLIANT PRIVACY POLICY
Effective Date: July 7, 2025

This notice explains how True Age Wellness (“we,” “our,” or “the Practice”) protects, uses, and discloses your Protected Health Information (PHI) collected through our services and website. It also describes your rights under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Georgia law.

1. OUR DUTIES UNDER HIPAA

• Privacy & Security – We must safeguard your PHI, give you this notice, and follow its terms.
• Breach Notification – If unsecured PHI is breached, we will notify you within 60 days of discovery.
• Minimum Necessary Rule – We limit uses/disclosures to the minimum needed for the stated purpose.

2. WHAT COUNTS AS PHI

PHI is any information that identifies you and relates to your past, present, or future health, the care you receive, or payment for that care.
Identifiers: name, address, phone, email, date of birth, Social Security number
Health Data: diagnoses, lab results, medications, treatment notes, billing records

3. HOW WE MAY USE & DISCLOSE YOUR PHI (NO EXTRA AUTHORIZATION NEEDED)

• Treatment – e.g., sharing lab results with a consulting specialist.
• Payment – processing self-pay invoices or giving you documentation for possible insurance reimbursement (we do not bill insurance).
• Health-Care Operations – quality reviews, staff training, audits.
• Public Health & Safety – reporting communicable diseases or suspected abuse as required by law.
• Legal Requirements – complying with valid subpoenas or court orders.

4. USES & DISCLOSURES REQUIRING YOUR WRITTEN AUTHORIZATION

Except for the situations in Section 3, we will not use or disclose your PHI without your signed authorization. You may revoke an authorization in writing at any time (except where we have already relied on it). Examples include:
• Marketing communications beyond face-to-face conversations or nominal-value gifts
• Sale of PHI
• Certain research activities
• Release of psychotherapy notes

5. YOUR HIPAA RIGHTS

• Inspect & Copy – Request access to your records (paper or electronic) within 30 days.
• Amend – Ask us to correct information you believe is inaccurate or incomplete.
• Restrictions – Request limits on our use/disclosure; we must honor a restriction on disclosures to your health plan if you pay in full out-of-pocket.
• Confidential Communications – Ask us to contact you at an alternative address or phone number.
• Accounting of Disclosures – Receive a list of certain non-routine disclosures made in the past six years.
• Paper Copy of This Policy – Request a printed copy at any time.
• File a Complaint – Contact our Privacy Officer or the U.S. Department of Health & Human Services. We will not retaliate against you for filing a complaint.

6. HOW WE SAFEGUARD YOUR DATA

• Administrative – Staff HIPAA training, role-based access, Business Associate Agreements.
• Technical – Encryption in transit and at rest, unique user IDs, regular security risk assessments.
• Physical – Locked cabinets, restricted areas, secure disposal of media.

7. WEBSITE & DIGITAL DATA PRACTICES

• Contact forms and telehealth portals use encrypted (TLS/SSL) connections.
• Only de-identified, aggregate analytics are used; no PHI is stored in cookies.
• External links are not governed by this policy.

8. DATA RETENTION & DESTRUCTION

Medical records are retained for at least 10 years from the date of last treatment (or longer if required by law). After that period, records are destroyed using industry-standard shredding or data-wipe methods.

9. CHANGES TO THIS POLICY

We may update this policy at any time. Material changes will be posted on our website and apply to all PHI we maintain.

10. CONTACT & COMPLAINTS

Crystal Lilavois
True Age Wellness
800 Whitlock Ave SW, Ste 115, Room 126 Marietta, GA 30064
Phone: (239) 595-6803
Email: trueagewellness@gmail.com

If you believe your privacy rights have been violated, contact us or the U.S. Department of Health & Human Services, Office for Civil Rights. We will not retaliate for filing a complaint.

11. ACKNOWLEDGMENT OF RECEIPT

By receiving services at True Age Wellness or submitting information through our website, you acknowledge receipt of this HIPAA-compliant Privacy Policy and understand how your PHI may be used and disclosed.

Thank you for trusting True Age Wellness with your care.