top of page

Privacy Policy

PRIVACY, HIPAA, AND DATA SECURITY

 

1. Privacy Policy Incorporation

Our collection, use, and disclosure of your personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference. By using our services, you consent to the practices described in the Privacy Policy.

Please review our Privacy Policy at [www.aevua.com/privacy] to understand:

  • What information we collect

  • How we use and share information

  • Your privacy rights and choices

  • Cookie and tracking technology use

  • Data security measures

 

2. HIPAA Compliance

As a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. Parts 160 and 164, Aevua is committed to protecting the privacy and security of your Protected Health Information (PHI).

Aevua complies with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. PHI is stored in encrypted systems, transmitted through secure channels, and accessed only by authorized personnel.  In the event of a breach of unsecured PHI, Aevua will provide notifications as required under 45 C.F.R. §164.400-414.  Patients have the right to access, inspect, amend, and obtain copies of their PHI as permitted under HIPAA.  By providing your mobile number or email, you consent to receive appointment reminders and administrative communications. Clinical information will not be sent via unencrypted email or SMS unless you provide written consent.

 

2.1 Notice of Privacy Practices

You will receive our HIPAA Notice of Privacy Practices (NPP) at your first appointment, which describes:

  • How we may use and disclose your PHI

  • Your rights regarding your PHI (access, amendment, accounting of disclosures, restrictions, confidential communications)

  • Our duties to protect your PHI

  • How to file a complaint if you believe your privacy rights have been violated

 

You will be asked to sign an acknowledgment that you received the NPP. Please read it carefully and ask questions if anything is unclear.

2.2 Uses and Disclosures of PHI

We may use and disclose your PHI without your authorization for the following purposes:

  • Treatment: Providing, coordinating, or managing your care

  • Payment: Billing and collecting payment for services (though most services are elective and self-pay)

  • Healthcare Operations: Quality improvement, training, business planning, and other operational activities

 

Other uses and disclosures require your written authorization, including:

  • Marketing uses (e.g., using your before-and-after photos in advertisements)

  • Sale of PHI

  • Psychotherapy notes (if applicable)

2.3 Your HIPAA Rights

You have the right to:

  • Access and Copy your medical records (with certain exceptions)

  • Request Amendment of incorrect or incomplete information

  • Request Restrictions on uses and disclosures (we are not required to agree, except for disclosures to health plans for services you paid for out-of-pocket)

  • Request Confidential Communications (e.g., contact at an alternative address or phone number)

  • Receive an Accounting of Disclosures (for certain disclosures made in the past 6 years)

  • Receive a Paper Copy of our Notice of Privacy Practices

 

To exercise these rights, contact our HIPAA Privacy Officer at manager@flawless.center or (201) 540-9549

 

3. Data Security Measures

Aevua implements administrative, physical, and technical safeguards to protect your personal information and PHI from unauthorized access, use, or disclosure, including:

  • Encryption of data in transit (SSL/TLS) and at rest

  • Secure, password-protected Member Portal with multi-factor authentication

  • Role-based access controls limiting staff access to PHI on a "need-to-know" basis

  • Regular security risk assessments and audits

  • Staff training on privacy and security practices

  • Business Associate Agreements (BAAs) with third-party vendors who handle PHI

 

4. Data Breach Notification

In the unlikely event of a breach of unsecured PHI, we will notify affected individuals in accordance with HIPAA Breach Notification Rule (45 C.F.R. § 164.404) requirements:

  • Individual notification within 60 days of discovery of the breach (by first-class mail, email, or substitute notice if contact information is insufficient)

  • Media notification (if breach affects 500+ individuals in a state or jurisdiction)

  • Notification to the U.S. Department of Health and Human Services (HHS)

 

5. Medical Records Retention

In accordance with New Jersey medical records retention laws (N.J.A.C. 13:35-6.9), we retain medical records for a minimum of seven (7) years from the date of the last treatment or, in the case of minors, until the patient reaches age 23 (whichever is longer).

Upon closure of the practice or if you request records, we will provide:

  • Copies of Records: Available upon written request (processing fee may apply as permitted by law)

  • Transfer to New Provider: Records can be sent directly to another healthcare provider with your written authorization

 

6. Email and Electronic Communication Security

6.1 Unencrypted Email Risks

Standard email is not a secure method of communication for PHI. By providing your email address and communicating with us via email, you acknowledge and accept the risks, including:

  • Interception by unauthorized third parties

  • Misdirection to incorrect recipients

  • Unlimited forwarding without your knowledge

6.2 Secure Communication Options

For sensitive communications, we offer:

  • Member Portal Secure Messaging: HIPAA-compliant, encrypted platform

  • Encrypted Email: Available upon request for high-sensitivity communications

  • Phone or In-Person: Always available for confidential discussions

 

7. Cookies and Tracking Technologies

Our Website uses cookies, web beacons, and similar tracking technologies to:

  • Remember your login and preferences

  • Analyze Website traffic and usage patterns

  • Personalize your experience (e.g., Treatment Quiz recommendations)

  • Serve targeted advertising (with your consent)

 

You may manage cookie preferences through your browser settings. However, disabling certain cookies may affect Website functionality, including your ability to:

  • Stay logged into the Member Portal

  • Receive member-specific pricing

  • Complete the Treatment Quiz

 

For more details, see our Cookie Policy at [www.aevua.com/cookies].

bottom of page