NuBalance Health

Comprehensive Consumer Health Data Privacy Policy

HIPAA-Compliant | Effective Date: January 4, 2025

Contact: info@nubalance.health | 678-313-5106

Address: NuBalance Health LLC

1. Introduction

NuBalance Health LLC (“NuBalance Health,” “we,” “our,” or “us”) is a health and wellness provider committed to respecting the privacy and security of your protected health information (PHI) and consumer health data (CHD). This Consumer Health Data Privacy Policy (“Policy”) outlines how we collect, use, disclose, and protect your information when you engage with our services. It also explains your rights under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state privacy laws such as the California Consumer Privacy Act (CCPA/CPRA) and Washington’s My Health My Data Act (MHMDA)

This Policy applies to all data NuBalance Health handles in the course of delivering healthcare services, including telehealth, in-clinic consultations, hormone replacement therapy, weight loss programs, diagnostic lab orders, and more.

2. Definitions

Protected Health Information (PHI): Individually identifiable health information maintained or transmitted in any form or medium by a covered entity or business associate.

Consumer Health Data (CHD): Any personal data that is linked or reasonably linkable to an individual and identifies the individual’s past, present, or future physical or mental health status, as defined by applicable state law.

HIPAA Covered Entity: NuBalance Health is a covered entity under HIPAA, which means we must follow all applicable HIPAA Privacy, Security, and Breach Notification Rules.

Business Associate: A person or organization that performs functions or activities on behalf of, or provides services to, a covered entity that involve access to PHI.

3. Scope of This Policy

This Policy governs how NuBalance Health:

  • Collects, uses, stores, and discloses PHI and CHD.

  • Protects your privacy through organizational, administrative, and technical safeguards.

  • Provides you with rights over your data.

  • Complies with HIPAA, HITECH, and other consumer data privacy regulations.

This Policy applies to all employees, contractors, vendors, and healthcare professionals operating under or on behalf of NuBalance Health.

4. Our Legal Responsibilities

4.1. Duty to Protect

NuBalance Health is legally obligated under HIPAA and applicable state law to:

  • Maintain the privacy and security of your PHI and CHD.

  • Provide you with this notice of our legal duties and privacy practices.

  • Follow the terms of this Policy.

  • Notify you in the event of a breach of your unsecured PHI.

  • Implement appropriate physical, technical, and administrative safeguards to ensure data confidentiality, integrity, and availability.

4.2. Compliance Standards

We follow the standards set forth by:

  • HIPAA Privacy Rule

  • HIPAA Security Rule

  • HIPAA Breach Notification Rule

  • HITECH Act

  • State consumer health privacy laws (e.g., MHMDA, CPRA)

  • Federal Trade Commission (FTC) guidance on consumer health data

5. Information We Collect

5.1. Directly from You

We collect the following when you access our services:

  • Full name, address, contact details

  • Medical history and treatment information

  • Hormonal, metabolic, or reproductive data

  • Billing, payment, and insurance information

  • Login credentials and communications

5.2. Automatically

We collect data via cookies, analytics tools, or platform integrations:

  • IP address, device type, browser, and location

  • Session logs and interaction data on our websites or mobile apps

5.3. From Third Parties

We may collect information from:

  • Referral clinics and laboratories

  • Insurance payers

  • Telehealth platforms

  • Partner pharmacies

  • Public databases (when legally allowed)

6. How We Use Your Data

NuBalance Health uses PHI and CHD for the following:

6.1. Treatment

  • To diagnose your condition

  • To provide medication or peptide therapy

  • To coordinate with other providers

6.2. Payment

  • To bill your insurer or third-party payer

  • To process copayments and financial transactions

6.3. Healthcare Operations

  • Quality improvement, training, and audits

  • Internal analytics for program effectiveness

  • Credentialing and peer review of clinicians6.4. Communication

  • Appointment confirmations and reminders

  • Lab result delivery

  • Program follow-ups via email, SMS, or video call

6.5. Legal and Regulatory Compliance

  • To fulfill public health reporting obligations

  • To respond to subpoenas or court orders

  • To comply with audits or investigations

7. Disclosures Permitted Without Authorization

NuBalance Health may disclose your PHI/CHD without your written authorization in these situations:

  • To Public Health Authorities (e.g., CDC, FDA)

  • For Judicial or Administrative Proceedings

  • To Coroners or Medical Examiners

  • For Organ Donation

  • To Prevent or Lessen Serious Threats to Health or Safety

  • To Law Enforcement (when permitted under HIPAA)

All such disclosures are documented and limited to the minimum necessary data.

8. Disclosures That Require Your Authorization

NuBalance Health will obtain your written authorization before disclosing PHI/CHD:

  • For marketing purposes

  • For sale of health data

  • For research (unless de-identified)

  • For disclosure to non-affiliated third parties not directly involved in your care

You may revoke any previously signed authorization at any time in writing.

9. Your Rights

You have specific legal rights regarding your health data:

9.1. Right to Access

You may request a copy of your health records in paper or electronic form.

9.2. Right to Amend

If you believe your records are incorrect, you can request a correction.

9.3. Right to Restrict Disclosure

You may ask us not to share certain information with specific parties, such as insurance companies.

9.4. Right to Confidential Communications

You may ask us to contact you in a specific way (e.g., private phone line or mailing address).

9.5. Right to Accounting of Disclosures

You may request a list of who has accessed your data over the past six years (excluding treatment, payment, and operations).

9.6. Right to File a Complaint

You may file a complaint with NuBalance Health or the U.S. Department of Health and Human Services (HHS) if you believe your rights were violated.

10. Data Protection Measures

10.1. Administrative Safeguards

  • HIPAA training for all staff

  • Privacy Officer oversight

  • Policies for minimum necessary use

10.2. Technical Safeguards

  • Data encryption in transit and at rest

  • Multi-factor authentication

  • Secure cloud hosting and firewall protection

10.3. Physical Safeguard

  • Restricted facility access

  • Secure disposal of printed PHI

  • Locked file storage and camera monitoring

11. Retention and Destruction

We retain PHI and CHD as long as necessary to fulfill the purpose of collection or to comply with state/federal retention rules. When no longer needed, data is securely destroyed:

  • Electronic data is purged or wiped using certified tools.

  • Paper documents are shredded or incinerated.

12. Consumer Health Data-Specific Provisions

In accordance with emerging state CHD laws (e.g., WA MHMDA, CA CPRA), we extend these additional rights:

  • Right to Know What CHD is Collected and Why

  • Right to Withdraw Consent for Collection or Sharing

  • Right to Request Deletion of CHD

  • Right to Data Portability

We do not sell your CHD and do not share it for third-party advertising purposes.

13. Breach Notification Policy

In the event of a data breach involving your PHI or CHD:

  • We will notify you via email, mail, or phone within 60 days.

  • The notification will include what data was involved, what we are doing to mitigate the risk, and how you can protect yourself.

  • We will report the breach to HHS as required by law.

14. Children’s Privacy

We do not knowingly collect or use health information from children under age 13 without verified parental consent. If we learn that data from a child has been collected improperly, we will delete it immediately.

15. Changes to This Policy

We may update this Policy periodically to reflect changes in law, practice, or technology. The updated version will be posted on our website with a new effective date. Continued use of our services after such changes constitutes acceptance.

16. Questions or Complaints

If you have questions or concerns about this Policy or wish to exercise your rights, contact:

NuBalance Health Privacy Officer

info@nubalance.health

678-313-5106

If you believe your rights under HIPAA or state law were violated, you may also file a complaint with:

U.S. Department of Health and Human Services

Office for Civil Rights

https://www.hhs.gov/hipaa/filing-a-complaint/