+1 727 444 0995
Our App

Privacy Policy

Medspa Treatments | Health & Medspa Best In Tampa, Florida > Privacy Policy

Health & Medspa

(A DBA of Health and Psychiatrists Consultants LLC or applicable legal entity)
Effective Date: 1st April, 2026

1. INTRODUCTION AND SCOPE

This Privacy Policy (the “Policy”) governs the collection, use, storage, disclosure, and protection of personal information and Protected Health Information (“PHI”) by Health & Medspa (the “Company,” “we,” “us,” or “our”) in connection with your access to and use of the website located at https://healthandmedspa.com (the “Platform”), as well as any services provided through the Platform or at Company facilities, including aesthetic, medical, and wellness services.

The Company operates as a hybrid medical and aesthetic provider offering services such as injectables, laser treatments, IV therapy, hormone therapy, and physician-supervised weight loss programs . Accordingly, this Policy addresses both healthcare-related data and general consumer information.

This Policy is intended to be read in conjunction with the Company’s Terms and Conditions and Notice of Privacy Practices (NPP).

2. REGULATORY FRAMEWORK AND APPLICABLE LAWS

The Company complies with applicable privacy and data protection laws, including:

  • The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)
  • The HIPAA Privacy Rule, Security Rule, and Breach Notification Rule
  • Federal Trade Commission (“FTC”) Act and related consumer protection standards
  • Applicable state privacy laws, including those governing medical and biometric data
  • State-specific breach notification laws

Where state law provides greater protections than federal law, such provisions shall prevail.

3. CATEGORIES OF INFORMATION COLLECTED

The Company collects information directly from you, automatically through your use of the Platform, and from third parties involved in your care, financing, or service delivery.

Such information includes, without limitation:

  • Personal identifying information such as name, email address, phone number, and contact details submitted through consultation forms or booking interfaces.
  • Health-related information, including medical history, treatment preferences, lab results, diagnoses, medication information, and clinical notes associated with services such as BHRT, IV therapy, and weight loss programs.
  • Financial and transactional data, including payment details and financing-related information where third-party financing providers are utilized.
  • Technical and usage data, including IP address, device identifiers, browser type, and interaction with the Platform.

4. PROTECTED HEALTH INFORMATION (PHI)

Where information collected constitutes PHI under HIPAA, such information is handled in accordance with applicable federal and state regulations.

PHI includes information relating to your physical or mental health, treatments received, medications prescribed, and payment for healthcare services.

The Company uses and discloses PHI only for purposes permitted under HIPAA, including treatment, payment, and healthcare operations, and implements safeguards designed to ensure confidentiality, integrity, and availability of such information.

5. PURPOSES OF DATA COLLECTION AND USE

The Company uses collected information for purposes including, but not limited to:

  • Provision of medical and aesthetic services, including consultations, treatments, and follow-up care
  • Scheduling, appointment management, and communication with patients
  • Verification of identity and eligibility for services
  • Processing payments and facilitating third-party financing arrangements
  • Compliance with legal, regulatory, and professional obligations
  • Quality assurance, operational improvement, and internal analytics
  • Marketing and promotional communications, where permitted by law and with appropriate consent

6. MARKETING, ADVERTISING, AND FTC COMPLIANCE

The Company may use personal information for marketing purposes, including communications regarding services, promotions, and offers.

However, the Company does not knowingly use PHI or health-related data for targeted advertising, behavioral profiling, or remarketing in a manner that violates HIPAA or FTC regulations.

Before-and-after images, testimonials, and promotional materials presented on the Platform are for illustrative purposes only and are not representative of guaranteed outcomes.

Any use of patient images or identifiable information for marketing purposes requires separate written authorization.

7. TELEHEALTH AND ELECTRONIC COMMUNICATIONS

Certain services, including weight loss programs and hormone therapy consultations, may be provided via telehealth.

You acknowledge that electronic communications, including video consultations, emails, and messaging systems, may involve inherent risks, including potential unauthorized access despite reasonable safeguards.

The Company employs secure systems designed to comply with HIPAA requirements; however, absolute security cannot be guaranteed.

8. DISCLOSURE OF INFORMATION

The Company may disclose personal information and PHI to:

  • Licensed healthcare providers and staff involved in your care
  • Business associates, including telehealth platforms, cloud storage providers, and billing services, under HIPAA-compliant agreements
  • Insurance companies or financing providers where applicable
  • Regulatory authorities, law enforcement, or courts where required by law
  • Third parties where you have provided explicit authorization

All disclosures are limited to the minimum necessary information unless otherwise required by law.

9. THIRD-PARTY SERVICES AND FINANCING

The Company may partner with third-party providers for services such as financing, payments, and technology infrastructure.

Such third parties operate independently and are subject to their own privacy policies.

The Company is not responsible for the privacy practices of such third parties, and you are encouraged to review their policies before engaging with their services.

10. COOKIES AND TRACKING TECHNOLOGIES

The Platform may use cookies and similar technologies to enhance user experience, improve functionality, and analyze usage patterns.

The Company does not use cookies in a manner that collects or transmits PHI for advertising purposes.

Analytics tools, where used, are configured to minimize data collection and to avoid association with sensitive health information.

10A. Sensitive Data and Tracking Limitations

The Company does not knowingly use tracking technologies, including analytics tools or advertising pixels, in a manner that would transmit Protected Health Information to third-party platforms.

All tracking technologies are configured to avoid collection of sensitive health-related data, and any data collected is anonymized or de-identified to the extent reasonably practicable.

11. DATA SECURITY AND SAFEGUARDS

The Company implements administrative, technical, and physical safeguards designed to protect personal information and PHI, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication protocols
  • Secure storage environments and monitoring systems
  • Workforce training and confidentiality obligations
  • Regular risk assessments and security reviews

Despite these measures, no system can guarantee absolute security.

12. DATA RETENTION

The Company retains personal information and PHI for as long as necessary to fulfill the purposes outlined in this Policy, including compliance with legal, regulatory, and professional requirements.

Retention periods may extend for several years following the completion of services.

13. YOUR RIGHTS

Subject to applicable law, you may have rights to:

  • Access, inspect, and obtain copies of your personal information and PHI
  • Request corrections or amendments
  • Request restrictions on certain uses or disclosures
  • Receive an accounting of disclosures
  • Request confidential communications
  • Withdraw consent where applicable

Requests must be submitted in writing to the Company using the contact information provided below.

14. BREACH NOTIFICATION

In the event of a breach involving unsecured personal information or PHI, the Company will provide notification in accordance with HIPAA, FTC requirements, and applicable state laws.

15. CHILDREN’S PRIVACY

The Platform is not intended for use by minors without appropriate parental or guardian involvement. The Company complies with applicable laws governing the collection and use of information from minors.

16. CROSS-BORDER DATA TRANSFERS

Data may be processed or stored in jurisdictions outside your location, including through third-party service providers. The Company implements safeguards to ensure compliance with applicable laws.

17. LIMITATIONS OF PRIVACY PROTECTION

You acknowledge that:

  • Electronic systems may be subject to unauthorized access
  • Communications over the internet are not entirely secure
  • Risks exist despite reasonable safeguards

The Company shall not be liable for breaches resulting from circumstances beyond its reasonable control.

18. CHANGES TO THIS POLICY

The Company reserves the right to update or modify this Privacy Policy at any time. Updated versions will be posted on the Platform and become effective upon posting.

19. DO NOT TRACK AND GLOBAL PRIVACY CONTROL

The Platform does not currently respond to “Do Not Track” signals due to the absence of a uniform standard.

Where legally required, the Company will recognize and honor Global Privacy Control (GPC) signals in accordance with applicable state laws.

20. CONTACT INFORMATION

For privacy-related inquiries, requests, or complaints:

Health & Medspa
3919 Tampa Road, Oldsmar, FL 34677
Phone: +1 727 444 0995
Email: legal@healthandmedspa.com

Privacy Policy