Policies

HIPAA and Privacy

Last updated: Jan 1, 2026
By accessing or using Mend Medical Services, you agree to be bound by these Terms and our Privacy Policy. If you do not agree, please discontinue use of the service.

Scope of This Notice

This Privacy Policy and HIPAA Notice ("Notice") applies to Mend Medical Care ("we," "us," or "our"), a healthcare practice providing precision medicine, functional medicine, hormone optimization, weight management, IV therapy, and related healthcare services in the State of Arizona. This Notice describes how we collect, use, disclose, and protect your information when you:

  • Access and use our website at mendmedicalcare.com (the "Website")
  • Receive healthcare services from us, whether in-person (including house calls) or via telehealth
  • Communicate with us via phone, email, text message, or other means
  • Engage with us in other related ways, including marketing communications

By accessing our Website or receiving services from Mend Medical Care, you acknowledge the practices and policies outlined in this Notice. If you do not agree with our policies and practices, please do not use our Website or services.

Arizona Residents: Mend Medical Care provides services exclusively to residents of Arizona. This Notice is designed to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, Arizona state privacy laws including A.R.S. § 12-2291 et seq. (medical records) and A.R.S. § 18-552 (data breach notification), and other applicable federal and state regulations.

What Is Protected Health Information (PHI)?

Protected health information (PHI) refers to any information that identifies you and relates to your past, present, or future physical or mental health, the healthcare services you receive, or payment for such services. This includes demographic details and any related healthcare data.

Types of Information We Protect

Your protected health information includes but is not limited to:

  • Medical records and clinical notes created by our healthcare providers
  • Laboratory results, diagnostic imaging, and test results
  • Prescription and medication information
  • Treatment plans and clinical recommendations
  • Communications regarding your care (including telehealth sessions)
  • Billing records, payment information, and insurance details
  • Demographic information (name, address, date of birth, contact information)
  • Social Security number and other government identifiers
  • Photographs or images related to your care

Personal Information We Collect

In addition to PHI, we may collect personal information that you voluntarily provide to us, including:

  • Name, email address, phone number, and mailing address
  • Account credentials (username and password) for patient portals
  • Payment information (credit/debit card numbers processed securely through our payment processor)
  • Communications you send to us
  • Information you provide when scheduling appointments
  • Survey responses and feedback

How We Use and Disclose Your PHI

At Mend Medical Care, your PHI may be used or disclosed for purposes related to treatment, payment, healthcare operations, or as required by law. We are committed to using only the minimum necessary information to accomplish the intended purpose.

Treatment

We use your PHI to provide, coordinate, and manage your healthcare services. This includes using your information to diagnose and treat your conditions, develop treatment plans, prescribe medications, order laboratory tests, and refer you to specialists when necessary. If we collaborate with other healthcare providers or refer you to a specialist, we may share relevant information to ensure continuity and quality of care.

Payment

To facilitate billing and payment for the services provided, we may use and disclose your PHI. This includes verifying insurance eligibility, processing payments, sending invoices, and pursuing collections if necessary. For our cash-pay services, we use your information to process your payments securely.

Healthcare Operations

Your PHI supports our internal operations, which include quality assessment and improvement activities, reviewing the competence of our healthcare providers, conducting training programs, business planning, and other administrative activities necessary to run our practice and provide you with quality care.

Other Permitted Uses

We may also use and disclose your information to:

  • Contact you for appointment reminders and follow-up care
  • Provide you with information about treatment alternatives or health-related benefits and services
  • Communicate with family members or others involved in your care when you are present and do not object, or when you are incapacitated and disclosure is in your best interest

Marketing and Advertising: We will not use or disclose your protected health information for marketing purposes or sell your PHI without your explicit written authorization. Any use of PHI for marketing that involves financial remuneration to us requires your prior written authorization.

Special Circumstances for Use and Disclosure

Certain situations allow or require us to use or disclose your PHI without your explicit authorization:

As Required by Law

We will disclose your PHI when required to do so by federal, state, or local law, including Arizona state reporting requirements.

Public Health Activities

We may disclose your PHI for public health activities, including reporting communicable diseases, reporting adverse reactions to medications, notifying individuals of product recalls, and reporting to the FDA.

Victims of Abuse, Neglect, or Domestic Violence

We may disclose your PHI to government authorities if we believe you are a victim of abuse, neglect, or domestic violence, as required or permitted by Arizona law.

Health Oversight Activities

We may disclose your PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.

Legal Proceedings

We may disclose your PHI in response to a court order, subpoena, discovery request, or other lawful process.

Law Enforcement

We may disclose your PHI to law enforcement officials for law enforcement purposes, including to identify or locate a suspect, witness, or missing person, or to report a crime.

Serious Threat to Health or Safety

Under Arizona law (A.R.S. § 36-517.02) and HIPAA, we may disclose your PHI when necessary to prevent or lessen a serious and imminent threat to your health or safety or the health or safety of others.

Workers' Compensation

We may disclose your PHI as authorized by and necessary to comply with Arizona workers' compensation laws.

Coroners, Medical Examiners, and Funeral Directors

We may disclose your PHI to coroners, medical examiners, and funeral directors as necessary for them to carry out their duties.

Department of Health and Human Services

We may be required to disclose your PHI to the U.S. Department of Health and Human Services to demonstrate our compliance with HIPAA.

Authorization Required for Other Uses

For uses or disclosures not described in this Notice, we will seek your written authorization before using or disclosing your PHI. You may revoke your authorization at any time in writing, except to the extent that we have already taken action in reliance on your authorization.

Your Rights Regarding Your PHI

Under HIPAA and Arizona law, you have specific rights regarding your health information. We are committed to respecting and upholding these rights.

Right to Access and Obtain Copies

You have the right to inspect and obtain a copy of your medical records and other health information we maintain about you. Under Arizona law (A.R.S. § 12-2293), we must provide access within 30 days of receiving your written request. We may charge a reasonable, cost-based fee for copies as permitted by law.

Right to Request Amendments

If you believe there is an error or omission in your medical records, you may request an amendment in writing. We will respond within 60 days. If we deny your request, we will provide you with a written explanation, and you may submit a statement of disagreement to be included in your record.

Right to Request Restrictions

You have the right to request that we restrict how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request, except that we must agree to restrict disclosure to a health plan if you pay for services out-of-pocket in full and the disclosure is not required by law.

Right to Confidential Communications

You may request that we communicate with you about your health information in a specific way or at a specific location. For example, you may ask that we only contact you at a particular phone number or email address. We will accommodate reasonable requests.

Right to an Accounting of Disclosures

You have the right to receive a list of certain disclosures we have made of your PHI for purposes other than treatment, payment, healthcare operations, and certain other activities, for the six years prior to your request.

Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive it electronically.

Right to Be Notified of a Breach

You have the right to be notified if there is a breach of your unsecured PHI. We will provide notification as required by HIPAA and Arizona's data breach notification law (A.R.S. § 18-552).

How We Protect Your Health Information

We are required by law to maintain the privacy and security of your protected health information. We take this responsibility seriously and have implemented comprehensive administrative, technical, and physical safeguards to protect your information.

Our Security Measures Include:

  • Training all workforce members on HIPAA privacy and security requirements
  • Implementing role-based access controls to limit access to PHI to authorized personnel
  • Using encrypted communications for electronic transmission of health information
  • Maintaining secure electronic health record systems with audit controls
  • Implementing physical security controls for any paper records
  • Requiring Business Associate Agreements with third-party vendors who handle PHI
  • Conducting periodic risk assessments and security audits
  • Maintaining policies and procedures for responding to security incidents

Breach Notification: In the event of a breach of your unsecured protected health information, we will notify you as required by HIPAA and Arizona law. Notification will be provided without unreasonable delay and in no case later than 60 days following discovery of the breach.

Website Data Collection

When you visit our Website, we may automatically collect certain information about your device and your visit.

Information Automatically Collected

This information may include:

  • IP address and approximate geographic location
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Pages visited and time spent on each page
  • Referring website or source
  • Date and time of your visit

This information is collected primarily to maintain the security and operation of our Website, improve user experience, and for internal analytics purposes.

Information You Provide

You may voluntarily provide information when you:

  • Complete contact forms or appointment request forms
  • Subscribe to our newsletter or mailing list
  • Create an account on our patient portal
  • Communicate with us via email or chat

Cookies and Tracking Technologies

Our Website may use cookies and similar tracking technologies to enhance your experience and collect information about how you use our site.

Types of Cookies We May Use

  • Essential Cookies: These are necessary for the Website to function properly, such as enabling secure login or remembering your preferences. These cannot be disabled.
  • Analytics Cookies: These help us understand how visitors interact with our Website by collecting information about pages visited, time spent, and navigation patterns.
  • Functionality Cookies: These remember your preferences and settings to provide a more personalized experience.

Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to alert you when cookies are being sent. However, if you disable cookies, some features of our Website may not function properly.

Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Because there is no uniform standard for responding to DNT signals, we currently do not respond to DNT signals. However, you can manage your tracking preferences through your browser settings and the options described in this Notice.

Important HIPAA Consideration: We do not place tracking pixels or cookies on authenticated (login-protected) pages such as patient portals where PHI may be present. Any analytics or tracking on our public Website pages is configured to minimize collection of information that could be combined with health information.

Advertising and Retargeting

We may engage in digital advertising to reach potential patients and inform the public about our services. This section describes our advertising practices and your choices.

Types of Advertising We May Use

  • General Awareness Advertising: We may display advertisements on third-party websites and social media platforms to raise awareness about our practice and services.
  • Retargeting/Remarketing: We may display ads to individuals who have previously visited our Website. These ads are displayed on third-party websites and platforms.

Our HIPAA-Compliant Advertising Practices

We are committed to protecting your privacy in our advertising activities. Our advertising practices are designed to comply with HIPAA and include the following safeguards:

  • We do not place tracking pixels on patient portals or any authenticated pages where PHI may be present
  • We do not place tracking pixels on pages discussing specific health conditions, symptoms, or treatments in a way that could identify your health interests
  • We do not use your health information to target advertisements to you
  • We do not share your PHI with advertising platforms
  • Retargeting campaigns are based only on general website visits (such as visiting our homepage) and do not target based on health-related page visits
  • Our advertising messages are general in nature and do not reference specific health conditions or imply knowledge of your health status

Third-Party Advertising Platforms

We may use advertising services provided by third parties such as Google Ads, Facebook/Meta, and similar platforms. These platforms have their own privacy policies governing the collection and use of information. We encourage you to review the privacy policies of these platforms:

Opting Out of Interest-Based Advertising

You have choices about interest-based advertising:

  • Digital Advertising Alliance: Visit www.aboutads.info/choices to opt out of interest-based advertising from participating companies
  • Network Advertising Initiative: Visit optout.networkadvertising.org for additional opt-out options
  • Platform-Specific Settings: Most advertising platforms allow you to adjust your ad preferences in your account settings
  • Browser Settings: You can limit tracking by adjusting your browser's privacy settings or using private/incognito browsing mode

Note: Opting out of interest-based advertising does not mean you will no longer see our ads. It means that our ads will not be targeted to you based on your online behavior. You may still see general advertisements from us.

Third-Party Service Providers

We engage third-party service providers to assist us in operating our practice and providing services to you. These providers may have access to your information only to perform services on our behalf.

Business Associates

When third-party service providers perform functions involving the use or disclosure of PHI on our behalf, they are considered "Business Associates" under HIPAA. We enter into Business Associate Agreements with these vendors, requiring them to:

  • Use and disclose PHI only as permitted or required by the agreement
  • Implement appropriate safeguards to prevent unauthorized use or disclosure
  • Report any security incidents or breaches
  • Ensure their subcontractors agree to the same restrictions

Types of Service Providers

Our service providers may include:

  • Electronic health record and practice management systems
  • Telehealth platforms
  • Laboratory and diagnostic testing services
  • Payment processors
  • Email and communication services
  • Website hosting and maintenance providers
  • Cloud storage providers

Links to Third-Party Websites

Our Website may contain links to third-party websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

Telehealth Privacy

Mend Medical Care provides telehealth services to patients throughout Arizona. This section describes additional privacy considerations specific to telehealth.

Telehealth Platform Security

We use telehealth platforms that are designed to comply with HIPAA requirements, including:

  • End-to-end encryption of video and audio communications
  • Secure authentication procedures
  • Business Associate Agreements with platform providers
  • Access controls and audit logging

Your Responsibilities During Telehealth

To help protect your privacy during telehealth sessions, we recommend:

  • Using a private location where others cannot overhear your conversation
  • Using a secure, password-protected internet connection
  • Ensuring your device is updated with the latest security patches
  • Notifying us if you have any privacy concerns during your session

Recording of Telehealth Sessions

We do not routinely record telehealth sessions. If recording is necessary for clinical purposes, we will obtain your consent prior to recording.

Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Notice, unless a longer retention period is required or permitted by law.

Medical Records

Under Arizona law (A.R.S. § 12-2297), we are required to retain adult patient medical records for at least six years after the last date of treatment. For minor patients, records must be retained for at least three years after the patient reaches age 18, or six years after the last date of treatment, whichever is longer.

Other Records

We retain other records (such as billing records, communications, and administrative records) for the period required by applicable law or as necessary for our legitimate business purposes.

Disposal of Records

When we dispose of your PHI, we use secure methods such as shredding for paper records and secure deletion for electronic records, in accordance with HIPAA requirements.

Information from Minors

Our Website is not directed to children under 18 years of age, and we do not knowingly collect personal information from children under 18 through our Website.

For patients who are minors, a parent or legal guardian must consent to the collection and use of the minor's health information. Parents and guardians generally have the right to access their minor child's medical records, subject to certain exceptions under Arizona and federal law.

Text Messaging (SMS) Policy

Mend Medical Care may use text messaging to communicate with you regarding appointments, care reminders, and other healthcare-related information.

How We Use Text Messaging

  • Appointment reminders and confirmations
  • Follow-up care reminders
  • Responses to your inquiries
  • Important practice notifications

Your Privacy Protected: Mend Medical Care does not share mobile phone numbers or SMS opt-in data with third parties for marketing or promotional purposes. Your SMS data is collected solely for healthcare communication purposes and remains confidential. Message and data rates may apply.

Opting Out of SMS Communications

You may opt out of SMS communications at any time by replying STOP to any message or by contacting us directly. Please note that opting out of SMS may affect our ability to send you important appointment reminders.

Additional Privacy Protections

Substance Use Disorder Records

If you receive treatment for substance use disorders, your records may be protected by additional federal regulations (42 C.F.R. Part 2) that impose stricter limitations on how your information can be shared. Generally, we cannot disclose that you are receiving or have received substance use disorder treatment without your written consent, except in limited circumstances such as medical emergencies.

Mental Health Records

Additional protections may apply to mental health information under Arizona law. Psychotherapy notes, if any, receive heightened protection under HIPAA and generally require your specific authorization before disclosure.

For more information about protections for substance use disorder and mental health treatment, visit the Substance Abuse and Mental Health Services Administration (SAMHSA) website at www.samhsa.gov.

HIV/AIDS Information

Under Arizona law, information related to HIV/AIDS testing and treatment is subject to special confidentiality protections and generally requires specific written authorization before disclosure.

Changes to This Notice

We reserve the right to change the terms of this Notice at any time. Any changes will apply to information we already have about you as well as any new information created or received after the change takes effect.

If we make material changes to this Notice, we will:

  • Update the "Last Updated" date at the top of this Notice
  • Post the revised Notice on our Website
  • Make the revised Notice available at our practice location upon request
  • For material changes affecting your rights, we may also notify you directly via email or other communication

We encourage you to review this Notice periodically to stay informed about how we protect your information.

Filing a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint. You will not be penalized, retaliated against, or denied services for filing a complaint.

You May File a Complaint By:

  • Contacting Mend Medical Care: Use the contact information provided below to file a complaint directly with our practice.
  • Contacting the U.S. Department of Health and Human Services: You may file a complaint with the Office for Civil Rights (OCR).

U.S. Department of Health and Human Services

Office for Civil Rights – Region IX (Arizona)
90 7th Street, Suite 4-100
San Francisco, CA 94103
Phone: (800) 368-1019 | TDD: (800) 537-7697
Website: www.hhs.gov/ocr/hipaa/

Need help customizing?
Loonis Logo
More Templates