Privacy Policy

Effective Date: March 30, 2026  |  Last Updated: March 30, 2026

1. Introduction

Copergrine Health & Wellness ("we," "us," or "our") operates a healthcare clinic located in Houston, Texas, providing primary care, weight loss management, hormone therapy, IV hydration, aesthetics, and related wellness services. We are committed to protecting the privacy of our patients and website visitors.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with us in any capacity. It also includes our HIPAA Notice of Privacy Practices, which describes how your protected health information (PHI) may be used and disclosed, and your rights regarding that information.

By using our website or services, you acknowledge that you have read and understand this Privacy Policy.

2. Information We Collect

Personal Information

We may collect the following personal information when you interact with us:

• Full name, date of birth, and gender
• Contact information (email address, phone number, mailing address)
• Insurance and billing information
• Government-issued identification numbers (where required for treatment or billing)
• Emergency contact details

Protected Health Information (PHI)

As a healthcare provider, we collect and maintain PHI as defined under HIPAA, including:

• Medical history, diagnoses, and treatment records
• Prescription and medication information
• Laboratory and diagnostic test results
• Clinical notes and care plans
• Telehealth session records
• Billing and claims data related to healthcare services

Website Usage Information

When you visit our website, we may automatically collect:

• Browser type and version
• Device type and operating system
• Pages visited and time spent on pages
• Referring URL
• IP address (anonymized where possible)

3. How We Use Your Information

We use the information we collect for the following purposes:

• Treatment: To provide, coordinate, and manage your healthcare, including consultations, telehealth visits, prescriptions, and referrals.
• Payment: To bill for services, process insurance claims, and manage your account.
• Healthcare Operations: To support clinic operations such as quality improvement, staff training, compliance auditing, and business planning.
• Appointment Management: To schedule, confirm, and send reminders for your appointments.
• Communication: To respond to your inquiries, provide information about our services, and send health-related communications.
• Legal Compliance: To comply with applicable federal and state laws, including HIPAA, and to respond to lawful requests from public authorities.
• Website Improvement: To analyze usage patterns and improve our website experience.

4. Sharing & Disclosure

We do not sell your personal information or PHI. We may share your information only in the following circumstances:

• For Treatment: With other healthcare providers involved in your care (e.g., specialists, laboratories, pharmacies).
• For Payment: With your health insurance company or other payers to obtain reimbursement for services.
• For Healthcare Operations: With business associates who perform functions on our behalf and are bound by HIPAA-compliant agreements (e.g., billing companies, IT service providers, EHR platforms).
• As Required by Law: To comply with court orders, subpoenas, government investigations, or mandatory reporting obligations (e.g., communicable disease reporting, suspected abuse).
• For Public Health Activities: To public health authorities for disease prevention, reporting adverse events, or tracking FDA-regulated products.
• With Your Authorization: For any purpose not described above, we will obtain your written authorization before disclosing your PHI.

5. Data Retention

We retain your information in accordance with applicable legal and regulatory requirements:

• Medical Records: Retained for a minimum of seven (7) years from the date of last treatment, or longer as required by Texas state law and federal regulations.
• Billing Records: Retained for a minimum of seven (7) years to comply with IRS and insurance requirements.
• Website Data: Non-identifiable usage data is retained for up to twenty-four (24) months for analytics purposes.
• Communication Records: Correspondence and inquiry records are retained for three (3) years.

When retention periods expire, data is securely destroyed or de-identified in accordance with HIPAA standards.

6. Security Measures

We implement administrative, technical, and physical safeguards to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Role-based access controls limiting data access to authorized personnel
• Regular security assessments and vulnerability testing
• Employee training on HIPAA privacy and security requirements
• Secure physical access to facilities where records are stored
• Business associate agreements with all third-party vendors who handle PHI
• Incident response procedures for potential data breaches

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

7. HIPAA Notice of Privacy Practices

Copergrine Health & Wellness is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) to maintain the privacy of your protected health information (PHI), provide you with notice of our legal duties and privacy practices, and abide by the terms of this notice.

Uses and Disclosures of PHI

We may use and disclose your PHI without your authorization for the following purposes:

• Treatment: We may use your PHI to provide, coordinate, or manage your healthcare and related services. This includes sharing information with other providers involved in your treatment, such as specialists, pharmacies, and laboratories.
• Payment: We may use and disclose your PHI to bill and collect payment for services provided. This includes submitting claims to your health insurer, verifying coverage, and collecting copayments.
• Healthcare Operations: We may use your PHI for internal operations necessary to run our clinic, including quality assessment, compliance programs, audits, training, licensing, and business management activities.
• Appointment Reminders and Health-Related Communications: We may contact you to provide appointment reminders, information about treatment alternatives, or other health-related benefits and services.
• As Required by Law: We will disclose your PHI when required by federal, state, or local law.
• Public Health Activities: We may disclose PHI to public health authorities to prevent or control disease, injury, or disability; to report births and deaths; and to report adverse reactions to medications or products.
• Health Oversight Activities: We may disclose PHI to health oversight agencies for activities authorized by law, including audits, investigations, and licensure actions.
• Judicial and Administrative Proceedings: We may disclose PHI in response to a court or administrative order, or in response to a subpoena or discovery request.
• Law Enforcement: We may disclose PHI for law enforcement purposes as required by law, including reporting certain wounds, identifying or locating suspects or missing persons, and in response to a court order or warrant.
• To Avert a Serious Threat: We may use and disclose PHI when necessary to prevent a serious threat to your health and safety or that of the public.

For all other uses and disclosures not described above, we will obtain your written authorization before releasing your PHI. You may revoke your authorization in writing at any time.

Your Rights Regarding Your PHI

You have the following rights concerning your protected health information:

• Right to Access: You have the right to inspect and obtain a copy of your PHI maintained in our records. Requests must be submitted in writing. We may charge a reasonable fee for copying costs. We will respond within 30 days of receiving your request.
• Right to Request Amendment: You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. Requests must be submitted in writing and include the reason for the amendment. We may deny your request under certain circumstances but will provide a written explanation.
• Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures of your PHI that we have made. This accounting does not include disclosures made for treatment, payment, or healthcare operations, or disclosures you authorized in writing. Requests must be submitted in writing and may cover up to six years prior to the request.
• Right to Request Restrictions: You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. While we will consider your request, we are not required to agree to it, except where you pay for a service entirely out of pocket and request that we not disclose information to your health insurer.
• Right to Confidential Communications: You have the right to request that we communicate with you about your health information in a specific way or at a specific location (e.g., contacting you only at a particular phone number or address).
• Right to a Paper Copy: You have the right to obtain a paper copy of this notice upon request, even if you agreed to receive it electronically.
• Right to Be Notified of a Breach: You have the right to be notified if a breach of your unsecured PHI occurs, as required by HIPAA and HITECH.

Our Responsibilities

• We are required by law to maintain the privacy and security of your PHI.
• We are required to provide you with this notice of our legal duties and privacy practices.
• We are required to abide by the terms of this notice currently in effect.
• We are required to notify you if a breach of your unsecured PHI occurs.
• We will not use or disclose your PHI without your authorization, except as described in this notice.
• We reserve the right to change the terms of this notice and to make the new provisions effective for all PHI we maintain. Updated notices will be posted on our website and made available at our clinic.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the U.S. Department of Health and Human Services Office for Civil Rights. You will not be penalized or retaliated against for filing a complaint.

8. Cookie Policy

Our website does not currently use cookies, tracking pixels, or similar technologies to collect information about your browsing behavior. We do not set first-party or third-party cookies.

If we introduce cookies in the future, we will update this policy to reflect the types of cookies used, their purpose, and how you can manage your preferences. We will also implement a cookie consent mechanism in compliance with applicable laws.

9. Third-Party Services

Our website and clinic operations use the following third-party services:

Telehealth Booking System

We use a third-party telehealth platform to facilitate online appointment scheduling and virtual consultations. When you book an appointment or participate in a telehealth visit, certain personal and health information is processed through this platform. Our telehealth partner is bound by a HIPAA-compliant Business Associate Agreement and is required to safeguard your PHI in accordance with federal regulations.

Google Fonts

Our website uses Google Fonts to display typography. When you visit our site, your browser may make requests to Google's servers to load font files. Google may collect your IP address and browser information in connection with serving these fonts. Google's use of this data is governed by the Google Privacy Policy. No health information or personal data submitted to our clinic is shared with Google through this service.

10. Your Rights

In addition to the HIPAA rights described above, you may have the following rights depending on applicable state and federal law:

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Deletion: You may request deletion of personal information we have collected, subject to legal retention requirements (e.g., medical records must be retained as required by law).
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.
• Right to Opt Out: If we ever engage in the sale of personal information (which we currently do not), you would have the right to opt out.

To exercise any of these rights, please contact our Privacy Officer using the information provided below.

11. Children's Privacy

Our website is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our website. Healthcare services provided to minors are governed by applicable state and federal laws, and parental or guardian consent is obtained as required.

12. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will update the "Last Updated" date at the top of this page. Material changes to this policy will be communicated through a notice on our website. We encourage you to review this policy periodically.

13. Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to file a complaint, please contact our Privacy Officer: