Privacy Policy for Protected Health Information (PHI)

ElMe Aesthetics and Oculofacial Plastic Surgery

This Privacy Policy outlines how Elmé ensures the privacy and security of your Protected Health Information (PHI). Our commitment aligns with our values of humanity, integrity, and excellence while complying with the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, and other applicable laws.

What is Protected Health Information (PHI)?

PHI refers to any information that identifies you and relates to:

  1. Your past, present, or future physical or mental health conditions.
  2. Healthcare services provided to you.
  3. Payment for your healthcare services.

Examples include medical records, billing information, and treatment details specific to oculofacial plastic surgery or aesthetic procedures.

How We May Use and Disclose Your PHI

We use and disclose your Protected Health Information (PHI) in ways that prioritize your care, uphold legal obligations, and reflect our commitment to humanity, integrity, and excellence.

Routine Uses Without Authorization

  1. For Treatment
    • Coordinate care with specialists, surgeons, or laboratories involved in your oculofacial care (e.g., sharing surgical notes for post-operative follow-ups).
    • Example: Providing PHI to an ophthalmologist collaborating on eyelid reconstruction.
  2. For Payment
    • Bill insurers, verify coverage, or process payments for procedures (e.g., blepharoplasty, facial reconstructive surgery).
    • Example: Submitting claims to your health plan for upper lid blepharoplasty surgery.
  3. For Healthcare Operations
    • Improve service quality, train staff, or conduct audits.
    • Example: Reviewing patient outcomes to refine surgical techniques.
  4. Appointment Reminders & Care Options
    • Contact you about appointments, treatment alternatives, or health-related services (e.g., new non-surgical facial rejuvenation options).
  5. Minors
    • Disclose PHI of minors to parents/guardians unless prohibited by law (e.g., statespecific consent rules for cosmetic procedures).

Other Permitted Uses

  1. Research
    • Use PHI for studies approved by an institutional review board or under strict protocols.
    • Example: Analyzing outcomes of ptosis repair surgeries to improve techniques.
  2. Public Health & Safety
    • Report adverse reactions, disease outbreaks, or product recalls to authorities like the FDA.
    • Disclose PHI to prevent serious threats to health/safety (e.g., complications from a medical device).
  3. Legal & Compliance
    • Respond to court orders, subpoenas, or law enforcement requests.
    • Disclose PHI for audits, licensure, or oversight activities.
  4. Special Circumstances
    • Organ Donation: Share PHI with organ banks if you’re a registered donor.
    • Military/Veterans: Disclose PHI as required by military command authorities.

Right to Inspect and Copy

You have the right to inspect and copy PHI that may be used to make decisions about your care or payment for your care. We will provide access to your PHI within 30 days of your request and may charge a reasonable fee for copying, mailing, or other supplies associated with your request. However, no fee will be charged if the information is needed for a claim for benefits under the Social Security Act or other state or federal needs-based benefit programs.

In certain limited circumstances, we may deny your request. If denied, you have the right to have the denial reviewed by a licensed healthcare professional who was not directly involved in the denial. We will comply with the outcome of this review.

Right to Summary or Explanation

You may request a summary or explanation of your PHI instead of receiving the entire record.

This alternative form will be provided if you agree to it and pay any associated fees.

Right to an Electronic Copy of Electronic Medical Records

If your PHI is maintained in an electronic format (e.g., electronic medical record), you have the right to request an electronic copy or have it transmitted to another individual or entity. We will make every effort to provide access in the format you request if it is readily producible; otherwise, we will provide it in our standard electronic format or a readable hard copy. A reasonable, cost-based fee may be charged for labor associated with transmitting the electronic record.

Right to Get Notice of a Breach

You have the right to be notified promptly if there is a breach of your unsecured PHI.

Right to Request Amendments

If you believe that your PHI is incorrect or incomplete, you may request an amendment.

Requests must be submitted in writing to our Privacy Officer, along with reasons supporting the amendment. If we deny your request, you have the right to file a statement of disagreement, and we may prepare a rebuttal that will be provided to you.

Right to an Accounting of Disclosures

You can request an “accounting of disclosures,” which lists disclosures of your PHI made for purposes other than treatment, payment, or healthcare operations. This excludes disclosures made directly to you, those for facility directories, family members involved in your care, or notification purposes. The first accounting request within any 12-month period is free; additional requests may incur reasonable costs, which will be disclosed prior to processing your request.

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. You may also restrict disclosures about you to individuals involved in your care (e.g., family members). Requests must be submitted in writing and specify the restriction and applicable parties. While we are not required to agree to all requests, we will honor restrictions related solely to services paid out-of-pocket in full by you.

Out-of-Pocket Payments

If you pay out-of-pocket in full for a specific service and request that we not bill your health plan for that item or service, we will honor this request and restrict disclosure of related PHI accordingly.

Right to Request Confidential Communication

You can request that we communicate with you through specific channels (e.g., mail at a specific address or calls only at work). Requests must be made in writing and specify how or where we can contact you. We will accommodate reasonable requests without requiring an explanation for them.

Right to a Paper Copy of This Notice

You are entitled to receive a paper copy of this Privacy Policy at any time upon request, even if you previously agreed to receive it electronically.
To exercise any of these rights, please contact our Privacy Officer:

  • Privacy Officer: Mithra Gonzalez
  • Phone: Main Line
  • Email: [email protected]
  • Address: 4590 Main St. Buffalo, NY 14226

We are committed to honoring these rights and ensuring transparency in all interactions regarding your Protected Health Information.

Our Responsibilities

Safeguarding PHI: We implement administrative, physical, and technical safeguards tailored to protect sensitive information related to oculofacial treatments and aesthetic care (e.g., secure electronic medical records).

  • Minimum Necessary Standard: We only use/disclose the minimum amount of PHI necessary for each purpose.
  • Staff Training: All team members are trained on privacy practices specific to our field of care.

Complaints and Contact Information

If you have concerns about how your PHI is handled or wish to exercise any of your rights under this policy, please contact our Privacy Officer:

  • Privacy Officer: Mithra Gonzalez
  • Address: 4590 Main St. Buffalo, NY 14226
  • Phone: Main Line
  • Email: [email protected]

You may also file a complaint with the U.S. Department of Health and Human Services at 200 Independence Ave SW, Washington, DC 20201, without fear of retaliation.

Changes to This Policy

We reserve the right to update this policy as needed to reflect changes in regulations or our practices while maintaining alignment with our mission of delivering luxury aesthetics and oculofacial care.

This Privacy Policy reflects our commitment to protecting the privacy of all patients while delivering exceptional care rooted in humanity, integrity, and excellence.

Effective Date: April 8, 2025