HIPAA Compliance Statement

At Zen IV Spa, your privacy matters as much as your care. This HIPAA Compliance Statement explains how we protect your health information under the Health Insurance Portability and Accountability Act (HIPAA) and related privacy laws. It applies to every client who books a session, completes an intake form, or receives mobile IV therapy from our team.

This statement works together with our Privacy Policy, Medical Disclaimer, and Provider Disclosure.

What Is Protected Health Information (PHI)?

Protected Health Information, or PHI, is any information about your health that can identify you. At Zen IV Spa, PHI includes:

Your name, address, phone number, email, and date of birth when connected to your care
Your medical history, allergies, and current medications from your intake form
Your treatment records, including which IV drips, add-ons, and shots you received
Notes from your medical screening and any communication with our care team
Payment records connected to your treatments

How We Protect Your Information

We treat your health information with hospital-grade care. Here is how we safeguard it:

Access Controls: Only authorized team members who need your information to provide your care can see it. This includes your assigned nurse and our medical leadership.
Secure Storage: Health records and intake forms are stored in encrypted digital systems. Any paper records are kept in locked, secure locations.
Secure Transmission: When your information moves electronically, such as through our booking system or intake forms, we use encrypted connections to protect it.
Staff Training: Every nurse and team member who handles client information is trained on privacy practices and their duty to protect your data.
Minimum Necessary Standard: Team members only access the smallest amount of information needed to do their job.
No Unauthorized Disclosure: We do not share your health information with anyone outside your care team without your written consent, except where the law requires it.

Business Associates

We sometimes work with outside companies that support our operations, such as our booking platform, secure messaging system, and payment processor. When these companies may handle PHI, we require them to sign Business Associate Agreements. These agreements legally require them to protect your information to the same standards we follow.

Your Privacy Rights

Under HIPAA, you have important rights over your health information. You have the right to:

Request access to the health information we have on file for you
Request a copy of your records
Request corrections to information you believe is inaccurate
Request limits on how we use or share your health information
Request a list of certain disclosures we have made
Choose how we contact you (for example, by phone, text, or email)
File a complaint if you believe your privacy rights have been violated

To exercise any of these rights, contact us using the information at the bottom of this page. We will respond to record requests within the timeframes required by law.

When the Law Requires Disclosure

In limited situations, we may be required to share health information without your consent. These situations include responding to a valid court order, reporting certain public health concerns as required by New York or federal law, or cooperating with lawful government requests. Even then, we share only the minimum information required.

Breach Notification

If a breach of unsecured PHI ever affects your information, we will notify you as required by the HIPAA Breach Notification Rule. Our notice will explain what happened, what information was involved, what we are doing about it, and steps you can take to protect yourself.

Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us directly or with the U.S. Department of Health and Human Services, Office for Civil Rights. We will never retaliate against you for filing a complaint.

Questions About Your Privacy

Our team is happy to answer any question about how we handle your information. Reach out anytime.

Call or text: (332) 239-2005

Email: info@zenivspa.com

Hours: 8 AM to 8 PM, 7 days a week, mobile only

Service Area: All 5 NYC boroughs, Long Island (Nassau and Suffolk Counties), Westchester County, and the Hudson Valley (Rockland, Putnam, and Orange Counties)