THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Understanding Your Health Record/Information

This notice describes the practices of Wise Aesthetics Group, Inc. d/b/a Wise Aesthetics (“Practice”) with respect to your protected health information (“PHI”) created while you are a patient at Practice. This notice applies to Practice and to its employees and to physicians, advanced practice providers, and other clinical staff who participate in your care. These individuals may share PHI with each other for treatment, payment, and health care operations as described in this notice.

We create a record of the care and services you receive at Practice. We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. This notice applies to all the records of your care at Practice.

This notice will tell you about the ways in which we may use and disclose medical information about you. It also describes your rights and certain obligations we have regarding the use and disclosure of medical information.

Your Health Information Rights

Although your health record is the physical property of Practice, the information belongs to you. You have the right to:

•      Request a restriction on certain uses and disclosures of your information for treatment, payment and health care operations, and as to disclosures permitted to persons, including family members involved with your care and as provided by law. However, we are not required by law to agree to a requested restriction, unless the request relates to a restriction on disclosures to your health insurer regarding health care items or services for which you have paid out of pocket and in full;

•      Obtain a paper copy of this notice of information practices;

•      Inspect and, upon request, receive a copy of your PHI, including in electronic form if we maintain it electronically, as provided by law;

•      Direct us, in writing, to transmit a copy of your electronic PHI directly to a third party you designate;

•      Request that we amend your health record as provided by law. We will notify you if we are unable to grant your request to amend your health record;

•      Obtain an accounting of disclosures of your health information as provided by law;

•      Request communication of your health information by alternative means or at alternative locations. We will accommodate reasonable requests;

•      Be notified following a breach of your unsecured PHI; and

•      Revoke any written authorization you have provided, in writing, at any time, except to the extent we have already taken action in reliance on it.

You may exercise these rights by providing a written request to Wise Aesthetics at 2325 Pointe Pkwy, Ste 110, Carmel, IN 46032 or electronically at legal@wise-aesthetics.com.

Our Responsibilities

In addition to the responsibilities set forth above, we are also required to:

•      Maintain the privacy of your health information;

•      Subject to certain exceptions under the law, provide notice of any unauthorized acquisition, access, use, or disclosure of your PHI, to the extent it was not otherwise secured;

•      Provide you with a notice as to our legal duties and privacy practices with respect to information we maintain about you;

•      Abide by the terms of this notice; and

•      Notify you if we are unable to agree to a requested restriction on certain uses and disclosures.

We reserve the right to revise this notice and to apply the revised notice to all PHI we maintain, including PHI created or received before the revision. If we materially revise this notice, we will promptly post the revised notice in our office and on our website at www.wise-aesthetics.com, and we will provide a paper copy of the revised notice to you upon request.

Uses and Disclosures of Medical Information That Do Not Require Your Authorization

The following categories describe different ways that we may use and disclose medical information without your authorization. We will explain what we mean for each category of uses or disclosures, but not every use or disclosure in a category will be listed. However, all the ways we are permitted to use and disclose information without your authorization should fall within one of the categories.

We will use your health information for treatment.

•      For example: We may disclose medical information about you to doctors, nurses, technicians, medical students or other personnel who are involved in taking care of you. We may share medical information about you in order to coordinate different treatments, such as prescriptions, lab work and x-rays. We also may provide your physician or a subsequent health care provider with copies of various reports to assist in treating you once you are discharged from care at Practice.

We will use your health information for payment.

•      For example: A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures and supplies used.

We will use your health information for regular health care operations.

•      For example: We may use the information in your health record to assess the care and outcome in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and services we provide.

We will use and disclose your health information as otherwise allowed by law. Examples of those uses and disclosures follow:

Business associates: There are some services provided in our organization through agreements with business associates. Examples include our electronic health record vendor, scheduling and patient communications platforms, payment processors, e-signature vendors, IT support providers, and marketing services providers. We require all business associates to safeguard your PHI under written Business Associate Agreements as required by HIPAA.

Notification: Unless you object, we may use or disclose information to notify or assist in notifying a family member, a personal representative or another person responsible for your care about your location and general condition.

Individuals involved in your care: Unless you object, we may disclose to a family member, another relative, a close personal friend or another person you identify the health information that is directly relevant to that person’s involvement in your health care or payment for your health care. If you are not able to agree or object to such disclosure, we may disclose the information as necessary if we determine it is in your best interest in our professional judgment.

Disaster relief: We may use or disclose your health information to public or private disaster relief organizations to coordinate your care or to notify your family or friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to these disclosures when practical.

Research: We may disclose information to researchers when their research has been approved by an institutional review board that has established protocols to protect the privacy of your health.

Communications regarding treatment alternatives and appointment reminders: We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.

Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse events with respect to food, medications, devices, supplements, products and product defects, or post marketing surveillance information to enable product recalls, repairs or replacement.

Worker’s compensation: We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.

Public health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury or disability.

Abuse, neglect or domestic violence: As required by law, we may disclose health information to a governmental representative authorized by law to receive reports of abuse, neglect or domestic violence.

Judicial, administrative and law enforcement purposes: Consistent with applicable law, we may disclose health information about you for judicial, administrative and law enforcement purposes.

Health oversight activities: We may disclose health information to a health oversight agency for activities authorized by law, such as audits, investigations, inspections and licensure.

Threats to health or safety: We may use or disclose health information as allowed by law if we believe in good faith that it is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public, or for law enforcement authorities to identify or apprehend an individual involved in a crime.

Special government functions: We may disclose health information to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law, or for protective services to the President of the United States or certain other government officials. If you are a member of the military, we may disclose health information to military authorities under some circumstances. If you are an inmate of a jail, prison or other correctional facility or in the custody of law enforcement personnel, we may disclose health information necessary to maintain your health and the health and safety of others.

Required or allowed by law: We will disclose medical information about you when required or allowed to do so by federal, state, or local law.

Electronic Health Information Exchange: Practice uses a third party to maintain our electronic medical records (EMR). Practice stores electronic health information about you in the EMR. Practice monitors who can view your EMR.

More stringent state-law protections: We will honor any more stringent privacy protections required by Indiana law, including those that apply to mental health records, HIV-related information, and genetic information, where such categories apply.

When We Need Your Written Authorization

Except as described in this notice, we will not use or disclose your PHI without your written authorization. In particular, the following uses and disclosures require your written authorization:

•      Most uses and disclosures of psychotherapy notes, where applicable;

•      Uses and disclosures of PHI for marketing purposes, except for face-to-face communications with you and the provision of promotional gifts of nominal value;

•      Disclosures that constitute a sale of PHI; and

•      Other uses and disclosures not otherwise described in this notice.

You may revoke any authorization in writing at any time, except to the extent we have already taken action in reliance on it.

For More Information or to Report a Problem

If you have questions or would like additional information, you may contact our Privacy Officer at 317-569-6448 or legal@wise-aesthetics.com.

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer at 2325 Pointe Pkwy, Ste 110, Carmel, IN 46032, or with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

This notice is effective on the following date: December 31, 2024. Last reviewed: May 2, 2026.

We may revise this notice at any time and apply the revised notice to all PHI we maintain. If we materially revise this notice, we will post the revised notice in our office and on our website at www.wise-aesthetics.com, and we will provide a paper copy on request.