HIPAA Compliance Statement

Effective Date: January 1, 2026 | Last Updated: January 1, 2026

At Drip & Fit Wellness (“we,” “our,” or “us”), we are committed to protecting the privacy, security, and confidentiality of our clients’ Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and all applicable federal and state privacy laws.

This HIPAA Compliance Statement explains how we collect, use, store, and safeguard your health-related information and outlines your rights regarding your medical data.

By using dripandfitwellness.com, booking an appointment, or receiving IV therapy or wellness services, you acknowledge and accept the terms outlined in this policy.

What Is Protected Health Information (PHI)?

Under HIPAA, Protected Health Information (PHI) includes any individually identifiable health information related to:

Your past, present, or future physical or mental health condition

Healthcare services you have received or may receive

Payment or billing information related to your healthcare services

PHI may include, but is not limited to:

Your name, address, phone number, email address, and date of birth

Medical history, health assessments, treatments, and clinical records

Insurance, payment, and billing information

Any other information that can reasonably identify you in a healthcare context

Drip & Fit Wellness follows HIPAA guidelines to ensure this information remains private, confidential, and secure.

How We Use and Disclose Your PHI

Permitted Uses of PHI

Drip & Fit Wellness may use and disclose PHI as permitted by HIPAA for the following purposes:

Treatment: To provide IV therapy and wellness services, conduct health assessments, and coordinate care with licensed medical professionals

Payment: To process payments, manage billing, and address payment-related inquiries

Healthcare Operations: To evaluate service quality, train staff, maintain compliance, and improve our services

Limited Disclosures Without Patient Authorization

We do not sell, rent, or use PHI for marketing purposes. However, HIPAA permits disclosure of PHI without patient authorization in certain situations, including:

Legal Requirements: When required by law, subpoena, court order, or government authority

Public Health Activities: Reporting communicable diseases or public health risks

Medical Emergencies: When necessary to prevent a serious or imminent threat to health or safety

Law Enforcement: For investigations related to fraud, criminal activity, or public safety

Outside of these legally permitted circumstances, we will not disclose your PHI without your written authorization.

Your HIPAA Privacy Rights

Under HIPAA, you have the following rights regarding your PHI:

Right to Access

You may request to inspect or obtain a copy of your medical records. Requests must be submitted in writing and will be fulfilled within the timeframe required by law.

Right to Request Amendments

If you believe your records are inaccurate or incomplete, you may request a correction. We will review and respond in accordance with HIPAA requirements.

Right to Request Restrictions

You may request limitations on how your PHI is used or disclosed. While we consider all requests, certain disclosures may be required by law.

Right to Confidential Communications

You may request that we contact you through specific methods (e.g., phone, email). Reasonable requests will be honored when feasible.

Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI, excluding those made for treatment, payment, or healthcare operations.

Right to File a Complaint

You may file a complaint if you believe your privacy rights have been violated. Filing a complaint will not result in retaliation.

Complaints may be submitted to:

Drip & Fit Wellness Privacy Officer

U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)

To exercise any of these rights, please contact us using the information in Section 10.

How We Protect Your PHI

We use appropriate administrative, physical, and technical safeguards to protect your PHI.

Administrative Safeguards

HIPAA compliance training for all staff

Restricted access to PHI on a need-to-know basis

Internal privacy and security policies

Physical Safeguards

Secure, locked storage for paper records

Restricted access to areas where PHI is stored

Technical Safeguards

Encryption of electronic PHI (ePHI) during storage and transmission

Secure networks, firewalls, and access controls

HIPAA-compliant communication platforms

While no system can be guaranteed 100% secure, we take reasonable steps to protect your information. If a breach occurs, affected individuals will be notified in accordance with HIPAA’s Breach Notification Rule.

Third-Party Service Providers

We may use third-party vendors such as scheduling platforms, payment processors, and electronic health record systems. These vendors:

Sign Business Associate Agreements (BAAs)

Are contractually required to comply with HIPAA privacy and security standards

HIPAA Breach Notification Policy

Definition of a Breach

A HIPAA breach occurs when PHI is accessed, used, or disclosed in an unauthorized manner that compromises its security or privacy.

Breach Response

In the event of a breach, Drip & Fit Wellness will:

Investigate the incident and assess scope and impact

Notify affected individuals within 60 days, as required by law

Report the breach to HHS when applicable

Implement corrective actions to prevent future incidents

Clients will be notified via phone, email, or written notice with details and recommended protective steps.

Retention of Health Records

Medical records and PHI are retained for the period required by federal and state law and are securely destroyed once retention requirements are met.

Changes to This Policy

We reserve the right to update this HIPAA Compliance Statement at any time. Updates will be posted on our website. Continued use of our services constitutes acceptance of the revised policy.

Contact Information

For HIPAA-related questions, requests, or concerns, please contact:

Drip & Fit Wellness

Phone: (913) 596-0588
Email: info@dripandfitwellness.com

You may also file a complaint with:

Office for Civil Rights (OCR)

U.S. Department of Health & Human Services
Website: www.hhs.gov/ocr