The WellnessDrops
← Back to Home

HIPAA Compliance

Last updated: February 4, 2026

The Wellness Drops is committed to maintaining the privacy and security of your protected health information (PHI) in full compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the Privacy Rule, Security Rule, and Breach Notification Rule.

1. What Is Protected Health Information (PHI)?

Protected Health Information (PHI) is any individually identifiable health information that we create, receive, maintain, or transmit in connection with providing healthcare services. This includes:

  • Your name, address, date of birth, and contact information
  • Medical history, diagnoses, and treatment information
  • Health intake and screening forms
  • Treatment records and clinical notes
  • Billing and payment information related to your care
  • Any other information that can identify you and relates to your health or healthcare

2. The Privacy Rule — Uses & Disclosures of PHI

Under the HIPAA Privacy Rule, we may use and disclose your PHI without your written authorization for the following purposes:

Treatment

We may use your PHI to provide, coordinate, or manage your IV therapy services. This includes sharing information with other healthcare professionals involved in your care when necessary.

Payment

We may use your PHI for billing and payment activities related to the services we provide.

Healthcare Operations

We may use your PHI for quality improvement, training, auditing, and other operational activities necessary to run our practice.

As Required by Law

We may disclose PHI when required by federal, state, or local law, including public health reporting, abuse or neglect reporting, and judicial or administrative proceedings.

For all other uses and disclosures, we will obtain your written authorization before sharing your PHI. You have the right to revoke any authorization at any time in writing.

3. Your Rights Under HIPAA

As a client of The Wellness Drops, you have the following rights regarding your PHI:

  • Right to Access: You may request to inspect and obtain a copy of your PHI maintained by us. We will respond within 30 days of your request.
  • Right to Amend: You may request that we amend your PHI if you believe it is inaccurate or incomplete. We may deny the request under certain circumstances and will provide a written explanation.
  • Right to an Accounting of Disclosures: You may request a list of certain disclosures we have made of your PHI for purposes other than treatment, payment, or healthcare operations.
  • Right to Request Restrictions: You may request that we limit the use or disclosure of your PHI. We are not required to agree to all requests but will carefully consider them.
  • Right to Confidential Communications: You may request that we communicate with you about health matters through a specific method or at a specific location.
  • Right to a Paper Copy: You may request a paper copy of our Notice of Privacy Practices at any time.
  • Right to File a Complaint: You have the right to file a complaint if you believe your privacy rights have been violated (see Section 7 below).

4. Security Safeguards

We implement comprehensive safeguards to protect your PHI in accordance with the HIPAA Security Rule:

Administrative Safeguards

  • Designated Privacy and Security Officer
  • Workforce training on HIPAA policies and procedures
  • Risk assessments and management processes
  • Policies and procedures for handling PHI
  • Sanctions for policy violations

Physical Safeguards

  • Secure storage of physical records and documents
  • Controlled access to areas where PHI is stored
  • Proper disposal of PHI (shredding, secure deletion)
  • Device and workstation security

Technical Safeguards

  • Encryption of electronic PHI (ePHI) in transit and at rest
  • Access controls and unique user identification
  • Audit logs and monitoring of system activity
  • Automatic session timeouts and password protections
  • Secure backup and disaster recovery procedures

5. Business Associates

When we engage third-party service providers ("Business Associates") who may have access to your PHI — such as payment processors, electronic health record providers, or IT service providers — we require them to enter into Business Associate Agreements (BAAs) that obligate them to:

  • Safeguard your PHI in accordance with HIPAA requirements
  • Report any security incidents or breaches promptly
  • Return or destroy PHI when no longer needed
  • Ensure their subcontractors comply with the same standards

6. Breach Notification

In the event of a breach of unsecured PHI, we will:

  • Notify affected individuals without unreasonable delay and no later than 60 days after discovery of the breach.
  • Notify the U.S. Department of Health and Human Services (HHS) as required based on the scope of the breach.
  • Notify prominent media outlets if the breach affects more than 500 residents of a state or jurisdiction.
  • Provide a description of the breach, the types of information involved, steps individuals can take to protect themselves, and the measures we are taking to investigate and mitigate the breach.

7. Complaints & Contact Information

If you believe your privacy rights have been violated or you have concerns about our HIPAA practices, you may:

Contact The Wellness Drops

Phone: (407) 479-8484

Service Area: Central Florida

Instagram: @pdrnurses

File a Complaint with HHS

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights:

Online: hhs.gov/hipaa/filing-a-complaint

Phone: 1-800-368-1019

TDD: 1-800-537-7697

We will not retaliate against you for filing a complaint.

← Back to Home