Privacy & HIPAA Policy

1. Our Commitment to Your Privacy

At Vue Med Spa, your trust is sacred. Whether you’re visiting us for surgical aftercare, skin rejuvenation, or wellness treatments, we are committed to protecting your personal information, including your medical and health-related data, in accordance with the Health Insurance Portability and Accountability Act (HIPAA), Utah state law, and our core values of ethics, empathy, and excellence.

2. What Information We Collect

We may collect:

Personally Identifiable Information (PII)

  • Full name, contact details, date of birth

  • Address, emergency contacts

Protected Health Information (PHI)

  • Medical history, diagnoses, medications, allergies

  • Treatment plans, progress notes, and pre/post-procedure images

  • Responses from digital intake forms or skincare assessments

Technical & Digital Data

  • Website analytics (IP address, browser type, device usage)

  • Appointment scheduling data via Aesthetic Record or RepeatMD

3. How We Use Your Information

We only use your information to support your care and enhance your experience. This includes:

  • Booking and confirming appointments

  • Conducting in-person or virtual consultations

  • Creating and updating treatment plans

  • Sending post-visit follow-ups, birthday gifts, and wellness check-ins (with your consent)

  • Complying with federal/state documentation standards

We do not sell or rent your personal data to third parties.

4. Our Use of HIPAA-Compliant Tools

Vue Med Spa uses secure, HIPAA-compliant platforms such as:

  • Aesthetic Record – For scheduling, charting, treatment plans, and consent documentation

  • RepeatMD – For managing memberships, loyalty points, and educational resources

All staff are trained in HIPAA-compliant communication, including chart documentation and internal messaging.

5. Who Has Access to Your Information

Your data is shared only with:

  • Licensed providers directly involved in your care

  • Internal team members handling scheduling and coordination

  • Third-party vendors (EMR, payment processors) with signed Business Associate Agreements (BAAs)

When required by law (e.g., public health mandates), we may disclose information to appropriate authorities.

6. Your Rights Under HIPAA

As a client, you have the right to:

  • Access: Request a copy of your medical or service records

  • Amend: Ask us to correct inaccurate health information

  • Restrict: Request limitations on how your information is used or shared

  • Confidential Communication: Request that we contact you through a preferred method (e.g., phone vs. email)

  • Accounting of Disclosures: Receive a list of instances where your data was shared (outside of treatment or operations)

  • Revoke Consent: Withdraw your permission for marketing communications at any time

7. Security Practices

We maintain administrative, technical, and physical safeguards to protect your PHI. These include:

  • Encrypted digital records

  • Limited staff access based on role

  • Secure disposal of physical records (if used)

8. Marketing Communication & Consent

With your consent, we may send you:

  • Appointment reminders

  • VIP invitations, treatment specials, or birthday credits

  • Educational skincare tips and wellness news

You may opt out of marketing messages anytime by clicking “Unsubscribe” or texting STOP.

9. Privacy Policy Changes

This policy may be updated to reflect legal changes or operational updates. All revisions will be posted on our website and available at the front desk upon request.

10. Contact for Questions or Complaints

If you have questions, concerns, or wish to file a privacy complaint, please contact:

Vue Medical Spa
4000 S 700 E Ste #10
801-303-3883
info@vuemedicalspa.com