Privacy Policy

Marcy Aesthetics Med Spa
Privacy Policy & Notice of Privacy Practices
Effective Date: March 2026
Contact: marcy@marcyaesthetics.comOur Commitment to Your PrivacyMarcy Aesthetics Med Spa (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal and protected health information (PHI). We understand that your medical and personal information is sensitive, especially in the context of cosmetic and aesthetic treatments such as neuromodulators (e.g., Botox®, Dysport®, Xeomin®), dermal fillers (e.g., Juvéderm®, Restylane®), laser treatments, skin rejuvenation, body contouring, and other non-surgical cosmetic procedures.This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment, and healthcare operations, and for other purposes permitted or required by law. It also informs you about your rights regarding your health information.We are required by law (including the Health Insurance Portability and Accountability Act of 1996 – HIPAA – and its regulations) to:

  • Maintain the privacy of your PHI;
  • Provide you with this notice of our legal duties and privacy practices;
  • Follow the terms of the notice currently in effect.

Types of Information We CollectWe may collect:

  • Personal identifiers (name, address, phone number, email address, date of birth, etc.);
  • Protected Health Information (PHI) – medical history, treatment plans, photographs (before/after), procedure notes, allergies, medications, and other health-related details relevant to cosmetic and aesthetic services;
  • Payment and insurance information (if applicable);
  • Communication preferences and consent records.

How We May Use and Disclose Your Protected Health InformationWe may use or disclose your PHI for the following purposes:

  1. Treatment
    To provide, coordinate, or manage your aesthetic and cosmetic care (e.g., consulting on Botox or filler suitability, performing procedures, documenting outcomes with photos, following up on results).
  2. Payment
    To obtain payment for services (e.g., billing you or your insurance, if applicable, for cosmetic procedures – note that many are not covered by insurance).
  3. Healthcare Operations
    For business activities such as quality assessment, staff training, compliance audits, and general administrative functions.
  4. Appointment Reminders, Treatment Alternatives, and Health-Related Benefits
    We may contact you to remind you of appointments or inform you about new services, products, or treatment options that may interest you (you can opt out of marketing communications).
  5. With Your Authorization
    For any purpose not listed above, we will obtain your written authorization before using or disclosing your PHI (e.g., marketing unrelated to treatment, sharing before/after photos publicly).
  6. Permitted or Required by Law
    We may use or disclose PHI without your authorization when required by law, such as:
    • Public health activities (e.g., reporting adverse events from injectables);
    • Health oversight activities;
    • Judicial or administrative proceedings;
    • Law enforcement (as required);
    • Workers’ compensation;
    • To avert a serious threat to health or safety.
  7. Business Associates
    We may share PHI with vendors/contractors (e.g., electronic medical records provider, payment processor, or photography software) who sign agreements to protect your information.

Your Rights Regarding Your Protected Health InformationYou have the right to:

  • Inspect and obtain a copy of your PHI (with limited exceptions);
  • Request amendments to your PHI if you believe it is inaccurate or incomplete;
  • Receive an accounting of disclosures of your PHI for up to six years prior (with some exceptions);
  • Request restrictions on certain uses and disclosures (we are not required to agree to all requests);
  • Request confidential communications (e.g., alternative mailing address or email);
  • Receive a paper copy of this notice upon request;
  • File a complaint if you believe your privacy rights have been violated (with us or with the U.S. Department of Health and Human Services – OCR).

To exercise these rights, contact us at marcy@marcyaesthetics.com or via phone (include your preferred contact method).Photography and Before/After ImagesBefore-and-after photographs are commonly used in cosmetic practices for treatment planning, documentation, and (with your permission) marketing/educational purposes. We will obtain your specific written authorization before using identifiable images for anything other than your medical record or internal quality purposes.Changes to This NoticeWe reserve the right to change the terms of this notice and to make the new notice provisions effective for all PHI we maintain. The revised notice will be posted on our website and available upon request.Contact InformationIf you have questions about this notice, our privacy practices, or wish to exercise your rights, please contact:
Marcy Aesthetics Med Spa
Email: marcy@marcyaesthetics.com You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services if you believe your privacy rights have been violated.Acknowledgment
By receiving services at Marcy Aesthetics Med Spa, you acknowledge receipt of this Notice of Privacy Practices.This notice is effective as of March 2026 and will remain in effect until replaced or revised.

Scroll to Top