Privacy Statement

Body Logic Health is a physician-supervised metabolic wellness and weight loss clinic operating at two Florida locations:

• East Orlando: 12301 Lake Underhill Rd, Suite 215, Orlando, FL 32828
• DeLand: 450 N McDonald Ave, DeLand, FL 32724

We offer GLP-1 weight loss programs, peptide therapies, and related injectable wellness treatments under the supervision of licensed medical providers. Our clinical operations are affiliated with Home Physicians Group (HPG Health).

As a healthcare provider, we are a Covered Entity under HIPAA and are subject to federal and Florida state privacy laws governing the handling of protected health information.

Information you provide directly

• Personal identifiers: Full name, date of birth, address, phone number, email address
• Health & medical information: Weight, height, BMI, health history, diagnoses, current medications, lab results, and biometric measurements
• Treatment information: Medication type and dosage, program selections, injection records, and clinical visit notes
• Payment information: Billing details and insurance information where applicable. We do not store full credit card numbers on our servers.
• Communications: Messages, emails, or inquiries you send to our clinical team

Information collected automatically

• Usage data: Pages visited, time on site, clicks, scroll depth, and referring URL
• Device & browser data: IP address, browser type, operating system, and device identifiers
• Form inputs: Data entered into our weight loss estimator or contact forms, including health inputs such as weight, height, age, sex, and program preferences

Weight loss estimator data

Our on-site clinical estimator collects weight, height, age, biological sex, and program selection to generate a personalized estimate. When you submit your email to receive results, that information is transmitted to our care team for follow-up and is treated as sensitive health-related data.

Your PHI includes information about your health condition, treatment, or payment that could identify you — including lab results, clinical notes, medication records, and biometric data collected during your program.

How we use and disclose PHI

We may use and disclose your PHI for treatment, payment, and healthcare operations without your specific authorization, including:

• Sharing records with your treating physician or affiliated providers
• Processing billing and payment with your health insurer (if applicable)
• Quality improvement and clinical audit activities

For uses beyond treatment, payment, and operations — including marketing, research, or sale of PHI — we will obtain your written authorization first, unless a specific HIPAA exception applies.

Notice of Privacy Practices

Our full HIPAA Notice of Privacy Practices (NPP) is provided at your initial visit and is available upon request. The NPP describes your rights in detail and explains how we may use and disclose your PHI in all circumstances.

We do not share your personal or health information with third parties except in the following circumstances:

Service providers and business associates

We work with third-party vendors who assist in operating our clinic, managing records, processing payments, and maintaining this website. These parties are contractually bound to protect your data. HIPAA-covered vendors execute a Business Associate Agreement (BAA) with us. Vendor categories include: electronic health record platforms, secure communications services, payment processors, and website analytics providers.

Affiliated providers

As a clinic affiliated with Home Physicians Group, we may share clinical information with affiliated providers involved in your direct care, consistent with HIPAA.

Legal requirements

We may disclose your information when required by law, court order, or governmental authority, including disclosures required by the Florida Department of Health or in response to lawful subpoenas.

Safety and emergencies

We may disclose PHI to prevent a serious threat to your health or safety or that of others, consistent with applicable law.

Our website uses cookies and similar technologies to improve functionality and analyze traffic:

• Essential cookies: Required for core site functionality including navigation and form submissions
• Analytics cookies: Help us understand how visitors use our site using aggregate, de-identified data only
• Functional cookies: Remember your preferences and session state within the estimator tool

We do not use third-party advertising cookies or behavioral tracking pixels that share your health-related browsing with ad networks. You may control cookies through your browser settings.

We retain personal and clinical information for as long as necessary to provide care, fulfill legal obligations, and resolve disputes:

• Florida medical records: Retained for a minimum of 5 years from the date of last clinical encounter, or as otherwise required by state law
• Minor patients: Retained until the patient's 21st birthday or 5 years from the last encounter, whichever is later
• Financial records: Billing and payment records retained for a minimum of 7 years
• Website inquiries & estimator submissions: Retained for up to 24 months for care coordination purposes

When data is no longer required, we destroy it using secure methods appropriate for the sensitivity of the data.

HIPAA patient rights

• Right to access: Request a copy of your medical records and PHI
• Right to amend: Request corrections to inaccurate or incomplete PHI
• Right to accounting of disclosures: Receive a list of certain disclosures we have made of your PHI
• Right to restrict: Request restrictions on how we use or disclose your PHI
• Right to confidential communications: Request communication via a specific method or location
• Right to our NPP: Receive a paper copy of our HIPAA Notice of Privacy Practices at any time

General data rights

• Opt-out of marketing: Unsubscribe from non-clinical communications at any time via email or the unsubscribe link in any marketing message
• Correction of personal data: Request updates to your contact or demographic information
• Data deletion (non-PHI): Request deletion of non-clinical personal data where no legal retention obligation applies

Our GLP-1 weight loss programs are intended for adults. We do not knowingly collect personal information from individuals under the age of 18 through our website without parental or guardian consent. If you believe a minor has submitted personal information without appropriate consent, please contact us immediately at info@bodylogic.health and we will promptly delete such information.

We implement administrative, technical, and physical safeguards consistent with HIPAA Security Rule requirements (45 C.F.R. Part 164, Subpart C). Our measures include:

• Encryption of PHI in transit (TLS/HTTPS) and at rest
• Access controls limiting PHI access to authorized clinical staff only
• Audit logging of PHI access and modifications within our EHR system
• Staff training on HIPAA privacy and security requirements
• Secure destruction of paper and electronic records at end of retention period

In the event of a breach of unsecured PHI, we will notify affected individuals and report to the U.S. Department of Health and Human Services as required under the HIPAA Breach Notification Rule.

We may update this Privacy Statement from time to time. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Post a notice on our website homepage for a reasonable period
• Notify active patients by email if the change affects how we handle their PHI

We encourage you to review this statement periodically. Your continued use of our services after a posted change constitutes acceptance of the updated statement for non-PHI data.

Questions, concerns, or requests related to this Privacy Statement? Reach us through any of the following:

If you believe your HIPAA privacy rights have been violated, you have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr/privacy or 1-800-368-1019. We will not retaliate against you for filing a complaint in good faith.