Vitalized Lab LLC
Effective Date: November 6, 2025
Last Updated: May 6, 2026
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. INTRODUCTION
Vitalized Lab LLC (“we,” “us,” “our,” or “Company”) is committed to protecting the privacy of your health information. This Notice of Privacy Practices describes how we may use and disclose your Protected Health Information (PHI) and your rights regarding that information. This notice is provided in compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule.
2. OUR LEGAL DUTY TO PROTECT YOUR PRIVACY
We are required by law to maintain the privacy and security of your Protected Health Information. We are also required to provide you with this Notice of Privacy Practices, which describes our legal duties and privacy practices concerning your health information. We must follow the privacy practices outlined in this notice.
3. DEFINITION OF PROTECTED HEALTH INFORMATION (PHI)
Protected Health Information (PHI) is any information in a medical record or health plan that can be used to identify you. This includes but is not limited to:
– Your name, address, phone number, email address, and date of birth
– Social Security number or other unique identifier
– Medical history and diagnoses
– Current medications and allergies
– Symptoms and health conditions
– Laboratory test results and diagnostic imaging
– Healthcare provider notes and treatment plans
– Insurance information and billing records
– Any other health information that could identify you
4. HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
We may use and disclose your PHI for the following purposes:
Treatment: We may use your PHI to provide telemedicine services, diagnose conditions, develop treatment plans, and coordinate your care. We may share your PHI with other healthcare providers involved in your care when necessary and appropriate.
Payment: We may use your PHI to bill you for services rendered, process payments, and communicate regarding payment or billing matters. Since Vitalized Lab LLC operates on a cash-based model, we do not submit claims to insurance companies.
Healthcare Operations: We may use your PHI for quality assurance, peer review, compliance monitoring, business planning, and administrative functions necessary to operate our telemedicine practice.
Treatment Alternatives: We may use your PHI to inform you of alternative treatment options or health-related benefits and services that may be of interest to you.
Health Maintenance and Wellness: We may contact you to remind you of appointments, provide health education, or offer preventive health services.
5. USES AND DISCLOSURES REQUIRING YOUR AUTHORIZATION
Except as otherwise permitted by HIPAA, we will not use or disclose your PHI without your written authorization. Uses and disclosures requiring your authorization include but are not limited to:
– Disclosure of psychotherapy notes
– Uses and disclosures for marketing purposes
– Disclosure of PHI for sale
– Other uses and disclosures not described in this Notice of Privacy Practices
You may revoke your authorization in writing at any time by contacting us using the information provided at the end of this notice. Revocation will not affect uses or disclosures made prior to our receipt of your written revocation.
6. USES AND DISCLOSURES WITHOUT YOUR AUTHORIZATION
We may use and disclose your PHI without your authorization in the following circumstances:
As Required by Law: We may disclose your PHI when required by federal, state, or local law, court order, subpoena, or other legal process.
Public Health Activities: We may disclose your PHI to public health authorities for disease surveillance, investigation, and control purposes as required by law.
Abuse, Neglect, and Domestic Violence: We may disclose your PHI to appropriate authorities if we reasonably believe you are a victim of abuse, neglect, or domestic violence, or if a minor or elder is at risk.
Health Oversight Activities: We may disclose your PHI to health oversight agencies for activities authorized by law, including licensing, audits, investigations, and quality assurance activities.
Judicial and Administrative Proceedings: We may disclose your PHI in response to a court order, subpoena, discovery request, or other lawful process.
Law Enforcement: We may disclose your PHI to law enforcement officials for identification and location purposes, in response to a law enforcement request, or in connection with a crime on our premises.
Serious Threat to Health or Safety: We may disclose your PHI to prevent or reduce a serious threat to your health or safety or the health or safety of another person.
Military and Veterans: If you are in the military, we may disclose your PHI as required by military command or to the Department of Veterans Affairs.
Correctional Institution: If you are an inmate or detained in a correctional institution, we may disclose your PHI to the institution or its agents for purposes of health and safety.
Workers Compensation: We may disclose your PHI for workers compensation purposes as required by law.
Organ and Tissue Donation: We may disclose your PHI to organ procurement organizations, tissue banks, or other entities as necessary to facilitate organ or tissue donation and transplantation.
Research: We may use and disclose your PHI for research purposes when the use has been approved by an Institutional Review Board or when you have provided specific authorization for the research.
Decedent Information: We may disclose your PHI to coroners, medical examiners, and funeral directors for purposes of identifying the deceased, determining cause of death, or other lawful purposes.
7. MINIMUM NECESSARY STANDARD
When we use or disclose your PHI, we apply the minimum necessary standard. This means we use, request, or disclose only the minimum amount of PHI needed to accomplish the intended purpose. Minimum necessary determinations are made on a case-by-case basis, taking into account the nature and scope of the disclosure.
8. BUSINESS ASSOCIATES
We work with business associates who perform services on our behalf and require access to your PHI. These business associates include:
Optimantra: Our electronic medical records and telemedicine platform provider
Authorize.net: Our payment processing service
Stripe: Our payment processing service
All business associates are required to enter into a Business Associate Agreement with us and are contractually obligated to maintain the confidentiality and security of your PHI and to use it only for purposes of providing services to us.
9. PATIENT RIGHTS
You have the following rights regarding your Protected Health Information:
Right to Access: You have the right to inspect and obtain a copy of your medical records and other health information held by us. We will provide you with your information within 30 days of your written request. We may charge a reasonable fee for copies.
Right to Amend: You have the right to request that we amend or correct inaccurate or incomplete information in your medical record. We will respond to your request within 30 days. If we deny your request, we will provide you with an explanation in writing.
Right to Accounting of Disclosures: You have the right to receive an accounting of disclosures of your PHI made by us, except for disclosures made for treatment, payment, or healthcare operations, or as otherwise permitted by HIPAA. We will provide you with an accounting within 30 days of your request, and we may limit the accounting to disclosures made within the past three years.
Right to Request Restrictions: You have the right to request restrictions on our use and disclosure of your PHI. However, we are not required to agree to your request unless it relates to disclosure to a health plan for payment or healthcare operations and the information pertains solely to an item or service for which you have paid out of pocket in full.
Right to Request Confidential Communications: You have the right to request that we communicate with you about your health information in a specific manner or to a specific location. We will accommodate reasonable requests.
Right to Receive Notice of Breach: You have the right to be notified if there is a breach of your unsecured PHI. In the event of a breach, we will notify you without unreasonable delay and no later than 60 calendar days after discovery of the breach.
Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice of Privacy Practices even if you have agreed to receive it electronically.
Right to File a Complaint: You have the right to file a complaint with Vitalized Lab LLC or with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) if you believe your privacy rights have been violated.
10. HOW TO EXERCISE YOUR RIGHTS
To exercise any of the rights described in this Notice of Privacy Practices, you must submit a written request to Vitalized Lab LLC using the contact information provided at the end of this notice. We will respond to your request within the timeframe specified by HIPAA or in this notice, typically within 30 days. If we cannot fulfill your request within 30 days, we will provide you with a written explanation of the reason for the delay and when you can expect a response.
11. CHARGES FOR COPIES
We may charge you a reasonable fee for copies of your medical records. The fee will not exceed the actual cost of reproduction, postage, and labor necessary to retrieve and copy your records. We will provide you with an estimate of charges prior to making copies if the cost exceeds a nominal amount.
12. SECURITY OF YOUR PROTECTED HEALTH INFORMATION
We implement administrative, physical, and technical safeguards to protect your PHI from unauthorized access, alteration, and destruction. Security measures include:
Administrative Safeguards: Access controls, workforce security, information access management, security awareness and training, and security incident procedures.
Physical Safeguards: Facility access controls, workstation use and security, workstation location policies, and device and media controls.
Technical Safeguards: Access controls, audit controls, encryption and decryption, and transmission security using SSL/TLS encryption protocols.
Our telemedicine platform, Optimantra, is HIPAA-compliant and incorporates industry-standard security measures to protect your information during transmission and storage.
13. RETENTION OF PROTECTED HEALTH INFORMATION
We retain your PHI for as long as necessary to provide healthcare services, comply with legal obligations, resolve disputes, and enforce our agreements. Medical records are generally retained for a minimum of seven years from the date of the last patient encounter or as required by applicable federal and state laws. Minors records are retained until they reach the age of majority plus the applicable retention period. After the retention period expires, we will securely destroy your records in a manner that prevents unauthorized access.
14. CHANGES TO THIS NOTICE OF PRIVACY PRACTICES
We reserve the right to change our privacy practices and this Notice of Privacy Practices. Changes will be effective for all PHI we maintain. We will provide you with a revised Notice of Privacy Practices if we materially change our privacy practices. You may request a copy of our current Notice of Privacy Practices at any time by contacting us using the information provided at the end of this notice.
15. COMPLAINT PROCEDURES
If you believe your privacy rights have been violated, you may file a complaint with Vitalized Lab LLC or with the U.S. Department of Health and Human Services Office for Civil Rights.
To File a Complaint with Vitalized Lab LLC:
Send a written complaint to:
Vitalized Lab LLC
357 South Fairfax Avenue
Los Angeles, California 90036
Email: hello@vitalizedlab.com
Phone: 801-742-1364
We will investigate all complaints and will not retaliate against you for filing a complaint.
To File a Complaint with the U.S. Department of Health and Human Services Office for Civil Rights:
You may file a complaint with the OCR without first filing a complaint with us. You can file a complaint online at www.hhs.gov/ocr/privacy/hipaa/complaints or by mail at:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, SW
Washington, D.C. 20201
You may also call the OCR at 1-800-368-1019 or email OCRComplaint@hhs.gov. There is no time limit for filing a complaint with the OCR.
16. CONTACT US
If you have any questions about this Notice of Privacy Practices or if you wish to exercise any of your rights regarding your Protected Health Information, please contact us at:
Vitalized Lab LLC
357 South Fairfax Avenue
Los Angeles, California 90036
Email: hello@vitalizedlab.com
Phone: 801-742-1364
Our privacy officer or designee can be reached at the above contact information to address your privacy concerns and requests.
17. ACKNOWLEDGMENT OF RECEIPT
You will be asked to acknowledge receipt of this Notice of Privacy Practices when you register for services with Vitalized Lab LLC. Your acknowledgment will be maintained in your medical record.
EFFECTIVE DATE
This Notice of Privacy Practices is effective as of November 6, 2025 and supersedes any previous notice.