Privacy Policy

Effective Date: September 19, 2025

Paradigm Wellness LLC (‘Paradigm’) is a HIPAA-covered healthcare provider. This Privacy Policy explains how we handle personal information collected on our public channels (website, phone, email, SMS) and in our operations. Our handling of Protected Health Information (PHI) for treatment, payment, and healthcare operations is governed by HIPAA and our Notice of Privacy Practices (NPP). If there is any conflict between this Privacy Policy and the NPP, the NPP controls.

By using our website, you acknowledge this Privacy Policy. Marketing communications require your separate opt-in where required by law. PHI is used or disclosed only as permitted by HIPAA and our NPP. Please read this Policy to understand how we handle your information and the choices available to you.


1. Information We Collect

We may collect the following types of information:

  • Personal Information (Non-PHI): name, email address, appointment preferences, and order details submitted on our public website
  • Protected Health Information (PHI): health and treatment information collected in-clinic or via our secure patient scheduling/portal. Do not submit PHI through general contact forms or email. Our public forms do not request health information.
  • Technical Data: IP address, device/browser, and pages viewed, collected via analytics
  • Cookies/Tracking (Public Pages Only): we use cookies to operate the site and understand usage on public pages. We do not place analytics or advertising trackers on secure patient portal pages where PHI is collected


2. How We Use Your Information

We use information differently depending on whether it is PHI subject to HIPAA or non-PHI collected via our public channels. If there is any conflict between this Privacy Policy and our Notice of Privacy Practices (NPP), the NPP controls for PHI.

2.1 PHI (HIPAA) — Treatment, Payment, and Healthcare Operations (TPO)

We use and disclose PHI as permitted by HIPAA for:

  • Treatment: scheduling, care coordination, consultations, and communication with your other providers
  • Payment: billing, claims, eligibility and benefits verification, and payment processing
  • Healthcare Operations: quality assessment and improvement, credentialing, auditing, compliance, training, and customer service

We apply the minimum necessary standard where required by law.

2.2 Administrative Communications

We may contact you about appointments, scheduling changes, instructions, and other service notices (e.g., by phone, voicemail, text message, or email). Text message and email communications may not be encrypted; you may opt out of non-essential texts at any time by following the instructions provided.

2.3 Marketing and Non-Treatment Outreach (Non-PHI)

We send marketing or promotional messages only with your consent where required by law. Marketing is not a condition of receiving care, and you may opt out at any time.

2.4 Non-PHI — Website and Retail Operations

For information collected on our public website or retail channels (non-PHI), we use it to:

  • operate and improve our sites and services;
  • respond to inquiries and customer support requests;
  • process orders and deliveries where applicable;
  • maintain security and prevent fraud; and
  • perform analytics on public pages to understand site performance and usage.

2.5 De-Identified and Aggregated Data

We may use or share de-identified or aggregated information (not reasonably capable of identifying you). We do not attempt to re-identify de-identified data.

2.6 Legal Compliance and Safety

We use information as necessary to comply with law, regulations, court orders, or to help protect the rights, property, or safety of you, our patients, or the public.

2.7 Research (If Applicable)

If we conduct research, we will use or disclose PHI only with your written authorization or as permitted by HIPAA (e.g., with IRB approval or waiver), as described in our NPP.


3. HIPAA Notice of Privacy Practices (NPP)

Paradigm maintains a separate Notice of Privacy Practices (NPP) that governs all PHI. The following bullets are high-level summaries only. If anything here differs from the NPP, the NPP controls.

3.1 Summary of Permitted PHI Disclosures (see NPP for details):

  • Treatment: coordinating or managing your healthcare with your other providers
  • Business Associates: We may share PHI with vendors who support our clinical operations (e.g., EHR/scheduling, secure messaging). We require BAAs with such vendors to safeguard PHI
  • Payment: Billing you or your insurance for services received
  • Healthcare Operations: Quality assessment, training, audits, and customer service

We may also disclose PHI when required by law, such as in response to a court order or government request.

3.2 Summary of HIPAA Rights (see NPP for details)

  • Access: You may request copies of your medical records.
  • Amendments: You may request corrections to your records if inaccurate.
  • Restrictions: You may request limits on how your PHI is used or shared.
  • Confidential Communications: You may request we contact you by alternative means (e.g., at a different address or phone).
  • Accounting of Disclosures: You may request a list of when and to whom your PHI has been disclosed (outside of treatment, payment, and operations).

To exercise these rights, submit a written request to our Privacy Officer (see section 12). Do not include PHI by email unless you accept the risks of unencrypted email; we will offer a secure method upon request.


4. Sharing Your Information

We share information only as described below and consistent with HIPAA and applicable law.

4.1 PHI Disclosures (HIPAA)

We may disclose PHI for:

  • Treatment: with your other healthcare providers involved in your care.
  • Payment: with health plans, payers, and billing agents to obtain payment.
  • Healthcare Operations: with entities assisting in quality improvement, accreditation, auditing, or compliance.
  • Business Associates: with vendors who support our clinical services (e.g., EHR/scheduling, secure messaging) under Business Associate Agreements (BAAs) requiring HIPAA-compliant safeguards.
  • As Required by Law: to public health authorities, health oversight agencies, law enforcement, courts, or as otherwise permitted by HIPAA (including to prevent a serious threat to health or safety).
  • Persons Involved in Your Care: as allowed by law and your preferences.

4.2 Non-PHI Sharing (Public Website / Retail)

For information collected on public pages (non-PHI), we share with:

  • Service Providers: payment processors, shipping partners, IT/hosting, customer support, and site analytics providers, each under contractual confidentiality obligations.
  • Analytics on Public Pages Only: we may use analytics to understand site performance on non-PHI pages.

4.3 Your Choices

You can opt out of marketing communications at any time using the instructions provided in the message or by contacting us. Opt-outs do not affect administrative or treatment-related communications.


5. Data Security

The security of Your Personal Data is important to Us. All form submissions are transmitted via TLS-encrypted connections. We do not store form data on the public web server. We use administrative, technical, and physical measures designed to protect information against unauthorized access, use, or disclosure.

These measures include encryption in transit, access controls, and staff training appropriate to the nature of the information we handle. However, no method of transmission over the Internet, or method of electronic storage is 100% secure. We cannot guarantee its absolute security.


6. Cookies and Tracking Technologies

6.1 Scope
We use cookies and similar technologies on our public website pages to operate the site, measure performance, and improve user experience. Targeting and advertising cookies operate only on non-health, informational pages. Because our website does not collect or request Protected Health Information (PHI), these cookies do not access or transmit any PHI or form-submission data.

6.2 Types of Cookies We Use on Public Pages

  • Strictly Necessary: required for core site functions (security, load balancing).
  • Functional: remember preferences (e.g., language).
  • Analytics/Performance (Public Pages Only): help us understand aggregate site usage and improve content.
  • Advertising/Measurement (Public Pages Only): may be enabled only on public content and in accordance with your preferences/consent where required by law.

6.3 What We Do Not Do

  • We do not place analytics, advertising pixels, or cross-site tracking on secure patient portal or other PHI-collection pages.
  • We do not sell or rent personal information or PHI for monetary value. Some cookie and analytics data may be shared with service providers acting on our behalf to measure site performance or deliver relevant content.
  • We do not use or disclose PHI for targeted advertising.

6.4 Your Choices

You can manage or disable cookies through your browser settings. If we present a cookie banner on public pages, you may adjust preferences there. Disabling certain cookies may affect site functionality.

6.5 Analytics on Public Pages

We use analytics providers to measure aggregate performance on public pages (e.g., page views, time on page).

6.6 Retention

Cookie lifespans vary by type and purpose. We retain analytics data on public pages only as long as necessary for the purposes described in this Policy and applicable law.

6.7 Updates

We may update our cookie practices from time to time. Material changes will apply prospectively and be reflected by the Effective Date above.


7. Children’s Privacy

Our public website is not directed to children under 13. We provide clinical services to minors with appropriate parental/guardian consent; PHI for minors is handled under HIPAA and our NPP. Do not submit a minor’s PHI via general contact forms or email.


8. Multi-State Privacy Compliance

Paradigm primarily operates in Texas and is not currently subject to state consumer privacy laws such as the California Consumer Privacy Act (CCPA). However, we follow comparable privacy principles, including transparency, limited data collection, and choice where feasible, and will update this Policy to comply with emerging state requirements such as the Texas Data Privacy and Security Act (effective July 2025).


9. Links to Other Websites

Our website may contain links to sites we do not operate. If you click a third-party link, you will be directed to that site. Third-party sites and embedded tools (e.g., maps, payment, scheduling) may collect data via their own cookies and pixels; their practices are governed by their policies, which may differ from ours. We do not control and are not responsible for those practices. Do not submit PHI through third-party tools unless they clearly indicate a secure healthcare workflow.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.


10. Changes to This Policy

We may update this Privacy Policy at any time. When we do, we will revise the Effective Date and post the updated version on this page. Material changes apply prospectively. Your continued use of our public pages after posting constitutes acknowledgment of the update.


11. No Medical Advice; Emergencies

Content on our public pages is for general information only and is not medical advice. Do not rely on website content for diagnosis or treatment. If you are experiencing a medical emergency, call 911 immediately. For care, consult your clinician.

12. Contact Us

If you have questions or concerns regarding this Privacy Policy or your personal information, contact:

Privacy Officer — Paradigm Wellness
5366 McArdle Rd, STE 104, Corpus Christi, TX 78411
info@paradigmwell.com (do not include PHI by email; request a secure method if needed)

You may request a copy of our HIPAA Notice of Privacy Practices from the Privacy Officer.

This Policy applies to Paradigm Wellness clinical operations and public site. Fitzgerald Conservatory retail is covered by its separate privacy notice, and information collected there is not part of your clinical record and is not treated as PHI.