Privacy Policy

ELEVATE BABY HIPAA-COMPLIANT PRIVACY POLICY

Effective Date: April 8, 2025

Elevate Baby is committed to safeguarding your Protected Health Information (PHI) with the highest level of security, discretion, and legal compliance. This policy outlines how we collect, use, disclose, and protect your health data in accordance with the U.S. Health Insurance Portability and Accountability Act (HIPAA). Use of our services means you agree to this policy in full.

Our Legal Obligation Under HIPAA

We are classified as a Covered Entity under HIPAA, and we are legally required to:
Maintain the privacy of your PHI
Provide you with this notice of our legal duties and privacy practices
Abide by the terms of this notice
Notify you promptly in the event of any unauthorized access or breach of your PHI

What Information We Collect

We collect and maintain PHI necessary to provide reproductive services, including:
Medical histories, diagnostic test results, genetic information
Fertility treatment records, donor/recipient profiles
Insurance details (if applicable)
Legal documentation tied to your reproductive journey
Your PHI is used only for care, coordination, billing, and legally required operations.

How We Use and Disclose Your PHI (as Allowed or Required by HIPAA)

We will only use or disclose your PHI in the following HIPAA-permitted cases:
A. For Treatment
Coordinating care with doctors, labs, clinics, and other providers directly involved in your case
B. For Payment
Billing, insurance claims, and eligibility verification (if applicable)
C. For Healthcare Operations
Internal case management, audits, and quality control under strict access restrictions
D. When Legally Required
Court orders, law enforcement mandates, or compliance with public health authorities
Any other use of your PHI requires your explicit written authorization. No exceptions.

Authorizations and Restrictions

We will never use your PHI for:
Marketing purposes
Sale of information
Third-party promotional use
Unless you authorize it in writing. You may revoke any prior authorization at any time in writing.

Your HIPAA Privacy Rights

Under HIPAA, you have:
Right to Access: Request a full copy of your records
Right to Amend: Request corrections to inaccurate data
Right to an Accounting of Disclosures: Know who has accessed your PHI
Right to Request Restrictions: Ask us to limit or block specific disclosures
Right to Confidential Communication: Request communication through alternative channels (e.g., P.O. box or private number)
Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us or the U.S. Department of Health and Human Services
We honor all rights requests within 7 business days—HIPAA allows 30, but we move faster.

Data Protection and Security Measures

We deploy HIPAA-mandated technical, administrative, and physical safeguards, including:
End-to-End Encryption (AES-256) of data in transit and at rest
Access Controls: Only authorized personnel access PHI, using role-based permissions
Audit Logs: All access is tracked, monitored, and reviewed
Physical Safeguards: Secure facilities, restricted server rooms, locked file storage
Employee Training: Staff are HIPAA-trained and regularly certified
Non-compliance by employees or partners results in immediate termination and legal action.

Business Associates and Third Parties

All third-party vendors or service providers who handle PHI on our behalf must:
Sign a Business Associate Agreement (BAA)
Adhere to strict HIPAA compliance standards
Be audited and reviewed regularly
If a Business Associate fails to protect your data, we will pursue legal remedies.

Breach Notification Protocol

In the event of a breach involving your unsecured PHI:
You will be notified within 72 hours of discovery
We will disclose what happened, what data was involved, and what steps we’re taking
If the breach affects more than 500 individuals, we will notify HHS and the media as required by HIPAA
We do not delay, cover up, or downplay security breaches. You deserve transparency.

Data Retention and Destruction

We retain PHI only as long as required by federal and state law. Once no longer needed, we destroy it using HIPAA-approved methods, including:
Cross-cut shredding of physical records
Data wiping and digital shredding of electronic files

Policy Changes

We reserve the right to change this policy at any time, and will update it promptly when we do. Updated versions will be posted clearly and dated. Continued use of our services means you accept the updated policy.

Modifications

Elevate Baby reserves the right to modify, update, or revise these Terms and Conditions at any time, with or without notice. Your continued use of our services after changes constitutes your acceptance of the new terms.

Entire Agreement

These Terms and Conditions, along with any additional contracts or waivers signed by the parties, constitute the entire agreement between you and Elevate Baby and supersede any prior or contemporaneous communications.

Contact

For questions regarding these Terms and Conditions, please contact:
Elevate Baby, LLC
10169 Tidal Force Street Las Vegas, NV 89143
Email: [email protected]
Phone: (323) 933-8918

You may also file a complaint directly with the U.S. Department of Health and Human Services. We will never retaliate against you for exercising your rights.

At Elevate Baby, privacy isn’t a promise. It’s an obligation—and we enforce it with precision.