312-929-2661

HIPAA NOTICE OF PRIVACY PRACTICES

Effective Date: April 23, 2026 | Last Updated: April 23, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

INTRODUCTION

Hudson Facial Plastic Surgery (“Practice,” “we,” “us,” or “our”), located at 1640 N Wells St. Unit 207, Chicago, IL 60614, is committed to maintaining the privacy of your Protected Health Information (PHI). We are required by law to:

  • Maintain the privacy of your PHI
  • Provide you with this Notice of our legal duties and privacy practices with respect to your PHI
  • Notify you following a breach of your unsecured PHI
  • Abide by the terms of this Notice currently in effect

This Notice applies to all PHI created, received, maintained, or transmitted by Hudson Facial Plastic Surgery, including information related to your surgical consultations, procedures, medical history, and billing.

1. WHAT IS PROTECTED HEALTH INFORMATION (PHI)?

Protected Health Information (PHI) is any information we hold about you that:

  • Relates to your past, present, or future physical or mental health or condition
  • Relates to the provision of health care to you
  • Relates to the past, present, or future payment for the provision of health care to you
  • Identifies you or could reasonably be used to identify you

PHI includes information in any form — written, electronic, or oral — such as your name, address, date of birth, Social Security number, diagnosis, treatment records, surgical history, photographs, and billing information.

2. HOW WE MAY USE AND DISCLOSE YOUR PHI

The following describes the ways we may use and disclose your PHI. Not every use or disclosure in a category will be listed, but all of the ways we are permitted to use and disclose information will fall within one of the following categories.

2.1 Treatment

We may use and disclose your PHI to provide, coordinate, and manage your medical treatment and related services. For example:

  • We may share your PHI with other physicians, specialists, anesthesiologists, or healthcare providers involved in your care
  • We may share your PHI with a hospital or surgical facility where your procedure is performed
  • We may disclose your PHI to a pharmacist filling a prescription related to your treatment
  • We may share your surgical records and photographs with consulting physicians for treatment planning purposes

2.2 Payment

We may use and disclose your PHI to obtain payment for services we provide to you. For example:

  • We may submit claims to your health insurance company or other payer and include information about your diagnosis and treatment
  • We may contact your insurance company to verify coverage or obtain prior authorization for a procedure
  • We may use billing services or a collections agency if an account becomes past due, disclosing only the minimum necessary information

2.3 Healthcare Operations

We may use and disclose your PHI for our internal healthcare operations necessary to run our practice. For example:

  • Quality assurance and improvement activities
  • Staff training and education
  • Business planning and management
  • Reviewing the competency and qualifications of our healthcare professionals
  • Legal and compliance activities
  • Accreditation, certification, and licensing activities

2.4 Appointment Reminders and Treatment Alternatives

We may use and disclose your PHI to contact you with appointment reminders by phone, text, email, or written notice. We may also contact you to provide information about treatment alternatives or other health-related services that may be of interest to you.

2.5 Individuals Involved in Your Care

We may disclose your PHI to a family member, close friend, or other person you identify as being involved in your care or in the payment for your care, to the extent relevant to that person’s involvement. We may also notify such persons of your general condition or location in the event of an emergency. You have the right to restrict or prohibit these disclosures — please see Section 4 (Your Rights) below.

2.6 As Required by Law

We will disclose your PHI when required to do so by federal, state, or local law, including court orders, subpoenas, and legal proceedings to which we are a party.

2.7 Public Health Activities

We may disclose your PHI to public health authorities for activities authorized by law, including:

  • Reporting communicable diseases, injuries, and vital statistics to the Illinois Department of Public Health
  • Reporting adverse events related to food, medications, or medical devices to the FDA
  • Reporting work-related illnesses or injuries to occupational health authorities

2.8 Health Oversight Activities

We may disclose your PHI to government agencies authorized to oversee the healthcare system, including audits, investigations, inspections, and licensure activities conducted by the Illinois Department of Financial and Professional Regulation (IDFPR) or the U.S. Department of Health and Human Services (HHS).

2.9 Judicial and Administrative Proceedings

We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, subject to applicable legal requirements and protections.

2.10 Law Enforcement

We may disclose your PHI to law enforcement officials for limited purposes as permitted or required by law, including reporting certain types of wounds or injuries, responding to a court order or subpoena, or identifying or locating a suspect, fugitive, or missing person.

2.11 Serious Threats to Health or Safety

We may use or disclose your PHI if we believe it is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public, and the disclosure is to someone reasonably able to prevent or lessen the threat.

2.12 Coroners, Medical Examiners, and Funeral Directors

We may disclose PHI to a coroner, medical examiner, or funeral director as necessary to allow them to carry out their lawful duties.

2.13 Organ and Tissue Donation

We may disclose your PHI to organizations that procure, bank, or transplant organs and tissues, as necessary to facilitate organ or tissue donation and transplantation.

2.14 Research

We may use or disclose your PHI for research purposes, but only when a formal waiver of authorization has been approved by an Institutional Review Board (IRB) or Privacy Board, or when the research involves solely PHI of deceased individuals, or when the researcher provides representations that the PHI will not be removed from our premises and will be used only to prepare a research protocol.

2.15 Military and Veterans

If you are a member of the armed forces or a veteran, we may disclose your PHI as required by military command authorities or the Department of Veterans Affairs.

2.16 Workers’ Compensation

We may disclose your PHI to the extent authorized by and necessary to comply with laws relating to workers’ compensation or other similar programs.

2.17 Inmates

If you are an inmate of a correctional institution, we may disclose your PHI to the institution or to a law enforcement official as necessary for your health and the health and safety of others.

3. USES AND DISCLOSURES THAT REQUIRE YOUR WRITTEN AUTHORIZATION

For uses and disclosures of your PHI not described in Section 2 above, we are required to obtain your written authorization before using or disclosing your PHI. The following uses and disclosures always require your written authorization:

3.1 Marketing

We will not use or disclose your PHI for marketing purposes — including to send you promotional materials about products or services — without your prior written authorization, except as permitted by HIPAA (e.g., face-to-face communications or items of nominal value).

3.2 Sale of PHI

We will not sell your PHI to any third party without your prior written authorization.

3.3 Psychotherapy Notes

We will not use or disclose psychotherapy notes (if any) without your prior written authorization, except in very limited circumstances permitted by law.

3.4 Most Other Uses and Disclosures

Any use or disclosure of your PHI not described in this Notice requires your written authorization. You may revoke any authorization you have given us at any time by submitting a written revocation to our Privacy Officer. Your revocation will be effective going forward; it will not affect uses or disclosures already made in reliance on your prior authorization.

4. YOUR RIGHTS REGARDING YOUR PHI

You have the following rights with respect to your PHI. To exercise any of these rights, please submit a written request to our Privacy Officer using the contact information in Section 7. We will respond to your request within thirty (30) days.

4.1 Right to Access and Inspect Your PHI

You have the right to inspect and obtain a copy of PHI that we maintain about you in a designated record set, including your medical records and billing records. We may charge a reasonable fee for providing copies, consistent with Illinois law. We may deny access in limited circumstances; if we deny your request, we will provide a written explanation and information about how to appeal the denial.

4.2 Right to Request Amendment

You have the right to request that we amend PHI that you believe is inaccurate or incomplete. We may deny your request if the information was not created by us, is not part of our records, or is already accurate and complete. If we deny your request, we will explain why in writing, and you have the right to submit a written statement of disagreement to be included in your record.

4.3 Right to an Accounting of Disclosures

You have the right to request an accounting of disclosures of your PHI that we have made for purposes other than treatment, payment, healthcare operations, or certain other activities, for a period of up to six (6) years prior to the date of your request. The first accounting in any twelve (12) month period is free of charge; we may charge a reasonable fee for additional requests within the same period.

4.4 Right to Request Restrictions

You have the right to request that we restrict certain uses and disclosures of your PHI. We are not required to agree to your request, except that we must agree to restrict disclosure of your PHI to a health plan for payment or healthcare operations purposes if the PHI relates solely to a service for which you have paid us in full out of pocket. If we agree to a restriction, we will honor it except in emergency circumstances.

4.5 Right to Request Confidential Communications

You have the right to request that we communicate with you about your health matters in a certain way or at a certain location. For example, you may ask us to contact you only by phone at a specific number, or to send correspondence only to a specified address. We will accommodate all reasonable requests.

4.6 Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice at any time, even if you have agreed to receive it electronically. Please contact our office to request a paper copy.

4.7 Right to Be Notified of a Breach

You have the right to be notified if there is a breach of your unsecured PHI. We will notify you without unreasonable delay and in no case later than sixty (60) calendar days after we discover the breach, as required by the HIPAA Breach Notification Rule and Illinois PIPA.

4.8 Right to Choose Someone to Act for You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. We will make sure the person has this authority and can act for you before we take any action.

5. SPECIAL PROTECTIONS UNDER ILLINOIS LAW

In addition to HIPAA, the following Illinois laws provide additional privacy protections that apply to certain categories of health information. Where Illinois law provides greater privacy protections than HIPAA, we will comply with the more protective standard.

5.1 Mental Health Records

Records relating to mental health treatment are afforded heightened protection under the Illinois Mental Health and Developmental Disabilities Confidentiality Act (740 ILCS 110). Such records may not be disclosed without your written consent except in specific, limited circumstances defined by law.

5.2 Substance Use Disorder Records

Records relating to substance use disorder treatment are protected under federal law (42 CFR Part 2) and Illinois law. These records may not be disclosed without your written consent except in very limited circumstances.

5.3 HIV/AIDS Information

Information relating to HIV status or AIDS diagnosis is protected under the Illinois AIDS Confidentiality Act (410 ILCS 305) and requires your specific written consent for disclosure in most circumstances.

5.4 Genetic Information

Genetic information is protected under the Illinois Genetic Information Privacy Act (GIPA), 410 ILCS 513. We will not disclose genetic testing results or genetic information without your written consent except as required by law.

5.5 Biometric Information

Biometric identifiers and biometric information, including facial geometry derived from clinical photographs, are protected under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14. Please refer to our Privacy Policy for full details of our BIPA compliance practices.

6. CHANGES TO THIS NOTICE

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have about you as well as for PHI we receive in the future. We will post the current version of this Notice on our website at https://hudsonfacialplastics.com and will have paper copies available at our office. The effective date of the current Notice will always be displayed at the top of this document.

7. COMPLAINTS

If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you in any way for filing a complaint.

To file a complaint with our Practice:

Hudson Facial Plastic Surgery — Privacy Officer 1640 N Wells St. Unit 207 Chicago, IL 60614 Phone: 312-929-2661 Fax: 312-500-5024 Email: info@hudsonfacialplastics.com

To file a complaint with the U.S. Department of Health and Human Services:

Office for Civil Rights U.S. Department of Health and Human Services 200 Independence Avenue, S.W. Washington, D.C. 20201 Toll-Free: 1-877-696-6775 Website: https://www.hhs.gov/ocr/privacy/hipaa/complaints

To file a complaint with the Illinois Department of Financial and Professional Regulation (IDFPR):

IDFPR — Division of Professional Regulation 320 W. Washington St. Springfield, IL 62786 Phone: 1-800-560-6420 Website: https://idfpr.illinois.gov

8. CONTACT — PRIVACY OFFICER

For questions about this Notice or your privacy rights, please contact:

Hudson Facial Plastic Surgery — Privacy Officer 1640 N Wells St. Unit 207 Chicago, IL 60614 Phone: 312-929-2661 Fax: 312-500-5024 Email: info@hudsonfacialplastics.com Website: https://hudsonfacialplastics.com