Legal · HIPAA
Vella Method is owned and operated by Brandie Baier, FNP-C, MSN, a licensed nurse practitioner in the State of Arizona. We are required by federal law (HIPAA) and Arizona law to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of our legal duties and privacy practices, and to follow the terms of the Notice currently in effect.
This Notice applies to all PHI we create or maintain about you, including health information we receive from other healthcare providers and information we generate as part of your care at Vella Method.
HIPAA permits us to use and disclose your PHI without your written authorization for the following purposes:
We may use your PHI to provide, coordinate, and manage your healthcare. For example, we may share your medical history with another provider involved in your care, consult with specialists, or use your records to determine appropriate treatments.
We may use and disclose your PHI to obtain payment for the services we provide. This may include verifying eligibility, processing payments, and communicating with payment processors. If you apply for Cherry financing, we do not share your PHI with Cherry — financing applications are submitted directly by you.
We may use your PHI to support the business activities of our practice, including quality assessment, staff training, licensing, accreditation, business planning, and customer service.
We share PHI with vendors who perform services on our behalf — including Aesthetic Record (our HIPAA-compliant practice management and EMR platform), our payment processor, and our website host. Each of these vendors has signed a Business Associate Agreement (BAA) obligating them to protect your PHI under HIPAA.
We may contact you to remind you of upcoming appointments, follow up after treatment, or share information about treatment alternatives or other health-related services that may be of interest to you. You may ask us to limit these communications.
We will disclose your PHI when required by federal, state, or local law, including:
For uses and disclosures of PHI that fall outside the categories above, we will obtain your written authorization before sharing your information. This includes:
Arizona Law
Under Arizona law, all medical records and payment records are privileged and confidential. We may only release your medical records as authorized by state or federal law, or with your written authorization. You may revoke an authorization in writing at any time, except to the extent we have already acted on it.
Under HIPAA and Arizona law, you have the following rights regarding the PHI we maintain about you:
You may request to inspect and obtain a copy of your medical records, typically within 30 days. We may charge a reasonable, cost-based fee.
If you believe information in your record is inaccurate or incomplete, you may request that we amend it. We may deny your request in certain circumstances and will provide a written explanation if so.
You may request a list of certain disclosures we have made of your PHI. The first such request in any 12-month period is provided free of charge.
You may request that we limit how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree, except in the case of disclosures to a health plan for services you have paid for in full out of pocket.
You may request that we contact you in a specific way (for example, by mail rather than phone) or at an alternate address. We will accommodate reasonable requests.
You may request a paper copy of this Notice at any time, even if you originally received it electronically.
We will notify you in the event of a breach involving your unsecured PHI, in accordance with HIPAA and Arizona's Data Breach Notification Law (A.R.S. § 18-552).
You may file a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.
To exercise any of these rights, please contact our Privacy Officer using the information at the end of this Notice. Most requests must be submitted in writing.
Vella Method is required by law to:
We will not use or disclose your PHI other than as described in this Notice unless you provide written authorization, or unless the use or disclosure is otherwise permitted or required by law.
In the event of a breach involving your unsecured PHI, we will notify you in accordance with applicable federal and Arizona law.
Federal & Arizona Law
HIPAA requires notification of affected individuals without unreasonable delay and no later than 60 days after discovery of a breach, with additional notification to the U.S. Department of Health and Human Services. Arizona law requires notification within 45 days of determining that a breach has occurred. We will comply with whichever timeline applies.
We reserve the right to change the terms of this Notice and to make the new Notice provisions effective for all PHI we maintain. When we make a material change, we will post the revised Notice on our website at vellamethod.com/hipaa-notice.html and make paper copies available at our office. The effective date at the top of the Notice indicates when the most recent revision took effect.
If you have questions about this Notice, wish to exercise any of your rights, or believe your privacy rights have been violated, please contact our Privacy Officer:
Brandie Baier, FNP-C, MSN
Scottsdale & Mesa, Arizona
Phone: (602) 510-1274
Email: Brandie@vellamethod.com
You also have the right to file a complaint with:
You will not be retaliated against for filing a complaint.
For Patients
You will be asked to sign a written acknowledgment that you received this Notice when you become a patient. This acknowledgment is not a consent to treatment or an authorization to release your information — it simply confirms you received the Notice.