Legal

Privacy Policy

Vella Method  ·  Last Updated: April 27, 2026

```

Overview

Vella Method ("we," "our," or "us") is owned and operated by Brandie Baier, FNP-C, MSN, a licensed nurse practitioner in the State of Arizona. We are committed to protecting your privacy and the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit vellamethod.com, contact our practice, or schedule services with us.

As a healthcare practice operating in Arizona, we comply with the federal Health Insurance Portability and Accountability Act (HIPAA), the Arizona Medical Records Confidentiality statute (A.R.S. § 12-2292), the Arizona Data Breach Notification Law (A.R.S. § 18-552), and other applicable federal and state laws.

Two Documents, Two Purposes This Privacy Policy describes how we handle information collected through our website and general business operations. Our separate Notice of Privacy Practices describes how we use and disclose your Protected Health Information (PHI) as a healthcare provider, and the rights you have regarding that information under HIPAA and Arizona law.

1. Information We Collect

We collect information you voluntarily provide, as well as limited technical information collected automatically when you visit our website.

Information You Provide

  • Website contact form: name, email address, phone number, and the content of your message
  • Booking and intake through Aesthetic Record: name, contact information, date of birth, medical history, current medications, allergies, treatment preferences, photographs (when applicable), and other clinical information you provide
  • Phone, email, or in-person communication: any information you share with us directly
  • Payment information: processed securely through our payment processors; we do not store full credit card numbers on our systems
  • Financing applications: if you apply for Cherry financing, your application is submitted directly to Cherry; we do not collect or store your financing information

Information Collected Automatically

  • IP address, browser type, device type, and operating system
  • Pages visited, time spent on pages, referring website
  • General geographic location (city/region level)

2. Protected Health Information (PHI)

Any health information you provide through our online booking and intake system, during a consultation, or in the course of receiving care is considered Protected Health Information (PHI) under HIPAA and is subject to additional protections under both federal and Arizona law.

Arizona Law

A.R.S. § 12-2292 — Confidentiality of Medical Records

Under Arizona law, all medical records and payment records are privileged and confidential. We may only disclose your medical records as authorized by state or federal law, or with your written authorization.

PHI is handled in compliance with HIPAA's Privacy and Security Rules. For full details on how we use and disclose PHI and the rights you have regarding your health information, please review our Notice of Privacy Practices.

3. Online Booking & Patient Intake (Aesthetic Record)

We use Aesthetic Record, a HIPAA-compliant practice management and electronic medical records platform built specifically for aesthetic and regenerative medicine practices, to manage online booking, patient intake, scheduling, clinical documentation, and patient communications.

Aesthetic Record functions as our HIPAA Business Associate, meaning it is contractually and legally obligated under a Business Associate Agreement (BAA) to safeguard your PHI in accordance with HIPAA's Privacy, Security, and Breach Notification Rules.

Information you submit through Aesthetic Record's booking and intake forms is transmitted using encryption and stored on Aesthetic Record's secure, HIPAA-compliant servers. We encourage you to review Aesthetic Record's own privacy practices for additional detail on their data handling.

4. How We Use Your Information

We use the information we collect to:

  • Provide healthcare services, including consultation, treatment, and follow-up care
  • Schedule and confirm appointments
  • Respond to inquiries submitted through our website, email, or phone
  • Process payments for services rendered
  • Send appointment reminders and treatment-related communications
  • Maintain accurate medical records as required by Arizona law and professional standards
  • Comply with legal, regulatory, and professional obligations
  • Improve our website and services
  • Send promotional or educational content — only if you have opted in to receive such communications, and you may opt out at any time

5. How We Disclose Information

We do not sell your personal information. We disclose information only as follows:

For Treatment, Payment, and Healthcare Operations

As permitted by HIPAA, we may use and disclose PHI for treatment, payment, and healthcare operations. Details are provided in our Notice of Privacy Practices.

To HIPAA Business Associates

We share information with vendors who perform services on our behalf and who have signed Business Associate Agreements requiring them to safeguard PHI in accordance with HIPAA. These include our EMR/practice management platform (Aesthetic Record), our payment processor, our website host, and similar service providers.

When Required or Permitted by Law

We may disclose information when required by court order, subpoena, public health reporting requirements, mandatory reporting laws (such as suspected abuse or neglect), or other lawful process under federal or Arizona law.

With Your Authorization

We will not disclose your medical records or PHI for any other purpose without your written authorization, as required by A.R.S. § 12-2292 and HIPAA.

6. Cookies, Analytics & Tracking Technologies

Our website may use cookies and similar technologies to function properly and to understand how visitors use the site. We are committed to keeping these tools strictly limited and HIPAA-conscious.

If we use website analytics, we configure them to avoid the collection of any information that could be used to identify you in connection with your health, treatment, or appointments. We do not place tracking pixels (such as Meta Pixel, Google Ads conversion pixels, or similar) on pages where you provide health information, and we do not transmit health-related data to third-party advertising platforms.

You may control cookies through your browser settings. Disabling cookies may affect website functionality.

A Note on Healthcare Tracking Federal regulators (HHS Office for Civil Rights and the FTC) have made clear that the use of third-party tracking on healthcare websites can violate HIPAA when it transmits identifiable health-related information without authorization. We take this guidance seriously and review our analytics practices accordingly.

7. Data Security

We implement reasonable administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of your information, consistent with HIPAA's Security Rule and the security obligations imposed under A.R.S. § 18-552. These safeguards include:

  • Encryption of electronic PHI in transit and at rest within our HIPAA-compliant systems
  • Access controls and unique user authentication
  • Workforce training on privacy and security
  • Business Associate Agreements with all vendors who handle PHI
  • Regular review of our security practices

No method of electronic transmission or storage is 100% secure. While we work to protect your information, we cannot guarantee absolute security.

8. Breach Notification (Arizona A.R.S. § 18-552 & HIPAA)

In the event of a breach involving your unsecured personal information or PHI, we will provide notification in accordance with applicable federal and Arizona law.

Arizona Law

A.R.S. § 18-552 — Breach Notification

Arizona requires notification of affected individuals within 45 days of determining that a breach has occurred. As a HIPAA-covered healthcare practice, we also comply with HIPAA's Breach Notification Rule, which requires notification of affected individuals without unreasonable delay and no later than 60 days after discovery, with additional notification to the U.S. Department of Health and Human Services.

If you believe your information may have been compromised, please contact us immediately using the information at the end of this policy.

9. Your Rights

You have rights regarding your information, including:

  • Access: Request a copy of your medical records and PHI we maintain about you
  • Amendment: Request corrections to inaccurate or incomplete records
  • Accounting of disclosures: Request a list of certain disclosures we have made of your PHI
  • Restrictions: Request restrictions on certain uses or disclosures of your PHI
  • Confidential communications: Request that we contact you in a specific way (e.g., by mail rather than phone) or at an alternate address
  • Notice: Receive a copy of our Notice of Privacy Practices
  • Complaints: File a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated

To exercise any of these rights, contact us using the information below. We will not retaliate against you for exercising your rights.

10. Children's Privacy

Our website and services are intended for adults. We do not knowingly collect personal information from children under 13 through our website. We do not market to children. If you believe a child has provided us with information through the website, please contact us so we can address it.

11. Third-Party Links & Services

Our website may contain links to third-party websites and services, including Aesthetic Record (booking) and Cherry (financing). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before submitting information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The "Last Updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your rights, or believe your privacy has been compromised, please contact us:

Vella Method

Brandie Baier, FNP-C, MSN — Privacy Officer

Scottsdale & Mesa, Arizona

Phone: (602) 510-1274

Email: Brandie@vellamethod.com

You also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at www.hhs.gov/ocr, or with the Arizona Attorney General's Office at www.azag.gov.

```