Effective Date: February 4, 2025
WellForm MD is committed to protecting your privacy and safeguarding the confidentiality of your personal and health-related information. This Privacy Policy outlines how we collect, use, share, and protect your data in compliance with the Health Insurance Portability and Accountability Act (HIPAA), federal communications regulations, and all applicable privacy laws.
We value your trust and transparency. This policy applies to all interactions with WellForm MD, including in-person visits, phone communications, electronic forms, website usage, and any third-party tools used for communication or services (such as scheduling software, payment processors, and electronic health record systems).
1. Information We Collect
We collect and retain the following categories of information to provide you with wellness, medical, and administrative services:
- Personal Identifiers: Name, date of birth, contact information (email, phone), address, and billing details.
- Medical Information: Health history, treatment records, physician notes, diagnostic data, and prescriptions.
- Photographic/Visual Data: Images captured during treatment (e.g., before/after images, body composition scans) used for clinical documentation, treatment planning, and tracking progress. Separate, explicit consent will be obtained for any use of these images for marketing or promotional purposes.
- Digital/Online Data: Information submitted through our website, appointment forms, chat widgets, cookies, IP addresses, and site usage behavior. This may include de-identified data used for website analytics and improvement.
- Communication Preferences: Opt-ins to receive marketing, educational, or reminder communications via SMS or email.
2. A2P 10DLC Messaging Compliance
WellForm MD is committed to adhering to the Application-to-Person (A2P) 10-Digit Long Code (10DLC) messaging guidelines established by the Cellular Telecommunications Industry Association (CTIA) and other relevant regulatory bodies. This section outlines our practices regarding A2P messaging, including user consent, message content, data privacy, and your rights.
A2P 10DLC Messaging
A2P 10DLC refers to the use of standard 10-digit phone numbers to send SMS and MMS messages from businesses to consumers. WellForm MD uses A2P messaging for the following purposes:
- Appointment reminders and confirmations
- Transactional updates related to your care or account
- Promotional and marketing communications (with your express consent)
User Consent
Before sending A2P messages, we ensure that we have obtained your explicit consent. Consent may be collected through appointment forms, in-person interactions, checkboxes, or other opt-in mechanisms. You may opt out of receiving messages at any time.
- To stop receiving SMS messages, reply “STOP” to any message.
- For email communications, click the “Unsubscribe” link included in the email footer.
Message Content
All messages sent by WellForm MD comply with CTIA guidelines and relevant laws. Our messages are clear, relevant, and sent in accordance with your preferences and consent. We limit promotional messaging to 4–6 messages per month, and you may opt out at any time.
Data Privacy
We do not sell or share your mobile number or personal information with third parties for marketing purposes without your explicit consent. Your data is used only as described in this policy and is protected through appropriate administrative, technical, and physical safeguards.
Your Rights and Choices
You have the right to:
- Opt-In or Opt-Out of A2P messages at any time
- Access or Correct your personal data
- File a Complaint if you believe your rights have been violated
To exercise any of these rights or to request more information, please contact us using the information below:
3. How We Use and Share Your Information
Your data, including Protected Health Information (PHI), may be used or disclosed as permitted or required by law. We adhere to the “minimum necessary” principle, meaning we only use or disclose the minimum amount of your PHI required to achieve the intended purpose. Common uses include:
- Treatment: Coordinating care with our clinical staff, referring providers, and other healthcare professionals involved in your care.
- Operations: Internal analytics, staff training, quality improvement, scheduling, facility coordination, and business management activities. We may also share information with our Business Associates, who perform services on our behalf and are legally obligated to protect your information under specific agreements (Business Associate Agreements).
- Payments: Billing, insurance claims, payment processing, and related financial services.
- Legal Compliance: Responding to subpoenas, court orders, audits, public health disclosures, and other legal or regulatory requirements.
- Marketing and Communication:
- With your express consent, we may contact you via SMS or email regarding appointment reminders, confirmations, follow-ups, promotions, wellness tips, and service updates.
- Message frequency may vary. Standard message and data rates may apply.
- You may opt out of SMS communications at any time by replying “STOP” to any message. You may opt out of email communications by clicking the “Unsubscribe” link at the bottom of our emails.
4. Communication Consent and Your Rights
By providing your mobile number and/or email, you consent to receive automated operational communications via text message and email (e.g., appointment reminders, confirmations, follow-ups). With your express consent, you may also receive limited promotional messages.
We aim to send no more than 4–6 promotional SMS or email messages per month.
You have the right to:
- Withdraw communication consent at any time
- Specify your preferred method of communication (e.g., SMS only, email only)
- Request that we refrain from sending marketing messages
To update your communication preferences, reply “STOP” to an SMS, click “Unsubscribe” in any email, or contact us using the information below.
5. Data Retention and Security
We are committed to keeping your data secure and only retaining it for as long as necessary:
- Retention Period: We maintain client records for a minimum of 10 years, or longer when required by law or your treatment plan.
- Security Measures: We implement strong administrative, technical, and physical safeguards to prevent unauthorized access, loss, or disclosure of your information.
6. Your Rights Under HIPAA
You have the right to:
- Access Your Records: Request copies of your records in paper or electronic format
- Request Corrections: Ask for amendments to inaccurate or incomplete health records
- Limit Disclosures: Request restrictions on how your data is shared or disclosed, though we are not always required to agree if it affects treatment or operations
- Confidential Communications: Request communications by specific means (e.g., email only, or to a designated location)
- Receive an Accounting: Obtain a record of certain disclosures of your PHI made for purposes other than treatment, payment, or healthcare operations
- File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health & Human Services
7. Notice of Privacy Practices
As required by HIPAA, we maintain a detailed Notice of Privacy Practices (NPP) that describes how your medical information may be used and disclosed and explains your rights regarding your health information. You have the right to receive a copy of this notice. Please ask our staff or visit our website.
8. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Updates will be posted on our website with the latest revision date. Continued use of our services after updates constitutes your acceptance of the revised policy.
9. Contact Us
For questions, data requests, or to file a complaint, contact:
WellForm MD
📧 Contact us form
📞 Phone: (515) 724-9517
📍 Address: 2675 N Ankeny Blvd, Suite 113, Ankeny, IA 50023