Bare Beauty LLC

Notice of Privacy Practices

Effective Date: April 01, 2025

Introduction

Bare Beauty LLC is committed to protecting the privacy and confidentiality of our clients' personal health information. This Notice of Privacy Practices (NPP) outlines how Bare Beauty LLC, its employees, contractors, and affiliates, as well as its Privacy Oversight Committee, will ensure that Protected Health Information (PHI) is protected and utilized in accordance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and other applicable laws and regulations in the state of Virginia.

The purpose of this policy is to ensure compliance with HIPAA requirements, provide guidance on the handling of PHI, and clarify the rights of individuals with regard to their health information. All employees, contractors, and affiliates of Bare Beauty LLC must follow the protocols outlined in this document.


1. Chief Privacy Officer (CPO)

Mary Ratchford is designated as the Chief Privacy Officer (CPO) of Bare Beauty LLC. As the CPO, she is responsible for overseeing the privacy policies, ensuring compliance with HIPAA regulations, and ensuring that all employees adhere to privacy and security protocols.


2. Privacy Oversight Committee

Bare Beauty LLC’s Privacy Oversight Committee is composed of:

  1. Chandra Cummins
  2. Mary Ratchford

The Privacy Oversight Committee is responsible for overseeing the implementation and enforcement of privacy policies, conducting regular audits, addressing potential breaches of privacy, and ensuring all employees are trained in HIPAA compliance.


3. General Privacy and Security Policies

Bare Beauty LLC is committed to ensuring that PHI is protected from unauthorized access or disclosure. The following policies must be adhered to by all employees:

3.1 Protected Health Information (PHI)

PHI refers to any health information that can be linked to an individual, including but not limited to:

  1. Personal details (e.g., name, address, date of birth)
  2. Medical history
  3. Treatment information
  4. Payment and billing information

3.2 Access to PHI

  1. Access to PHI is restricted to employees who require it to perform their job duties.
  2. Employees must not share PHI with unauthorized persons, whether inside or outside the company.
  3. PHI must be accessed only when necessary for the provision of services and in accordance with this Notice of Privacy Practices.

3.3 Data Security and Protection

  1. All electronic PHI (ePHI) must be stored in secure systems with encryption protocols in place. This secure software is Vagaro, in which a BAA is signed and in place.
  2. Physical records containing PHI must be stored in locked, secure locations (locked file cabinet).
  3. Employees must follow security measures to prevent unauthorized access to any PHI, including using strong passwords, 2 factor authentication, and locking devices when not in use.


4. Employee Responsibilities

All employees of Bare Beauty LLC must adhere to the following privacy responsibilities:

  1. Confidentiality: Employees must maintain the confidentiality of PHI at all times, whether in verbal, written, or electronic format.
  2. Training: Employees will receive mandatory HIPAA training upon hire and annual refresher courses. Training includes the handling, use, and protection of PHI.
  3. Reporting Violations: Employees are required to immediately report any suspected or actual violations of HIPAA to the Privacy Oversight Committee. This includes suspected breaches, unauthorized access, or any situation that may compromise the confidentiality or security of PHI.
  4. Compliance: Employees must ensure that they are familiar with and comply with all policies outlined in this document and any additional policies or procedures established by Bare Beauty LLC.


5. Privacy Practices and Rights of Individuals

5.1 Right to Access PHI

  1. Individuals have the right to request access to their PHI, which can be done through a formal request to Bare Beauty LLC.
  2. Requests for access will be responded to within 30 days, in accordance with HIPAA guidelines.

5.2 Right to Amend PHI

  1. Individuals have the right to request amendments to their PHI if they believe the information is incorrect or incomplete. Requests for amendments must be submitted in writing and will be processed in accordance with HIPAA regulations. 

5.3 Right to Request Restrictions on Use and Disclosure of PHI

  1. Individuals may request restrictions on how their PHI is used and disclosed. While Bare Beauty LLC is not obligated to agree to these restrictions, we will make every effort to accommodate reasonable requests.

5.4 Right to Privacy Notice

  1. Individuals have the right to receive a copy of this Notice of Privacy Practices upon request. This notice will be made available to clients at the time of service, and it is posted on our website.

5.5 Right to File a Complaint

  1. Individuals have the right to file a complaint with Bare Beauty LLC if they believe their privacy rights have been violated. Complaints can be directed to the Privacy Oversight Committee at the contact information provided in this policy.


6. Use and Disclosure of PHI

6.1 Authorized Uses and Disclosures

PHI may be used or disclosed for the following purposes, in compliance with HIPAA:

  1. Treatment: To provide services to individuals.
  2. Payment: To obtain payment for services rendered.
  3. Healthcare Operations: To conduct business activities such as billing, audits, and quality improvement.
  4. Required by Law: When disclosure is mandated by federal or state law.
  5. Health and Safety: To report public health concerns or prevent harm.

6.2 Minimum Necessary Standard

When PHI is disclosed or used, Bare Beauty LLC will adhere to the minimum necessary standard, ensuring that only the least amount of information necessary for the purpose is disclosed.

6.3 Disclosure to Third Parties

PHI will only be disclosed to third parties (e.g., insurance companies, healthcare providers) with the individual’s written consent, unless required by law.


7. Breach of Privacy or Security

In the event of a breach involving PHI, the following steps will be taken:

  1. Investigation: The Privacy Oversight Committee will immediately investigate any suspected or actual breaches.
  2. Notification: Affected individuals will be notified in writing within 60 days if their PHI has been compromised, in accordance with HIPAA requirements.
  3. Corrective Actions: Corrective actions will be implemented to prevent further breaches, which may include additional training, updates to security protocols, and disciplinary action against individuals involved.


8. Disciplinary Actions

Failure to comply with this Notice of Privacy Practices and HIPAA regulations will result in disciplinary action, up to and including termination of employment. Employees may also be subject to legal penalties if they violate the confidentiality of PHI.


9. Policy Review and Updates

This Notice of Privacy Practices will be reviewed annually by the Privacy Oversight Committee. Updates to this policy may be made as necessary to reflect changes in laws or the business environment. Any significant changes will be communicated to all employees.


10. Contact Information

If you have any questions or concerns regarding the privacy practices of Bare Beauty LLC or if you wish to file a complaint, please contact:

  1. Mary Ratchford, Chief Privacy Officer
  2. Email: mbr4899@gmail.com
  3. Phone: (619) 777-9876


  1. Chandra Cummins, Privacy Oversight Committee Member
  2. Email: chochanelle@gmail.com
  3. Phone: (804) 773-8678