Bare Beauty LLC
Notice of Privacy Practices
Effective Date: April 1, 2025, Updated: July 14th, 2026
Introduction
Bare Beauty LLC is committed to protecting the privacy and confidentiality of our clients' personal health information. This Notice of Privacy Practices (NPP) explains how Bare Beauty LLC, its employees, contractors, affiliates, and Privacy Oversight Committee protect and use Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and other applicable federal and Virginia laws.
The purpose of this Notice is to ensure compliance with HIPAA requirements, provide guidance on the handling of PHI, and explain the rights of individuals regarding their health information. All employees, contractors, and affiliates of Bare Beauty LLC are required to follow the protocols outlined in this document.
1. Chief Privacy Officer (CPO)
Mary Ratchford is designated as the Chief Privacy Officer (CPO) of Bare Beauty LLC. As the CPO, she is responsible for overseeing privacy policies, ensuring compliance with HIPAA regulations, and ensuring that all employees adhere to privacy and security protocols.
2. Privacy Oversight Committee
Bare Beauty LLC's Privacy Oversight Committee consists of:
- Chandra Cummins
- Mary Ratchford
The Privacy Oversight Committee is responsible for overseeing the implementation and enforcement of privacy policies, conducting regular audits, addressing potential privacy breaches, and ensuring all employees receive HIPAA compliance training.
3. General Privacy and Security Policies
Bare Beauty LLC is committed to protecting PHI from unauthorized access, use, or disclosure.
3.1 Protected Health Information (PHI)
PHI includes any health information that can be linked to an individual, including but not limited to:
- Name, address, date of birth, and other identifying information
- Medical history
- Treatment information
- Payment and billing information
3.2 Access to PHI
- Access to PHI is limited to employees who need the information to perform their job duties.
- Employees may not share PHI with unauthorized individuals inside or outside the company.
- PHI may only be accessed when necessary to provide services and in accordance with this Notice.
3.3 Data Security and Protection
- Electronic Protected Health Information (ePHI) is stored securely within Vagaro, which has a signed Business Associate Agreement (BAA) in place.
- Physical records containing PHI are stored in locked file cabinets or other secure locations.
- Employees must follow appropriate security practices, including using strong passwords, enabling two-factor authentication, and locking devices when not in use.
4. Employee Responsibilities
All employees must:
- Maintain the confidentiality of PHI in verbal, written, and electronic formats.
- Complete HIPAA training upon hire and annual refresher training.
- Immediately report suspected or actual HIPAA violations, unauthorized access, or potential breaches to the Privacy Oversight Committee.
- Comply with all privacy and security policies established by Bare Beauty LLC.
5. Privacy Practices and Rights of Individuals
5.1 Right to Access PHI
Individuals have the right to request access to their PHI. Requests will be processed within 30 days as required by HIPAA.
5.2 Right to Amend PHI
Individuals may request corrections or amendments to PHI they believe is inaccurate or incomplete. Requests must be submitted in writing and will be handled in accordance with HIPAA requirements.
5.3 Right to Request Restrictions
Individuals may request restrictions on how their PHI is used or disclosed. While Bare Beauty LLC is not required to agree to all requested restrictions, reasonable requests will be considered.
5.4 Right to Receive This Notice
Individuals have the right to receive a copy of this Notice of Privacy Practices. A copy is available upon request, at the time of service, and on our website.
5.5 Right to File a Complaint
Individuals may file a complaint if they believe their privacy rights have been violated. Complaints may be submitted to the Privacy Oversight Committee using the contact information listed below.
5.6 Text Message and Email Communications
Bare Beauty LLC may communicate with clients by text message and/or email regarding appointment scheduling, appointment reminders, treatment follow-ups, billing, account information, practice updates, or other service-related communications.
By providing a mobile phone number and/or email address, clients consent to receive these communications.
Clients have the right to opt out of receiving non-essential text messages and/or email communications at any time. Clients may opt out by:
- Informing our office verbally or in writing.
- Replying STOP to text messages when applicable.
- Clicking the Unsubscribe link included in eligible marketing emails.
- Contacting Bare Beauty LLC using the information listed in this Notice.
Please note that opting out of marketing or promotional communications will not prevent Bare Beauty LLC from sending communications that are necessary to provide healthcare services, including appointment confirmations, treatment-related information, billing notices, or communications required by law.
6. Use and Disclosure of PHI
6.1 Authorized Uses and Disclosures
PHI may be used or disclosed for:
- Treatment
- Payment
- Healthcare operations, including billing, audits, and quality improvement
- Situations required by federal or state law
- Public health reporting or preventing a serious threat to health or safety
6.2 Minimum Necessary Standard
Bare Beauty LLC follows the HIPAA Minimum Necessary Standard by using or disclosing only the minimum amount of PHI necessary to accomplish the intended purpose.
6.3 Disclosure to Third Parties
PHI will only be disclosed to third parties, such as insurance companies or healthcare providers, with the individual's written authorization unless disclosure is otherwise permitted or required by law.
7. Breach of Privacy or Security
If a breach involving PHI occurs:
- The Privacy Oversight Committee will promptly investigate.
- Affected individuals will be notified in writing without unreasonable delay and no later than 60 days when required by HIPAA.
- Appropriate corrective actions will be implemented, including additional training, security improvements, or disciplinary measures as appropriate.
8. Disciplinary Actions
Failure to comply with this Notice or HIPAA regulations may result in disciplinary action up to and including termination of employment. Employees may also be subject to civil or criminal penalties under applicable law.
9. Policy Review and Updates
This Notice of Privacy Practices will be reviewed annually by the Privacy Oversight Committee. It may be updated as necessary to reflect changes in applicable laws, regulations, or business practices. Significant revisions will be communicated as required.
10. Contact Information
If you have questions about this Notice, wish to exercise your privacy rights, update your communication preferences, opt out of text or email communications, or file a privacy complaint, please contact:
Mary Ratchford
Chief Privacy Officer
Email: mary@barebeautyrva.com
Phone: (619) 777-9876
Chandra Cummins
Privacy Oversight Committee Member
Email: chochanelle@gmail.com
Phone: (804) 773-8678