Consumer Health Data Privacy Notice

Why You Are Reading This

The Washington My Health My Data Act applies to “consumer health data” -- a broad category that goes beyond traditional HIPAA “Protected Health Information.” It covers any information that identifies a consumer's past, present, or future physical or mental health status, including data inferred from a person's interaction with a health-related website.

Our HIPAA Notice of Privacy Practices (linked below) covers clinical data inside our patient record system. This notice covers everything else our website touches -- the page you visit, the form you fill out, the analytics that load when you arrive -- that could reveal something about your health interests.

What Consumer Health Data We Collect

• Information you give us when you submit a contact form, newsletter signup, or appointment request: name, email, phone, the topic you wrote about, and any health information you choose to share.
• Information we collect automatically: pages visited (including health-condition pages such as /endocrinology, /mens-health, etc.), referring URL, browser and device, approximate location based on IP address.
• Information from our service providers: analytics events from our HIPAA Business Associate analytics vendor; engagement data from our newsletter platform.

How We Use Consumer Health Data

• To respond to your inquiry or provide the service you requested.
• To improve our website, content, and services.
• To deliver appointment reminders, newsletters, or marketing communications when you have explicitly opted in.
• To comply with legal obligations and protect our rights.

We do not sell consumer health data, and we do not use it for targeted advertising on third-party sites.

Sharing With Third Parties

We share consumer health data only with vendors that provide services on our behalf, under written agreements that restrict their use of the data. Categories include:

• Hosting and infrastructure (Vercel, Cloudflare).
• Patient management and scheduling (Athenahealth, Phreesia) -- under signed HIPAA Business Associate Agreements.
• Marketing automation and forms (HighLevel) -- under a HIPAA Business Associate Agreement.
• Analytics (Google Analytics 4 with Consent Mode v2) -- only after you have affirmatively consented via our cookie banner.
• Embedded vendor widgets for specific services (Cherry, Synchrony CareCredit, Elfsight) -- each governed by their own privacy practices, which we link to where required.

Your Rights

Under the Washington My Health My Data Act and comparable laws, you have the right to:

• Confirm whether we are collecting your consumer health data.
• Access a copy of your consumer health data.
• Withdraw consent for future collection or sharing.
• Request deletion of your consumer health data.
• Lodge an appeal if we decline a request, and file a complaint with the Washington Attorney General if we do not resolve the appeal to your satisfaction.

How to Exercise Your Rights

• Email: support@nomiclinic.com
• Phone: (786) 744-5152
• Mail: NoMi Beach Health, 16215 Biscayne Blvd, Suite 131, North Miami Beach, FL 33160

We will verify your identity before responding to a request and will respond within 45 days, with one 45-day extension permitted by law.

Related Notices

See also our Privacy Policy, HIPAA Notice of Privacy Practices, and Do Not Sell or Share My Personal Information.