Privacy Policy

Updated on: 12/02/2026

This Privacy Policy describes how Avinity Health Clinic, LLC ("Avinity Health," "we," "us," or "our") collects, uses, discloses, and protects information about you when you visit our website (avinityhealth.com) or receive clinical or wellness services at our Scottsdale, Arizona location. This Policy applies to all individuals who interact with Avinity Health, including website visitors, registered users, patients, and prospective patients.

Avinity Health is committed to protecting the privacy, confidentiality, and security of your personal information and health information. We comply with applicable federal and Arizona privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Arizona Online Privacy Protection Act (A.R.S. § 18-551 et seq. ["AzOPPA"]), the Arizona data breach notification statute (A.R.S. § 44-7501), and the Federal Trade Commission Act.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING OUR WEBSITE OR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT USE OUR WEBSITE OR SERVICES.

1. Who We Are

Avinity Health is a physician-guided longevity, wellness, and medical aesthetics clinic located at 11000 N. Scottsdale Road, Suite 100, Scottsdale, Arizona 85254. We provide in-person and telehealth clinical services, including PlasmaRestore™ Therapeutic Plasma Exchange (TPE), IV therapy, injectable neurotoxins, dermal fillers, and medical-grade microneedling, among other wellness services.

Avinity Health operates as a cash-pay, physician-guided clinic. We are the data controller for personal information we collect directly from you. For Protected Health Information (PHI) collected in connection with the delivery of clinical services, Avinity Health is a health care provider subject to HIPAA. Our Notice of Privacy Practices (NPP), which is provided to patients separately, governs the use and disclosure of your PHI and is incorporated herein by reference.

Contact information for privacy-related inquiries:
Avinity Health Clinic, LLC
11000 N. Scottsdale Road, Suite 100
Scottsdale, Arizona 85254
Privacy Contact: info@avinityhealth.com

2. Information We Collect

We collect information about you from multiple sources and in different ways, depending on how you interact with us.

2.1 Information You Provide Directly.  When you visit our clinic, create an account, schedule an appointment, complete intake forms, or communicate with us, you may provide:

  • Identifying information: full name, date of birth, gender, home address, email address, telephone number;

  • Account credentials: username and password for the Digital Platform;

  • Payment information: credit or debit card numbers, billing address (processed through secure third-party payment processors — we do not store full payment card data);

  • Health and medical information: health history, medications, allergies, prior treatments, symptoms, and other clinical intake information;

  • Emergency contact information; and

  • Communications: emails, messages, or other correspondence you send to us.

2.2 Protected Health Information (PHI).  In connection with the delivery of clinical services, we collect and maintain Protected Health Information as defined by HIPAA. PHI includes any health information that identifies or could reasonably be used to identify you and relates to your physical or mental health condition, the provision of health care to you, or payment for that care. PHI collected by Avinity Health may include:

  • Medical history, diagnoses, and treatment records;

  • Clinical notes and procedure documentation;

  • Laboratory and diagnostic results;

  • Photographs taken for clinical documentation purposes; and

  • Any other health-related information collected in connection with your care.

The use and disclosure of your PHI is governed by HIPAA, the HITECH Act, and our Notice of Privacy Practices. Please refer to Section 6 of this Privacy Policy and your NPP for a full description of your rights regarding your PHI.

2.3 Information Collected Automatically.  When you visit the Avinity Health website, we automatically collect certain technical and usage information, including:

  • IP address and approximate geographic location;

  • Browser type, version, and operating system;

  • Device identifiers and device type;

  • Pages visited, links clicked, and time spent on pages;

  • Referring and exit URLs;

  • Search queries entered on the Digital Platform;

  • Session duration and interaction data; and

  • Error logs and diagnostic data.

This information is collected through cookies, web beacons, pixel tags, and similar tracking technologies, as described in Section 7 of this Privacy Policy.

2.4 Information from Third Parties.  We may receive information about you from third parties, including:

  • Appointment scheduling platforms and patient portal providers;

  • Electronic health record (EHR) system providers;

  • Payment processors;

  • Analytics and advertising platforms (e.g., Google Analytics, Meta Pixel); and

  • Referral sources such as other healthcare providers, with your consent.

3. How We Use Your Information

Avinity Health uses the information we collect for the following purposes:

3.1 Providing and Improving Clinical Services.  We use your health information and PHI to evaluate your clinical needs, develop and implement individualized treatment plans, schedule and manage appointments, document clinical care, communicate with you about your treatment, and coordinate with other healthcare providers as permitted by HIPAA and with your authorization.

3.2 Operating the Digital Platform.  We use technical and account information to operate, maintain, and improve the Avinity Health website, process account registrations, authenticate users, provide customer support, and troubleshoot technical issues.

3.3 Communications.  We use your contact information to send appointment reminders and confirmations, clinical follow-up communications, post-treatment instructions, and responses to your inquiries. With your consent, we may also send promotional communications, including information about services, events, and offers, as well as requests for reviews or feedback regarding your experience. These communications may be delivered via email, text message, or other electronic means. You may opt out of promotional communications at any time using the unsubscribe mechanism provided in the communication or by contacting us directly. Transactional and service-related communications are not subject to marketing opt-out.

3.4 Marketing and Advertising.  We may use non-PHI information to deliver targeted advertising on third-party platforms (such as Google and Meta) and to analyze the effectiveness of our marketing campaigns. We do not use or disclose Protected Health Information (PHI) for targeted advertising without your explicit written authorization. We implement technical and operational safeguards to prevent the transmission of PHI to advertising platforms. We may use your contact information to request reviews, testimonials, or feedback regarding your experience with Avinity Health. These requests will not include Protected Health Information unless you have provided separate authorization. We do not use Protected Health Information to personalize advertising or marketing communications without your explicit written authorization.

3.5 Legal Compliance and Safety.  We may use your information to comply with applicable law, respond to legal process or government inquiries, enforce our Terms of Service, investigate suspected fraud or misconduct, and protect the safety, rights, and interests of Avinity Health, our staff, our patients, and the public.

3.6 Business Operations.  We may use de-identified or aggregated information (from which all personal identifiers have been removed in accordance with HIPAA’s de-identification standards) for quality improvement, clinical outcomes analysis, staff training, and business reporting.

3.7 No Medical Advice.  The Digital Platform is not intended to provide medical advice. Information available through the website is for informational purposes only and does not constitute medical advice, diagnosis, or treatment.

4. Legal Basis for Processing (Where Applicable)

Where applicable law requires a legal basis for processing your personal information, Avinity Health relies on one or more of the following:

  • Performance of a contract — processing necessary to provide the Services you have requested or to fulfill obligations under our agreement with you;

  • Compliance with legal obligations — processing required by HIPAA, Arizona law, and other applicable statutes and regulations;

  • Legitimate interests — processing necessary for our legitimate business interests, including operating and improving our Services, preventing fraud, and ensuring the security of our systems, provided that such interests are not overridden by your fundamental rights; and

  • Consent — where you have given explicit consent for a specific processing purpose, such as receiving promotional communications or authorizing non-standard uses or disclosures of your PHI.

5. How We Share Your Information

Avinity Health does not sell your personal information or PHI. We share your information only as described in this Privacy Policy and, for PHI, only as permitted or required by HIPAA and our Notice of Privacy Practices.

5.1 Service Providers and Business Associates.  We share information with trusted third-party vendors and service providers who assist us in operating our business and providing the Services. These providers include, without limitation, electronic health record (EHR) systems, patient relationship management (CRM) platforms, appointment scheduling and booking systems, telehealth platforms, payment processors, communications platforms (including email and messaging providers), and analytics or marketing service providers. These providers may also include:

  • Website hosting, cloud storage, and cybersecurity providers; and

  • Legal, accounting, and compliance advisors.

Where any service provider processes PHI on our behalf, we enter into a HIPAA-compliant Business Associate Agreement (BAA) before sharing any such information. All service providers are required to maintain the confidentiality and security of your information and to use it only for the purposes we authorize.

5.2 Healthcare Providers and Care Coordination.  With your authorization or as otherwise permitted by HIPAA, we may share your PHI with other healthcare providers, specialists, or laboratories involved in your care to ensure coordinated, appropriate treatment.

5.3 Legal Requirements.  We may disclose your information (including PHI, as permitted by HIPAA) to comply with a court order, subpoena, regulatory investigation, or other legal obligation; to report suspected child abuse or neglect as required by Arizona law (A.R.S. § 13-3620); to respond to public health reporting requirements; or to protect the safety of you, our staff, or the public in circumstances permitted by HIPAA.

5.4 Business Transfers.  If Avinity Health is involved in a merger, acquisition, restructuring, or sale of all or substantially all of its assets, your personal information may be transferred as part of that transaction. We will provide notice of any such transfer and, where required by law, obtain consent before transferring PHI.

5.5 Aggregate and De-identified Data.  We may share aggregate, de-identified data (data that cannot reasonably be used to identify you) with partners, researchers, or the public for quality improvement, educational, or analytical purposes. Such data will not include your PHI and will be de-identified in accordance with HIPAA’s de-identification standards (45 C.F.R. § 164.514).

5.6 With Your Consent.  We may share your information for purposes not described in this Privacy Policy with your explicit prior consent, which may be required to be in writing depending on the nature of the disclosure.

6. HIPAA and Protected Health Information

IMPORTANT: As a health care provider, Avinity Health is subject to HIPAA and the HITECH Act. Your Protected Health Information (PHI) is also governed by our Notice of Privacy Practices (NPP), which describes your rights and our obligations regarding your PHI in greater detail. The NPP is provided to you at or before your first clinical visit and is available upon request.

6.1 HIPAA Covered Entity Status.  Avinity Health is a covered health care provider under HIPAA to the extent it provides clinical services and transmits health information electronically in connection with covered transactions. As such, Avinity Health maintains appropriate administrative, physical, and technical safeguards to protect the privacy and security of your PHI in compliance with the HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E) and Security Rule (45 C.F.R. Part 164, Subpart C).

6.2 Permitted Uses and Disclosures of PHI.  Avinity Health may use and disclose your PHI without your specific authorization for the following purposes, as permitted by HIPAA:

  • Treatment — to provide, coordinate, or manage your clinical care and related services;

  • Health care operations — for quality assessment, compliance activities, training, and business management directly related to providing services;

  • As required by law — including mandatory reporting obligations under Arizona and federal law;

  • Public health activities — as required or permitted by applicable law; and

  • Other purposes described in our Notice of Privacy Practices.

All other uses and disclosures of your PHI require your written authorization, which you have the right to revoke at any time by notifying Avinity Health in writing, except to the extent that action has already been taken in reliance on the authorization.

6.3 Your HIPAA Rights.  As a patient, you have the following rights with respect to your PHI under HIPAA:

  • Right to access: You may request access to your PHI maintained by Avinity Health in a designated record set;

  • Right to request amendment: You may request that we amend PHI that you believe is inaccurate or incomplete;

  • Right to an accounting of disclosures: You may request a list of disclosures we have made of your PHI, subject to HIPAA limitations;

  • Right to request restrictions: You may request restrictions on certain uses or disclosures of your PHI, which we will accommodate where feasible;

  • Right to request confidential communications: You may request that we communicate your PHI to you by alternative means or at alternative locations; and

  • Right to receive a copy of the Notice of Privacy Practices: You may request a paper copy of our NPP at any time.

To exercise any of your HIPAA rights, please submit a written request to info@avinityhealth.com or in person at our Scottsdale clinic. Avinity Health will respond to your request within thirty (30) days, or as otherwise required by HIPAA.

6.4 HITECH Act.  The HITECH Act supplements HIPAA by strengthening privacy and security protections for electronic health information. Avinity Health complies with HITECH provisions applicable to health care providers, including requirements for timely breach notification and enhanced penalties for violations.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use.  Avinity Health uses the following categories of cookies and tracking technologies on the website:

  • Essential / Strictly Necessary Cookies — required for the operation of our website and patient portal, including authentication, session management, and security functions. These cannot be disabled without impairing core functionality;

  • Analytics Cookies — we use Google Analytics and similar tools to collect information about how users interact with our website, including pages visited, time spent, and traffic sources. This information is used to improve our website and marketing effectiveness;

  • Advertising and Remarketing Pixels — we may use pixels from advertising platforms including Google Ads and Meta (Facebook/Instagram) to measure the effectiveness of our advertising campaigns and to deliver relevant advertisements to individuals who have visited our website. These pixels may collect technical information about your visit; and

  • Functional Cookies — used to remember your preferences and settings to improve your experience on the website.

7.2 PHI and Advertising Technologies.  Avinity Health takes steps to prevent the inadvertent transmission of PHI to third-party advertising platforms through tracking pixels or similar technologies. We do not knowingly allow advertising pixels to access or collect PHI. Consistent with guidance from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and FTC regulations, we configure tracking technologies to minimize the collection of health-related information without patient authorization.

7.3 Your Cookie Choices.  You may control non-essential cookies through your web browser settings or by using the opt-out mechanisms provided by third-party analytics and advertising providers:

  • Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout

  • Meta / Facebook Ad Preferences: facebook.com/ads/preferences

  • Network Advertising Initiative (NAI) opt-out: optout.networkadvertising.org

  • Digital Advertising Alliance (DAA) opt-out: optout.aboutads.info

Please note that opting out of certain tracking technologies does not mean you will stop seeing advertisements; it means that those advertisements will not be personalized based on your online behavior.

7.4 Do Not Track.  Our website does not currently respond to "Do Not Track" (DNT) signals from web browsers. We encourage you to manage your cookie preferences directly through your browser settings.

8. Data Security

Avinity Health implements administrative, physical, and technical safeguards designed to protect your personal information and PHI from unauthorized access, use, disclosure, alteration, and destruction. These measures include:

  • Encryption of PHI during transmission (TLS/SSL) and at rest where required by the HIPAA Security Rule;

  • Access controls and role-based permissions limiting access to PHI to authorized personnel only;

  • Audit logging of access to electronic health records and the patient portal;

  • Regular staff training on HIPAA Privacy and Security rules;

  • Business Associate Agreements with all vendors that access PHI; and

  • Physical security measures at our clinic location.

Despite these safeguards, no electronic transmission or storage system is completely secure. Avinity Health cannot guarantee the absolute security of your information. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at info@avinityhealth.com.

8.1 Data Breach Notification — Arizona Law.  In the event of a security incident involving your personal information, Avinity Health will investigate and provide notification as required by applicable law, including Arizona’s data breach notification statute (A.R.S. § 44-7501). Under Arizona law, individuals whose "personal information" (as defined in A.R.S. § 44-7501(A)(5)) has been compromised in a security incident must be notified in the most expedient manner possible and without unreasonable delay, but not later than forty-five (45) calendar days after we confirm that a breach has occurred and affected Arizona residents. Where required, we will also notify the Arizona Attorney General and consumer reporting agencies. For breaches involving PHI, we will additionally comply with the HIPAA Breach Notification Rule (45 C.F.R. Part 164, Subpart D), which generally requires notification within sixty (60) calendar days of discovery of the breach.

You are responsible for maintaining the security of your own devices, accounts, and login credentials. Avinity Health is not responsible for unauthorized access resulting from your failure to safeguard your credentials or devices.

9. Data Retention

Avinity Health retains your personal information and PHI for as long as necessary to fulfill the purposes described in this Privacy Policy, to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. Retention periods are determined by:

  • HIPAA and applicable state medical records retention requirements — Arizona law (A.R.S. § 12-2297) requires medical records to be retained for a minimum of seven (7) years from the date of service, or in the case of a minor patient, for seven years after the patient reaches the age of majority, whichever is later;

  • Applicable federal and state tax and financial record retention requirements;

  • The nature of the data and the purpose for which it was collected; and

  • Our legitimate business interests, including the potential need to defend legal claims.

When personal information is no longer needed, we destroy or de-identify it in accordance with applicable law and secure data disposal practices.

10. Your Privacy Rights

10.1 Arizona Residents.  Avinity Health complies with the Arizona Online Privacy Protection Act (A.R.S. § 18-551 et seq. ["AzOPPA"]), which requires operators of commercial websites and online services that collect personally identifiable information from Arizona residents to post a conspicuous privacy policy. This Privacy Policy satisfies that requirement. Under AzOPPA, Arizona residents may request information about the categories of personal information we collect and how it is used. To submit such a request, contact us at info@avinityhealth.com.

10.2 General Privacy Rights (All Users).  Regardless of your state of residence, you may have the right to:

  • Access — request a copy of the personal information we hold about you;

  • Correction — request correction of inaccurate personal information;

  • Deletion — request deletion of your personal information, subject to applicable legal and clinical record-keeping requirements;

  • Restriction — request that we restrict processing of your personal information in certain circumstances; and

  • Opt-Out of Marketing — unsubscribe from promotional communications at any time.

Residents of certain states, including California, may have additional privacy rights under applicable law. To the extent such laws apply, Avinity Health will comply with those requirements. Please contact us to exercise any applicable rights.

To submit any privacy request, contact us at info@avinityhealth.com. We will respond within a reasonable time and may require verification of your identity before processing your request. Note that certain rights may be limited or unavailable where information is PHI governed by HIPAA, in which case the procedures described in Section 6.3 apply.

11. Children's Privacy

Avinity Health’s Services are directed to adults age eighteen (18) and older. We do not knowingly collect personal information from children under the age of thirteen (13) through the website. Our website is not designed for or directed to children under 13.

In compliance with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and the FTC’s COPPA Rule, if we discover that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will promptly delete that information. If you believe your child under 13 has provided personal information to us without your consent, please contact us immediately at info@avinityhealth.com.

Note: Clinical services for individuals under 18 may be available in appropriate circumstances with parental or guardian consent and physician evaluation. Any such services, and related PHI, are governed by our Notice of Privacy Practices, applicable Arizona minor consent statutes (including A.R.S. § 44-132 et seq.), and HIPAA.

12. Third-Party Services and Links

The website may contain links to third-party websites, social media pages, or services. This Privacy Policy does not apply to those third-party sites or services. We encourage you to review the privacy policies of any third-party services you access through links on our website.

We use the following categories of third-party service providers that may have access to certain information about your interactions with the website:

  • Google Analytics — website traffic and behavior analytics. See Google’s Privacy Policy at policies.google.com/privacy;

  • Meta (Facebook/Instagram) — advertising pixel for measuring campaign effectiveness;

  • Payment processors — PCI DSS-compliant payment processing partners;

  • Telehealth platform vendors — for virtual consultation delivery; and

  • Patient portal and EHR vendors — for clinical record management.

Avinity Health does not control the privacy practices of these third-party providers beyond our contractual agreements with them.

13. Email Communications and CAN-SPAM Compliance

All commercial email communications sent by Avinity Health comply with the Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act, 15 U.S.C. § 7701 et seq. Our commercial emails will:

  • Clearly identify Avinity Health as the sender;

  • Include our valid physical mailing address;

  • Clearly indicate when the message is an advertisement; and

  • Provide a functioning opt-out or unsubscribe mechanism that is honored within ten (10) business days.

To unsubscribe from promotional communications, use the unsubscribe link in any promotional email or contact us at info@avinityhealth.com. Transactional emails such as appointment confirmations, treatment reminders, and clinical communications may not be subject to marketing opt-out.

14. Arizona-Specific Disclosures

14.1 Arizona Consumer Fraud Act.  Avinity Health’s privacy practices are consistent with the Arizona Consumer Fraud Act (A.R.S. § 44-1521 et seq.), which prohibits unfair or deceptive acts or practices in connection with consumer transactions, including misrepresentations about data privacy practices. We represent that our actual data practices are consistent with the representations made in this Privacy Policy.

14.2 Arizona Medical Records Law.  Patient medical records maintained by Avinity Health are subject to Arizona’s medical records access statutes (A.R.S. §§ 12-2291 through 12-2296), which govern the right of patients to access and obtain copies of their medical records. Requests for medical records should be submitted in writing to info@avinityhealth.com or delivered in person to our Scottsdale clinic.

14.3 Arizona Telehealth Privacy.  Telehealth consultations conducted by Avinity Health comply with Arizona’s Telehealth Act (A.R.S. § 36-3601 et seq.), including requirements for informed consent, patient confidentiality, and secure transmission of health information during telehealth encounters.

15. Changes to This Privacy Policy

Avinity Health reserves the right to update or modify this Privacy Policy at any time. When we make changes, we will update the "Last Updated" date at the top of this Policy and, where changes are material, provide notice by posting a prominent announcement on the website or by sending an email notification to the address associated with your account.

Your continued use of the Services following the posting of a revised Privacy Policy constitutes your acknowledgment of the changes. If changes to this Privacy Policy involve a materially different use of your PHI, we will obtain your written authorization as required by HIPAA before implementing such changes with respect to your health information.

We encourage you to review this Privacy Policy periodically. Archived versions of prior Privacy Policies are available upon written request to info@avinityhealth.com.

16. Contact Us — Privacy Inquiries and Complaints

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, please contact our Privacy Officer:

Avinity Health Clinic, LLC
Privacy Officer
11000 N. Scottsdale Road, Suite 100
Scottsdale, Arizona 85254
Email: info@avinityhealth.com

HIPAA Complaints: If you believe your health information privacy rights have been violated, you have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) at hhs.gov/ocr/privacy or by calling 1-800-368-1019. You will not be retaliated against for filing a complaint with Avinity Health or OCR.

Arizona Attorney General: If you believe your rights under Arizona law have been violated, you may also contact the Arizona Attorney General’s Office Consumer Information and Complaints at azag.gov or (602) 542-5763.