You come first. Always.
Whole-person care, every time.
We tell you the truth.
We listen before we prescribe.
We’ve Been Where You Are
Request An Appointment

HIPAA Complicance

Notice of Privacy Practices for Evolve Your Bod

I. Our Commitment to Your Privacy

At Evolve Your Bod, protecting your health information is a core part of how we operate. We understand that when you trust us with your personal and medical data, you expect it to be handled with the highest level of care, security, and transparency.

This page explains how Evolve Your Bod approaches HIPAA compliance, what safeguards we have in place, and where you can find the formal legal documents that govern the use and disclosure of your Protected Health Information (PHI).

For the formal legal notice required by HIPAA, please review our Notice of Privacy Practices at evolveyourbod.com/notice-of-privacy-practices. That document details your rights, how your PHI may be used and disclosed, and how to file a complaint if you believe your privacy rights have been violated.

II. What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law enacted in 1996 that establishes national standards for the protection of health information. HIPAA requires healthcare providers, health plans, and their business associates to implement safeguards to protect the privacy and security of Protected Health Information (PHI).

PHI includes any individually identifiable health information that is created, received, maintained, or transmitted in connection with healthcare services. This includes your medical records, treatment history, prescriptions, lab results, billing information, and any other information that can be used to identify you in a healthcare context.

HIPAA gives you specific rights regarding your health information, including the right to access your records, request corrections, receive an accounting of disclosures, and file complaints. These rights are detailed in our Notice of Privacy Practices.

III. How HIPAA Applies to Evolve Your Bod

Evolve Your Bod operates as a Management Services Organization (MSO) — a technology and care coordination platform that partners with independent medical groups, partner clinics, pharmacies, and laboratories to coordinate healthcare services. Evolve does not directly practice medicine, prescribe medications, or provide clinical care.

HIPAA applies to Evolve Your Bod in the following ways:

Evolve as a Business Associate

When Evolve handles PHI on behalf of a covered entity (such as a medical group, partner clinic, pharmacy, or laboratory), Evolve functions as a business associate under HIPAA. In this capacity, Evolve is required to protect PHI in accordance with the HIPAA Privacy Rule and Security Rule, and to enter into Business Associate Agreements (BAAs) with each covered entity whose PHI it handles.

Affiliated Medical Groups and Partner Clinics as Covered Entities

The independent medical groups, partner clinics, and healthcare providers who render clinical care through or in connection with the Evolve platform are covered entities under HIPAA. They are directly subject to HIPAA’s requirements for the use and disclosure of PHI. Each covered entity maintains its own HIPAA compliance program in addition to the protections Evolve provides at the platform level.

Across All Care Models

HIPAA protections apply to PHI handled across all four of Evolve’s care models: Telehealth (TH), In-Person Visits (IPV), Hybrid Consult + IV Therapy (Hybrid), and Mobile IV Therapy (Mobile IV). Regardless of the care model, your PHI is protected by the same HIPAA standards and the same commitment to privacy and security.

IV. How We Protect Your Information

Evolve Your Bod implements comprehensive administrative, physical, and technical safeguards to protect your health information in compliance with the HIPAA Security Rule. These include:

A. Technical Safeguards

– Encryption of data in transit (TLS/SSL) and at rest, ensuring that your information is protected whether it is being transmitted or stored.

– HIPAA-compliant telehealth platform for secure video, audio, and messaging consultations.

– HIPAA-compliant data storage infrastructure with access controls, redundancy, and backup systems.

– Role-based access controls (RBAC) that limit access to PHI to authorized personnel with a legitimate need to know.

– Audit logging that tracks who accesses your information, when, and for what purpose.

– Secure authentication and session management for all user accounts on the Evolve platform.

– Firewalls, intrusion detection and prevention systems, and continuous security monitoring.

B. Administrative Safeguards

– HIPAA privacy and security training for all staff members who handle or may have access to PHI.

– Business Associate Agreements (BAAs) with every vendor, technology partner, and service provider that handles PHI on behalf of Evolve or its affiliated providers.

– Written privacy and security policies and procedures governing the handling of PHI.

– Designated Privacy Officer responsible for overseeing HIPAA compliance.

– Regular risk assessments to identify and address potential vulnerabilities in our systems and processes.

– Incident response and breach notification procedures in compliance with HIPAA and applicable state law.

C. Physical Safeguards

– Secure facilities for any physical systems that store or process PHI.

– Device encryption and mobile device management (MDM) policies for staff devices that may access patient data.

– Policies prohibiting the transmission of PHI via personal text messages, consumer email, or unsecured communication channels.

– Secure disposal of physical media containing PHI (shredding, degaussing, or certified destruction).

D. Vendor and Partner Safeguards

– All technology vendors, payment processors, hosting providers, CRM platforms, and communication services that handle PHI are required to sign BAAs with Evolve Your Bod.

– Evolve evaluates the security posture of its vendors and partners before entering into business relationships involving PHI.

– Affiliated medical groups, partner clinics, and pharmacies maintain their own HIPAA compliance programs and are independently responsible for their compliance obligations.

V. Telehealth-Specific Privacy Protections

Telehealth services present unique privacy considerations due to the electronic nature of care delivery. Evolve Your Bod addresses these through the following measures:

– All telehealth consultations are conducted through a HIPAA-compliant platform with end-to-end encryption.

– Providers are trained on telehealth-specific privacy practices, including maintaining a private environment during consultations.

– Patients are encouraged to participate in telehealth consultations from a private location to protect their own privacy.

– Asynchronous communications (store-and-forward) are transmitted and stored using the same encryption and access control standards as synchronous consultations.

– Telehealth session recordings, if any, are stored in compliance with HIPAA and applicable state law, and access is restricted to authorized personnel.

VI. Health Data and Website Analytics

Evolve Your Bod is committed to ensuring that website tracking technologies do not compromise the privacy of your health information. We take the following precautions:

– Tracking pixels, analytics tools, and advertising technologies are configured to avoid transmitting PHI to third-party analytics or advertising platforms.

– We conduct periodic reviews of our tracking implementations to identify and mitigate any risk that health-related data could be captured or transmitted through website analytics.

– Pages containing health intake forms, patient portals, and clinical content are subject to enhanced privacy controls to prevent data leakage through analytics scripts.

Note: Recent enforcement actions by HHS and the FTC have highlighted the risk that website tracking technologies (such as Meta Pixel, Google Analytics, and similar tools) can inadvertently transmit PHI to third parties. Evolve takes this risk seriously and actively monitors its website tracking configuration.

VII. Breach Notification

In the event of a breach of unsecured PHI, Evolve Your Bod will notify affected individuals, the U.S. Department of Health and Human Services, and, where applicable, the media, as required by the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414) and applicable state law, including the Texas Medical Records Privacy Act and the Texas Identity Theft Enforcement and Protection Act.

Breach notifications will include a description of the breach, the types of information involved, the steps we are taking in response, and what you can do to protect yourself. Notifications will be provided without unreasonable delay and no later than 60 days from the date the breach is discovered, or sooner if required by state law.

VIII. Your Privacy Documents

Evolve Your Bod maintains several documents that work together to protect your health information. You are encouraged to review each of them:

Notice of Privacy Practices — The formal HIPAA-required notice detailing how your PHI is used and disclosed, and your rights. Available at evolveyourbod.com/notice-of-privacy-practices.

Privacy Policy — Governs the collection and use of personal information by Evolve as a technology platform (website data, account info, marketing data). Available at evolveyourbod.com/privacy-policy.

PHI / Data-Sharing Authorization — Your signed consent authorizing Evolve to share your health information with the entities involved in your care. Provided during the intake process and Available at evolveyourbod.com/phi-authorization/

California Privacy Notice (CCPA/CPRA) — Additional privacy rights for California residents. Health information governed by HIPAA is exempt from the CCPA. Available at evolveyourbod.com/california-consumer-privacy-act-ccpa-privacy-notice.

Terms of Service — The foundational agreement governing your use of the Evolve platform, including Section XV on PHI handling. Available at evolveyourbod.com/terms-of-service.

IX. Questions, Concerns, and Complaints

If you have any questions about how Evolve Your Bod protects your health information, or if you have concerns about the privacy or security of your data, please contact us:

Evolve Your Bod — Privacy Office

AA Health Solutions, LLC

5521 Bellaire Drive South, Suite 200

Fort Worth, TX 76109

Email: info@evolveyourbod.com (Subject: Attn: Privacy Office)

Phone: 866-301-3141

If you believe your privacy rights have been violated, you have the right to file a complaint. You will not be retaliated against for filing a complaint.

Federal complaint: U.S. Department of Health and Human Services, Office for Civil Rights — www.hhs.gov/ocr/privacy/hipaa/complaints/ — Toll-free: 1-877-696-6775

Texas state complaint: Office of the Attorney General of Texas, Consumer Protection Division — www.texasattorneygeneral.gov — Toll-free: 1-800-252-8011

X. URL Redirect Notice

This page is located at evolveyourbod.com/hipaa-compliance. If you arrived here from a link to /hipaa-complicance/ (a previous URL with a typographical error), you have been automatically redirected to this correct address. All bookmarks and links should be updated to use /hipaa-compliance/.