Privacy Policy

Effective Date: March 13, 2026

Wondr Clinic (“Wondr Clinic,” “we,” “us,” or “our”) is a medical practice registered in the State of Florida. We are committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our clinic, use our services, or interact with us online.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.

1. Who We Are

Wondr Clinic is a private medical practice licensed and operating in the State of Florida, United States.

Contact Information:

Wondr Clinic

Email: [contact@wondr.clinic]

2. Scope of This Policy

This Privacy Policy applies to all personal information collected by Wondr Clinic through:

  • In-person clinical consultations and treatments

  • Our website and any online booking or patient portal

  • Telephone, email, and other communications

  • Forms, intake questionnaires, and health assessments

3. Information We Collect

3.1 Protected Health Information (PHI)

As a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), we collect and process Protected Health Information (PHI). This includes:

  • Full name, date of birth, Social Security Number (where required for billing)

  • Home address, telephone number, and email address

  • Medical history, diagnoses, symptoms, and treatment records

  • Prescription information, lab results, and imaging

  • Insurance information and billing records

  • Information about your current medications and known allergies

  • Emergency contact details

3.2 Non-Health Personal Information

  • Payment card information (processed securely; full card numbers are not stored)

  • Appointment scheduling history

  • Communications with our team

3.3 Website and Digital Information

When you visit our website, we may automatically collect:

  • IP address and device identifiers

  • Browser type and operating system

  • Pages visited, time on site, and referring URLs

  • Information submitted through contact or booking forms

  • Cookies and similar tracking technologies (see Section 10)

4. How We Use Your Information

We use your personal and health information for the following purposes:

4.1 Treatment

  • Providing, coordinating, and managing your medical care

  • Communicating with other healthcare providers involved in your treatment

  • Issuing prescriptions, referrals, and other clinical documents

4.2 Payment

  • Processing billing and insurance claims

  • Collecting payment for services rendered

  • Verifying insurance coverage and eligibility

4.3 Healthcare Operations

  • Quality assurance and clinical audits

  • Staff training and practice management

  • Appointment scheduling and reminders

  • Legal, compliance, and risk management activities

4.4 Other Uses Permitted by Law

We may also use or disclose your information as required or permitted by law, including for public health reporting, law enforcement, judicial proceedings, and emergency situations.

5. HIPAA – Your Health Information Rights

As a HIPAA-covered entity, we are required to maintain the privacy of your Protected Health Information (PHI) and to provide you with a Notice of Privacy Practices (NPP). You have the following rights regarding your PHI:

  • Right to Access – You may request a copy of your medical records. We will respond within 30 days.

  • Right to Amend – You may request corrections to inaccurate or incomplete records.

  • Right to an Accounting of Disclosures – You may request a list of certain disclosures we have made of your PHI.

  • Right to Request Restrictions – You may ask us to restrict certain uses or disclosures of your PHI (we are not always required to agree).

  • Right to Confidential Communications – You may request that we contact you in a specific way (e.g., only by mail or only at a specific phone number).

  • Right to a Paper Copy of the Notice of Privacy Practices – Available upon request at our clinic.

To exercise any of these rights, please submit a written request to our Privacy Officer using the contact details in Section 1.

6. Florida-Specific Privacy Rights

6.1 Florida Medical Records Law (Fla. Stat. § 456.057)

Under Florida law, patients have the right to access and obtain copies of their medical records. We comply fully with Florida’s medical records requirements, including applicable timelines and fees for providing copies of records.

6.2 Florida Information Protection Act (FIPA) – Fla. Stat. § 501.171

In the event of a data breach involving your personal information, we will notify affected individuals in accordance with FIPA. Notification will be provided without unreasonable delay, and no later than 30 days after we determine a breach has occurred, unless law enforcement requires a delay.

6.3 Florida Mental Health Act (Baker Act)

Where applicable, we comply with Florida’s laws governing the privacy of mental health records, which carry additional protections beyond standard medical records.

7. Disclosure of Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • With other treating physicians, specialists, hospitals, or labs involved in your care

  • With your health insurance company or third-party payer for billing purposes

  • With Business Associates (as defined under HIPAA) who assist us in operating our practice, under written Business Associate Agreements

  • With public health authorities as required by law (e.g., mandatory disease reporting)

  • With law enforcement or courts when legally compelled by subpoena, court order, or applicable law

  • In emergency situations to prevent serious harm to you or others

  • With your written authorization for any other purposes

8. Data Security

We implement administrative, physical, and technical safeguards to protect your personal and health information, consistent with HIPAA Security Rule requirements. These include:

  • Encrypted storage and transmission of electronic PHI (ePHI)

  • Role-based access controls and unique user authentication

  • Secure disposal of physical and electronic records

  • Regular security risk assessments

  • Staff training on HIPAA compliance and data security

Despite these measures, no method of data transmission or storage is completely secure. In the event of a breach, we will act promptly and notify you as required by HIPAA and Florida law.

9. Data Retention

We retain medical records in accordance with applicable federal and Florida state law:

  • Adult patient records: retained for a minimum of 5 years from the date of service (Florida law); we typically retain for 7 years as best practice

  • Minor patient records: retained until the patient’s 18th birthday plus 4 years, or 7 years from the date of service, whichever is longer

  • Financial and billing records: retained for a minimum of 7 years in accordance with IRS and CMS requirements

Records are securely destroyed when retention periods have elapsed, using methods that render PHI unrecoverable.

10. Cookies and Online Tracking

Our website uses cookies and similar technologies to enhance functionality and understand site usage. We may use:

  • Essential cookies – Necessary for the website to operate

  • Analytics cookies – To understand how visitors use our site (e.g., Google Analytics)

  • Preference cookies – To remember your choices and settings

You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect website functionality. We do not currently respond to Do Not Track (DNT) browser signals, but we do not sell your data to advertisers.

11. Children’s Privacy

We do not knowingly collect personal information from children under the age of 13 through our website without verifiable parental consent, in compliance with the Children’s Online Privacy Protection Act (COPPA). When treating minor patients in the clinic, we obtain appropriate parental or guardian consent and handle their health information in accordance with HIPAA and Florida minor consent laws.

12. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we make material changes, we will update the effective date at the top of this document and, where required by law, notify you directly. We encourage you to review this policy periodically. Your continued use of our services following any changes constitutes acknowledgment of the updated policy.

14. How to Contact Us / File a Complaint

If you have questions, concerns, or wish to exercise your privacy rights, please contact our Privacy Officer:

Privacy Officer – Wondr Clinic

[Street Address]

[City, FL, ZIP Code]

Email: [privacy@wondr.clinic]

Phone: [+1 (XXX) XXX-XXXX]

You also have the right to file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) if you believe your privacy rights have been violated:

U.S. Department of Health & Human Services – Office for Civil Rights

200 Independence Avenue, S.W., Washington, D.C. 20201

Phone: 1-800-368-1019

Website: www.hhs.gov/ocr/privacy/hipaa/complaints

We will not retaliate against you for filing a complaint.

This Privacy Policy was last reviewed and updated on March 13, 2026.