Notice of Privacy Practices

Last updated: May 18, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices (the “Notice”) describes how Medical Groups, as an affiliated covered entity composed of multiple distinct medical groups including but not limited to US Health and Wellness, Locklab Provider Group, and other affiliated professional entities that may be formed or engaged in the future (collectively, “we” or “our”) may use and disclose your protected health information to carry out treatment, payment, or business operations and for other purposes that are permitted or required by law. “Protected health information” or “PHI” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical health or condition, treatment or payment for health care services.

This Notice also describes your rights to access and control your protected health information. 

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION:

Your protected health information may be used and disclosed by our health care providers, our staff, and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you, to support our business operations, to obtain payment for your care, and any other use authorized or required by law. We may use and disclose your PHI for the following purposes:

  • Treatment: We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party. For example, your protected health information may be provided to any other health care provider with whom you have an existing treatment relationship to ensure the necessary information is accessible to diagnose or treat you. 
  • Payment: Your protected health information may be used to bill or obtain payment for your health care services. For example, we may use your PHI in connection with processing payments for services provided to you. This may include contacting your insurance company to verify your coverage, billing and collection activities, and sharing PHI with other healthcare providers, insurance companies, or collection agencies.
  • Healthcare Operations: We may use or disclose, as needed, your protected health information in order to support the business activities of this office. These activities include, but are not limited to, improving quality of care, providing information about treatment alternatives or other health-related benefits and services, development or maintaining and supporting computer systems, legal services, and conducting audits and compliance programs, including fraud, waste and abuse investigations.  We may de-identify and anonymize your information such that it is no longer considered protected health information or personally identifiable information and as such, will not contain any reference to you. In that instance, we may modify or create derivative works which contain this de-identified and anonymized information and may use that information as may be necessary to enhance the services we are providing. In addition, we may use this de-identified information for non-commercial purposes including but not limited to analytics, research, preparation of case studies and other educational and research related publication and usage. Under no circumstances will we sell or commercially market your information.
  • As Required by Law: We may use and disclose your PHI when required to do so by federal, state, or local law.
  • Public Health and Safety: We may use and disclose your PHI to prevent or control disease, injury, or disability, to report child abuse or neglect, to report reactions to medications or problems with products, and to notify persons who may have been exposed to a communicable disease or may be at risk of spreading a disease or condition.
  • Health Oversight Activities: We may disclose your PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure, including for abuse or neglect reporting or pursuant to Food and Drug Administration requirements. 
  • Judicial and Administrative Proceedings: We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
  • Law Enforcement: We may disclose your PHI for law enforcement purposes, such as to report certain types of wounds or injuries or for certain criminal activities, or to comply with a court order, warrant, or other legal process.
  • Research: We may use and disclose your PHI for research purposes when the research has been approved by an institutional review board and privacy protections are in place.
  • Upon Death: We may use and disclose your PHI to coroners and funeral directors. 
  • Organ and Tissue Donation: If you are an organ donor, we may disclose your PHI to organizations that handle organ procurement, transplantation, or donation.
  • Workers' Compensation: We may disclose your PHI for workers' compensation or similar programs that provide benefits for work-related injuries or illnesses.
  • Military and Veterans: If you are a member of the armed forces, we may disclose your PHI as required by military authorities or for national security purposes. 
  • Inmates: If you are an inmate, we may disclose your PHI to the correctional institution or law enforcement official having custody of you.
  • Other Required Uses and Disclosures: 

USES AND DISCLOSURES THAT DO NOT REQUIRE YOUR AUTHORIZATION

Under the law, we must make certain disclosures to you upon your request, and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of the Health Insurance Portability and Accountability Act (“HIPAA”). State laws may further restrict these disclosures.

USES AND DISCLOSURES THAT REQUIRE YOUR AUTHORIZATION:

Other permitted and required uses and disclosures will be made only with your consent, authorization or opportunity to object unless permitted or required by law. In such cases, without your authorization, we shall not use or disclose your protected health information.

You have the right to receive an accounting of certain disclosures of your protected health information that we have made, paper or electronic, except for certain disclosures which were pursuant to an authorization, for purposes of treatment, payment, healthcare operations (unless the information is maintained in an electronic health record), or for certain other purposes.

You have the right to obtain a paper copy of this Notice, upon request, even if you have previously requested its receipt electronically by e-mail.

YOUR RIGHTS REGARDING PHI:

You have the following rights with respect to your PHI:

  • Right to Inspect and Copy: You have the right to inspect and copy your PHI that we maintain, with certain exceptions. To request access, submit a written request to our Privacy Officer. We may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.
  • Right to Amend: You have the right to request an amendment to your PHI if you believe it is incorrect or incomplete. To request an amendment, submit a written request to our Privacy Officer, specifying the information you believe is incorrect and why. We may deny your request if we believe the information is accurate and complete, or if we did not create the information.
  • Right to an Accounting of Disclosures: You have the right to request an accounting of disclosures of your PHI made by us in the past six years, except for disclosures made for treatment, payment, or healthcare operations, and certain other disclosures. To request an accounting, submit a written request to our Privacy Officer.
  • Right to Request Restrictions: You have the right to request a restriction on our use or disclosure of your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request but will consider it. To request a restriction, submit a written request to our Privacy Officer, specifying the restriction you are requesting and to whom it applies.
  • Right to Request Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or at a certain location. To request confidential communications, submit a written request to our Privacy Officer, specifying how or where you wish to be contacted.
  • Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice, even if you have agreed to receive it electronically. To obtain a paper copy of this Notice, contact our Privacy Officer.
  • Right to be Notified of a Breach: You have the right to be notified in the event that we discover a breach of your PHI.

TRANSMISSION OF PHI:

We are committed to protecting the privacy of your PHI and will ensure that any electronic transmission of PHI complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (45 CFR 164). This includes the use of Secure-Socket Layer (SSL) or equivalent technology for the transmission of PHI, as well as adherence to all applicable security standards for online transmissions of PHI.

REVISIONS TO THIS NOTICE:

We reserve the right to revise this Notice and to make the revised Notice effective for protected health information we already have about you as well as any information we receive in the future. You are entitled to a copy of the Notice currently in effect. Any significant changes to this Notice will be posted on the Services. The Notice will contain the effective date on the first page. You then have the right to object or withdraw as provided in this Notice.

BREACH OF HEALTH INFORMATION:

We will notify you if a reportable breach of your unsecured protected health information is discovered.

Notification will be made to you no later than 60 days from the breach discovery and will include a brief description of how the breach occurred, the protected health information involved and contact information for you to ask questions.

COMPLAINTS:

Complaints about this Notice or how we handle your protected health information should be directed to our HIPAA Privacy Officer. If you are not satisfied with the manner in which a complaint is handled you may submit a formal complaint to the Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting the following website: www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

We must follow the duties and privacy practices described in this Notice. To exercise any of your rights, or if you have any questions about this Notice or our privacy practices, please contact our Privacy Officer at: Lock Lab LLC, locklab.co, help@locklab.co. This Notice is provided in accordance with the Notice of Privacy Practices for Protected Health Information from the Department of Health and Human Services' Model and is applicable across all US states.

Rights of Specific Jurisdictions Within the US

Certain states may have additional privacy protections that apply to your PHI. The following is an example of specific rights in the state of California. If you reside in a state with additional privacy protections, you may have additional rights related to your PHI.

California Residents:

  • Right to Access: In addition to the rights described above, California residents have the right to request access to their PHI in a readily usable electronic format, as well as any additional information required by California law. To request access, submit a written request to our Privacy Officer.
  • Right to Restrict Certain Disclosures: California residents have the right to request restrictions on certain disclosures of their PHI to health plans if they paid out-of-pocket for a specific healthcare item or service in full. To request such a restriction, submit a written request to our Privacy Officer.
  • Confidentiality of Medical Information Act (CMIA): California residents are protected by the Confidentiality of Medical Information Act (CMIA), which provides additional privacy protections for medical information. We are required to comply with CMIA in addition to HIPAA.
  • Marketing and Sale of PHI: California residents have the right to request that their PHI not be used for marketing purposes or sold to third parties without their authorization. To request a restriction on the use of your PHI for marketing or the sale of your PHI, submit a written request to our Privacy Officer.
  • Minor's Rights: If you are a minor (under the age of 18), you have the right to request that certain information related to certain sensitive services, such as reproductive health, mental health, or substance use disorder treatment, not be disclosed to your parent or guardian without your consent. To request a restriction on the disclosure of such information, submit a written request to our Privacy Officer.

Other States

In addition to the privacy practices described in this Notice of Privacy Practices and our Privacy Policy, we comply with applicable state-specific privacy laws related to PHI. The following are examples of a few states with additional privacy protections:

  • New York: For residents of New York, we comply with the New York State Confidentiality of Information Law, which provides additional privacy protections for HIV-related information, mental health records, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations.
  • Texas: For residents of Texas, we comply with the Texas Medical Privacy Act, which offers privacy protections beyond HIPAA, including requiring consent for certain disclosures of PHI, additional safeguards for electronic PHI, and specific requirements for the destruction of PHI. We also adhere to Texas's specific privacy protections for mental health records and substance use treatment records.
  • Florida: For residents of Florida, we comply with Florida's privacy laws, which offer additional protections for mental health records, HIV/AIDS-related information, and substance abuse treatment records. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. We also implement specific security measures to protect electronic PHI, as required by Florida law.
  • Illinois: For residents of Illinois, we comply with Illinois's specific privacy laws related to mental health records, HIV/AIDS-related information, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. In addition, we will notify patients of any unauthorized access to their electronic PHI, as required by Illinois law.
  • Massachusetts: For residents of Massachusetts, we comply with Massachusetts's specific privacy laws related to mental health records, HIV/AIDS-related information, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. We also implement specific security measures to protect electronic PHI, as required by Massachusetts law.

CONTACT INFORMATION:

To exercise any of your rights, or if you have any questions about this Notice or our privacy practices, please contact our Privacy Officer at: Lock Lab LLC, locklab.co, help@locklab.co. This Notice is provided in accordance with the Notice of Privacy Practices for Protected Health Information from the Department of Health and Human Services' Model and is applicable across all US states.

Hair Treatment
Discover
Help
Hair Treatment
Product
The Science
Get Started
Discover
Our Story
Hair Loss Myths
Our Medical Providers
Surgical Hair Restoration
Help
FAQ
Contact Us
Returns
Privacy PolicyTerms & ConditionsTelehealth ConsentConsumer Data PolicyNotice of Privacy PracticesDrug Safety
©2026 Locklab