Privacy Policy

Institute for Human Optimization

Effective Date: 12-01-2025

INSTITUTE FOR HUMAN OPTIMIZATION – PRIVACY POLICY (HIPAA-Compliant)

The Institute for Human Optimization (“we,” “our,” or “us”) is committed to protecting the privacy and security of your personal information and Protected Health Information (“PHI”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our online forms, or engage with our precision medicine and clinical services.

By accessing our website or submitting information through our online platforms, you acknowledge and agree to the practices described in this Privacy Policy.

1. Definitions

Protected Health Information (PHI)

Information that identifies you and relates to your past, present, or future physical or mental health or conditions, healthcare services, or payment for healthcare.

Personal Information

Information that identifies, relates to, describes, or could reasonably be linked with an individual (for example, name, email, or phone number).

De-Identified Information

Data that has been stripped of identifiers as defined under HIPAA and cannot reasonably be used to identify an individual.

Cookies and Tracking Technologies

Small data files or web-based identifiers used to operate, analyze, and improve website performance and user experience.

2. Information We Collect

A. Information You Voluntarily Provide

We may collect information that you voluntarily provide, including:

  • Contact information (name, email, phone number, mailing address);
  • Appointment requests and inquiry form submissions;
  • Health-related information submitted through online forms;
  • Insurance or billing information; and
  • Patient intake and medical history provided electronically.

B. PHI Collected During Clinical Interactions

If you become a patient, we collect PHI necessary to provide healthcare services, including:

  • Information used for precision medicine and longevity evaluations;
  • Information used in clinical decision-making;
  • Information required for laboratory ordering and interpretation;
  • Information required for diagnosis, treatment planning, and follow-up; and
  • Information used for secure communication and care coordination.

C. Automatically Collected Information

When you visit our website, we may automatically collect certain technical information, such as:

  • IP address;
  • Device type, operating system, and browser type;
  • Pages visited, time spent on pages, and referring URLs; and
  • Cookies, tracking pixels, and analytics logs.

We may use analytics tools (such as Google Analytics) to collect device-based and usage-based information. These tools do not access or store PHI.

3. How We Use Your Information

A. Uses of PHI (HIPAA Permitted Uses)

We may use PHI for the following purposes:

  • Treatment, diagnosis, and care coordination;
  • Payment processing and insurance-related activities;
  • Healthcare operations, quality improvement, and compliance;
  • Secure patient communication, including email, patient portals, telephone, and SMS (if you have opted in); and
  • Other uses and disclosures permitted or required by HIPAA and applicable law.

B. Uses of Personal Information

We may use non-PHI personal information to:

  • Respond to your inquiries and requests;
  • Schedule and manage appointments;
  • Improve website performance, content, and user experience; and
  • Maintain and troubleshoot our online services.

C. Marketing & Communications

We may send educational materials, practice updates, or promotional communications if you opt in to receive them.

We will not use your PHI for marketing purposes without your explicit written authorization, as required by HIPAA.

4. How We Share Your Information

A. Sharing of PHI in Compliance with HIPAA

We may disclose PHI only as permitted by law and as necessary to provide healthcare services and operate our practice, including disclosures to:

  • Healthcare providers involved in your care;
  • Laboratories, pharmacies, and imaging centers;
  • HIPAA-compliant software and cloud service providers;
  • Billing services, insurance companies, and payment processors; and
  • Business Associates who perform services on our behalf, with signed Business Associate Agreements (“BAAs”).

B. We Do Not Share PHI With

  • Advertisers;
  • Data brokers;
  • Social media platforms; or
  • Third parties for marketing or advertising purposes.

C. Sharing of Non-PHI Personal Information

We may share non-medical website data with third parties that help us operate and improve our website and communications, such as:

  • Analytics providers;
  • Web hosting and security vendors; and
  • Email marketing platforms (for opt-in communications).

These third parties are required to handle your information in accordance with applicable privacy and security standards.

5. Cookies, Tracking Technologies & Pixels

Our website may use cookies and similar technologies to enhance your experience and analyze usage. This may include:

  • Functional and preference cookies;
  • Analytics tools (such as Google Analytics);
  • Tag managers (such as Google Tag Manager); and
  • Advertising pixels (such as Meta Pixel), which are configured to avoid collection of PHI.

You can control cookie settings through your browser or device settings and may use available opt-out mechanisms where applicable.

6. Your Rights Under HIPAA

As a patient, you have specific rights regarding your PHI under HIPAA and applicable law. These include the right to:

  • Request access to and copies of your medical records;
  • Request corrections (amendments) to your PHI;
  • Request restrictions on certain uses or disclosures of your PHI, where feasible;
  • Request alternative or confidential means of communication;
  • Obtain an accounting of certain disclosures of your PHI made by us; and
  • Receive a copy of this Privacy Policy and our Notice of Privacy Practices.

To exercise these rights, please contact us using the contact information provided at the end of this Policy.

7. Data Security Measures

We implement administrative, technical, and physical safeguards designed to protect your information, including:

  • Use of HIPAA-compliant electronic health record systems;
  • Encryption of data in transit (such as SSL/TLS) where appropriate;
  • Secure servers and restricted, role-based access to PHI;
  • Staff training and confidentiality obligations; and
  • Ongoing monitoring and periodic security reviews.

While we strive to protect your information, no system or method of transmission can be guaranteed to be 100% secure.

8. Data Retention

We retain information for as long as necessary to fulfill the purposes described in this Policy and as required by law, including:

  • PHI is retained for at least six (6) years, or longer where applicable law requires;
  • Inquiry and contact form submissions are retained only as long as necessary to address your request and maintain appropriate records; and
  • Email marketing data is retained until you unsubscribe or request deletion.

9. Third-Party Services & Business Associates

We may use third-party vendors and Business Associates to support our operations, such as:

  • Electronic health record and practice management systems;
  • Telehealth platforms and secure messaging tools;
  • Scheduling and patient intake systems;
  • Cloud storage and data backup providers; and
  • Billing, insurance, and payment processing services.

When these entities handle PHI on our behalf, we enter into Business Associate Agreements (BAAs) requiring them to protect PHI in accordance with HIPAA.

10. No Services for Minors

We do not provide clinical services to, or intentionally collect information from, individuals under 18 years of age. Our website and services are intended for adults only.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we do, we will post the updated Policy on our website with a revised effective date.

Your continued use of our website or services after any changes are posted constitutes your acceptance of the updated Policy.

12. Contact Information

If you have questions about this Privacy Policy, our privacy practices, or your rights, or if you wish to exercise your rights under HIPAA, please contact:

Privacy Officer
Institute for Human Optimization
7030 Hi Tech Drive, Suite 101
Hanover, MD 21076
Phone: 410-858-4086
Email: [email protected]

You may also submit complaints regarding your privacy rights directly to the U.S. Department of Health and Human Services, Office for Civil Rights.

OPTIMIZE YOUR HEALTH

ONE EMAIL AT A TIME

Subscribe to Our Newsletter

7030 HI TECH DRIVE # 101

HANOVER MD 21076

410.858.4086

TELEMEDICINE

© Copyright The Institute for Human Optimization 2025.

All Rights Reserved.