THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED
AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

Amy B. Wechsler Dermatology, PLLC, d/b/a Spotless Clinics
1053 Lexington Avenue
New York, NY 10021
info@spotlessclinics.com

EFFECTIVE DATE: November [14], 2025. 

At Amy B. Wechsler Dermatology, PLLC, d/b/a Spotless Clinics (“Spotless”), we are committed to protecting your personal health information (PHI). We are required by law to keep your health information private and secure, provide you with notice of our legal duties and privacy practices, and to notify you if a breach of your PHI occurs.

Spotless and its employees and other workforce members follow the duties and privacy practices this NPP describes and any changes once they take effect (as required by law). 

The law permits or requires us to use or disclose your PHI for various reasons, which we explain in this NPP. We have included some examples, but we have not listed every permissible use or disclosure. When using or disclosing PHI or requesting your PHI from another source, we will make reasonable efforts to limit our use, disclosure, or request about your PHI to the minimum we need to accomplish our intended purpose.

Uses and Disclosures for Treatment, Payment, or Health Care Operations

• Treatment. We may use or disclose your PHI and share it with other professionals who are treating you, including doctors, nurses, and technicians involved in your care. For example, we might disclose information about your overall health condition to physicians who are treating you for a specific condition.
• Billing and payment. We may use and disclose your PHI to bill and get payment from health plans or others. For example, we share your PHI with your health insurance plan so it will pay for the services you receive.
• Running our organization. We may use and disclose your PHI to run our practice, improve your care, and contact you when necessary. For example, we may use your PHI to manage the services and treatment you receive or to monitor the quality of our health care services.

Other Uses and Disclosures

We may share your information in other ways, usually for public health or research purposes, or to contribute to the public good. For information on permitted uses and disclosures, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. For example, these other uses and disclosures may involve:

• Our business associates. We may use and disclose your PHI to outside persons or entities performing services on our behalf, such as auditing, legal, or transcription (“Business Associates”). The law requires our Business Associates and their subcontractors to protect your PHI in the same way we do. We also contractually require these parties to use and disclose your PHI only as permitted and to appropriately safeguard your PHI.
• Health information exchanges. We may participate in health information exchanges (“HIEs”), which support electronic information sharing among members for treatment, payment, and health care operations purposes. Individuals may opt-out of HIEs. We will use reasonable efforts to limit the sharing of PHI in these electronic sharing activities for individuals who have opted out. If you would like to opt out of our sharing your PHI with HIEs, please email info@spotlessclinics.com
• Complying with the law. For example, we will share your PHI if the Department of Health and Human Services requires it when investigating our compliance with privacy or other laws.
• Helping with public health and safety issues. For example, we may share your PHI to:
  
  prevent disease;
  report adverse reactions to medications or medical device product defects;
  report suspected child neglect or abuse, or domestic violence; or
  avert a serious threat to public health or safety.
  
  
• Responding to legal actions. For example, we may share your PHI to respond to:
  
  a court or administrative order or subpoena;
  discovery request; or
  another lawful process.
  
  
• Research. For example, we may share your PHI for some types of health research not requiring your authorization, such as if an institutional review board (“IRB”) has waived the written authorization requirement.
• Working with medical examiners or funeral directors. For example, we may share PHI with coroners, medical examiners, or funeral directors when an individual dies.
• Responding to organ and tissue donation requests. For example, we may share your PHI to arrange an authorized organ or tissue donation from you or a transplant for you.
• Addressing workers’ compensation, law enforcement, or other government requests. For example, we may use and disclose your PHI for:
  
  workers’ compensation claims;
  health oversight activities by federal or state agencies;
  law enforcement purposes or with a law enforcement official; or
  specialized government functions, such as military and veterans’ activities, national security and intelligence, presidential protective services, or medical suitability.
  
  

Other uses and disclosures of your PHI not described above in this NPP or permitted by law, including sales of your PHI or uses of your PHI for marketing purposes, will be made only with your written authorization. If you give us authorization to use or share PHI about you, you may revoke that authorization in writing at any time.  
Under certain circumstances, PHI disclosed may be redisclosed by the recipient and may no longer be protected under applicable law. 

When it comes to your PHI, you have certain rights. This section explains your rights and some of our responsibilities to help you. Except as otherwise noted below, you may exercise these rights by contacting us in writing at info@spotlessclinics.com. You have the right to: 

• Access your PHI. You may request to review or obtain a copy of the PHI we maintain about you. 
• Correct your health record. You may ask us to correct or amend your PHI we maintain that you think is incorrect or inaccurate.
• Limit what we use or share. You may ask us to limit what we use or share about your PHI. You can contact us and request us to not to use or share certain PHI for treatment, payment or operations or with certain persons involved in your care. For these requests, we are not obligated to agree unless required by law. 
• Request confidential communications. You may ask us to communicate with you about health matters in a certain way or at a certain location. For example, you can ask we only contact you at work or at a specific address. For these requests, you must specify how or where you wish to be contacted, and we will accommodate reasonable requests. 
• Get a list of those with whom we’ve shared your PHI. You may ask us for an accounting of certain PHI disclosures we have made. For these requests, we will include all the disclosures except those about treatment, payment, health care operations, and certain other disclosures, such as any you asked us to make. 
• Obtain a paper copy of this NPP. You may ask us to receive a copy of this NPP for your records. 
• File a complaint. You may file a complaint if you feel we have violated your rights. We will not retaliate against you for filing a complaint. You may either file a complaint: 
  
  Directly with us by contacting Spotless in writing at info@spotlessclinics.com 
  With the Office for Civil Rights at the US Department of Health and Human Services by: 
  Sending a letter to: 
  
  

Centralized Case Management Operations
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington, D.C. 20201

• Calling (800)368-1019; or 
• Submitting all necessary materials at www.hhs.gov/ocr/privacy/hipaa/complaints/

If you are filing a complaint on someone’s behalf, provide the name of the person on whose behalf you are filing. 

We reserve the right to revise this notice at any time. Updates will apply to all existing and future PHI and will be posted visibly in our clinic and on our website.