Privacy Policy | TBP-New

TOTAL BODY PERFORMANCE PRIVACY POLICY

Effective Date: July 1, 2026 Last Updated: July 1, 2026
1. INTRODUCTION Total Body Performance ("TBP," "we," "us," or "our") is a chiropractic and wellness center licensed and operating in the State of Ohio in accordance with Ohio Revised Code Chapter 4734. We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.tbpchiropractic.com), use our services, or interact with us in any capacity.
As a healthcare provider, we are subject to the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations, as well as Ohio laws governing the privacy and security of patient information. This Privacy Policy should be read in conjunction with our separate Notice of Privacy Practices, which specifically addresses the use and disclosure of your Protected Health Information (PHI).
By using our services, you consent to the practices described in this Privacy Policy.
2. INFORMATION WE COLLECT
2.1 Personal Information You Provide We collect information you voluntarily provide, including:
Contact Information:

Full name
Mailing address
Email address
Phone number(s)
Emergency contact information

Demographic Information:

Date of birth
Gender
Occupation
Employer information

Health Information (Protected Health Information under HIPAA):

Medical history and health conditions
Current medications and supplements
Allergies and contraindications
Previous injuries, surgeries, and hospitalizations
Family health history
Physician and healthcare provider information
Health insurance information (if applicable)
Treatment records and clinical notes
Progress notes and outcome measures
Diagnostic findings and assessments
Blood laboratory test results and analysis
X-ray images (diagnostic purposes only per ORC §4734.15)

Fitness and Performance Data:

3D Styku body composition scans
Movement assessments and functional testing results
Exercise performance metrics
Training logs and workout history
Goals and progress tracking data

Financial Information:

Payment card information
Billing address
HSA/FSA account information
Payment history
Prepayment plan agreements (maintained per OAC §4734-9-11)

Communication Records:

Correspondence via email, phone, or text
Appointment confirmations and reminders
Marketing preferences
Feedback, reviews, and testimonials (with written consent per OAC §4734-9-02(Q))

2.2 Information Collected Automatically When you visit our website or use our online services, we may automatically collect:
Device and Usage Information:

IP address
Browser type and version
Operating system
Device identifiers
Pages visited and time spent
Referring website or source
Click patterns and navigation behavior

Cookies and Tracking Technologies:

Session cookies for website functionality
Persistent cookies for preferences
Analytics cookies (Google Analytics or similar)
Advertising and retargeting pixels (if applicable)

2.3 Information from Third Parties We may receive information from:

Referring healthcare providers (with appropriate authorization)
Affiliated medical partners (e.g., hormone optimization providers)
Corporate wellness program administrators
Online scheduling and payment platforms
Marketing and advertising platforms

3. HOW WE USE YOUR INFORMATION
3.1 Healthcare Operations We use your health information to:

Provide chiropractic care, clinical assessments, and treatments
Conduct PARQ conferences for informed consent (per Ohio chiropractic standards)
Develop and modify treatment plans
Conduct functional movement and performance assessments
Track progress and clinical outcomes
Communicate with referring or coordinating healthcare providers (with authorization)
Maintain complete, accurate, and minimally competent records (per OAC §4734-8-04)
Process insurance claims or provide superbills (when applicable)
Comply with Ohio State Chiropractic Board requirements and other legal obligations

3.2 Business Operations We use your personal information to:

Schedule and manage appointments
Process payments and maintain billing records
Administer memberships and care plans
Send appointment reminders and confirmations
Communicate about your account, services, and policies
Respond to inquiries and provide customer support
Manage our facility and services

3.3 Marketing and Communications With your consent where required, we may use your information to:

Send newsletters, health tips, and educational content
Notify you of new services, promotions, or events
Request reviews and testimonials (with written consent per OAC §4734-9-02(Q))
Conduct surveys and gather feedback
Deliver targeted advertising (with appropriate consent) Note: All marketing communications comply with OAC §4734-9-02 advertising requirements.

3.4 Improvement and Analytics We use aggregated and de-identified information to:

Analyze website traffic and user behavior
Improve our services, website, and user experience
Conduct research on treatment outcomes (in de-identified form)
Develop new programs and services

3.5 Legal and Safety Purposes We may use your information to:

Comply with applicable laws, regulations, and legal processes
Respond to lawful requests from government authorities
Respond to Ohio State Chiropractic Board inquiries or investigations (per OAC §4734-9)
Protect our rights, privacy, safety, or property
Enforce our Terms of Service and other agreements
Investigate and prevent fraud or illegal activities

4. HOW WE SHARE YOUR INFORMATION
4.1 With Your Consent We may share your information when you provide explicit consent, such as:

Authorizing communication with family members or caregivers
Consenting to use of your image or testimonial for marketing
Directing us to share records with other healthcare providers

4.2 For Treatment and Care Coordination We may share your health information with:

Other healthcare providers involved in your care (with appropriate authorization per ORC §§3701.74-3701.742)
Affiliated medical partners (e.g., hormone optimization providers)
Diagnostic or laboratory services
Referring physicians

4.3 Service Providers and Business Partners We may share information with third parties who perform services on our behalf, including:

Payment processors and merchant services
Electronic health record (EHR) and practice management systems
Appointment scheduling platforms
Email and communication service providers
Website hosting and IT service providers
Marketing and analytics platforms
Accounting and legal professionals

These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed. Where applicable, Business Associate Agreements are in place as required by HIPAA.
4.4 Corporate Wellness Programs If you participate through a corporate wellness program, we may share limited information with your employer or program administrator as outlined in your enrollment agreement, which may include:

Participation and attendance records
Aggregate program outcomes (de-identified)
Completion of assessments or milestones

We will not share detailed health information with employers without your explicit written authorization.
4.5 Legal Requirements We may disclose your information when required or permitted by law, including:

Response to subpoenas, court orders, or legal processes
Compliance with Ohio State Chiropractic Board requests (per OAC §4734-9)
Reporting to public health authorities
Workers' compensation claims
Prevention of fraud or illegal activity
Protection of our legal rights

4.6 Business Transfers If TBP is involved in a merger, acquisition, sale of assets, or closure of practice, your information may be transferred as part of that transaction. We will provide notice as required by OAC §4734-8-07 (Notice of leaving, selling, or retiring from practice) and comply with all Ohio requirements for patient notification and records transfer.
5. PROTECTED HEALTH INFORMATION (PHI) AND HIPAA
5.1 Your Rights Under HIPAA As a covered entity under HIPAA, we provide you with the following rights regarding your Protected Health Information:

Right to Access: You have the right to inspect and obtain copies of your health records during regular business hours without charge for examination, or you may request copies in accordance with ORC §3701.741. Reasonable copying fees may apply.
Right to Amend: You may request amendments to your health records if you believe information is incorrect or incomplete. We may deny the request in certain circumstances but will provide written explanation.
Right to Accounting of Disclosures: You may request a list of disclosures of your PHI made for purposes other than treatment, payment, or healthcare operations.
Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI. We are not required to agree to all requests but will consider them.
Right to Confidential Communications: You may request that we communicate with you in a specific manner or at a specific location.
Right to a Copy of the Notice of Privacy Practices: You may request a paper copy of our Notice of Privacy Practices at any time.

5.2 Uses and Disclosures Requiring Authorization We will obtain your written authorization before:

Using or disclosing psychotherapy notes (if any)
Using your PHI for marketing purposes
Selling your PHI
Other uses and disclosures not described in our Notice of Privacy Practices

5.3 Minimum Necessary Standard When using or disclosing PHI, we make reasonable efforts to limit the information to the minimum necessary to accomplish the intended purpose.
6. OHIO PATIENT RECORDS RIGHTS
6.1 Access to Medical Records (ORC §§3701.74-3701.742) In accordance with Ohio law, you have the right to:

Examine your medical records during regular business hours without charge
Request copies of your medical records
Authorize release of your records to designated individuals or providers
Submit written requests for records (valid for one year from date of signature)

6.2 Release of Records Records may be released:

Directly to you
To a physician, chiropractor, or other healthcare provider you designate
Held at our office for pickup
To authorized third parties with your written consent

6.3 Fees for Copies We may charge reasonable fees for copying medical records as permitted by ORC §3701.741, which may include:

Per-page copying charges
Actual cost of supplies and postage
Labor costs for retrieval and preparation Fee schedules are available upon request.

7. DATA SECURITY
7.1 Security Measures We implement administrative, technical, and physical safeguards to protect your information, including:
Administrative Safeguards:

Privacy and security policies and procedures
Workforce training on HIPAA and privacy requirements
Access controls limiting information access to authorized personnel
Business associate agreements with service providers
Regular risk assessments and audits

Technical Safeguards:

Encryption of sensitive data in transit and at rest
Secure user authentication and access controls
Firewalls and intrusion detection systems
Regular software updates and security patches
Secure backup and disaster recovery systems

Physical Safeguards:

Locked storage for physical records
Controlled facility access
Workstation security measures
Proper disposal of records and electronic media (shredding, secure deletion)

7.2 Infection Control and Needle Safety (Per OAC §4734-8) For procedures involving needles (dry needling), we maintain:

Use of only sterile, disposable needles
Aseptic techniques
Universal blood and body fluid precautions
Proper barrier techniques and disposal procedures

7.3 Data Breach Notification In the event of a breach of unsecured PHI, we will notify affected individuals, the Department of Health and Human Services, and if applicable, the media, in accordance with HIPAA Breach Notification requirements.
7.4 Limitations While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
8. DATA RETENTION
8.1 Ohio Records Retention Requirements (OAC §4734-8-04) We retain patient records in accordance with Ohio chiropractic regulations:
General Patient Records:

Active Patients: Maintained on-site at our facility
Former Patients: Minimum of 5 years after the last date of treatment (may be stored off-site in secure, confidential location)

Minor Patient Records:

Until 2 years after the patient's 18th birthday OR 5 years after the last treatment, whichever is longer

Records Involving Legal Proceedings:

2 years beyond the conclusion of legal proceedings OR 5 years from last treatment, whichever is longer

X-Ray Images:

5 years after taken
For minors: 2 years after 18th birthday OR 5 years, whichever is longer

Prepayment Plan Agreements:

Maintained in patient file per OAC §4734-9-11 retention requirements

8.2 Other Retention Periods

Financial Records: 7 years from the date of transaction
Marketing and Communication Records: Until you opt out or the information is no longer needed
Testimonial Consents: One year from last date of publication (per OAC §4734-9-02(Q))
Solicitation Records: Six months from last date of use (per OAC §4734-9-02(M))
Website Analytics: Generally 26 months, or as configured in our analytics platforms

8.3 Disposal When information is no longer needed, we dispose of it securely:

Paper records: Shredding or burning
Electronic records: Secure deletion
All disposal conducted in a confidential manner per OAC §4734-8-04

9. YOUR CHOICES AND RIGHTS
9.1 Marketing Communications You may opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in marketing emails
Contacting us at 513-296-TBPC (8272)
Emailing us at info@tbpchiropractic.com
Updating your preferences in your patient portal

Opting out of marketing will not affect transactional communications (e.g., appointment reminders, billing notices).
9.2 Cookies and Tracking You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality. For targeted advertising, you can opt out through industry tools like the Digital Advertising Alliance (optout.aboutads.info).
9.3 Do Not Track Our website does not currently respond to "Do Not Track" browser signals.
9.4 Access and Correction You may access and update your personal information by:

Logging into your patient portal (if applicable)
Contacting us to request access or corrections
Submitting a written request per ORC §3701.74
Visiting our office in person

10. PHOTOGRAPHY, VIDEO, AND MEDIA
10.1 Clinical Documentation We may capture photographs, videos, or 3D body scans for:

Documenting your condition and tracking progress
Treatment planning and clinical analysis
Your personal health records

These images are part of your Protected Health Information and are treated accordingly.
10.2 Marketing and Promotional Use In accordance with OAC §4734-9-02(Q), we will obtain separate written consent before using your image, video, likeness, testimonial, or any identifying information for:

Website content and social media
Marketing materials and advertisements
Case studies and educational presentations
Before-and-after demonstrations

Requirements for testimonials:

Written consent as to exact wording and proposed use
Testimonials must be true and not false, fraudulent, deceptive, or misleading
Consent retained for one year from last publication date

You may decline marketing consent without affecting your access to services. You may revoke marketing consent at any time by contacting us in writing; revocation will apply to future uses only.
11. CHILDREN'S PRIVACY
11.1 Minors Under 18 We provide services to minors with parental or guardian consent, in accordance with OAC §4734-9-02(O)(12). Parents and guardians have the right to:

Access their minor child's health records
Make decisions regarding their care and privacy
Provide or withhold consent for treatment

11.2 Website Users Under 13 Our website is not directed to children under 13. We do not knowingly collect personal information from children under 13 through our website. If we learn we have collected such information, we will delete it promptly.
12. CALIFORNIA PRIVACY RIGHTS If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:

Right to Know: What personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information (subject to exceptions)
Right to Opt-Out: Opt out of the "sale" of personal information (note: we do not sell personal information)
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Note: HIPAA-covered health information is exempt from CCPA requirements. To exercise these rights, contact us at info@tbpchiropractic.com.
13. THIRD-PARTY WEBSITES AND SERVICES Our website may contain links to third-party websites, platforms, or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites you visit.
Third-party services we may integrate with include:

Online scheduling platforms
Payment processors
Social media platforms (Facebook, Instagram)
Email marketing services
Analytics platforms (Google Analytics)

14. PRACTICE CLOSURE OR TRANSFER
14.1 Notice Requirements (OAC §4734-8-07) If TBP closes, sells, or the treating chiropractic physician retires or leaves practice:

All patients who received services within the preceding 6 months will be notified in writing
Notification will be sent at least 30 days prior to closure (when possible)
Notice will include: date of closure, how to obtain your records, and contact information

14.2 Records Custody

Patient records will be transferred to a successor practice or secure storage
You will be informed how to access your records
Records will continue to be protected and maintained per Ohio retention requirements
The Ohio State Chiropractic Board will be notified of records location

15. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes:

We will update the "Last Updated" date at the top of this policy
We may notify you via email or website notice
Continued use of our services after changes constitutes acceptance

16. COMPLAINTS AND REGULATORY CONTACTS
Filing a Complaint If you believe your privacy rights have been violated, you may:
File with TBP: Email: info@tbpchiropractic.com Phone: 513-296-TBPC (8272) Address: 416 Corwin-Nixon Blvd, South Lebanon, Ohio 45065
File with the U.S. Department of Health and Human Services: Office for Civil Rights Website: www.hhs.gov/ocr Phone: 1-800-368-1019
File with the Ohio State Chiropractic Board: 77 South High Street, 16th Floor Columbus, Ohio 43215 Phone: (614) 644-7032 Website: https://chirobd.ohio.gov
You will not be retaliated against for filing a complaint.
17. CONTACT INFORMATION If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Total Body Performance Chiropractic and Wellness Center Address: 416 Corwin-Nixon Blvd, South Lebanon, Ohio 45065 Phone: 513-296-TBPC (8272) Email: info@tbpchiropractic.com Website: www.tbpchiropractic.com Facebook: facebook.com/tbpchiropractic Instagram: @tbpchiropractic
18. NOTICE OF PRIVACY PRACTICES This Privacy Policy provides general information about our privacy practices. As a healthcare provider, we also maintain a separate Notice of Privacy Practices (NPP) as required by HIPAA, which provides additional detail about the use and disclosure of your Protected Health Information.
A copy of our Notice of Privacy Practices is available:

At our facility upon request
On our website at www.tbpchiropractic.com
By contacting us at 513-296-TBPC (8272) or info@tbpchiropractic.com