Privacy Policy

Privacy Policy

Notice of Privacy Practices

HIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Effective Date: 01/01/2023

Last Updated: 05/12/2026

1. Who this Notice covers

SBM Medical PLLC d/b/a REINVI MD (“REINVI MD,” “we,” “our,” “us”) is required by law to maintain the privacy of your protected health information (“PHI”), provide you with this Notice of our legal duties and privacy practices regarding PHI, notify you following a breach of unsecured PHI, and follow the terms of the Notice currently in effect.

2. How we may use and disclose your PHI without your authorization

For Treatment

We use and disclose PHI to provide, coordinate, or manage your care, including consultations with Dr. Broachwala and treating clinicians, prescribing and managing medications, peptides, supplements, and treatments, and coordinating with pharmacies, laboratories, imaging providers, and consultants.

For Payment

We use and disclose PHI to bill and collect payment for services, including processing membership fees, treatment fees, and other charges, and coordinating with payment processors and financial institutions.

For Health Care Operations

We use and disclose PHI for our business operations, including quality improvement, staff training, auditing, vendor management, customer service, and the activities described in the Technology Supplement (Document C).

Other permitted disclosures without authorization

  • When required by law, including Texas reporting laws.

  • Public health activities, including disease reporting and FDA-regulated product safety.

  • Health oversight activities, audits, and investigations.

  • Judicial and administrative proceedings, subpoenas, and court orders.

  • Law enforcement purposes as permitted by law.

  • To avert a serious threat to health or safety.

  • Workers’ compensation as authorized by law.

  • Coroners, medical examiners, and funeral directors.

  • Specialized government functions and military activity.

3. Uses and disclosures that require your written authorization

The following uses and disclosures will be made only with your written authorization, which you may revoke at any time in writing:

  • Most uses and disclosures of psychotherapy notes.

  • Uses and disclosures for marketing purposes, including testimonials, before-and-after photos, names, images, or stories used in advertising.

  • Sale of PHI (REINVI MD does not sell PHI).

  • Other uses and disclosures not described in this Notice.

4. Your rights regarding your PHI

Under HIPAA and Texas law, you have the following rights:

Right to inspect and copy

You may inspect and obtain a copy of your PHI in our designated record set. Texas law requires us to provide a copy within 15 business days of a written request. We may charge a reasonable, cost-based fee consistent with HIPAA and Texas Medical Board rules.

Right to request amendment

You may request that we amend PHI you believe is incorrect or incomplete. We may deny your request under limited circumstances permitted by law.

Right to an accounting of disclosures

You may request a list of certain disclosures we have made of your PHI in the six years prior to your request.

Right to request restrictions

You may request restrictions on certain uses and disclosures of your PHI. We are not required to agree to all requests, but we will agree to restrict disclosure to a health plan for services you paid for in full out of pocket, where required by law.

Right to request confidential communications

You may request that we communicate with you in a specific way or at a specific location (for example, by mail only, or only at a work address).

Right to a paper copy of this Notice

You may request a paper copy of this Notice at any time, even if you previously agreed to receive it electronically.

Right to be notified of a breach

You have the right to be notified following a breach of your unsecured PHI. We will provide notice in accordance with HIPAA (45 CFR §164.404) and Texas Business & Commerce Code §521.053, including notification within 60 days of discovery for Texas residents where applicable.

Right to file a complaint

You may file a complaint with REINVI MD or with the U.S. Department of Health and Human Services Office for Civil Rights without fear of retaliation.

5. Texas-specific rights and obligations

REINVI MD complies with Texas Health & Safety Code Chapter 181 (Texas Medical Records Privacy Act / HB 300), including:

  • Providing employee training on Texas-specific privacy requirements within 90 days of hire.

  • Providing electronic copies of records in the requested electronic format where readily producible, within 15 business days.

  • Not selling PHI except as permitted under Texas Health & Safety Code §181.153.

  • Providing notice of electronic disclosure as described in the separate Texas Electronic Disclosure Notice (Document B).

6. Changes to this Notice

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have about you as well as PHI we receive in the future. The revised Notice will be posted at our office and on our website. You may request a copy of the current Notice at any time.

7. Contact and complaints

admin@reinvimd.com

Texas Electronic Disclosure Notice

Effective Date: 01/01/2023

Notice of electronic disclosure of protected health information

Under Texas law, REINVI MD is required to provide you with this notice. Your protected health information, which may include your demographic information, your medical history, your test results, and other related health information, may be subject to electronic disclosure.

“Electronic disclosure” means the transmission of your protected health information from one computer to another by electronic means.

This electronic disclosure may occur through electronic health record systems, patient portals, secure messaging tools, email, telephone systems, laboratory and pharmacy interfaces, billing and payment systems, scheduling platforms, wearable and device integrations, customer relationship management systems, cloud storage, and other electronic systems used in connection with your care.

This notice is a general notice and is not specific to your particular health information or any particular electronic disclosure.

How we protect your information

REINVI MD uses administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of your electronically transmitted health information, including access controls, encryption where appropriate, business associate agreements with vendors, and regular review of our systems and practices.

Your rights

You may request additional information about how your PHI may be electronically disclosed by contacting our Privacy Officer at the contact information provided in our Notice of Privacy Practices.

Document C — Technology, Communications, AI, and Operations Supplement

Effective Date: 01/01/2023

This Supplement provides additional detail about the technology, electronic systems, communications, vendors, and AI-supported tools REINVI MD uses in connection with care and operations. It supplements — and does not replace — our Notice of Privacy Practices (Document A) and our Texas Electronic Disclosure Notice (Document B). Where this Supplement conflicts with the Notice of Privacy Practices, the Notice of Privacy Practices controls.

1. Information covered by this Supplement

In addition to the categories of PHI described in our Notice of Privacy Practices, REINVI MD may collect, create, receive, maintain, access, use, store, analyze, transmit, or disclose:

  • Medical history, symptoms, diagnoses, treatment plans, prescriptions, medications, allergies, contraindications, side effects, clinical notes, and care recommendations.

  • Weight, body composition, measurements, body scans, body sculpting information, photographs (where separately authorized), and progress data.

  • Laboratory results, diagnostic results, vital signs, metabolic data, glucose, sleep, nutrition, hydration, exercise, activity, wearable, and patient-reported data.

  • Intake, consent, membership, questionnaire, assessment, and follow-up forms.

  • Scheduling, appointment, membership, billing, payment, communication, and administrative records.

  • Information submitted through our website, online forms, calls, emails, texts, advertisements, social media inquiries, patient portal messages, or chat tools.

  • Derived data, summaries, trends, dashboards, adherence indicators, quality metrics, risk flags, and operational reports.

2. Electronic systems used

Electronic systems used by REINVI MD include electronic health records, patient portals, scheduling platforms, customer relationship management systems, payment processors, messaging and email systems, telephone and voicemail systems, laboratory and pharmacy portals, wearable and device integrations, body composition scanners, databases, dashboards, analytics tools, automation tools, AI-supported tools, and vendor platforms.

3. Treatment, care coordination, and patient support

REINVI MD may use information to provide, coordinate, support, and improve care, including reviewing medical history, creating treatment plans, managing medications, monitoring progress and outcomes, reviewing lab and scan results, communicating about appointments and care, coordinating with pharmacies, laboratories, imaging providers, consultants, and vendors, and supporting clinical decision-making by Dr. Broachwala or the treating clinician.

4. Membership, payment, and administrative operations

  • Scheduling, reminders, cancellations, and appointment management.

  • Membership enrollment, renewal, eligibility, and benefit administration.

  • Payment processing, billing, collections, refunds where applicable, and account reconciliation.

  • Customer service, patient support, and communication management.

  • Verifying completion of required care-plan items, visits, scans, forms, labs, and data sharing.

  • Managing disputes, complaints, service issues, compliance reviews, and legal obligations.

5. Quality improvement, analytics, and internal review

  • Reviewing outcomes and program performance.

  • Evaluating patient engagement and adherence.

  • Improving workflows, protocols, staffing, scheduling, communications, and service delivery.

  • Training staff and improving internal processes.

  • Auditing documentation, compliance, privacy, security, and operational performance.

  • Developing dashboards, reports, summaries, benchmarks, and operational metrics.

6. Wearables, apps, scans, labs, and third-party data sources

REINVI MD may receive, request, review, use, and analyze data from wearable devices, mobile apps, body composition scanners, laboratory portals, pharmacy systems, nutrition tools, activity trackers, sleep trackers, glucose monitors, patient-reported logs, and other data sources, to support care, monitor progress, assess safety, personalize recommendations, evaluate membership participation, and improve operations.

Third-party apps, devices, laboratories, pharmacies, and platforms have their own privacy practices. REINVI MD does not control third-party privacy practices unless the third party is acting on behalf of REINVI MD under a Business Associate Agreement or similar agreement.

7. Technology vendors and operational platforms

REINVI MD uses third-party vendors, contractors, consultants, software platforms, cloud services, communication systems, analytics tools, payment processors, AI-supported tools, and other service providers. These vendors may create, receive, maintain, transmit, process, or access PHI when needed to perform services for REINVI MD.

Where required, REINVI MD enters into HIPAA-compliant Business Associate Agreements with vendors who access PHI on our behalf. Vendors are also subject to written confidentiality, privacy, and security terms, access controls, and other safeguards as appropriate.

8. AI-supported tools and automation

REINVI MD may use AI-supported tools, automation, analytics, and software-assisted systems to:

  • Summarize information.

  • Organize records.

  • Identify trends.

  • Flag missing or inconsistent information.

  • Support staff workflows.

  • Prepare draft communications or educational content for staff review.

  • Support quality improvement.

  • Analyze outcomes and program performance.

  • Improve scheduling, follow-up, and patient experience.

AI-supported tools do not replace medical judgment. Final clinical decisions remain with Dr. Broachwala or the treating clinician. REINVI MD only uses AI-supported tools that handle PHI under HIPAA-compliant terms, including, where applicable, Business Associate Agreements with the AI tool provider. REINVI MD does not use AI tools to publicly post, sell, or share identifiable patient information for unrelated public marketing.

9. Communication methods

REINVI MD may communicate by phone, voicemail, email, text message, patient portal, website form, online form, app-based message, mail, or other communication method. Communications may include scheduling, reminders, follow-up, lab or scan coordination, treatment instructions, membership administration, payment issues, service updates, and educational information.

Important: Email, text messages, website forms, and social media are NOT secure communication channels. Do not use these channels for emergencies, urgent medical issues, or to send highly sensitive information. For emergencies, call 911 or go to the nearest emergency department.

If you contact REINVI MD through a non-secure or electronic method, REINVI MD may respond through the same or a similar method unless you request another method and REINVI MD agrees. You may request confidential communications as described in our Notice of Privacy Practices.

10. Security and technology limitations

REINVI MD uses reasonable administrative, physical, and technical safeguards designed to protect your information. However, no electronic system, communication method, portal, phone, email, text message, database, CRM, cloud service, AI-supported tool, wearable integration, or internet-based platform can be guaranteed to be completely secure, uninterrupted, error-free, or free from unauthorized access. Technology risks may include delayed messages, failed transmissions, system outages, incorrect data imports, incomplete data, device errors, vendor errors, unauthorized access, security incidents, or other technical limitations.

In the event of a breach of unsecured PHI, REINVI MD will provide notice as described in our Notice of Privacy Practices and as required by HIPAA and Texas law.

11. De-identified, aggregated, and limited information

REINVI MD may create and use de-identified, aggregated, or limited data sets for analytics, quality improvement, benchmarking, internal reporting, staff training, service development, research planning, and business planning, consistent with 45 CFR §164.514.

12. Marketing, testimonials, and public use

REINVI MD does not sell PHI.

REINVI MD does not use a patient’s name, image, likeness, testimonial, before-and-after photos, videos, identifiable results, or story for advertising or marketing without first obtaining the patient’s separate written HIPAA-compliant authorization. You may revoke any such authorization in writing at any time.

13. Website visitors and prospective patients

Information submitted through REINVI MD’s website, advertisements, online forms, calls, emails, texts, lead forms, or inquiry tools may be used to respond to inquiries, schedule consultations, provide requested information, manage leads, improve operations, and communicate about services.

Submitting information through any of these channels does not, by itself, create a physician-patient relationship. A physician-patient relationship is established only after consultation with a REINVI MD clinician and execution of applicable consent and intake documents.

REINVI MD’s website is also governed by a separate Website Privacy Policy and Terms of Use, which describe cookies, analytics, advertising pixels, and similar non-PHI data practices.

14. Individual requests and communication preferences

You may request reasonable communication preferences or limitations consistent with the rights described in our Notice of Privacy Practices. REINVI MD will evaluate requests based on applicable law, patient safety, clinical needs, operational feasibility, technology limitations, and business requirements. Limiting electronic communications, wearable data, portal use, app data, messaging, or technology-supported operations may affect REINVI MD’s ability to provide care, monitor progress, administer membership services, evaluate eligibility, or operate efficiently.

15. Relationship to other notices and agreements

This Supplement is part of a broader set of documents that govern REINVI MD’s privacy and technology practices:

  • Notice of Privacy Practices (Document A) — the legally required HIPAA notice.

  • Texas Electronic Disclosure Notice (Document B) — the §181.154(b) notice.

  • This Supplement (Document C) — operational and technology detail.

  • Website Privacy Policy and Terms of Use — for non-PHI data collected through the website.

  • Treatment consents, membership agreements, financial policies, and other service-specific documents.

Where a separate authorization, consent, release, or agreement is required for a specific use or disclosure, that separate document controls.

16. Updates to this Supplement

REINVI MD may update this Supplement from time to time. The updated version will be posted on our website with an updated effective date. Updates to the legally required Notice of Privacy Practices will be handled in accordance with 45 CFR §164.520(b)(3).

17. Contact

Questions, requests, or concerns about this Supplement may be directed to the Privacy Officer contact information provided in our Notice of Privacy Practices.