St. Johns Wellness

Effective Date: June 25, 2026
Applies To: St. Johns Wellness and Nemus Longevity, a DBA of St. Johns Wellnes

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, HOW YOU CAN GET ACCESS TO THIS INFORMATION, AND HOW WE PROTECT YOUR PRIVACY. PLEASE REVIEW IT CAREFULLY.

St. Johns Wellness, including Nemus Longevity as its DBA (“St. Johns Wellness,” “we,” “our,” or “us”), is committed to protecting the privacy and security of our patients’ personal information and protected health information. This Privacy Policy and Notice of Privacy Practices applies to information collected through our website, mobile application, patient intake forms, patient portal, telehealth services, secure messaging systems, in-person services, telephone communications, email communications, and other interactions with our practice.

We maintain privacy and security safeguards designed to protect patient information in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), applicable state privacy and medical-record laws, and other applicable legal requirements.

1. Information We Collect

We may collect the following types of information:

Personal and Contact Information

This may include your name, date of birth, mailing address, email address, phone number, government-issued identification, emergency contact information, and other demographic information.

Medical and Health Information

This may include your medical history, symptoms, diagnoses, treatment plans, medications, allergies, laboratory results, vital signs, clinical notes, health goals, photographs submitted for care purposes, telehealth encounter information, prescription information, and other information related to the provision of healthcare services.

Payment and Billing Information

This may include payment card information, billing address, transaction records, invoices, receipts, and other information needed to process payments or manage your account. Payment card information may be processed by secure third-party payment processors.

Website, App, and Technical Information

When you use our website or app, we may collect technical information such as browser type, IP address, device information, pages visited, referral source, and usage data through cookies, analytics tools, or similar technologies.

Communications

We may collect information you provide through phone calls, secure text messaging, patient portal messages, email, forms, appointment requests, telehealth visits, or other communications with our practice.

2. Protected Health Information

“Protected Health Information” or “PHI” means individually identifiable health information that relates to your past, present, or future physical or mental health condition, the healthcare services provided to you, or payment for healthcare services, and that identifies you or could reasonably be used to identify you.

PHI may exist in written, electronic, oral, telehealth, messaging, or other forms. We protect PHI in accordance with HIPAA and applicable state law.

3. Our Legal Duties

We are required by law to:

  • Maintain the privacy and security of your PHI.
  • Provide you with this Notice of Privacy Practices.
  • Follow the terms of the notice currently in effect.
  • Notify you if a breach occurs involving unsecured PHI, as required by applicable law.
  • Maintain policies and procedures designed to protect the confidentiality and security of patient information.
  • Train workforce members regarding privacy and security obligations.
4. How We May Use and Disclose Your Information

We may use and disclose PHI and other personal information for the following purposes.

Treatment

We may use and disclose your information to provide, coordinate, or manage your healthcare. This may include sharing information with treating providers, pharmacies, laboratories, imaging centers, consultants, or other healthcare professionals involved in your care.

Examples include reviewing your medical history, ordering lab work, prescribing medication when clinically appropriate, coordinating with a pharmacy, or communicating with another provider involved in your care.

Payment

We may use and disclose information to process payments, manage billing, collect amounts owed, provide receipts, and respond to payment-related inquiries. Although St. Johns Wellness is primarily a private-pay practice, payment-related uses and disclosures may still occur.

Healthcare Operations

We may use and disclose information for practice operations, including quality assurance, training, compliance, credentialing, auditing, recordkeeping, scheduling, customer service, business planning, technology support, and other administrative activities necessary to operate the practice.

Appointment Reminders and Care Communications

We may use your contact information to send appointment reminders, follow-up instructions, lab reminders, refill-related communications, treatment-related communications, and other messages related to your care.

Business Associates and Service Providers

We may share information with vendors and service providers who perform services on our behalf, such as electronic health record systems, practice management systems, telehealth platforms, secure messaging vendors, payment processors, laboratories, pharmacies, billing support, IT support, and compliance vendors.

Where required by HIPAA, we enter into Business Associate Agreements with vendors who create, receive, maintain, or transmit PHI on our behalf. These vendors are required to protect PHI and use it only as permitted by law and by their agreement with us.

Pharmacies, Laboratories, and Other Healthcare Partners

We may disclose information to pharmacies, laboratories, compounding pharmacies, diagnostic providers, and other healthcare entities as necessary for treatment, prescription fulfillment, laboratory testing, medication management, and continuity of care.

Family Members, Caregivers, or Others Involved in Your Care

We may share relevant information with a family member, caregiver, personal representative, or other person involved in your care or payment for care if you agree, if you have an opportunity to object and do not object, or if we determine based on professional judgment that disclosure is in your best interest and permitted by law.

Required or Permitted by Law

We may use or disclose information when required or permitted by federal, state, or local law. This may include disclosures for public health activities, reporting adverse events, responding to health oversight agencies, complying with court orders or subpoenas, reporting abuse or neglect when required by law, responding to lawful law-enforcement requests, preventing a serious threat to health or safety, workers’ compensation matters, or other legally required disclosures.

Health Oversight and Regulatory Activities

We may disclose information to licensing boards, health oversight agencies, law enforcement, government agencies, or regulatory authorities when required or permitted by law, including in connection with audits, investigations, inspections, licensing, professional discipline, or compliance reviews.

Judicial and Administrative Proceedings

We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, only as permitted by applicable law.

Emergencies and Serious Threats

We may use or disclose information if necessary to prevent or lessen a serious and imminent threat to your health or safety or the health or safety of others, as permitted by law.

5. Uses and Disclosures Requiring Written Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes that are not otherwise permitted or required by law.

Written authorization is generally required for:

  • Uses or disclosures of PHI for marketing purposes, except where permitted by law.
  • Sale of PHI.
  • Disclosure of psychotherapy notes, if any, except in limited circumstances permitted by law.
  • Disclosure to third parties for purposes not related to treatment, payment, healthcare operations, or another permitted or required purpose.

You may revoke a written authorization at any time by submitting a written request to us. Revocation will not affect uses or disclosures already made in reliance on your prior authorization.

6. Marketing, Advertising, and Tracking Technologies

We do not sell PHI.

We do not use or disclose PHI for targeted advertising or third-party marketing unless permitted by law or authorized by you in writing.

We may use limited website analytics or cookies to understand website traffic and improve our website. We do not intentionally use tracking technologies to collect PHI from secure patient intake forms, patient portals, telehealth visits, or clinical communications for advertising purposes.

If we use marketing communications, patients may opt out of promotional emails or texts at any time. Opting out of marketing communications will not prevent us from sending treatment-related, transactional, appointment, billing, or legally required communications.

7. Telehealth and Electronic Communications

St. Johns Wellness may provide telehealth services through secure platforms and communication tools. Telehealth records, including video, audio, electronic messages, and other records generated as part of telehealth care, are treated as confidential medical records.

We use secure communication tools when communicating clinical information, including HIPAA-compliant systems such as patient portal messaging, secure phone and text solutions, Spruce, Zenoti, or other approved systems.

Email may be available for general questions or administrative inquiries. Because ordinary email may not be fully secure, patients should avoid sending sensitive medical information through general email unless they understand and accept the risks or unless directed to a secure communication method.

8. How We Protect Your Information

We maintain administrative, technical, and physical safeguards designed to protect PHI and personal information from unauthorized access, use, disclosure, alteration, or destruction.

These safeguards may include:

  • Secure electronic health record and practice management systems.
  • Encryption for information transmitted through secure systems.
  • SSL/TLS technology on websites and portals where sensitive information is collected or transmitted.
  • Role-based access controls limiting workforce access to the minimum necessary information.
  • Unique user credentials and password protections.
  • Multi-factor authentication where applicable.
  • Audit logs and access monitoring.
  • Staff privacy and security training.
  • Written privacy and security policies.
  • Business Associate Agreements with applicable vendors.
  • Secure storage of paper records.
  • Secure disposal of records when retention is no longer required.
  • Procedures for responding to suspected privacy or security incidents.

No system is guaranteed to be completely secure. However, we take reasonable measures to protect patient information and continuously evaluate our safeguards.

9. Your HIPAA Privacy Rights

Subject to applicable law, you have the following rights regarding your PHI.

Right to Access and Obtain Copies

You may request to inspect or obtain a copy of your medical and billing records. We will respond within the timeframe required by law. If your records are maintained electronically and are readily producible in electronic format, you may request an electronic copy.

Right to Request an Amendment

You may request that we amend information in your medical record if you believe it is incorrect or incomplete. We may deny the request in certain circumstances, but we will provide a written explanation if required.

Right to Request Restrictions

You may request that we restrict certain uses or disclosures of your PHI for treatment, payment, or healthcare operations. We are not required to agree to all requested restrictions, except where required by law.

If you pay out of pocket in full for a healthcare item or service, and you request that we not disclose information about that item or service to a health plan for payment or healthcare operations, we will honor that request where required by law.

Right to Request Confidential Communications

You may request that we contact you in a specific way or at a specific location, such as by phone, secure text, email, mailing address, or patient portal, when reasonable and permitted by law.

Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI made by us or our business associates, except for disclosures not required to be included by law, such as many disclosures for treatment, payment, and healthcare operations.

Right to Receive a Copy of This Notice

You may request a paper or electronic copy of this Notice at any time, even if you previously agreed to receive it electronically.

Right to File a Complaint

You may file a complaint with us if you believe your privacy rights have been violated. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint or exercising your privacy rights.

10. Florida Patient Privacy and Medical Records Rights

For Florida patients, medical records and information disclosed to healthcare practitioners in the course of care are confidential and may be disclosed only as permitted by law, including to the patient, the patient’s legal representative, healthcare practitioners and providers involved in the patient’s care or treatment, or as otherwise authorized or required by law.

Upon request, Florida patients or their legal representatives may obtain copies of records relating to examination or treatment, subject to applicable legal requirements.

We maintain policies, standards, and procedures designed to protect the confidentiality and security of medical records. Workforce members are trained regarding these policies and procedures.

We also maintain records of disclosures of medical-record information to third parties where required by law.

11. State-Specific Privacy Rights

If you are located in a state that provides additional privacy rights for personal information, health information, consumer health data, or medical records, we will honor those rights to the extent those laws apply and are not preempted by HIPAA or other applicable law.

Depending on your state and the type of information involved, these rights may include the right to request access, correction, deletion, portability, restriction, opt-out of certain data uses, appeal of certain decisions, or other rights.

To exercise any privacy right, please contact us using the information listed below.

12. Data Retention and Disposal

We retain medical records, billing records, consent forms, communications, and other information for the period required by applicable federal and state law and for legitimate clinical, legal, regulatory, and business purposes.

When records are no longer required to be retained, we dispose of them securely. Disposal may include shredding, erasing, or otherwise making personal information unreadable, undecipherable, or unrecoverable, consistent with applicable law.

13. Breach Notification

If we discover a breach involving unsecured PHI or personal information, we will investigate the incident and provide notifications as required by applicable federal and state law.

Where required, notifications may be provided to affected individuals, the U.S. Department of Health and Human Services, state agencies, regulators, media outlets, credit reporting agencies, or other parties as required by law.

Third-party vendors and business associates are required to notify us of privacy or security incidents involving information they maintain on our behalf, as required by applicable law and contractual obligations.

14. Cookies and Website Technologies

Our website may use cookies, analytics, or similar technologies to improve functionality, analyze traffic, remember preferences, and understand how visitors use our website.

You may disable cookies through your browser settings. Some website features may not function properly if cookies are disabled.

We do not knowingly use cookies or tracking technologies to collect PHI from secure patient intake forms, patient portals, telehealth visits, or clinical communications for targeted advertising.

15. Third-Party Links and Services

Our website or app may contain links to third-party websites, applications, pharmacies, supplement platforms, payment processors, social media pages, or other services that we do not control.

This Privacy Policy does not apply to third-party websites or services that are not operated by us. We encourage you to review the privacy policies of any third-party website or service before providing information.

When a third-party service provider handles PHI on our behalf, we require appropriate privacy and security protections as required by law.

16. Children and Minors

Our website is not directed to children under 13 for general browsing or marketing purposes.

Medical services for minors, if any, are provided only with appropriate consent from a parent, guardian, legal representative, or as otherwise permitted or required by applicable law. Privacy rights for minors and parents or guardians may vary based on state law and the type of healthcare service involved.

17. Changes to This Policy and Notice

We may update this Privacy Policy and Notice of Privacy Practices from time to time. When we make material changes, we will update the effective date and post the revised version on our website.

We reserve the right to apply changes to all information we maintain, including information created or received before the effective date of the revised policy, as permitted by law.

18. Contact Information and Privacy Complaints

If you have questions about this Privacy Policy and Notice of Privacy Practices, would like to exercise your privacy rights, or wish to file a privacy complaint, please contact:

  • St. Johns Wellness
    Privacy Officer / Privacy Contact: St. Johns Wellness Administration
  • Email: sjw@stjohnswellness.com
  • Phone: (904) 560-5089
  • St. Johns Office: 170 Fountains Way, Suite 6, St. Johns, FL 32259
  • St. Augustine Office: 125 Land Grant St, Suite #5, St. Augustine, FL 32092

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.