Privacy Policy

Effective Date: October 20, 2025

At Looking Glass Wellness Clinic (https://lookingglasswellness.com), we are committed to protecting the privacy and security of your personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable laws. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information, including Protected Health Information (PHI), when you visit our website, use our services, or interact with us.

Who We Are

Our website address is: https://lookingglasswellness.com. Looking Glass Wellness Clinic is a healthcare provider dedicated to delivering high-quality medical care while prioritizing patient privacy and data security.

Information We Collect

We collect information necessary to provide healthcare services, enhance your experience, and ensure the functionality of our website. This includes:

  • Protected Health Information (PHI): Information such as your name, contact details, medical history, insurance information, and other health-related data provided during appointments, forms, or communications with our clinic.

  • Website Interaction Data: When you visit our website, we may collect:

    • Comments: If you leave comments on our site, we collect the data shown in the comments form, your IP address, and browser user agent string to aid in spam detection. An anonymized string (hash) created from your email address may be shared with the Gravatar service to display your profile picture, if applicable. The Gravatar privacy policy is available at: https://automattic.com/privacy/.

    • Media: If you upload images to our website, avoid including embedded location data (EXIF GPS), as visitors may download and extract this data.

    • Cookies and Usage Data: We use cookies to enhance your experience:

      • If you leave a comment, you may opt-in to cookies storing your name, email, and website for convenience, lasting one year.

      • Visiting our login page sets a temporary cookie to check browser compatibility, which is discarded when you close your browser.

      • Logging in sets cookies to save login information (lasting two days) and screen display choices (lasting one year). Selecting “Remember Me” extends login persistence to two weeks. Logging out removes these cookies.

      • Editing or publishing an article saves a cookie with the post ID, expiring after one day.

    • Embedded Content: Our site may include embedded content (e.g., videos, images) from other websites. These sites may collect data, use cookies, or track interactions, behaving as if you visited their site directly.

    • SMS/MMS Communications: If you opt-in to receive text messages, we collect your phone number and consent data for appointment reminders, health updates, or other clinic-related communications.

How We Use Your Information

We use your information to:

  • Provide and manage healthcare services, including appointments, treatments, and billing.

  • Communicate with you via email, phone, or SMS/MMS for appointment reminders, treatment plans, or health-related updates.

  • Improve our website and services through analytics and user feedback.

  • Detect and prevent spam or security threats.

  • Comply with legal obligations, including HIPAA requirements for safeguarding PHI.

Who We Share Your Data With

We are committed to protecting your privacy and do not share your PHI or personal information except as permitted or required by law, including HIPAA regulations. Disclosures may include:

  • Healthcare Operations: Sharing PHI with business associates (e.g., billing services, electronic health record providers) under HIPAA-compliant agreements to ensure data protection.

  • Legal Requirements: Disclosing information to comply with court orders, public health reporting, or other legal obligations.

  • Password Resets: If you request a password reset, your IP address may be included in the reset email.

  • Spam Detection: Visitor comments may be checked through an automated spam detection service.

  • SMS/MMS Disclosure: No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We do not sell or share your personal information or PHI for marketing purposes without your explicit consent.

How Long We Retain Your Data

  • PHI: We retain your health information as required by HIPAA and state regulations, typically for a minimum of six years from the date of creation or last use, or longer if required by law.

  • Comments: If you leave a comment, it and its metadata are retained indefinitely to facilitate automatic approval of follow-up comments.

  • User Profiles: For registered users, we store personal information in your user profile for as long as your account is active or as needed to provide services, unless you request deletion.

  • Cookies: Cookie retention periods are outlined in the “Cookies and Usage Data” section above.

Your Rights Over Your Data

Under HIPAA and applicable laws, you have rights regarding your personal information and PHI, including:

  • Access: Request a copy of your PHI or personal data we hold about you.

  • Correction: Request corrections to inaccurate or incomplete PHI.

  • Deletion: Request deletion of personal data, except for data we are required to retain for legal, administrative, or security purposes.

  • Restriction: Request restrictions on how we use or disclose your PHI.

  • Data Portability: Request an exported file of your personal data.

  • Opt-Out: Opt-out of non-essential communications, such as SMS/MMS messages, by following the unsubscribe instructions provided in the message or contacting us.

To exercise these rights, contact us at [insert clinic contact information]. Website administrators may also access and edit user profile information as needed.

Where Your Data Is Sent

  • Secure Storage: Your PHI is stored in HIPAA-compliant systems with encryption and access controls.

  • Third-Party Services: Data may be sent to HIPAA-compliant business associates for healthcare operations (e.g., billing, telehealth platforms like Zoom). We ensure these parties adhere to strict privacy standards.

  • Spam Detection: Visitor comments may be processed by automated spam detection services.

  • International Transfers: If data is transferred internationally, we ensure compliance with HIPAA and applicable data protection laws.

Security Measures

We implement physical, technical, and administrative safeguards to protect your PHI and personal information, including:

  • Encryption of data in transit and at rest.

  • Access controls limiting data access to authorized personnel.

  • Regular security audits and staff training on HIPAA compliance.

  • Secure disposal of records per HIPAA guidelines.

Contact Us

For questions about this Privacy Policy, your rights, or our data practices, please contact our Privacy Officer at:

  • Phone: (405) 332-4014

  • Address: Looking Glass Wellness Clinic, 215 W McElroy Rd Suite 5, Stillwater, OK 74075

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updates will be posted on our website with the effective date. We encourage you to review this policy periodically.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.