PMR WELLNESS — DATA SECURITY POLICY

Last Updated: November 2025

PMR Wellness is committed to protecting all personal and health information entrusted to us. This policy explains how we secure data stored, transmitted, or collected through our website and wellness operations.

1. Security Principles

We follow industry-standard administrative, physical, and technical safeguards, including:

• Encryption for data transmitted through forms

• Secure servers and firewalls

• Multi-factor or restricted-access controls

• Encrypted backups

• Secure communication channels for sensitive information

• Regular updates and security maintenance

2. Access Controls

Only authorized PMR Wellness personnel may access patient information.
Access is given based on job role and revoked immediately upon role changes or termination.

No staff member is permitted to store patient data on personal devices.

3. Data Storage & Retention

• Health information is stored securely in accordance with HIPAA requirements.

• Intake forms and communication may be stored in encrypted systems.

• We retain information only for as long as necessary to provide services or comply with legal requirements.

4. Payment Information

We do not store credit card numbers or payment details internally.
All payments are processed through secure third-party processors (e.g., Clover, QuickBooks Payments).
These processors use encryption and maintain PCI-compliant systems.

5. Email Security

Email is not always a secure communication channel.
Patients should avoid sending highly sensitive medical or payment information via unencrypted email.

6. Breach Response

If a data breach is suspected or confirmed, PMR Wellness will:

• Investigate immediately

• Mitigate security risks

• Notify affected patients as required by law

• Follow all HIPAA breach-notification guidelines

7. Changes to This Policy

We may update this policy from time to time. Updates will be posted on our website.