How Weight Loss Projection Lab protects your Protected Health Information
Effective Date: January 1, 2025 | Last Updated: December 27, 2025
Weight Loss Projection Lab is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). We implement comprehensive administrative, physical, and technical safeguards to protect your Protected Health Information (PHI).
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.
HIPAA applies to "covered entities" (healthcare providers, health plans, and healthcare clearinghouses) and their "business associates" (companies that handle PHI on their behalf). As a health tracking platform, WLPL acts as a business associate and is fully committed to HIPAA compliance.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Weight Loss Projection Lab is required by law to maintain the privacy and security of your Protected Health Information (PHI). This Notice of Privacy Practices describes our legal duties and privacy practices with respect to your PHI, and your rights regarding your PHI.
PHI is any information about your health status, provision of healthcare, or payment for healthcare that can be linked to you. On WLPL, this includes:
We will always ask for your written authorization before using or disclosing your PHI for purposes other than those listed below. You may revoke your authorization at any time.
HIPAA permits us to use and disclose your PHI without your authorization for the following purposes:
When disclosure is required by federal, state, or local law, such as reporting abuse or suspected abuse.
To public health authorities for purposes of preventing or controlling disease, injury, or disability.
To appropriate authorities when we believe you are a victim of abuse, neglect, or domestic violence.
To law enforcement officials as required by law or in response to valid legal process.
When necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
We may share your PHI with third-party service providers ("Business Associates") who perform services on our behalf. All Business Associates sign agreements (Business Associate Agreements or BAAs) requiring them to protect your PHI.
Examples: Cloud hosting (Google Cloud), AI services (OpenAI, Google Gemini), payment processing (Stripe)
Under HIPAA, you have the following rights with respect to your Protected Health Information:
You have the right to inspect and obtain a copy of your PHI. You can access and download your data through your account settings.
We will respond to your request within 30 days. We may charge a reasonable fee for copying and mailing costs.
You have the right to request that we amend your PHI if you believe it is incorrect or incomplete.
You can edit most information directly in your account. For other amendments, contact us at privacy@weightlossproglab.com.
You have the right to receive a list of certain disclosures we have made of your PHI.
This does not include disclosures for treatment, payment, or healthcare operations, or disclosures you authorized. You may request an accounting for the past 6 years.
You have the right to request restrictions on certain uses and disclosures of your PHI.
We are not required to agree to your request, but if we do, we will comply with your request unless the information is needed for emergency treatment.
You have the right to request that we communicate with you about your PHI by alternative means or at alternative locations.
We will accommodate reasonable requests. You can update communication preferences in your account settings.
You have the right to receive a paper copy of this Notice of Privacy Practices, even if you have agreed to receive it electronically.
Contact us at privacy@weightlossproglab.com to request a paper copy.
You have the right to request deletion of your PHI, subject to certain exceptions.
You can delete your account and data through account settings. Some data may be retained for 7 years as required by law.
To exercise any of these rights, you may:
HIPAA requires us to implement administrative, physical, and technical safeguards to protect your PHI:
Under HIPAA's Breach Notification Rule, we are required to notify affected individuals, the Department of Health and Human Services (HHS), and in some cases the media, if there is a breach of unsecured PHI.
We will notify you within 60 days of discovering a breach. The notification will include:
Breaches affecting 500+ individuals: Notify HHS within 60 days
Breaches affecting <500 individuals: Notify HHS annually
For breaches affecting 500+ individuals in the same state or jurisdiction, we will notify prominent media outlets.
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS).
No Retaliation Policy
You will NOT be retaliated against for filing a complaint. We prohibit intimidating or retaliatory acts against anyone who files a complaint or exercises their privacy rights.
We reserve the right to change this Notice of Privacy Practices at any time. Any changes will apply to all PHI we maintain, including information created or received before the change.
We will post the current notice on our website and in our mobile app. We will also notify you via email of any material changes to this Notice.
If you have questions about this Notice or our privacy practices:
User