HIPAA Statement

Woodland Herbal Health Privacy Statement

Effective Date: 07/25/2018

Welcome, beloved community—your trust matters deeply to us, and we’re committed to honoring it through intentional care for your health information.

1. Our Commitment & HIPAA Status

Woodland Herbal is a family-led business of four generations of herbalists, rooted in Warsaw, Ohio, crafting small-batch, plant-based remedies with love and integrity. We do not bill insurance and are not a HIPAA Covered Entity, but we choose to uphold HIPAA-inspired standards—including confidentiality, limited use, and secure handling of your health information.

2. Why We Collect Your Information & How We Use It

We collect only what’s necessary to:

  • Deliver your herbal products or educational services
  • Provide custom herbal support or troubleshoot orders
  • Respond to patient-initiated questions and service needs
  • Comply with legal, safety, or regulatory obligations

We do not sell or market with your health data—only use it to fulfill our care and community mission.

3. How We Keep Your Data Safe

  • We use secured digital systems, encrypted storage and transmission, and role-based access controls.
  • Sensitive communication (e.g., intake forms, class registration, care questions) is supported through secure messaging or portal tools.
  • Unencrypted channels like email or SMS are available only if you opt-in knowingly, and we always aim for “minimum necessary” access.

4. Breach Protocol + FTC Health Breach Notification Rule

Though not subject to HIPAA breach mandates, we align with the FTC Health Breach Notification Rule:

  • We will notify you promptly and clearly if your health-related data is compromised.
  • We’ll also notify relevant authorities as required and guide you on steps to protect yourself.

5. Consumer Health Data Protections (State Laws)

We serve clients from all over—including Washington, Nevada, and California, where additional protections apply:

  • Washington (My Health, My Data Act): Broad rights over health data and consent, and no location-based tracking (i.e., no geofencing) around healthcare services.
  • Nevada (SB 370): Similar protections and consent rules.
  • California (CMIA, CCPA/CPRA): Rights to access, amend, delete, and control data—even when HIPAA doesn’t apply.

If you’re a resident of these states—or your data originates there—know that you can request access, correction, or deletion, and we’ll honor your rights fully and respectfully.

6. Your Rights—Simple & Clear

You can always:

  • Access or get a copy of your health-related information
  • Correct or amend inaccuracies
  • Request limits on how your information is used or shared
  • Choose how we contact you (like secure messaging, not email)
  • Get a record of who accessed or shared your data
  • Obtain a copy of this full privacy statement anytime—just ask

7. Third-Party Tools & Vendor Agreements

We carefully evaluate our partners—for scheduling, intake, messaging, storage, or classes—to ensure they uphold privacy and security. When HIPAA standards may apply, we use Business Associate Agreements (BAAs). Otherwise, we require vendors to commit contractually to safeguarding your data.

8. What Happens If There’s a Breach?

In the unlikely event of a breach affecting your information:

  • We’ll notify you fast in plain language about what occurred and how we’re responding
  • We'll fulfill any required notifications to FTC or state regulators
  • We’ll share practical guidance on how you can protect yourself

9. How to Reach Us

Privacy Officer – Brandon Elijah Scott, Woodland Herbal

  • Email: Hello@WoodlandHerbal.com
  • Phone: 1+ (740) 291-7492
  • Mail: 21337 County Road 3, Warsaw, OH 43844

You’re welcome to contact us about privacy questions, data requests, or any concerns. We promise responsiveness and respect—without judgment or retaliation.

10. Policy Updates

As laws or practices evolve, we'll update this policy and post the new effective date clearly—so you're always informed.