About
Meet Dr. Judith Borger CMA Gallery
Aesthetic Medicine
Wrinkle Relaxers Dermal Fillers Biostimulators Exceed Microneedling Chemical Peels Facial Treatments & Medical Aesthetics Lash Extensions Medical Hair Restoration for Men & Women
Wellness
Medical Weight Loss Vitamins IV Ketamine Treatments Headspa Experience
Energy Based Devices
Nd:YAG Vein Laser Treatment Painless Laser Hair Removal Radiofrequency Microneedling Nordlys Intense Pulsed Light (IPL) Laser Genesis Frax 1550 Skin Resurfacing Body Contouring Tixel Treatment XERF™ Skin Tightening & Rejuvenation
Memberships Blog Podcast Contact
Appointments

Privacy Notice for Concierge Medical Arts

Effective date: May 15, 2026
anti wrinkle injections

This privacy notice explains how Concierge Medical Arts ("we", "our") located at 1011 Arsenal Avenue, Fayetteville, NC 28306 collects, uses, shares, and protects your information when you visit our website and/or receive care from us.

If you have questions, contact our Privacy Officer:

Kristin Surgeon
Email: [email protected]
Phone: (910) 302-9918

⚠️ Important: This is a general template to help operate a compliant privacy notice. Depending on services, technology, and patient data flows (especially PHI under HIPAA), a separate HIPAA Notice of Privacy Practices (NPP) may also be required. We strongly recommend review and customization by a qualified healthcare attorney.

Why You’re Reading This

We collect and use personal information to provide medical care, communicate with you, bill for services, and operate our business legally and securely.

We strive to protect your PHI (Protected Health Information) in line with HIPAA and applicable state and federal privacy laws.

1) Information we collect

We may collect the following categories of information:

  • Identifiers and contact details: name, email, phone number, mailing address, date of birth.

  • Health and medical information (PHI): medical history, diagnoses, treatment plans, medications, test results, immunizations, appointment notes, and related patient records.

  • Payment and billing information: payment method details, billing records, and payment history. (Note: We do not utilize medical insurance for our office; this category covers private-pay billing as applicable.)

  • Professional and employment information: if you apply for a job with us.

  • Device, usage, and location data: IP address, browser type, device information, pages you visit, cookies and similar technologies, and approximate location.

  • Communications: messages you send to us via our website, contact forms, email, or phone.

2) How we collect information

  • Directly from you: when you provide data to us (e.g., filling out forms, scheduling an appointment, communicating with us).

  • Automatically via technology: cookies, web beacons, analytics to understand site usage and improve services.

  • From service providers: EHR systems, practice management software, payment processors, cloud storage, and other vendors who help operate our services, under contracts that require them to protect your data (BAAs where applicable).

3) How we use your information

  • Provide and coordinate care: to schedule, diagnose, treat, and communicate about your health.

  • Communicate about care: appointment reminders, test results, follow-ups, and care instructions.

  • Billing and operations: process payments, manage records, and conduct necessary administrative tasks.

  • Compliance and safety: comply with legal obligations, security, and privacy requirements; prevent fraud and misuse.

  • Improvement and analytics: assess and improve our services and website functionality.

  • Marketing and outreach (where allowed): to send newsletters or information about services with your consent or where legally permissible; you can opt out at any time.

4) How we share your information

  • With your care team: other providers involved in your treatment.

  • With service providers (BAAs in place): cloud storage, IT services, billing, scheduling systems, and other vendors who perform services on our behalf.

  • For payment processing and health care operations: payment processors and those who support health care operations as needed for treatment and administration.

  • As required by law: when required by law, court order, or to protect safety and rights.

  • With your consent: any other sharing with your explicit authorization.

Note: We limit the amount of PHI shared to the minimum necessary to accomplish the purpose.

5) Cookies and tracking technologies

  • We use cookies and similar technologies to:

    • Ensure website functionality and security.

    • Understand site usage and improve user experience.

    • Provide analytics and marketing (where you’ve given consent or where permitted by law).

  • You can manage cookie preferences via the website banner or your browser settings. Some cookies are essential for site operation and cannot be turned off.

6) Data retention and security

  • We retain personal information and PHI as long as needed to provide care, fulfill legal obligations, resolve disputes, and enforce agreements.

  • We implement reasonable administrative, technical, and physical safeguards to protect information, including encryption, access controls, and vendor oversight.

  • In the event of a data breach, we have a plan to detect, respond, and notify affected individuals as required by law.

 

7) International transfers

  • If we or our service providers transfer information to other countries, we rely on appropriate safeguards (e.g., data processing agreements, HIPAA BAAs, and other legally recognized transfer mechanisms) to protect your data.

 

8) Your rights and choices

  • Access and correction: request copies of your information and correct inaccuracies.

  • Restrictions and objections: ask to restrict certain uses, or object to processing.

  • Data portability: request a copy of your information in a structured, commonly used format.

  • PHI rights under HIPAA (where applicable): request an accounting of disclosures, request amendments, and request restrictions on PHI disclosures.

  • Marketing communications: opt out of promotional emails or messages at any time.

  • Do not track / cookies: manage cookie preferences; you can withdraw consent where required.

How to exercise rights: contact our Privacy Officer at [email protected] or (910) 302-9918, or use the privacy contact form on our website. We will respond in accordance with applicable law and within the required timeframes.

 

9) Children’s privacy

  • Our services are not directed to children. We do not knowingly collect information from children under 18. If you believe a child has provided us with PHI or personal data, contact us to delete or restrict that data where appropriate.

 

10) Changes to this privacy notice

  • We may update this notice from time to time. We will post the new version on our website and update the effective date. If the changes are material, we may provide additional notice or seek consent as required by law.

 

11) How to contact us

  • Privacy Officer: Kristin Surgeon

  • Email: [email protected] 

  • Phone: (910) 302-9918

  • Mailing address: Concierge Medical Arts, 1011 Arsenal Avenue, Fayetteville, NC 28306

HIPAA Notice of Privacy Practices (NPP)

Concierge Medical Arts — Fayetteville, NC

Effective date: May 15, 2026

This NOTICE OF PRIVACY PRACTICES explains how Concierge Medical Arts ("we", "our") may use and disclose your protected health information (PHI) and your rights under the HIPAA Privacy Rule. It also describes how you can access and control your PHI. If you have questions, please contact our Privacy Officer.

  • Privacy Officer: Kristin Surgeon

  • Email: [email protected] 

  • Phone: (910) 302-9918

  • Address: Concierge Medical Arts, 1011 Arsenal Avenue, Fayetteville, NC 28306

1) Our commitment to privacy

  • We protect the privacy of your PHI and limit uses and disclosures to the minimum necessary to treat you, bill for services, and operate our practice.

  • We only access PHI as needed for care, administrative purposes, and as permitted by law.

  • We do not bill private health insurance for our services. Direct-pay arrangements may involve PHI processing by payment processors or similar vendors.

     

2) How we may use and disclose your PHI

PHI may be used or disclosed without your authorization for treatment, payment, and health care operations, or as otherwise required by law. We may also disclose PHI with your authorization for purposes not described here.

  • For treatment: to provide, coordinate, and manage your medical care with you and other health professionals involved in your care.

  • For payment: to obtain payment for services or to bill a patient directly. We use PHI only to the extent necessary for payment activities.

  • For health care operations: to conduct business activities such as quality improvement, training, compliance, and regulatory reporting.

  • As required by law: when required by public health requirements, court orders, or other legal obligations.

  • With your authorization: any disclosure not described in this notice will require your explicit written authorization.

Note: We limit disclosures to the minimum necessary to accomplish the purpose.

 

3) Minimum necessary standard

  • We will make reasonable efforts to limit PHI disclosures to the minimum necessary to achieve the purpose of the use or disclosure.

  • Some disclosures (e.g., for treatment) are permitted without minimization because they are essential to care.

 

4) Your rights under HIPAA

You have the following rights regarding your PHI. To exercise these rights, contact the Privacy Officer at the information above.

  • Right of access: You may inspect and obtain a copy of your PHI in the form and format requested, if readily producible.

  • Right to amend: You may request that PHI be amended or corrected if you believe it is inaccurate or incomplete.

  • Right to an accounting of disclosures: You may request a list of disclosures of your PHI made by us other than for treatment, payment, or operations, or disclosures made with your authorization.

  • Right to request restrictions: You may request restrictions on certain uses or disclosures of PHI. We are not required to agree to all requests, but we will consider them.

  • Right to confidential communications: You may request that we contact you at an alternative address or by alternative means (e.g., a different phone number or email) to protect your privacy.

  • Right to a paper copy of this NPP: You may obtain a paper copy of this notice at any time by contacting the Privacy Officer.

  • Right to be informed about breaches: You will be notified of any breach of your PHI as required by law.

How to exercise rights: Submit your request in writing to the Privacy Officer via email, mail, or through the privacy contact form on our website. We will respond within the timeframes required by HIPAA (typically within 30 days, with possible extensions as allowed by law).

 

5) How we protect your PHI

  • We implement administrative, technical, and physical safeguards to protect PHI from unauthorized access, disclosure, alteration, or destruction.

  • Access to PHI is restricted to authorized personnel only and is protected by secure systems and procedures.

 

6) How we may contact you about PHI

  • Appointment reminders, test results, follow-up instructions, and other health information related to your care may be communicated by secure channels as appropriate.

  • You can request alternative methods or locations for communications to protect your privacy.

 

7) Changes to this NPP

  • We may update this Notice of Privacy Practices from time to time. We will post the updated notice on our website and provide a new effective date. If material changes occur, we may provide additional notification as required by law.

 

8) Complaints

  • You may file a complaint with our Privacy Officer if you believe your privacy rights have been violated or you have concerns about our privacy practices.

  • You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). For details, visit hhs.gov/ocr.

 

9) How to contact us

  • Privacy Officer: Kristin Surgeon

  • Email: [email protected] 

  • Phone: (910) 302-9918

  • Mailing address: Concierge Medical Arts, 1011 Arsenal Avenue, Fayetteville, NC 28306