Medical Director Services
MSO-PC Framework (CPOM Structuring)
Compliance Auditing & Solutions
Telehealth Expansion
Good Faith Exams (GFEs)
Business Operations Consulting
Strategic Growth and Services Expansion Support
Contract Negotiation (GPO Alternative)
Medical Aesthetic Clinics (Med Spas)
Wellness, Weight Loss, & Functional Medicine Clinics
Telehealth CompaniesPrivacy Policy
Effective Date: September 23, 2025
Last Updated: March 30, 2026
MedSpire Health LLC (“MedSpire Health,” “we,” “our,” or “us”) respects the privacy of our clients, their patients, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our services, including marketing, website development, SEO, paid advertising, social media management, compliance infrastructure, and medical oversight support.
By engaging with MedSpire Health’s services, you agree to the practices described in this Policy.
1. Information We Collect
We may collect the following categories of information:
- Client Business Information: Company name, contact details, billing information, service history.
- User Information: Name, email, phone number, and communication preferences when you contact us or fill out a form on our website.
- Website & Marketing Data: Analytics, cookies, and similar technologies to measure campaign effectiveness and website performance.
- Regulatory & Compliance Information: Documentation needed to support LegitScript or other compliance applications.
- No PHI Storage: MedSpire Health does not routinely collect, store, or process Protected Health Information (PHI) from patients. In the ordinary course of business, our systems are not intended for PHI storage or transmission. Any client-owned PHI remains the responsibility of the client. In the event MedSpire Health is engaged in a capacity that involves access to PHI, a Business Associate Agreement (BAA) will be executed in accordance with HIPAA requirements.
2. How We Use Information
We use the information we collect to:
- Provide and manage contracted services.
- Communicate with clients about projects, billing, and support.
- Improve website functionality and service offerings.
- Ensure compliance with healthcare advertising regulations (e.g., LegitScript certification requirements, FTC advertising guidelines, and applicable state and federal healthcare regulations).
- Meet legal, contractual, and regulatory requirements.
3. Sharing & Disclosure of Information
We do not sell personal data. Information may be shared only as follows:
- Service Providers: With vendors who assist us in providing services (e.g., hosting providers, ad platforms). All service providers are contractually required to protect the confidentiality and security of shared information and are prohibited from using it for purposes other than those specified in their agreements with MedSpire Health.
- Compliance Organizations we work with: With regulatory authorities, government agencies, or third-party certification bodies (e.g., LegitScript) as part of application processes, audits, or regulatory inquiries.
- Legal Requirements: If required to comply with law, regulation, subpoena, or court order.
- Business Transfers: In the event of a merger, acquisition, or transfer of assets. In such an event, we will notify affected clients before their information is transferred or becomes subject to a different privacy policy.
4. Data Security & Compliance
- We implement industry-standard administrative, technical, and physical safeguards to protect information.
- Access to client data is restricted to authorized personnel.
- Sensitive documents (e.g., compliance filings) are encrypted during transmission and storage.
- We train staff regularly on data security and healthcare compliance obligations.
In the event of a data breach involving personal information, MedSpire Health will notify affected individuals and applicable regulatory authorities in accordance with Washington State’s breach notification statute (RCW 19.255.010) and any other applicable state or federal breach notification laws. Notification will occur within 30 days of discovery of the breach, or as otherwise required by law.
5. Data Retention
- Client account information is retained for the duration of the agreement and for a period not to exceed 5 years thereafter to comply with legal and accounting obligations.
- Marketing analytics data is retained for a maximum of 36 months to support reporting and optimization, after which it is anonymized or deleted.
- Compliance documentation (e.g., LegitScript applications) is retained in accordance with regulatory requirements.
6. Your Privacy Rights
Depending on your location, you may have the right to:
- Access, correct, or delete personal data we hold about you.
- Opt out of marketing communications at any time.
- Restrict or object to certain processing activities.
- Request a copy of your data in portable format.
To exercise these rights, please contact us at info@medspire-health.com.
For California residents: We comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) to the extent applicable. You may request disclosure of the categories of personal information collected, the purposes for collection, and the categories of third parties with whom information is shared. To submit a verifiable request, contact info@medspire-health.com. We do not respond to “Do Not Track” browser signals at this time, but you may exercise your privacy rights by contacting us directly.
For Washington State residents: MedSpire Health complies with the Washington My Health My Data Act (effective March 31, 2024) to the extent applicable to our services. This law provides enhanced protections for “consumer health data,” which may include certain health-related information processed in connection with our compliance services. Washington residents may request access to, deletion of, or withdrawal of consent for the collection of consumer health data by contacting info@medspire-health.com.
7. Cookies & Tracking
Our website and campaigns may use cookies, pixels, and analytics tools to:
- Measure website traffic and engagement.
- Track the effectiveness of campaigns.
- Personalize user experiences.
You can adjust your browser settings to block or delete cookies.
8. Text Messaging (SMS) Communications
By providing your mobile phone number to MedSpire Health, you consent to receive recurring automated text messages, including marketing messages, appointment reminders, and service updates, from MedSpire Health at the phone number provided. Message frequency may vary. Message and data rates may apply. Consent to receive text messages is not a condition of purchase.
You may opt out of receiving text messages at any time by replying STOP to any message you receive. For help, reply HELP or contact us directly at info@medspire-health.com or 877-378-8754.
MedSpire Health will not share your mobile number or text messaging consent with third parties for their own marketing purposes. Your information is used in accordance with this Privacy Policy and applicable laws, including the Telephone Consumer Protection Act (TCPA) and A2P 10DLC requirements.
9. HIPAA Disclaimer
MedSpire Health is a compliance infrastructure and marketing services provider, not a covered entity or business associate under HIPAA in the ordinary course of its services. In the event MedSpire Health performs functions or activities on behalf of a covered entity that involve the use or disclosure of PHI, MedSpire Health will enter into a Business Associate Agreement (BAA) with the covered entity prior to accessing such information, in accordance with 45 CFR §164.502(e) and §164.504(e). Clients are responsible for ensuring PHI is not transmitted through marketing systems unless a BAA is fully executed and in effect.
10. Children’s Privacy
Our services are not directed toward individuals under 18. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted with a revised “Last Updated” date. Material changes will be communicated directly to clients at least 30 days before they take effect.
12. Contact Us
For questions, concerns, or to exercise your privacy rights, please contact:
MedSpire Health LLC
2442 NW Market Street, Unit 1189
Seattle, WA 98107
info@medspire-health.com
877-378-8754