Privacy Policy


Revised Date:  February 3, 2024


If you have any questions about this notice or need further information, please contact our Privacy Officer, Timothy Heilenbach, at Written requests should be addressed to:

Derma Luxe Aesthetics

666 Dundee Rd, Ste 1904

Northbrook, IL 60062

Attention: Privacy Officer

This Notice applies to MD Infusions, PLLC, d/b/a Derma Luxe Aesthetics, its practitioners, employees and agents (“Derma Luxe Aesthetics” or the “Practice”). 



The privacy of your protected health information or “PHI” is important to us. This notice will tell you about the ways in which we may use and disclose your PHI,  your rights regarding your PHI. This Notice is published on our webpage and available at Derma Luxe Aesthetics practice locations. You will receive a copy at the first point of service and amendments will be made available on our webpage and at the service following an amendment. 


We may access, use or disclose your PHI only as permitted by law.  The following are different ways that we may use and disclose your PHI without your authorization:

  1. To provide you with health care treatment or services. For example, we may disclose your lab results to your primary care physician;
  2. To bill and collect payment from you, an insurance company, or a third party. For example, we may need to disclose your health plan information about your use of our services so that your health plan will pay us or reimburse you for the treatment;
  3. To support business and other healthcare operations of our Practice. For example, we may use health information to review our treatment and services and to evaluate the performance of our staff and business associates;
  4. To permit business associates to perform contracted services. Examples of when we may use a business associate include lab information systems and companies, management services organization, cloud-hosting vendors, coding and claims submission performed by a third party billing company, consulting and quality assurance activities provided by an outside consultant, billing and coding audits performed by an outside auditor, and other legal, administrative and consulting which may arise from time to time;
  5. For the purpose of research, but only upon your express authorization or if the research protocol has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI;
  6. When required by federal, state, or local law to disclose. For example, by court order or federal, state or local departments of health may require disclosure of PHI for purposes of reporting abuse, neglect, domestic violence or human trafficking;
  7. When necessary to prevent a serious threat to the health and safety of you, the public, or another person;
  8. If you are a member of the armed forces or separated/discharged from military services, as required by military command authorities or the Department of Veteran Affairs;
  9. As authorized by, and in compliance with, laws related to workers’ compensation and similar programs established by law;
  10. For public health activities, including, but not limited to, preventing or controlling disease, injury or disability, reporting births and deaths, and reporting reactions to medications or problems with products;
  11. To health oversight agencies for activities authorized by law, including, for example, audits, investigations, inspections, and licensure;
  12. If you are involved in a lawsuit or dispute, in response to a court or administrative order. We may also be required to disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested;
  13. To law enforcement officials for law enforcement purposes, including, but not limited to, reporting certain injuries, as required by law, and identifying or locating a suspect, fugitive, material witness, or missing person;
  14. To organizations involved in the procurement, banking, or transplantation of cadaveric organs, eyes or tissue, for the purpose of facilitating organ and tissue donation where applicable;
  15. To appropriate governmental authority if we reasonably believe you may be a victim of abuse, neglect, or domestic violence, but only if you agree or when required by law;
  16. To a coroner or health examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death;
  17. To authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law, and
  18. If you are an inmate of a correctional institution or under the custody of a law enforcement official, to the correction institution or law enforcement official. This release would be necessary (a) for the institution to provide you with health care; (b) to protect your health and safety or the health and safety of others; or (c) for the safety and security of the correctional institution.



  1. Appointment Reminders. We may use PHI that you provided us to remind you of your upcoming appointments for lab testing and other communications related to your lab testing.
  2. Notification. We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, close personal friend, or other person responsible for your care of your location and general condition. However, we will not disclose PHI to such individuals if you notify our Privacy Officer of your objection to such disclosures.
  3. Communication with Family Members. Sometimes a family member or other person involved in your care will be present when we are discussing your PHI with you. If you object, please tell us and we won’t discuss your PHI while that person is present. There may be times when it is necessary to disclose your PHI to a family member or others involved in your care because there is an emergency or you lack the decision making capacity to agree or object. In those instances, we will use our professional judgement to determine if it’s in your best interest to disclose your PHI. If so, we will limit the disclosure to the PHI that is directly relevant to the person’s involvement with your health care. For example, we may disclose your potential exposure to an infectious disease that warrants immediate attention.
  4. Unlawful Conduct. Federal law allows for the release of your PHI to appropriate health oversight agencies, public health authorities or attorneys, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.


We will obtain your written permission through an authorization for other uses and disclosures of your PHI not covered by this Notice. If you provide us with written authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time. Below are some specific situations:

  1. Marketing Communications. We must obtain an authorization for any use or disclosure of your PHI for any marketing communications to you about a product or service that encourages you to use or purchase the product or service unless the communication is either (a) a face-to-face communication or; (b) a promotional gift of nominal value. However, we do not need to obtain an authorization from you to provide appointment reminders, prescription expiration reminders, follow-up care, information regarding your course of treatment, case management or care coordination, to describe a health-related products or services that we provide, or to contact you in regard to treatment alternatives. We must notify you if the marketing involves financial remuneration.
  2. Use of Photographs, Videos or Testimonials. We must obtain authorization from you to use photographs, videos or testimonials that contain PHI except for the purposes identified above. For example, if you agree, we may post your photo on our webpage, Facebook or other social media site; and
  3. Sale of PHI. We must obtain an authorization for any disclosure of your PHI which constitutes a sale of such PHI.

Note: Genetic information, information about sexually transmitted infections, alcohol and/or substance abuse records, mental health records, and other sensitive health information may have additional confidentiality protections under state and federal law.  Any disclosures of these types of PHI will be subject to those additional protections as applicable. 


You have the following rights with respect to your PHI:

  1. The right to inspect and/or receive a copy of all or any part of your medical or health record. To inspect and copy your PHI, you must submit your request in writing to our Privacy Officer at the address listed at the beginning of this notice. A form for requesting a copy of your PHI will be provided by the Practice. We shall comply with your request to inspect your records within 30 days after receipt of the written request. We may charge a reasonable cost-based fee for paper copies and delivery. We may deny your request under certain limited circumstances.
  2. The right to request that we amend your PHI or a medical or health record about you if you feel that health information we have about you is incorrect or incomplete. To request an amendment, your request must be made in writing, submitted to our Privacy Officer at the address listed on the first page of this notice, and must provide a reason that supports your request for an amendment. We may deny your request under certain limited circumstances.
  3. The right to request a list accounting for any disclosures of your PHI we have made, except for disclosures made for the purpose of treatment, payment, health care operations, and certain other purposes. To request an accounting of disclosures, you must submit your request in writing to our Privacy Officer at the address listed on the first page of this notice. Your request must state a time period which may not be longer than 6 years. The first list you request within a 12 month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
  4. The right to request a restriction or limitation on the use and disclosure of your PHI. To request a restriction on the use and disclosure of your PHI, you must make your request in writing to our Privacy Officer at the address listed on the first page of this notice. In your request, you must tell us what information you want to limit and to whom you want the limitations to apply.  We will notify you of our decision regarding the requested restriction.  If we do agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment. 
  5. The right to request we communicate with you about your PHI in a certain way or have such communications addressed to a certain location. To request confidential communications, you must make your request in writing to our Privacy Officer at the address listed on the first page of this notice. Your request must specify how or where you wish to be contacted.
  6. The right to a paper copy of this notice at any time upon request. At the time of first service rendered, we are required to provide you with a paper copy of this notice. To obtain a copy of this notice at any other time, please request it from our Privacy Officer at the address listed on the first page of this notice.
  7. The right to revoke any authorization for the use and disclosure of your PHI, except to the extent that action has already been taken in reliance on such authorization.


In the event of a Breach of your PHI, you will receive notice of the Breach at your last known mailing address, on our website and/or by publication, as required by law.


If you believe your privacy rights have been violated, you may file a complaint with us by email to and/or with the Secretary of the United States Department of Health and Human Services.  To file a complaint with us, contact our Privacy Officer at the contact information on the first page. All complaints must be submitted in writing.  There will be no retaliation against you for filing a complaint. 

Derma Luxe Aesthetics recognizes that users may have concerns about privacy issues as they navigate the Internet. Derma Luxe Aesthetics is committed to providing users with a safe, secure environment in which to secure information. Derma Luxe Aesthetics will use reasonable efforts to ensure that the information you provide remains private, and is used only for the purposes stated below.

Collected Information

We collect information about the users of our site. This information helps us determine which parts of the site visitors find most valuable as well as how we can continually improve the services we provide. User identities remain anonymous unless the User provides this information as a part of registration. We use your IP address to help diagnose problems with our servers and to administer our Website.

Users may use without registering, but registration must occur in order to use any of the personalized services. Our site’s registration form requires specific contact information: name, e-mail address, etc. We use the customer contact information to learn more about our visitors. The contact information is also used to contact users when necessary.

Unique identifiers (such as IDs and passwords) are collected to verify the visitor’s identity and for use as account numbers in our record system.

Links to Other Sites may contain links to third-party Websites. These links are provided solely as a convenience to users and not as an endorsement by Derma Luxe Aesthetics of the contents on such third-party Websites. Derma Luxe Aesthetics is not responsible for the content of linked third-party sites and does not make any representations regarding the content or accuracy of materials on such third-party Websites. Links to third-party Websites are performed at your own risk.

Derma Luxe Aesthetics does not represent or guarantee the truthfulness, accuracy, or reliability of communications posted by users or endorse any opinions expressed by users. User acknowledges that any reliance on material posted by other users will be at the User’s risk.

At, we use a feature on your Internet browser called a “cookie”. A cookie is a small file that your Web browser places on your computer’s hard drive to identify you as a user. does not use cookies to collect any personal information about users, nor do we sell or make them available to other organizations.

You may disable the cookie function on your browser or erase the contents in your cookies file. To do this, consult the help features in your browser and program manager. However, please bear in mind that doing this prevents the Website from recognizing you as a previous user of the Website.

Feedback encourages visitors to submit feedback. Any feedback that is submitted becomes the property of and we may use this feedback for marketing purposes, or to contact visitors for more information.

Privacy Policy Updates

Any changes to our privacy policy will be posted here so that visitors will always know what information we gather, how we might use that information, and whether we will disclose it to anyone. If, at any time, you have questions or concerns about‘s privacy statement, the practices of this site, or your dealings with this Website, contact us at: