Legal

HIPAA Compliance

Effective Date: January 1, 2026  |  Last Updated: February 22, 2026

---

At RevIVed Events, LLC (“RevIVed,” “we,” “us,” or “our”), protecting the privacy and security of your health information is a core commitment. As a provider of mobile intravenous (IV) hydration therapy services, we collect and handle protected health information (“PHI”) in the course of delivering care at events, conferences, and trade shows. We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and all applicable federal and state privacy regulations governing the use, disclosure, and safeguarding of PHI.

1. What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for protecting the privacy and security of individually identifiable health information. HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. The law gives patients rights over their health information and sets limits on who can access and receive that information.

Because RevIVed Events provides medical treatments administered by licensed healthcare professionals, we are subject to HIPAA’s Privacy Rule, Security Rule, and Breach Notification Rule. We take these obligations seriously and have implemented comprehensive policies and procedures to ensure compliance.

2. Protected Health Information We Collect

In the course of providing IV therapy services, we collect the following types of protected health information through our health intake forms and during treatment: your full name and date of birth, medical history including past and current health conditions, current medications and dosages, known allergies (including drug, food, and latex allergies), vital signs taken before and during treatment, treatment records documenting the IV therapy administered, and any adverse reactions or clinical notes recorded by our medical staff.

This information is collected solely to evaluate your eligibility for treatment, administer IV therapy safely, and maintain accurate medical records as required by law.

3. How We Use and Disclose Your Health Information

We use your PHI only for the purposes permitted or required by HIPAA. These include treatment, which means using your health information to provide, coordinate, and manage your IV therapy services; healthcare operations, which covers quality assurance, staff training, and compliance auditing to ensure we maintain the highest standards of care; and as required by law, meaning we may disclose PHI when required to do so by federal, state, or local law, such as mandatory reporting obligations.

We may also use or disclose your PHI in the following limited circumstances: to avert a serious threat to your health or safety or that of others; for public health activities such as reporting adverse reactions to the FDA; for health oversight activities including audits and investigations; and in response to a valid court order, subpoena, or other lawful process.

We will never sell your health information or use it for marketing purposes without your explicit written authorization. We do not share individual health data with event organizers, employers, or any third party not directly involved in your care.

4. Privacy at Events

Because RevIVed operates in event settings rather than traditional clinical environments, we take additional steps to protect your privacy on-site. Our intake process is conducted in designated private or semi-private areas to prevent unauthorized individuals from overhearing or viewing your health information. Paper intake forms are collected immediately and stored in secure, locked containers during the event. Our medical staff are trained to discuss your health information discreetly and only in the context of your treatment.

Event organizers who book our services receive only aggregate, de-identified data such as the total number of treatments administered. They never receive individual health information about any attendee. Your decision to receive IV therapy and the details of your treatment remain confidential.

5. Our Safeguards

We maintain comprehensive administrative, technical, and physical safeguards to protect your PHI in accordance with the HIPAA Security Rule.

Administrative Safeguards

We have designated a Privacy Officer responsible for developing and implementing our HIPAA policies and procedures. All staff members, including licensed medical professionals and administrative personnel, complete HIPAA compliance training upon hire and annually thereafter. We conduct regular risk assessments to identify and address potential vulnerabilities in our handling of PHI, and we maintain written policies governing the use, disclosure, and storage of health information.

Technical Safeguards

Any PHI stored or transmitted electronically is protected through encryption both in transit and at rest. Access to electronic health records is restricted through unique user credentials and role-based access controls, ensuring that only authorized personnel can view patient information. We maintain audit logs that track who accesses PHI and when, and our systems include automatic session timeouts and secure authentication measures.

Physical Safeguards

Paper records collected at events are stored in locked, tamper-evident containers and transported securely to our office for processing. Physical records are stored in locked filing systems with access limited to authorized personnel. When records are no longer required to be retained, they are disposed of through HIPAA-compliant shredding or destruction services.

6. Your Rights Under HIPAA

As an individual who has received treatment from RevIVed Events, you have the following rights regarding your protected health information:

Right to Access: You have the right to inspect and obtain a copy of your health records maintained by RevIVed. We will provide your records within 30 days of receiving your written request. A reasonable fee may apply for copying and mailing costs.

Right to Amend: If you believe your health information is inaccurate or incomplete, you may request that we amend your records. We will respond to your request within 60 days. If we deny your request, we will provide a written explanation of the reason.

Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI. This accounting covers disclosures made for purposes other than treatment, payment, and healthcare operations during the six years prior to your request.

Right to Request Restrictions: You may request that we restrict how we use or disclose your PHI for treatment, payment, or healthcare operations. While we are not required to agree to all restrictions, we will carefully consider each request and honor it if feasible.

Right to Confidential Communications: You may request that we communicate with you about your health information through a specific method or at a specific location. For example, you may ask that we contact you only by email or at a particular phone number.

Right to a Paper Copy: You have the right to obtain a paper copy of this notice at any time, even if you have previously agreed to receive it electronically.

To exercise any of these rights, please submit a written request to our Privacy Officer using the contact information provided below.

7. Business Associates

In certain cases, we may share your PHI with third-party service providers (“business associates”) who perform functions on our behalf that involve access to health information, such as electronic health record platforms, IT service providers, and document storage or destruction companies. All business associates are required to sign a Business Associate Agreement (BAA) that obligates them to protect your PHI in accordance with HIPAA and limits their use of your information to the services they provide to us.

8. Staff Training and Compliance

All RevIVed Events team members, including licensed nurses, paramedics, and administrative staff, are required to complete HIPAA privacy and security training as a condition of employment. Training is conducted during onboarding and refreshed annually, covering topics such as proper handling of PHI, recognizing and reporting potential breaches, patient rights under HIPAA, secure communication practices, and physical security of health records at event locations. Compliance with our HIPAA policies is a condition of continued employment, and violations are subject to disciplinary action up to and including termination.

9. Breach Notification

In the unlikely event of a breach of unsecured PHI, RevIVed Events will comply with the HIPAA Breach Notification Rule. We will notify affected individuals in writing without unreasonable delay and no later than 60 days following discovery of the breach. The notification will describe the nature of the breach, the types of information involved, the steps we are taking in response, and what you can do to protect yourself. If the breach affects 500 or more individuals, we will also notify the U.S. Department of Health and Human Services (HHS) and, where required, prominent media outlets. For breaches affecting fewer than 500 individuals, we will report to HHS annually as required.

10. Record Retention

We retain medical records and other PHI in accordance with applicable federal and state retention requirements. In the Commonwealth of Kentucky, medical records are generally retained for a minimum of five years from the date of last treatment for adult patients. HIPAA-related documentation, including policies, procedures, and training records, is retained for a minimum of six years from the date of creation or the date when the document was last in effect, whichever is later. When records reach the end of their required retention period, they are securely destroyed using HIPAA-compliant methods.

11. Changes to This Notice

We reserve the right to update this HIPAA Compliance notice at any time. When we make changes, we will revise the “Last Updated” date at the top of this page. Material changes will be posted prominently on our Site and, where required, communicated directly to affected individuals. We encourage you to review this page periodically to stay informed about how we are protecting your health information.

12. Filing a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint. You may file a complaint directly with our Privacy Officer using the contact information below, or you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by visiting www.hhs.gov/ocr/privacy/hipaa/complaints, calling 1-800-368-1019, or writing to: U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Washington, D.C. 20201. We will not retaliate against you for filing a complaint.

13. Contact Our Privacy Officer

If you have any questions about this notice, our HIPAA compliance practices, or wish to exercise your rights regarding your health information, please contact us at:

RevIVed Events, LLC
Privacy Officer
Louisville, Kentucky
Email: privacy@revivedevents.com
Phone: (502) 879-0102