1. Introduction
Woundworx LLC ("Woundworx," "we," "us," or "our") respects your privacy and is committed to protecting the personal and health information of our patients, website visitors, and business contacts. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit thewoundworx.com,
communicate with us, or receive care from our clinical team.
This Privacy Policy applies to information collected through our website, mobile communications, patient portal, and the in-home care services we provide across Maryland, Washington DC, and Northern Virginia.
2. Information We Collect
Information you provide directly:
• Name, address, phone number, email address
• Date of birth, gender, demographic information
• Insurance information and member ID numbers
• Medical history, current medications, allergies
• Wound information, photographs, and measurements
• Emergency contact information
• Payment and billing information
Information collected automatically when you visit our website:
• IP address and device information
• Browser type and operating system
• Pages visited and time spent on the site
• Referring website
• Cookie data and similar tracking technologies
Information collected during clinical care:
• Clinical assessments, diagnoses, and treatment plans
• Wound imaging and measurement data (via Tissue Analytics)
• Visit notes and treatment records
• Laboratory results and diagnostic reports
• Communications with you and other healthcare providers
3. How We Use Your Information
We use the information we collect for the following purposes:
Clinical care:
• Providing wound care, lymphedema management, chronic care management, and remote patient
monitoring services
• Coordinating with your other healthcare providers
• Scheduling and confirming appointments
• Communicating with you about your care
• Processing prior authorizations and insurance claims
Operational purposes:
• Billing and collecting payment
• Quality improvement and clinical outcomes tracking
• Staff training (using de-identified information)
• Internal audits and compliance
• Marketing and patient education materials (with consent where required)
Legal and regulatory purposes:
• Compliance with HIPAA and other applicable laws
• Reporting to public health authorities as required
• Responding to subpoenas, court orders, or government requests
• Fraud prevention and security
4. HIPAA Notice of Privacy Practices
Our full Notice of Privacy Practices contains detailed information about your rights regarding your Protected Health Information (PHI), including the right to request restrictions, receive confidential communications, inspect and copy your records, request amendments, receive an accounting of disclosures, and file a complaint with us or with the U.S. Department of Health and Human Services. To request a copy, contact our Privacy Officer.
5. How We Share Your Information
We share your information only as permitted by law and as necessary to provide your care. We do not sell your personal or health information.
We may share your information with:
• Your other healthcare providers — for treatment coordination, including primary care physicians, specialists, home health agencies, and skilled nursing facilities
• Insurance companies and payers — for verification, prior authorization, and claims processing
• Business associates — third-party vendors with signed Business Associate Agreements (BAAs), including CharmHealth (EMR), CollaborateMD (billing), Insight Health AI (clinical scribe), Tissue Analytics (wound imaging), CCN Health (RPM), Spruce (communication), and others
• Public health authorities — as required by law
• Legal authorities — in response to subpoenas, court orders, or to prevent serious harm
• Affiliated entities — The Rest Rx (our DMEPOS affiliate) and Care Connection Home Support (our affiliated personal care agency) when clinically relevant; patients are informed of these relationships and may choose alternative providers
6. Marketing and Communications
We may contact you about appointments, treatment reminders, care plan updates, and health information related to your care. We will not use or disclose your information for marketing purposes without your written authorization, except as permitted by HIPAA. You may opt out of marketing communications at any time.
7. Your Choices
You have the following choices regarding your information:
• Access — You may request to inspect and copy your medical records
• Amendments — You may request corrections to information you believe is inaccurate
• Restrictions — You may request limits on how we use or disclose certain information
• Communications — You may request to be contacted in a specific way
• Marketing opt-out — You may opt out of marketing communications
• Cookies — You may disable cookies in your browser settings
8. Data Security
We use industry-standard administrative, physical, and technical safeguards to protect your information, including encryption of data in transit and at rest, access controls and role-based permissions, employee HIPAA training, Business Associate Agreements with all vendors handling PHI, regular security audits, and secure disposal of records. No method of transmission or storage is 100% secure, but we work continuously to protect your information.
9. Data Retention
We retain medical records in accordance with federal and state law. In Maryland, medical records are generally retained for a minimum of 5 years from the date of last treatment, or longer for pediatric patients. Records may be retained longer for legal, regulatory, or operational purposes.
10. Children's Privacy
Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 online. If we learn we have collected such information, we will delete it promptly.
11. Telehealth and Remote Patient Monitoring
Our services include telehealth visits and remote patient monitoring (RPM) using FDA-cleared cellular devices. Information collected through telehealth and RPM is treated as PHI and protected under HIPAA. By participating in telehealth or RPM, you consent to the collection and transmission of your health information through these channels.
12. AI-Powered Clinical Tools
We use AI-powered tools to support clinical care, including Tissue Analytics (FDA Breakthrough Designated AI wound imaging platform) and Insight Health AI (HIPAA-compliant clinical scribe). These tools are covered under Business Associate Agreements. Clinical decisions are made by licensed providers, not by AI tools.
13. Cookies and Tracking
Our website uses cookies and similar technologies to improve your browsing experience, analyze traffic, and personalize content. We do not use cookies to collect personally identifiable information without your consent.
You can control cookies through your browser settings.
14. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top will reflect the most recent revision. Material changes will be communicated through our website or directly to patients as appropriate.
16. Contact Us
Privacy Officer Contact
Woundworx — Privacy Officer
Joanna King, DNP, FNP-BC, CWCN-AP, CLWT
16701 Melford Boulevard, Suite 400
Bowie, MD 20715-4411
Phone: (202) 883-7632
Email: privacy@thewoundworx.com
File a complaint with:
U.S. Department of Health and Human Services, Office for Civil Rights
200 Independence Avenue, S.W., Washington, D.C. 20201
1-877-696-6775 — www.hhs.gov/ocr/privacy/
You will not be retaliated against for filing a complaint.
