817-329-0102
Book Now

Privacy Policy

Magnolia Functional Wellness

Last Updated: January 5, 2026

1. Introduction

Magnolia Functional Wellness ("we," "us," or "our") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website magnoliafunctionalwellness.com (the "Site") and when you receive healthcare services from our clinic in Southlake, Texas.

By using our Site or receiving services from us, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Types of Information We Collect

We collect several different types of information for various purposes:

2.1 Personal Information You Provide

When you interact with our Site or become a patient, you may provide us with personally identifiable information, including but not limited to:

  • Contact Information: Name, email address, phone number, mailing address
  • Demographic Information: Date of birth, age, gender
  • Account Information: Username, password (encrypted), security questions
  • Appointment Information: Preferred dates/times, reason for visit
  • Payment Information: Credit card details, billing address, insurance information
  • Communications: Messages sent through contact forms, emails, or chat features

2.2 Protected Health Information (PHI)

When you become a patient at Magnolia Functional Wellness, we collect Protected Health Information as defined by the Health Insurance Portability and Accountability Act (HIPAA), including:

  • Medical history and current health conditions
  • Symptoms and complaints
  • Physical examination findings
  • Laboratory and diagnostic test results
  • Treatment plans and clinical notes
  • Prescriptions and medications
  • Billing and insurance claims information
  • Any other information related to your healthcare

HIPAA Notice: We maintain a separate Notice of Privacy Practices as required by HIPAA, which provides detailed information about how we use and disclose your Protected Health Information. You'll receive this notice at your first visit to our clinic, and it's available upon request.

2.3 Automatically Collected Information

When you visit our Site, we automatically collect certain information about your device and browsing activity:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, links clicked, referring website
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

3. How We Collect Information

We collect information through various methods:

  • Direct Collection: When you fill out forms, create an account, schedule appointments, or contact us
  • Patient Visits: During consultations, examinations, and treatment sessions
  • Automated Technologies: Through cookies, analytics tools, and server logs
  • Third-Party Sources: From healthcare providers, laboratories, insurance companies, and other parties involved in your care (with your consent or as permitted by law)

4. How We Use Your Information

4.1 Non-PHI Uses

We use your personal information (that isn't Protected Health Information) for purposes including:

  • Website Functionality: To provide, maintain, and improve our Site
  • Communication: To respond to your inquiries and send administrative information
  • Marketing: To send newsletters, promotional materials, and updates about our services (you can opt out at any time)
  • Appointments: To schedule, confirm, and manage your appointments
  • Analytics: To understand how visitors use our Site and improve user experience
  • Legal Compliance: To comply with applicable laws and regulations
  • Security: To detect, prevent, and address technical issues and fraudulent activity

4.2 PHI Uses Under HIPAA

We use and disclose your Protected Health Information only as permitted by HIPAA and state law, including:

Treatment: To provide, coordinate, and manage your healthcare services, including:

  • Consultations with Dr. Farhan Abdullah and other providers
  • Regenerative medicine treatments
  • Laboratory testing and diagnostic procedures
  • Referrals to specialists or other healthcare providers

Payment: To obtain payment for services, including:

  • Billing and collections
  • Processing insurance claims
  • Determining eligibility and coverage
  • Utilization review

Healthcare Operations: For operational purposes, including:

  • Quality assessment and improvement
  • Staff training and education
  • Business planning and management
  • Compliance and regulatory activities

As Required or Permitted by Law: We may use or disclose PHI without your authorization when required by law, such as:

  • Public health reporting
  • Abuse or neglect reporting
  • Legal proceedings and law enforcement
  • Coroners and medical examiners
  • Organ donation organizations

With Your Authorization: For uses not covered above, we'll obtain your written authorization before using or disclosing your PHI.

5. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your experience:

What Are Cookies? Cookies are small text files stored on your device that help websites remember your preferences and track your activity.

Types of Cookies We Use:

  • Essential Cookies: Required for the Site to function properly (e.g., session management, security)
  • Analytics Cookies: Help us understand how visitors use our Site (e.g., Google Analytics)
  • Functionality Cookies: Remember your preferences and settings
  • Marketing Cookies: Track your activity across websites to deliver targeted advertising (if applicable)

Your Cookie Choices: Most web browsers allow you to control cookies through their settings. You can typically:

  • Delete existing cookies
  • Block future cookies
  • Receive warnings before cookies are stored

Note that disabling cookies may affect your ability to use certain features of our Site.

Third-Party Analytics: We use Google Analytics to analyze Site traffic. Google Analytics uses cookies to collect information about your use of our Site. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

6. How We Share Your Information

6.1 Sharing Non-PHI

We may share your personal information (that isn't PHI) with:

Service Providers: Third-party vendors who perform services on our behalf, such as:

  • Website hosting and maintenance
  • Email service providers
  • Payment processors
  • Appointment scheduling platforms
  • Marketing and analytics services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Business Transfers: If Magnolia Functional Wellness is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Legal Requirements: When required by law, court order, or government request.

Protection of Rights: To protect our rights, property, or safety, or that of our patients, employees, or others.

6.2 Sharing PHI Under HIPAA

We share your Protected Health Information only as described in our HIPAA Notice of Privacy Practices, which includes:

  • Healthcare providers involved in your treatment
  • Insurance companies for payment purposes
  • Business associates who help us provide healthcare services (e.g., medical billing companies, laboratories)
  • As required by law or with your written authorization

Business Associates: Any third party that handles your PHI on our behalf signs a Business Associate Agreement ensuring HIPAA compliance.

7. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

Physical Safeguards:

  • Secure facilities with restricted access
  • Locked storage for physical records
  • Secure disposal of documents containing sensitive information

Technical Safeguards:

  • Encryption of data in transit and at rest
  • Secure server infrastructure with firewalls
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Secure backup systems

Administrative Safeguards:

  • HIPAA-compliant policies and procedures
  • Employee training on privacy and security
  • Confidentiality agreements with staff
  • Incident response and breach notification protocols

However: No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we can't guarantee absolute security.

Unsecured Communications: Email and contact forms on our Site aren't secure methods for transmitting Protected Health Information. Don't send sensitive medical information through these channels. We provide secure patient portals for such communications.

8. Data Retention

Non-PHI: We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

PHI: We retain medical records in accordance with Texas state law and HIPAA requirements, which generally require retention for at least six years from the date of creation or last use, whichever is later. Some records may be retained longer as required by law or for legal defense purposes.

Deletion Requests: While you may request deletion of certain personal information, we may be required to retain medical records and other information to comply with legal obligations.

9. Your Rights and Choices

9.1 General Privacy Rights

You have the following rights regarding your personal information:

Access: You can request information about what personal data we hold about you.

Correction: You can request correction of inaccurate or incomplete information.

Deletion: You can request deletion of your personal information, subject to legal and regulatory requirements.

Opt-Out of Marketing: You can unsubscribe from marketing emails by clicking the "unsubscribe" link in any promotional email or contacting us directly.

Cookie Control: You can manage cookie preferences through your browser settings.

9.2 HIPAA Rights for Protected Health Information

Under HIPAA, you have specific rights regarding your Protected Health Information:

Right to Access: You can request copies of your medical records. We may charge a reasonable fee for copying and mailing costs.

Right to Amend: You can request amendments to your medical records if you believe they're inaccurate or incomplete.

Right to an Accounting of Disclosures: You can request a list of certain disclosures we've made of your PHI.

Right to Request Restrictions: You can request restrictions on how we use or disclose your PHI, though we're not required to agree to all requests.

Right to Confidential Communications: You can request that we communicate with you in a specific way or at a specific location.

Right to a Paper Copy of Our Notice: You can request a paper copy of our HIPAA Notice of Privacy Practices at any time.

To Exercise These Rights: Contact our Privacy Officer using the information in Section 15.

10. Children's Privacy

Our Site and services aren't directed to children under 18 years of age. We don't knowingly collect personal information from children under 18 without parental consent. If you're a parent or guardian and believe your child has provided us with personal information without your consent, please contact us, and we'll take steps to remove such information.

When we provide healthcare services to minors, we comply with Texas law regarding parental consent and minor's rights to confidentiality.

11. Third-Party Websites

Our Site may contain links to third-party websites that aren't operated by us. If you click on a third-party link, you'll be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. California Privacy Rights

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (subject to exceptions)
  • Right to opt out of the sale of personal information
  • Right to non-discrimination for exercising your CCPA rights

Note: We don't sell your personal information to third parties.

To exercise these rights, contact us using the information in Section 15.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We'll notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Notification of Material Changes: If we make material changes to how we treat your Protected Health Information, we'll notify you by email (if we have your email address) and/or through a notice on our Site's homepage.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Site after we post any modifications constitutes your acknowledgment of the modifications and consent to be bound by the modified Privacy Policy.

14. Breach Notification

In the event of a breach of your Protected Health Information, we'll notify you in accordance with HIPAA breach notification requirements. Notification will be made without unreasonable delay and in no case later than 60 days after discovery of the breach.

For breaches involving personal information that isn't PHI, we'll comply with applicable state data breach notification laws.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

Privacy Officer
Magnolia Functional Wellness
Southlake, Texas
Email: hello@magnoliafunctionalwellness.com
Phone: 817-329-0102

For HIPAA-related requests or complaints:
You can file a complaint with us using the contact information above, or you can file a complaint with:

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

You won't face retaliation for filing a complaint.

16. Texas-Specific Disclosures

Texas Medical Records Privacy Act: In addition to HIPAA protections, your medical records are protected under the Texas Medical Records Privacy Act. You have the right to access your medical records and to have errors corrected.

Texas Health and Safety Code: We comply with Texas state law regarding the confidentiality of medical records and patient information.

Genetic Information: Genetic information is subject to special protections under Texas law. We won't disclose genetic information without your written authorization except as required or permitted by law.

17. Consent

By using our Site and services, you consent to our Privacy Policy and agree to its terms. If you don't agree with this Privacy Policy, please don't use our Site or services.

For treatment purposes, you'll be asked to sign a separate HIPAA authorization and consent form when you become a patient at our clinic.

Your privacy matters to us. If you have any questions or concerns, we're here to help.

Redefine Your Glow. 
Reimagine Your Life.

Led by trained medical professionals delivering safe, effective, and scientifically backed aesthetic and wellness treatments.

Book Your Visit Now