Bluewater Medical LLC Privacy Policy
Last Updated: 12/19/25
Bluewater Medical LLC (referred to as “Bluewater Medical,” “we,” “us,” or “our”) is committed to protecting your privacy and safeguarding your personal and health information. This Privacy Policy applies to all websites, services, and online platforms operated by Bluewater Medical LLC, including WarriorMED (collectively, the “Services”). It explains what information we collect, how we use and share it, and how we comply with applicable privacy laws and regulations (including the Health Insurance Portability and Accountability Act, HIPAA, and relevant state laws). By using our Services, you consent to the data practices described in this Policy.
Scope: This Policy covers all users of Bluewater Medical’s Services, including patients who use our telehealth, lab testing, and prescription services. It also covers information collected through our websites (such as bluewatermednw.com and affiliated sites) and any related communications (email, phone, etc.). Please note that if our site contains links to third-party websites, those sites are governed by their own privacy policies – we encourage you to review those policies when visiting external sites.
Information We Collect
We only collect personal information that you voluntarily provide to us or as required to deliver our Services, as well as some data collected automatically through your use of our website. The types of information we may collect include:
Personal Identifiers: Name, date of birth, postal address, email address, phone number, login credentials (if you create an account), and other basic contact details you provide when scheduling appointments or registering on our site.
Medical and Health Information: Protected Health Information (PHI) related to your medical history, symptoms, test results, prescriptions, and treatment plans that you or other healthcare providers (such as labs or pharmacies) share with us. This may include information needed to provide care (e.g. lab test orders, medication prescriptions) and is considered sensitive under privacy laws.
Billing Information: Payment information such as credit card numbers or insurance details (if applicable) that you provide for billing purposes. We use secure payment processors to handle financial transactions.
Demographic and Usage Data: Non-personal information such as your age, gender, or general medical interests (if you choose to share), as well as technical data like IP address, browser type, device identifiers, and browsing activity on our site. We collect some of this data through cookies and similar technologies as described below. This may include information on how you found our site, pages visited, and actions taken, which helps us improve our Services.
Communications: If you contact us with questions or support requests (via email, phone, or messaging features), we may keep records of that correspondence and any information you choose to provide.
You have the choice whether to provide personal information. However, if you elect not to provide certain information that is necessary for us to deliver services (for example, health information needed to prescribe treatment), we may not be able to register you as a patient or provide those services.
We do not knowingly collect personal information from anyone under the age of 13. Our websites and Services are not directed to children under 13, and we comply with the Children’s Online Privacy Protection Act (COPPA). If we discover we have inadvertently received information from a child under 13, we will delete it promptly. Individuals under 13 must have a parent or guardian’s permission to use our Services.
How We Use Your Information
Bluewater Medical uses the information we collect strictly for legitimate purposes in connection with our healthcare services, in compliance with applicable law. This includes:
1. To Provide Healthcare Services (Treatment Purposes): We use your personal and health information to deliver the medical services you have requested. This involves evaluating your health needs, providing medical consultations, diagnosing conditions, and planning treatments. For example, our doctor will review the information you provide (symptoms, medical history, lab results) to develop a treatment plan. We may also use your information to coordinate care with other healthcare entities – for instance, we share necessary details with lab providers and pharmacies to order lab tests and fulfill your prescriptionssmartscripts.com. This is considered “treatment” under HIPAA and is an essential use of your information.
2. To Coordinate Lab Tests and Prescriptions: As part of providing treatment, we may disclose your personal information and relevant medical details to our partner service providers. For example:
Lab Orders: We work with Rupa Health to facilitate laboratory testing. Rupa Health will receive your basic identifying information (such as name, date of birth, address) and test requests in order to schedule labs and deliver results. Rupa Health is a HIPAA-compliant platform that acts as our Business Associate in managing lab ordersrupahealth.com. This means they are contractually required to protect your health information and use it only for the purposes of lab services.
Pharmacy Prescriptions: We partner with licensed pharmacies (such as Hallandale Pharmacy in Florida and SmartScripts Pharmacy in Washington, IA) to dispense medications prescribed to you. These pharmacy partners will receive the prescription details and your relevant health/personal information necessary to safely fill and deliver your medication. They are either covered entities or our Business Associates under HIPAA, and will likewise protect your information. For example, SmartScripts (a mail-order pharmacy) requires your name, contact information, and medication details to dispense and ship your prescriptions, and they are legally obligated to safeguard your medical informationsmartscripts.comsmartscripts.com.
We ensure that all such partners handling your data have privacy and security obligations in line with HIPAA requirements (often through Business Associate Agreements)rupahealth.com. Disclosures of your PHI for treatment purposes do not require separate authorization from you – we use and share this information only as permitted by law to provide you with care.
3. For Payment and Billing: If we bill you for services, we will use your information to process payments. This may include using your contact information to send invoices or receipts, and sharing necessary details with payment processors or your health insurance provider (if applicable) to obtain paymentsmartscripts.com. For example, if you pay by credit card on our site, your payment details are transmitted to our secure payment gateway for processing; we do not store full credit card numbers on our servers. If you use insurance and we need to seek reimbursement, we may share relevant treatment information with the insurer as allowed by law. We will comply with any state laws that require consent before sharing information with insurers for payment purposessmartscripts.com (note: many of our services are self-pay, but this serves as a general notice).
4. Healthcare Operations: We may use and disclose information about you for our internal business operations, as necessary to run our practice effectively and ensure high-quality caresmartscripts.com. “Healthcare operations” can include a range of activities, for example:
Quality improvement and staff training (reviewing cases to ensure we maintain standards of care).
Administrative activities, such as licensing, audits, and compliance checks. We might share information with our accountants, attorneys, or accrediting organizations as needed to make sure we are complying with laws and operating effectivelysmartscripts.com. Any third-party professionals assisting us are also bound to keep your information confidential.
Customer service communications. We may use your contact information to reach out regarding scheduling, follow-up care, or to provide support (non-marketing). For instance, we might call or email you to remind you of an upcoming appointment or to discuss lab results.
Note: If we ever need to use your information for case studies or internal research to improve services, we would remove or anonymize any personally identifying details unless we have your explicit permission.
5. Communicating With You (Emails and Notices): We may use your email or phone number to send you important updates about your account or our services. This can include appointment confirmations, notices about changes to our services, security alerts, or policy updates. These communications are necessary for providing our services and are not promotional in nature. For example, if there is a change in our hours or a technical issue affecting your access, we may notify you via email. In certain circumstances (such as a suspected data breach or urgent medical advisory), we reserve the right to contact you by email, phone, or posting a notice on our website, as applicable. These non-marketing communications are made in the interest of your safety, our obligations, and customer service.
6. Marketing and Educational Materials (With Consent): Bluewater Medical may occasionally offer newsletters, promotions, or educational content (for example, healthy living tips or new service announcements). We will only send you promotional emails or texts if we have your consent to do so (you will have the opportunity to opt-in when providing your contact info, and you can opt-out at any time). If you choose to receive such communications, we might use your email to send newsletters about services we think you may find useful, such as new weight loss programs or hormone therapy updates. You can unsubscribe from marketing messages at any time (see Your Choices below). We do not spam, and we do not share your contact information with third-party marketers without your permission.
7. Legal Compliance and Required Uses: We will use or disclose your information when required to do so by law. This means that if a valid legal subpoena, court order, or government regulation obligates us to release certain data, we will comply after verifying the request’s authoritysmartscripts.com. Examples include: reporting certain public health information if mandated (e.g. communicable disease reporting), complying with HIPAA-related investigations by regulators, or responding to law enforcement requests in specific emergency situations. We may also use or share information as needed to exercise or defend our legal rights (for instance, disclosing relevant information in response to a lawsuit or to enforce our Terms of Service). In all cases, we only disclose the minimum necessary information and will inform you when allowed.
8. Other Uses with Authorization: Any uses or disclosures of your personal or health information not described above will be made only with your explicit authorization. For instance, if we ever wanted to use your testimonial or success story with identifying information for marketing, we would ask for your written permission. You have the right to refuse or revoke any such authorization without affecting your ability to receive our services. We do not engage in the sale of PHI or use of your data for purposes outside of treatment, payment, healthcare operations, or otherwise permitted/required by law without consent.
Cookies and Online Tracking
Like most websites, our Bluewater Medical sites use “cookies” and similar tracking technologies to enhance user experience, analyze website traffic, and support our advertising efforts. Cookies are small text files placed on your device that help the site remember your preferences and activity. We (and authorized third parties) use cookies for several reasons:
Site Functionality: Certain cookies are essential for our website to function (e.g. keeping you logged in to a patient portal or remembering items in a cart).
Analytics: We use third-party analytics tools, such as Google Analytics, to collect information about how visitors use our site. These tools use cookies and device identifiers to gather data on pages viewed, time spent on pages, how you reached our site, and other usage statistics. We use this information in aggregate to understand our audience size, usage patterns, and to improve our content and servicesrupahealth.comrupahealth.com. Google Analytics may set its own cookies; you can learn more about how Google processes data in its privacy policy and opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Advertising & Social Media Pixels: We utilize the Facebook/Meta Pixel and possibly other advertising pixels (e.g. LinkedIn Insights) on our site. These trackers help us understand the effectiveness of our ads and may be used to show you Bluewater Medical ads on platforms like Facebook or Instagram after you visit our site. The Meta Pixel, for example, can track actions on our website (such as visiting a certain page or filling a form) and match them to Facebook user profiles for advertising purposes. This information is used for “interest-based advertising,” meaning you might see tailored ads from us on social media. The data collected by these third-party tools may include your IP address, browser/device info, and page interactionsrupahealth.com. Important: No sensitive medical details are shared in these tracking events – we use them only to track website usage and ad performance. These third-party services have their own privacy policies and may use the information for their analytics and ad targeting purposes as well. You can manage your ad preferences directly on those platforms (e.g., via your Facebook privacy settings) if you wish to limit targeted ads.
Third-Party Embedded Content: Sometimes we may include third-party content or features on our site (like a video, map, or an appointment scheduling widget). These third parties might set cookies as well. For example, our site’s integration with social media (Facebook/Instagram links or “share” buttons) may require cookies to function. Any data collected by third-party features is subject to that third party’s own privacy policy.
Your Choices for Cookies: On your first visit to our site, you may see a cookie notice or banner. By continuing to use the site, you agree to our use of cookies as described. You can control or delete cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or alert you when new cookies are being sent. Please note that blocking certain cookies might impact the functionality of our website; for example, you might not be able to log in or use certain features if cookies are disabled.
We do not currently respond to “Do Not Track” (DNT) signals from web browsers, because there is not yet a consensus on how to interpret these signals. However, we do not share your browsing behavior with third parties except as described (analytics and pixel providers). You can opt out of many third-party advertisers’ tracking cookies by visiting sites like the NAI Opt-Out page or YourAdChoices.
Disclosure of Information to Third Parties
Bluewater Medical does not sell or rent your personal information to any third-party companies. We only share your information with third parties in the following circumstances:
Service Providers and Business Associates: We share information with third-party vendors who help us run our operations or provide services on our behalf. These include the lab and pharmacy partners mentioned (Rupa Health, Hallandale Pharmacy, SmartScripts Pharmacy, etc.), as well as other providers such as payment processors, technology hosting providers (for secure data storage or telehealth platform), email/SMS communication services, and analytics or marketing service providers. In all cases, these entities are only given the information necessary to perform their specific services. If the information includes PHI or other sensitive data, the third party is bound by strict confidentiality obligations. For providers that support our healthcare operations and handle PHI, we have Business Associate Agreements (BAAs) in place as required by HIPAArupahealth.com. For example, Rupa Health and our pharmacy partners act as our Business Associates to assist in treatment and are contractually required to protect your information and use it only for the purposes we dictate. Our vendors for technology and communications also must implement security measures and are not allowed to use your info for their own purposes.
Within our Organization: Information may be shared between Bluewater Medical and WarriorMED (which are part of the same organization) and among our staff members (doctors, nurses, administrative staff) who need it to perform their duties. All employees and contractors of Bluewater Medical LLC are trained on privacy and are required to keep patient information confidential. Access to your information is limited to those who have a job-related need to know.
Legal Requirements and Protection: As noted in the section on legal compliance, we will disclose information to third parties if required to do so by law, or if we in good faith believe such action is necessary to (a) comply with a legal obligation or government request; (b) protect and defend the rights or property of Bluewater Medical; (c) act in urgent circumstances to protect the personal safety of users, patients, or the public; or (d) investigate and address violations of our Terms of Service or this Privacy Policy. This could mean providing information to law enforcement, courts, regulators, or attorneys as applicable. We will make sure any request is valid and only provide the minimum information necessarysmartscripts.com.
Corporate Transactions: In the unlikely event that Bluewater Medical LLC undergoes a business transition such as a merger, acquisition, or sale of assets, your information may be transferred to the successor entity as part of the business operations. If that happens, we will ensure the new owner continues to be bound by privacy protections at least as stringent as those described here, and we will notify you (e.g., via a notice on our site or email) of any such change in ownership of your personal information.
With Your Consent: Apart from the above situations, we will share your personal information with third parties only if you have authorized us to do so. For instance, if you request that we send your medical records to another provider, or if you participate in a program where separate consent is needed to share data with an outside entity, we will do so at your direction.
We want to reassure you that we do not disclose your health information to employers, marketers, or other outside parties for independent use without your permission. All third parties who receive personal data for purposes of assisting Bluewater Medical are under obligations to maintain its confidentiality and security.
Data Security and Protection
We take the security of your personal and health information very seriously. Bluewater Medical LLC has implemented a variety of administrative, technical, and physical safeguards to protect the information under our control from unauthorized access, use, or disclosure. These measures include:
Encryption: When you enter sensitive information on our website (such as filling out medical intake forms or making payments), the data is encrypted during transmission using industry-standard encryption protocols (HTTPS/SSL). You can verify that our site is secure by looking for the lock icon in your browser’s address bar and the "https://" in the URL. We also encrypt data in our databases or cloud storage whenever possible, especially for health and payment information.
Access Controls: Internally, we restrict access to personal information. Only authorized personnel who need to know your information to perform their duties (for example, our physician, nursing staff, billing team) are granted access to systems containing identifiable data. Each such individual is trained on privacy and security. We use role-based access and require strong authentication for our staff to access any electronic health records or systems with PHI.
Secure Infrastructure: We maintain our computers, servers, and any physical records in secure environments. Our electronic health records and scheduling systems are protected by firewalls, antivirus software, and other security monitoring. We regularly update our software to patch vulnerabilities and may undergo security assessments. For cloud services or hosting, we choose reputable providers with robust security certifications.
Monitoring and Auditing: We keep logs of access to health information and have procedures to detect and respond to suspicious activities. If any potential security incident or breach is detected, we will act promptly to contain and investigate it. In the event of a confirmed data breach involving your personal information, we will notify you and the appropriate authorities as required by law.
Retention and Disposal: We only retain personal information for as long as necessary to fulfill the purposes outlined in this Policy or as required by law (for example, medical record retention laws). When records are no longer needed, we dispose of them securely, through methods like shredding physical documents and permanently deleting or anonymizing electronic data.
Despite our precautions, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your data with high standards, we cannot guarantee absolute security. It is important for you as well to protect your login credentials and notify us immediately if you suspect any unauthorized access to your account.
Compliance with Privacy Laws (HIPAA and Other Regulations)
Bluewater Medical LLC is a healthcare provider operating in the United States, and as such we are required by law to protect the privacy of your medical informationsmartscripts.com. We comply with all provisions of applicable laws and regulations pertaining to personal data and Protected Health Information (PHI), including HIPAA’s Privacy and Security Rules, and any relevant state laws that impose additional requirements.
What this means for you as a patient:
HIPAA Compliance: Any PHI that we collect, use, or disclose (as defined under HIPAA) will be handled in accordance with HIPAA’s requirements. We use and disclose PHI only for the purposes permitted by HIPAA (such as treatment, payment, and healthcare operations, as described above) or as otherwise allowed or required by law. HIPAA also requires that we provide you with a detailed Notice of Privacy Practices. This Privacy Policy is designed to include the information in that notice, such as how we use/disclose PHI and your rights regarding your PHI. We will follow the terms of this Privacy Policy (and our formal Notice, if provided separately) and will not use or share your health information in ways that are not covered by these terms without your authorizationsmartscripts.com. If we ever change our privacy practices in a significant way, we will update this Policy and notify you as required so that you are aware of any changes in how your PHI may be used.
State-Specific Laws: We also abide by applicable state privacy laws in the jurisdictions we serve. Our primary operations are in Washington State, which has its own health information privacy requirements and consumer privacy laws. For example, Washington’s regulations and professional standards for Naturopathic Physicians require confidentiality of patient records, which we uphold. If you are a resident of certain states like California, you may have additional rights under state law. For instance, the California Consumer Privacy Act (CCPA) provides California residents rights to know about personal information collected, to request deletion of personal information, and to opt-out of the sale of personal information. Most of the information we handle is health-related and exempt from CCPA (because it is protected under HIPAA), but to the extent CCPA or similar laws apply, we will honor those rights. We confirm that we do not sell personal information of any patients or website users. If you have questions or requests regarding any state-specific privacy rights, you can contact us and we will assist you in exercising your rights as applicable.
International Users: Our Services are intended for users in the United States. If you are accessing our website from outside the U.S., be aware that any information you provide will be transferred to and processed in the United States, where our servers and operations are based. We will handle your information in accordance with this Policy and U.S. law. This may not offer the same level of data protection as the laws in some other countries (for example, the European Union’s General Data Protection Regulation). However, we take privacy seriously and will protect your data to a high standard regardless of origin. If you are an EU resident or otherwise under a foreign jurisdiction’s privacy regulations, by using our Services you consent to the transfer of your data to the U.S. for processing. (At this time, Bluewater Medical does not actively offer services to EU residents, but if that changes, we will ensure compliance with applicable EU privacy requirements and provide any required notices or choices.)
By adhering to these laws and standards, we aim not only to meet but to exceed existing privacy protections. Our privacy practices are subject to the laws of the places in which we operate, and this Policy incorporates any additional provisions needed to stay in compliancerupahealth.comrupahealth.com. If you ever have a concern about how we handle your information in regards to legal compliance, please contact us (see How to Contact Us below). You also have the right to file a complaint with regulators (for example, with the U.S. Department of Health & Human Services Office for Civil Rights for HIPAA issues) if you believe your rights have been violated. We will not retaliate against anyone for raising a privacy concern or complaint.
Your Privacy Rights and Choices
We want you to have control over your personal information. Subject to certain legal limitations, you have the following rights regarding the information we maintain about you:
Access and Copies of Records: You have the right to request access to the personal data and medical records we have about you. This includes the right to obtain a copy of your health records in a reasonable format. (For example, you can request a copy of lab results or consultation notes.) We may need you to submit the request in writing for our documentation, and we will respond within the time frame required by law. In most cases, we cannot refuse to provide you a copy of your own medical information, except for very limited circumstances. We may charge a reasonable, cost-based fee as permitted by law for providing copies.
Request Corrections: If you believe that any information we have about you is incorrect or incomplete, you have the right to request that we correct or update it. For health records, this is known as the right to amend your record. We will review your request and, if we agree, make the correction. If we deny your request (for example, if we believe the record is accurate as is), we will provide you an explanation in writing and you may have the right to add a statement of disagreement to your record.
Request Restrictions: You can ask us to limit the use or disclosure of your information for certain purposes. For instance, you might request that we not share certain information with a particular family member or that we not use your contact information for some optional service. We will consider all reasonable requests and will comply if feasible, though please note that in many cases we are allowed to use/disclose information for treatment, payment, or operations even if you object (we cannot compromise your care or our operations). One important exception: if you pay for a service in full out-of-pocket and you request that we not bill your health insurance for it, we will honor that request and not disclose that information to your insurer (this is a right under HIPAA).
Confidential Communications: You have the right to request that we communicate with you by alternative means or at alternative locations. For example, you might ask us to send correspondence to a different address or contact you only via email instead of phone. We will accommodate reasonable requests to keep communications confidential.
Opt-Out of Marketing: If you have opted in to receive promotional communications from us, you can opt out at any time. Every marketing email will include an “unsubscribe” link. You can also contact us directly at any time to request removal from our marketing list. Once you opt out, we will stop sending you non-essential communications. (Please note you will still receive transactional or necessary emails about your services, appointments, or account.) To discontinue newsletters or marketing, you may also email us at admin@bluewatermednw.com with the subject “Unsubscribe”. We will process your opt-out request as soon as possible. If you receive communications from a third-party (for example, an educational partner or a social media notification), you will need to opt-out with those third parties directly.
California Privacy Rights: If you are a California resident and the CCPA applies, you have the right to request a notice describing the categories of personal information we have collected, the categories of sources of that information, the business purpose for collection, the categories of third parties with whom we shared it, and whether we disclosed it for a business purpose. We have provided much of this information in this Privacy Policy. You also have the right to request the specific pieces of personal data we have about you, or to request deletion of your personal data (again, note that much of what we hold may be exempt health data, but we will still honor requests to the extent applicable). To exercise any CCPA rights, please contact us as described below. We will not discriminate against you for exercising any privacy rights.
Withdrawal of Consent: If we are processing any of your information based on your consent (for example, using a testimonial or including you in a research survey), you have the right to withdraw that consent at any time. Once you withdraw consent, we will stop the processing for that purpose going forward, though any processing already done with your consent remains lawful.
To exercise any of these rights, or if you have another request regarding your data, please use the contact information in the section below. We may need to verify your identity before fulfilling certain requests (to protect your privacy). For example, for access or deletion requests, we might ask for some identifying information to confirm you are the correct person. We will respond to your request within the timeframe required by law (HIPAA gives 30 days for access requests, CCPA gives 45 days for disclosure/deletion requests, etc., with possible extensions).
Changes to This Policy
We reserve the right to modify or update this Privacy Policy at any time. Laws and regulations may change, or we may make improvements to our Services that require adjustments to our privacy practices. Whenever we make a material change to this Policy, we will update the “Last Updated” date at the top and, if substantial, we may notify you through additional means (such as posting a prominent notice on our website or emailing users about the update). We encourage you to review this page periodically to stay informed of how we are protecting your information. Your continued use of our Services after any changes to this Policy constitutes acceptance of those changes.
In the event we ever wish to use or disclose personal information in a manner vastly different from what is stated in this Policy at the time of collection, we will seek your consent for that new use. If you do not agree, we will not use your information in the new manner. We will not make any retroactive changes that diminish your privacy rights without obtaining any required consent.
How to Contact Us
If you have any questions, concerns, or comments about this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are here to help and welcome your feedback.
Contact Information:
Email: admin@bluewatermednw.com
Phone: (425) 224-6846
Mailing Address:
Privacy Officer- James Stirrett, ND
Bluewater Medical LLC
7815 Center Blvd SE, Suite 201
Snoqualmie, WA 98065, USA
We will gladly address any inquiries about your privacy or this Policy. If you reach out to us, please provide as much detail as possible about your question or request, and include your preferred contact information. We will respond as soon as possible.
Thank you for trusting Bluewater Medical with your healthcare. We are dedicated to maintaining your privacy and confidence every step of the way. Your wellbeing and privacy are our top priorities, and we will continually strive to protect both in compliance with all applicable laws and best practices.
This Privacy Policy is effective as of the date stated above and applies to all current and former users of Bluewater Medical and WarriorMED Services. It does not create a contract, but is a statement of our principles and procedures regarding user information.