Consumer Health Data Privacy Policy

Effective Date: March 31, 2024 · Last Updated: May 28, 2026

This Consumer Health Data Privacy Policy explains how Katalyst Functional Health and Nutrition collects, uses, shares, and protects consumer health data, and how consumers may exercise rights regarding that data. This Policy applies to consumer health data collected through our practice, website, forms, communications, and educational wellness coaching services.

This Policy is intended to serve as Katalyst’s standalone Consumer Health Data Privacy Policy under Washington’s My Health My Data Act, chapter 19.373 RCW. It is separate from any general website privacy policy, client services agreement, intake consent form, or provider communication release.

1. Who We Are

Katalyst Functional Health and Nutrition (“Katalyst,” “we,” “us,” or “our”) is an educational wellness coaching practice owned and operated by Katka Gazdik. Katalyst is based in Washington State, United States, and provides virtual educational wellness coaching services to clients in various jurisdictions.

2. Key Terms Used in This Policy

Consumer Health Data means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. This may include information about symptoms, health history, medications, supplements, laboratory testing, lifestyle factors related to health, bodily functions, wellness goals, or other information that you share with us or that is reasonably inferred from information you provide.

Consumer means, as applicable under Washington’s My Health My Data Act, a Washington resident or a natural person whose consumer health data is collected in Washington.

Personal Information means information that identifies you or can reasonably be linked to you, such as your name, email address, mailing address, phone number, date of birth, IP address, device identifiers, or similar information.

Process or Processing means any operation performed on consumer health data, including collecting, storing, using, sharing, analyzing, organizing, retaining, deleting, or otherwise handling the data.

Processor or Service Provider means a vendor or service provider that processes consumer health data on Katalyst’s behalf, such as scheduling software, intake form software, email or communication tools, secure file storage, electronic signature tools, payment processors, website hosting providers, or similar operational platforms.

Third Party means an entity other than you, Katalyst, our processors/service providers, or our affiliates, as applicable under Washington’s My Health My Data Act.

Affiliate means an entity that controls, is controlled by, or is under common control with Katalyst, or that shares common branding with Katalyst. Katalyst does not currently share consumer health data with any affiliates.

Sale or Sell means the exchange of consumer health data for monetary or other valuable consideration. Katalyst does not sell consumer health data.

3. Categories of Consumer Health Data We Collect and Why We Collect It

We collect only the categories of consumer health data reasonably necessary for the purposes disclosed in this Policy, to provide the services you request, with your consent where required, or as otherwise permitted by law. Depending on how you interact with us, we may collect the following categories of consumer health data and related personal information:

Identifying and Contact Information

Examples include your name, email address, mailing address, phone number, date of birth, state/province/country of residence, emergency contact information if provided, and parent or guardian information for minor clients when applicable.

Purposes include responding to inquiries, scheduling, onboarding, confirming identity, facilitating services, coordinating laboratory logistics if requested, maintaining records, and communicating with you.

Health History Information

Examples include self-reported past and current diagnoses, medical history, surgical history, hospitalization history, family history, reproductive history, major medical events, and other health-related background information you choose to share.

Purposes include determining whether educational wellness coaching appears appropriate, identifying when licensed medical oversight may be needed, and providing educational wellness support tailored to your stated interests and goals.

Current Health Status and Wellness Information

Examples include symptoms, current health concerns, energy, mood, sleep patterns, digestion, pain, stress, menstrual or hormonal concerns you choose to share, and other health-related observations.

Purposes include providing educational wellness coaching, helping you organize information for discussion with licensed healthcare providers, and supporting general wellness education.

Medication, Supplement, and Substance Use Information

Examples include prescription medications, over-the-counter medications, supplements, herbs, nutraceuticals, recreational substances, alcohol, tobacco, or other substances you disclose.

Purposes include supporting safety-oriented educational discussion, encouraging appropriate review with licensed providers or pharmacists, and helping determine whether your needs may exceed the scope of educational wellness coaching.

Lifestyle and Environmental Information

Examples include diet, hydration, movement, sleep, stress, occupation, environmental exposures, home environment, mold or toxin concerns you choose to share, water source, travel, and similar lifestyle-related information.

Purposes include providing general wellness education and lifestyle-support suggestions based on information you choose to share.

Laboratory and Testing Information

Examples include laboratory test selections, requisition or logistics information, sample status, laboratory reports, laboratory results, client-provided blood work, specialty laboratory results, and your notes or questions about those results.

Purposes include facilitating laboratory testing through legally compliant processes when requested, providing educational wellness review of reports you obtain, maintaining records, and helping you identify topics to discuss with licensed healthcare providers. Katalyst does not provide medical interpretation, diagnosis, or treatment based on laboratory results.

Communication, Scheduling, and Session Information

Examples include emails, text messages, voicemail records, portal messages, scheduling information, intake forms, consent forms, session notes, program participation information, and follow-up communications.

Purposes include providing services, responding to your questions, maintaining continuity of service, documenting communications, and operating the practice.

Provider Coordination Information

Examples include the names and contact information of licensed healthcare providers, records or questions you ask us to share, and communications with providers when you provide a separate written authorization.

Purposes include educational coordination with your licensed healthcare providers when you request and authorize that communication.

Photos or Images You Choose to Share

Examples include photos of food logs, supplement labels, skin, tongue, or other body areas that you voluntarily submit for educational discussion.

Purposes include educational discussion during your program. We treat these images as consumer health data when they are linked or reasonably linkable to you.

Payment and Transaction Information Related to Services

Examples include invoice information, payment amount, billing name, billing contact information, transaction status, and payment processor confirmations. We do not store full credit card or banking information on our systems.

Purposes include processing payments, maintaining business records, resolving billing issues, and complying with recordkeeping obligations.

Website, Online Activity, and Form Information

Examples include IP address, device/browser information, pages visited, date and time of visit, referring page, form submission details, message delivery confirmations, and similar technical information.

Purposes include operating and securing the website, responding to inquiries, maintaining records of form submissions, improving website functionality, and providing services you request. We do not use this information for behavioral advertising or to create unrelated health profiles about you.

4. Sources From Which We Collect Consumer Health Data

We may collect consumer health data from the following categories of sources:

• Directly from you, including through website forms, discovery call forms, intake forms, questionnaires, symptom logs, emails, text messages, portal messages, scheduled sessions, and other communications.
• From laboratories or laboratory platforms, when you complete laboratory testing through a legally compliant process connected with your program.
• From licensed healthcare providers, if you provide records from those providers or separately authorize us to communicate with them.
• From parents or legal guardians, when services are provided to a minor client with appropriate written consent.
• From processors or service providers, such as scheduling platforms, intake form platforms, email or communication tools, payment processors, website hosting providers, secure file storage, or similar operational tools.
• From website and online tools, such as website hosting, security logs, analytics or performance tools, and contact form systems.

5. How We Use Consumer Health Data

We use consumer health data for the following purposes:

• to respond to inquiries and determine whether our educational wellness coaching services may be appropriate;
• to provide the educational wellness coaching services you request;
• to review information you provide from an educational wellness perspective;
• to facilitate laboratory testing through legally compliant laboratory processes when you request that service;
• to provide educational wellness review of laboratory reports you obtain;
• to develop educational wellness suggestions for your consideration and discussion with licensed healthcare providers as appropriate;
• to communicate with you about scheduling, program participation, follow-up, billing, privacy requests, and service-related matters;
• to process payments and maintain business records;
• to maintain continuity of service, internal documentation, and legal recordkeeping;
• to coordinate with licensed healthcare providers when you provide separate written authorization;
• to protect the security and integrity of our website, systems, records, and services;
• to comply with legal obligations, respond to lawful requests, and protect our legal rights;
• to improve our services through internal review, using deidentified information where reasonably possible.

We do not use consumer health data for behavioral advertising, retargeting, data brokerage, or automated decisions that produce legal or similarly significant effects.

6. Categories of Consumer Health Data We Share

Depending on the services you request and the tools used to provide those services, we may share the following categories of consumer health data only as reasonably necessary to provide the services you request, with your consent where required, or as required or permitted by law:

• identifying and contact information, such as name, email address, phone number, mailing address, date of birth, and state/province/country of residence;
• laboratory-related information, such as test selection, laboratory requisition or logistics information, sample status, and laboratory results;
• appointment, scheduling, communication, intake, consent, and program participation information;
• supplement dispensary account setup information, such as name and email address, if you choose to use our suggested dispensary or ask us to facilitate setup;
• payment and transaction information needed to process payment and maintain business records;
• provider coordination information that you specifically authorize us to share with licensed healthcare providers;
• website, form, and technical information needed to operate, secure, and maintain our website and communication systems;
• limited information used for professional consultation, either with your separate authorization or after removing information so that it is not reasonably linkable to you.

7. Categories of Recipients With Whom We Share Consumer Health Data

We may disclose consumer health data to the following categories of recipients. Some recipients may be processors or service providers under Washington’s My Health My Data Act rather than “third parties” as defined by that law; we include them here for transparency.

Processors and Service Providers

We may use processors and service providers for scheduling, intake forms, email and communication tools, document storage, electronic signatures, website hosting, website security, analytics or performance tools, payment processing, client records, and similar operational purposes.

Where required by applicable law, we use written agreements with processors and service providers that limit their use of consumer health data to the services they provide to us and require appropriate privacy and security protections.

Laboratory and Testing Providers

When you request laboratory testing through a program, we may share information needed to facilitate testing through a legally compliant laboratory process. This may include your name, date of birth, mailing address, contact information, test selection, and related information required by the laboratory. Laboratory partners may include specialty laboratories such as Vibrant Wellness, Mosaic Diagnostics, Labcorp, hair tissue mineral analysis laboratory partners, or other laboratories used only when part of your program.

Each laboratory or laboratory platform may maintain its own privacy policy and data handling practices that apply to the information it receives and processes.

Supplement Dispensary

If you choose to use our suggested supplement dispensary or ask us to facilitate account setup, we may share limited information, such as your name and email address, with the dispensary. Katalyst currently uses Fullscript as an online supplement dispensary. You are not required to use Fullscript or any suggested dispensary and may obtain supplements from any source.

We do not share your information with Fullscript or any supplement dispensary unless you choose to use that dispensary, ask us to facilitate setup, or otherwise consent where required.

Payment Processors

We may use third-party payment processors, such as PayPal or similar services, to process payments. Payment processors may receive billing information, transaction information, payment amount, and related information needed to process your payment. We do not store full credit card or banking information on our systems.

Licensed Healthcare Providers

With your separate written authorization, we may communicate with licensed healthcare providers, such as your primary care physician, specialist, pharmacist, therapist, or other provider. We do not communicate directly with your licensed healthcare providers without a separate provider communication release or other authorization required by law.

Professional Consultation

We may consult with other practitioners or professional advisors for educational support, professional guidance, risk management, or legal/accounting support. We will either obtain your separate authorization before sharing information that is reasonably linkable to you, or we will remove information so that it cannot reasonably be linked to you. Where we treat information as deidentified, we will maintain and use it in accordance with applicable legal requirements.

Legal, Safety, and Compliance Recipients

We may disclose information if required by law, court order, subpoena, lawful request, or other legal process; to protect our legal rights, property, or safety; to prevent or respond to suspected fraud, security incidents, or imminent harm; or as otherwise required or permitted by law.

Affiliates

Katalyst does not currently share consumer health data with any affiliates.

8. What We Do Not Do With Consumer Health Data

Katalyst does not sell consumer health data.

Katalyst does not share consumer health data with data brokers, advertising networks, or marketing companies for behavioral advertising.

Katalyst does not use advertising pixels, retargeting pixels, or behavioral advertising technologies to collect, infer, or share consumer health data.

Katalyst does not use consumer health data to make automated decisions that produce legal or similarly significant effects.

Katalyst does not use geofencing technology to identify, track, or send health-related messages or advertisements to consumers seeking health care services.

If Katalyst ever considers selling consumer health data, which we do not currently do, we will first obtain your specific, separate, opt-in written authorization in a form that complies with applicable law. We will not bundle any authorization to sell consumer health data into other documents.

9. How We Protect Consumer Health Data

We use reasonable administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and accessibility of consumer health data. These safeguards may include:

• limiting access to consumer health data to those who need it to provide requested services or operate the practice;
• using password-protected accounts and devices;
• using secure software platforms for client intake, storage, communication, and records where reasonably available;
• maintaining privacy and data security policies and procedures;
• reviewing vendor and processor relationships;
• taking reasonable steps to protect paper and electronic records from unauthorized access;
• using reasonable security practices appropriate to the volume and sensitivity of the data we handle.

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of information transmitted or stored electronically.

If we become aware of a security incident that may affect consumer health data, we will take reasonable steps to investigate, mitigate harm, and notify affected individuals and applicable authorities as required by law.

10. How Long We Keep Consumer Health Data

We generally retain consumer health data for at least three (3) years following the conclusion of services for continuity of service, business records, and legal recordkeeping, unless a different retention period is required or permitted by applicable law.

If you submit a valid deletion request and the request is granted under applicable law, we will delete consumer health data from our records and notify applicable affiliates, processors, contractors, and other recipients as required by law, subject to legal exceptions.

If consumer health data subject to a valid deletion request is stored in archived or backup systems, deletion from those systems may be delayed as permitted by applicable law. During that period, we will not use archived or backup data for any other purpose.

Some information may be retained where necessary or permitted for legal compliance, payment records, fraud prevention, security, dispute resolution, tax/accounting obligations, or other legal purposes.

11. Your Rights Regarding Consumer Health Data

Depending on your location and applicable law, you may have rights regarding your consumer health data. For Washington residents and individuals whose consumer health data is collected in Washington, Washington’s My Health My Data Act provides the following rights:

Right to Confirm and Access

You have the right to confirm whether we are collecting, sharing, or selling consumer health data concerning you and to access that data.

Right to a List of Recipients

You have the right to obtain a list of third parties and affiliates with whom we have shared or to whom we have sold consumer health data concerning you, along with an active email address or other online mechanism by which you can contact those recipients, as required by law.

Right to Withdraw Consent

You have the right to withdraw consent from our continued collection or sharing of consumer health data concerning you, subject to legal exceptions and limitations.

Right to Deletion

You have the right to request deletion of consumer health data concerning you. If we receive and authenticate a valid deletion request, we will delete the data from our records and notify applicable affiliates, processors, contractors, and other third parties with whom we have shared the data, except as otherwise permitted by law.

Right to Appeal

If we deny your request, you have the right to appeal that decision using the appeal process described below.

Right Not to Be Unlawfully Discriminated Against

We will not unlawfully discriminate against you for exercising rights provided by applicable consumer health data privacy laws.

12. How to Exercise Your Rights

To submit a consumer health data privacy request, please contact us by email:

Email: katka@katalysthealth.us

Subject Line: Consumer Health Data Request

In your request, please include:

• your full name;
• the email address and/or phone number you have used to communicate with us;
• the specific right you are exercising, such as confirmation, access, recipient list, withdrawal of consent, deletion, or appeal;
• any additional information that may help us locate your records and verify your identity.

Identity Verification

We may take reasonable steps to verify your identity before fulfilling your request. This may include asking you to provide additional information that matches information we have on file. We will use information collected for verification only for the purpose of verifying and fulfilling your request.

Response Timing

We will respond to verifiable consumer health data requests without undue delay and within forty-five (45) days of receipt, as required by law. If reasonably necessary due to the complexity or number of requests, we may extend the response period one time by an additional forty-five (45) days. If we extend the response period, we will notify you within the initial forty-five (45) day period and explain the reason for the extension.

Fees

We provide responses to consumer health data requests free of charge up to twice annually per consumer, as required by applicable law. We may charge a reasonable fee or decline to act on a request that is manifestly unfounded, excessive, or repetitive, to the extent permitted by law.

Appeals

If we deny your request, we will explain the reason for the denial and describe how you may appeal. To appeal a denied request, reply to our denial email with the subject line: Appeal — Consumer Health Data Request. We will respond to appeals within forty-five (45) days of receipt. If your appeal is denied, we will provide information about how you may contact the Washington Attorney General or other applicable authority, as required by law.

13. Minor Clients

Our services are generally provided to clients age 18 or older. In limited circumstances, we may provide services to minor clients with written consent and signature from a parent or legal guardian and with any other documentation we require.

When we provide services to a minor client, we collect and process the minor’s consumer health data only as necessary to provide requested services, with parental or guardian consent as required by applicable law. Parents or legal guardians may exercise consumer health data rights on behalf of minor children where permitted by applicable law.

14. Updates to This Policy

We may update this Consumer Health Data Privacy Policy from time to time to reflect changes in our practices, services, vendors, or applicable law. When we make material changes, we will update the “Last Updated” date at the top of this Policy and provide any additional notice or consent required by law.

We will not collect, use, or share additional categories of consumer health data or use consumer health data for additional purposes not disclosed in this Policy without first updating the Policy and obtaining affirmative consent where required by law.

15. Contact Us

If you have questions, concerns, or requests regarding this Consumer Health Data Privacy Policy or our handling of consumer health data, please contact us:

Katka Gazdik
Katalyst Functional Health and Nutrition
Email: katka@katalysthealth.us
Phone: 206-354-7242
Website: www.katalystforhealth.com