HIPAA NOTICE OF PRIVACY PRACTICES

Better Health Labs, Inc dba Measured Health  

HIPAA NOTICE OF PRIVACY PRACTICES  

Effective Date: 1/28/2022  

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND  DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT  CAREFULLY. 

The terms of this Notice of Privacy Practices (“Notice”) apply to Measured Health, its affiliates and its  employees. Measured Health will share protected health information of patients as necessary to carry out  treatment, payment, and health care operations as permitted by law. 

We are required by law to maintain the privacy of our patients' protected health information and to provide  patients with notice of our legal duties and privacy practices with respect to protected health information.  We are required to abide by the terms of this Notice for as long as it remains in effect. We reserve the right  to change the terms of this Notice as necessary and to make a new notice of privacy practices effective for  all protected health information maintained by Measured Health. We are required to notify you in the event of  a breach of your unsecured protected health information. We are also required to inform you that there may  be a provision of state law that relates to the privacy of your health information that may be more stringent  than a standard or requirement under the Federal Health Insurance Portability and Accountability Act  (“HIPAA”). A copy of any revised Notice of Privacy Practices or information pertaining to a specific State law  may be obtained by mailing a request to the Privacy Officer at the address below.  

USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION: 

Authorization and Consent: Except as outlined below, we will not use or disclose your protected health  information for any purpose other than treatment, payment or health care operations unless you have signed  a form authorizing such use or disclosure. You have the right to revoke such authorization in writing, with  such revocation being effective once we actually receive the writing; however, such revocation shall not be  effective to the extent that we have taken any action in reliance on the authorization, or if the authorization  was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to  contest a claim under the policy or the policy itself.  

Uses and Disclosures for Treatment: We will make uses and disclosures of your protected health  information as necessary for your treatment. Doctors and nurses and other professionals involved in your  care will use information in your medical record and information that you provide about your symptoms and  reactions to your course of treatment that may include procedures, medications, tests, medical history, etc.  

Uses and Disclosures for Payment: We will make uses and disclosures of your protected health  information as necessary for payment purposes. During the normal course of business operations, we may  forward information regarding your medical procedures and treatment to your insurance company to arrange  payment for the services provided to you. We may also use your information to prepare a bill to send to you  or to the person responsible for your payment.  

1  

Uses and Disclosures for Health Care Operations: We will make uses and disclosures of your protected  health information as necessary, and as permitted by law, for our health care operations, which may include  clinical improvement, professional peer review, business management, accreditation and licensing, etc. For  instance, we may use and disclose your protected health information for purposes of improving clinical  treatment and patient care.  

Individuals Involved In Your Care: We may from time to time disclose your protected health information  to designated family, friends and others who are involved in your care or in payment of your care in order to  facilitate that person's involvement in caring for you or paying for your care. If you are unavailable,  incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be  in your best interest, we may share limited protected health information with such individuals without your  approval. We may also disclose limited protected health information to a public or private entity that is  authorized to assist in disaster relief efforts in order for that entity to locate a family member or other persons  that may be involved in some aspect of caring for you.  

Business Associates: Certain aspects and components of our services are performed through contracts  with outside persons or organizations, such as auditing, accreditation, outcomes data collection, legal  services, etc. At times it may be necessary for us to provide your protected health information to one or  more of these outside persons or organizations who assist us with our health care operations. In all cases,  we require these associates to appropriately safeguard the privacy of your information.  

Appointments and Services: We may contact you to provide appointment updates or information about  your treatment or other health-related benefits and services that may be of interest to you. You have the  right to request and we will accommodate reasonable requests by you to receive communications regarding  your protected health information from us by alternative means or at alternative locations. For instance, if  you wish appointment reminders to not be left on voice mail or sent to a particular address, we will  accommodate reasonable requests. With such request, you must provide an appropriate alternative  address or method of contact. You also have the right to request that we not send you any future marketing  materials and we will use our best efforts to honor such request. You must make such requests in writing,  including your name and address, and send such writing to the Privacy Officer at the address below.  

Research: In limited circumstances, we may use and disclose your protected health information for  research purposes. In all cases where your specific authorization is not obtained, your privacy will be  protected by strict confidentiality requirements applied by an Institutional Review Board which oversees the  research or by representations of the researchers that limit their use and disclosure of your information.  

Fundraising: We may use your information to contact you for fundraising purposes. We may disclose this  contact information to a related foundation so that the foundation may contact you for similar purposes. If  you do not want us or the foundation to contact you for fundraising efforts, you must send such request in  writing to the Privacy Officer at the address below.  

Other Uses and Disclosures: We are permitted and/or required by law to make certain other uses and  disclosures of your protected health information without your consent or authorization for the following:  

• Any purpose required by law;  

• Public health activities such as required reporting of immunizations, disease, injury, birth and  death, or in connection with public health investigations;  

• If we suspect child abuse or neglect; if we believe you to be a victim of abuse, neglect or  domestic violence;  

• To the Food and Drug Administration to report adverse events, product defects, or to  participate in product recalls;  

• To your employer when we have provided health care to you at the request of your employer; 

2  

• To a government oversight agency conducting audits, investigations, civil or criminal  proceedings;  

• Court or administrative ordered subpoena or discovery request;  

• To law enforcement officials as required by law if we believe you have been the victim of  abuse, neglect or domestic violence. We will only make this disclosure if you agree or when  required or authorized by law;  

• To coroners and/or funeral directors consistent with law;  

• If necessary to arrange an organ or tissue donation from you or a transplant for you;  

• If you are a member of the military, we may also release your protected health  information for national security or intelligence activities; and  

• To workers' compensation agencies for workers' compensation benefit determination.  DISCLOSURES REQUIRING AUTHORIZATION:  

Psychotherapy Notes: We must obtain your specific written authorization prior to disclosing any  psychotherapy notes unless otherwise permitted by law. However, there are certain purposes for which we  may disclose psychotherapy notes, without obtaining your written authorization, including the following: (1) to  carry out certain treatment, payment or healthcare operations (e.g., use for the purposes of your treatment,  for our own training, and to defend ourselves in a legal action or other proceeding brought by you), (2) to the  Secretary of the Department of Health and Human Services to determine our compliance with the law, (3) as  required by law, (4) for health oversight activities authorized by law, (5) to medical examiners or coroners as  permitted by state law, or (6) for the purposes of preventing or lessening a serious or imminent threat to the  health or safety of a person or the public.  

Genetic Information: We must obtain your specific written authorization prior to using or disclosing your  genetic information for treatment, payment or health care operations purposes. We may use or disclose  your genetic information, or the genetic information of your child, without your written authorization only  where it would be permitted by law.  

Marketing: We must obtain your authorization for any use or disclosure of your protected health information  for marketing, except if the communication is in the form of (1) a face-to-face communication with you, or (2)  a promotional gift of nominal value.  

Sale of Protected Information: We must obtain your authorization prior to receiving direct or indirect  remuneration in exchange for your health information; however, such authorization is not required where the  purpose of the exchange is for:  

• Public health activities;  

• Research purposes, provided that we receive only a reasonable, cost-based fee to cover the  cost to prepare and transmit the information for research purposes;  

• Treatment and payment purposes;  

• Health care operations involving the sale, transfer, merger or consolidation of all or part of our  business and for related due diligence;  

• Payment we provide to a business associate for activities involving the exchange of protected  health information that the business associate undertakes on our behalf (or the subcontractor  undertakes on behalf of a business associate) and the only remuneration provided is for the  performance of such activities; 

3  

• Providing you with a copy of your health information or an accounting of disclosures;  • Disclosures required by law;  

• Disclosures of your health information for any other purpose permitted by and in accordance  with the Privacy Rule of HIPAA, as long as the only remuneration we receive is a reasonable,  cost-based fee to cover the cost to prepare and transmit your health information for such  purpose or is a fee otherwise expressly permitted by other law; or  

• Any other exceptions allowed by the Department of Health and Human Services.  

RIGHTS THAT YOU HAVE REGARDING YOUR PROTECTED HEALTH INFORMATION:  

Access to Your Protected Health Information: You have the right to copy and/or inspect much of the  protected health information that we retain on your behalf. For protected health information that we maintain  in any electronic designated record set, you may request a copy of such health information in a reasonable  electronic format, if readily producible. Requests for access must be made in writing and signed by you or  your legal representative. You may obtain a "Patient Access to Health Information Form" from the front  office person. You will be charged a reasonable copying fee and actual postage and supply costs for your  protected health information. If you request additional copies you will be charged a fee for copying and  postage.  

Amendments to Your Protected Health Information: You have the right to request in writing that  protected health information that we maintain about you be amended or corrected. We are not obligated to  make requested amendments, but we will give each request careful consideration. All amendment requests,  must be in writing, signed by you or legal representative, and must state the reasons for the  amendment/correction request. If an amendment or correction request is made, we may notify others who  work with us if we believe that such notification is necessary. You may obtain an "Amendment Request  Form" from the front office person or individual responsible for medical records.  

Accounting for Disclosures of Your Protected Health Information: You have the right to receive an  accounting of certain disclosures made by us of your protected health information after April 14, 2003.  Requests must be made in writing and signed by you or your legal representative. "Accounting Request  Forms" are available from the front office person or individual responsible for medical records. The first  accounting in any 12-month period is free; you will be charged a fee for each subsequent accounting you  request within the same 12-month period. You will be notified of the fee at the time of your request.  

Restrictions on Use and Disclosure of Your Protected Health Information: You have the right to  request restrictions on uses and disclosures of your protected health information for treatment, payment, or  health care operations. We are not required to agree to most restriction requests, but will attempt to  accommodate reasonable requests when appropriate. You do, however, have the right to restrict disclosure  of your protected health information to a health plan if the disclosure is for the purpose of carrying out  payment or health care operations and is not otherwise required by law, and the protected health information  pertains solely to a health care item or service for which you, or someone other than the health plan on your  behalf, has paid Measured Health in full. If we agree to any discretionary restrictions, we reserve the right to  remove such restrictions as we appropriate. We will notify you if we remove a restriction imposed in  accordance with this paragraph. You also have the right to withdraw, in writing or orally, any restriction by  communicating your desire to do so to the individual responsible for medical records.  

Right to Notice of Breach: We take very seriously the confidentiality of our patients’ information, and we  are required by law to protect the privacy and security of your protected health information through  appropriate safeguards. We will notify you in the event a breach occurs involving or potentially involving  your unsecured health information and inform you of what steps you may need to take to protect yourself.  

Paper Copy of this Notice: You have a right, even if you have agreed to receive notices electronically, to  obtain a paper copy of this Notice. To do so, please submit a request to the Privacy Officer at the address  below. 

Complaints: If you believe your privacy rights have been violated, you can file a complaint in writing with  the Privacy Officer. You may also file a complaint with the Secretary of the U.S. Department of Health and  Human Services at the below address. There will be no retaliation for filing a complaint.  

Office for Civil Rights  

Department of HHS  

Jacob Javits Federal Building  

26 Federal Plaza - Suite 3312  

New York, NY 10278  

Voice Phone (212) 264-3313  

FAX (212) 264-3039  

TDD (212) 264-2355  

For Further Information: If you have questions, need further assistance regarding or would like to submit a  request pursuant to this Notice, you may contact Measured Health Privacy Officer by phone at (646) 389 4375 or at the following address: 245 8th Ave New York, NY 10011

This Notice of Privacy Practices is also available on our Measured Health web page at  www.trymeasured.com