Privacy Practices

Effective: August 4, 2020

Telemedicine HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Telemedicine HIPAA Notice of Privacy Practices (the “Notice”) is being provided to you, by Blueberry Medical PA, Blueberry Medical, PC, or Lyndsey Garbi M.D., PC (each, individually “Medical Group”), as that entity or its subsidiaries and affiliated entities may be formed and incorporated in your state, and the employees and practitioners that work at such entity and/or for such practices (collectively referred to herein as “We” or “Our”). It contains important information regarding your medical information. You also have the right to receive a paper copy of this Notice and may ask us to give you a copy of this Notice at any time. If you received this Notice electronically, you are still entitled to a paper copy of this Notice upon your request. You can request a paper copy of our current Notice from the Privacy Officer at (754) 702-7256, or you can access it on Blueberry Pediatrics’ website at https://www.blueberrypediatrics.com/privacy-practices/.

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) imposes numerous requirements on health care practices such as ours, defined as Covered Entities, regarding how certain individually identifiable health information – known as protected health information (“PHI”) – may be used and disclosed. We understand that medical information about you and your health is personal. We are committed to protecting medical information about you and will use it to the minimum necessary to accomplish the intended purpose of the use, disclosure or request of it. As required by law, this notice provides you with information about your rights and our legal duties and privacy practices with respect to the privacy of PHI. This notice also discusses the uses and disclosures we will make of your PHI. We must comply with the provisions of this notice as currently in effect, although we reserve the right to change the terms of this notice from time to time and to make the revised notice effective for all PHI we maintain.

PERMITTED USES AND DISCLOSURES

We can use or disclose your PHI for purposes of treatment, payment, and health care operations. For each of these categories of uses and disclosures, we have provided a description and examples below. However, not every particular use or disclosure in every category will necessarily be listed.

OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION

We may also use your PHI in the following ways:

SPECIAL SITUATIONS

Subject to the requirements of applicable law, we will make the following uses and disclosures of your PHI:

CONFIDENTIALITY OF PATIENT RECORDS

Federal law and regulations do not protect any information about suspected child or elder abuse or neglect from being reported under applicable state law to appropriate state or local authorities.

OTHER USES OF YOUR HEALTH INFORMATION

Certain uses and disclosures of PHI will be made only with your written authorization;

YOUR RIGHTS

You have the right to request restrictions on our uses and disclosures of PHI for treatment, payment and health care operations. However, we are not required to agree to your request unless the disclosure is to a health plan in order to receive payment, the PHI pertains solely to your health care items or services for which you have paid the bill in full, and the disclosure is not otherwise required by law. To request a restriction, you may make your request in writing to the Privacy Officer.

You have the right to reasonably request to receive confidential communications of your PHI by alternative means or at alternative locations, including electronically. To make such a request, you may submit your request in writing to the Privacy Officer.

You have the right to inspect and copy the PHI contained in our provider records, except for:

In order to inspect or obtain a copy of your PHI, you may submit your request in writing to the Privacy Officer. If you request a copy, we may charge you a fee for the costs of copying and mailing your records, as well as other costs associated with your request.

We may also deny a request for access to PHI under certain circumstances if there is a potential for harm to yourself or others. If we deny a request for access for this purpose, you have the right to have our denial reviewed in accordance with the requirements of applicable law.

You have the right to request an amendment to your PHI but we may deny your request for amendment, if we determine that the PHI or record that is the subject of the request:

In any event, any agreed upon amendment will be included as an addition to, and not a replacement of, already existing records. In order to request an amendment to your PHI, you must submit your request in writing to the Privacy Officer, along with a description of the reason for your request.

You have the right to receive an accounting of disclosures of PHI made by us to individuals or entities other than to you for the six (6) years prior to your request, except for disclosures:

To request an accounting of disclosures of your PHI, you must submit your request in writing to the Privacy Officer. Your request must state a specific time period for the accounting (e.g., the past year). The first accounting you request within a twelve (12) month period will be free. For additional accountings within twelve (12) months of the first request, we may charge you for the costs of providing the list. We will notify you of the costs involved, and you may choose to withdraw or modify your request at that time before any costs are incurred.

You have the right to receive a notification, in the event that there is a breach of your unsecured PHI, which requires notification under the Privacy Rule.

NOTICE REGARDING USE OF TECHNOLOGY

We may use electronic software, services, and equipment, including without limitation email, video conferencing technology, cloud storage and servers, internet communication, cellular network, voicemail, facsimile, electronic health record, and related technology (“Technology”) to share PHI with you or third-parties subject to the rights and restrictions contained herein. In any event, certain unencrypted storage, forwarding, communications and transfers may not be confidential. We will take measures to safeguard the data transmitted, as well as ensure its

integrity against intentional or unintentional breach or corruption. However, in very rare circumstances security protocols could fail, causing a breach of privacy or PHI.

CHANGES TO THIS NOTICE

We reserve the right to change this Notice at any time, for any reason permissible by law. We reserve the right to make the revised or changed Notice effective for PHI and medical information we already have about you as well as any information we receive in the future. We will post a copy of the current Notice at https://www.blueberrypediatrics.com/privacy-practices/. and provide copies to the facilities we provide care at.

COMPLAINTS

If you believe that your privacy rights have been violated, you should immediately contact the Privacy Officer at (754) 702-7256. We will not take action against you for filing a complaint. You also may file a complaint with the Secretary of the U. S. Department of Health and Human Services by sending a letter to: 200 Independence Avenue, S.W, Washington, D.C., 20201. Or calling: 1-877-696-6775, or visiting: www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

CONTACT PERSON

If you have any questions or would like further information about this Notice, please contact the Privacy Officer at (754) 702-7256.

This notice is effective as of August 4, 2020