HIPAA Notice of Privacy Practices

1. Our Commitment to Your Privacy

NexerDoc is committed to protecting the privacy and confidentiality of your protected health information (PHI). As a healthcare provider operating under Licensed Medical Oversight, we are required by law to maintain the privacy of your health information and to provide you with this Notice of Privacy Practices ("Notice"). This Notice describes how we may use and disclose your PHI and your rights regarding that information.

Our licensed medical professionals, clinical staff, and administrative personnel are all trained in HIPAA compliance and are committed to safeguarding your health information.

2. Our Legal Duties

Under HIPAA, we are required to:

• Maintain the privacy and security of your PHI
• Provide you with this Notice explaining our legal duties and privacy practices
• Abide by the terms of this Notice currently in effect
• Notify you if a breach of your unsecured PHI occurs
• Apply the minimum necessary standard when using or disclosing your PHI

We reserve the right to change the terms of this Notice and make new provisions effective for all PHI we maintain. If we make material changes, we will update this Notice and make it available on our Platform.

3. How We May Use and Disclose Your PHI

3.1 Treatment

We may use and disclose your PHI to provide, coordinate, and manage your healthcare. This includes:

• Consultations with our licensed medical professionals for diagnosis and treatment planning
• Prescribing and managing medications under Licensed Medical Oversight
• Coordinating care with pharmacies, laboratories, and other healthcare providers
• Sharing information with specialists involved in your care
• Contacting you with appointment reminders and treatment follow-ups

3.2 Payment

We may use and disclose your PHI for payment-related activities, including:

• Billing your insurance company or health plan
• Processing payments for services rendered
• Determining eligibility and coverage
• Reviewing medical necessity for services
• Collection activities for unpaid balances

3.3 Healthcare Operations

We may use and disclose your PHI for our healthcare operations, including:

• Quality assessment and improvement activities
• Provider credentialing and performance evaluation
• Training programs for our clinical staff
• Accreditation, certification, or licensing activities
• Business management and administrative activities
• Legal and compliance services

4. Other Permitted Uses and Disclosures

We may use or disclose your PHI without your authorization in the following circumstances:

• As Required by Law: When required by federal, state, or local law
• Public Health Activities: To public health authorities for disease prevention, reporting, or surveillance
• Health Oversight Activities: To health oversight agencies for audits, investigations, and licensure
• Judicial and Administrative Proceedings: In response to a court order or subpoena
• Law Enforcement: To law enforcement officials as permitted by law
• Coroners, Medical Examiners, and Funeral Directors: As authorized by law
• Organ and Tissue Donation: To organ procurement organizations
• Research: Under certain conditions with Institutional Review Board approval
• Serious Threat to Health or Safety: To prevent or lessen a serious threat
• Workers' Compensation: As authorized by workers' compensation laws
• Military and Veterans: As required by military command authorities
• National Security: To authorized federal officials for national security purposes

5. Uses and Disclosures Requiring Your Authorization

We will obtain your written authorization before using or disclosing your PHI for:

• Marketing purposes (where financial remuneration is involved)
• Sale of your PHI
• Most uses and disclosures of psychotherapy notes
• Any other use or disclosure not described in this Notice

You may revoke your authorization at any time in writing, except to the extent we have already taken action in reliance on your authorization.

6. Your Rights Regarding Your PHI

6.1 Right to Access

You have the right to inspect and obtain copies of your PHI maintained in our designated record sets. We may charge a reasonable, cost-based fee for copies. Requests must be made in writing. We will respond within 30 days (with one 30-day extension available).

6.2 Right to Amend

You have the right to request amendments to your PHI if you believe it is incorrect or incomplete. We may deny your request if we determine the information is accurate and complete, was not created by us, or is not part of the designated record set. Denials will be provided in writing with an explanation and information on how to submit a statement of disagreement.

6.3 Right to an Accounting of Disclosures

You have the right to request an accounting of disclosures we have made of your PHI for purposes other than treatment, payment, healthcare operations, and certain other exceptions. The accounting will cover up to six years prior to your request (excluding disclosures made prior to April 14, 2003). The first accounting in any 12-month period is free; we may charge a fee for subsequent requests.

6.4 Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request, except where the restriction relates to disclosure to a health plan for payment or healthcare operations if you have paid out-of-pocket in full for the service. If we agree, we will comply with the restriction unless emergency circumstances arise.

6.5 Right to Confidential Communications

You have the right to request that we communicate with you about your PHI through alternative means or at alternative locations. We will accommodate reasonable requests. You may specify the method of communication and the address or contact point.

6.6 Right to Request Deletion

You have the right to request that we delete your PHI. We may deny your request if we are required to maintain the information by law, if the information was created by us in the course of providing treatment, or if deletion would impair our ability to provide services to you. Denials will be provided in writing.

6.7 Right to Receive a Paper Copy

You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive it electronically.

6.8 Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@nexerdoc.com or with the Secretary of the Department of Health and Human Services. We will not retaliate against you for filing a complaint.

7. Minimum Necessary Standard

When using or disclosing your PHI, we apply the minimum necessary standard. This means we make reasonable efforts to limit the PHI used or disclosed to the minimum amount necessary to accomplish the intended purpose. This standard applies to routine and non-routine disclosures. Our policies and procedures define who within our organization has access to PHI based on their role and responsibilities.

8. Breach Notification

In the event of a breach of unsecured PHI, we will notify you without unreasonable delay and in no case later than 60 days after discovery of the breach. Our notification will include:

• A description of the breach, including the date and approximate timeframe
• The types of PHI involved in the breach
• Steps you should take to protect yourself from potential harm
• A description of what we are doing to investigate and mitigate the breach
• Contact information for our Privacy Officer

If the breach involves more than 500 individuals, we will also notify prominent media outlets and the Secretary of HHS.

9. Security Safeguards

We maintain comprehensive administrative, physical, and technical safeguards to protect your PHI:

• Administrative Safeguards: HIPAA training programs, security policies, risk assessments, contingency planning, and business associate agreements
• Physical Safeguards: Secure facilities, access controls, workstation security, and device and media controls
• Technical Safeguards: Access controls, audit controls, integrity controls, transmission security, authentication mechanisms, and encryption

Our security program is regularly reviewed and updated to address evolving threats and regulatory requirements.

10. Business Associates

We engage business associates who perform functions or activities on our behalf that involve the use or disclosure of PHI. These business associates are required by contract to implement appropriate safeguards and to comply with HIPAA requirements. All business associates sign Business Associate Agreements (BAAs) before accessing any PHI.

11. Coordination of Services

As a telehealth platform with Licensed Medical Oversight, we coordinate with various entities involved in your care, including pharmacies, laboratories, and specialists. Information sharing with these entities is limited to the minimum necessary for treatment coordination and is conducted under appropriate agreements and authorizations.

12. State Law

Where state law provides greater privacy protections than HIPAA, we will follow the more protective state law. This may include additional protections for specific types of health information, such as mental health records, HIV/AIDS information, or genetic information.

13. Effective Date and Changes

This Notice is effective as of the date stated at the top of this page. We reserve the right to change this Notice at any time. Changes will apply to all PHI we maintain. We will post revised notices on our Platform and make paper copies available upon request. Material changes will be communicated through our Platform and/or email.

14. Contact Information

For questions, concerns, or to exercise your rights under this Notice:

• Privacy Officer: privacy@nexerdoc.com
• Phone: (555) 123-4567
• Mail: NexerDoc Privacy Officer, 123 Healthcare Drive, Suite 200, Medical City, MC 12345
• HHS Complaint: U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Washington, D.C. 20201