Hipaa Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

INA, operated by Adsail LLC, is committed to protecting the privacy of your protected health information ("PHI") in accordance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the HITECH Act, and all applicable federal and state regulations. This Notice of Privacy Practices ("Notice") describes how we may use and disclose your PHI, your rights regarding your PHI, and our obligations to protect it. This Notice applies to all PHI created, received, maintained, or transmitted by INA and the healthcare providers who deliver services through our platform.

Uses and Disclosures of Protected Health Information

We may use and disclose your PHI without your written authorization for the following purposes:

Treatment

We may use and disclose your PHI to provide, coordinate, and manage your healthcare treatment. This includes sharing information with the licensed healthcare providers in the OpenLoop physician network who conduct your telehealth consultations, with pharmacies that dispense your medications, and with other healthcare providers involved in your care. For example, your treating provider may review your health intake information and medical history to determine the most appropriate course of treatment.

Payment

We may use and disclose your PHI as necessary to obtain payment for the healthcare services provided to you. This may include billing and collection activities, verification of coverage, and communications with payment processors to facilitate transactions related to your treatment.

Healthcare Operations

We may use and disclose your PHI for our internal healthcare operations, including quality assessment and improvement activities, case management, care coordination, conducting or arranging for medical reviews, auditing functions, compliance programs, business planning, and general administrative activities.

Other Permitted Uses and Disclosures

We may also use or disclose your PHI without your authorization in the following circumstances, as permitted or required by law:

• As required by law: We will disclose your PHI when required to do so by federal, state, or local law.
• Public health activities: We may disclose your PHI for public health purposes, such as reporting diseases, injuries, vital events, or conducting public health surveillance or investigations.
• Health oversight activities: We may disclose your PHI to health oversight agencies for activities authorized by law, such as audits, inspections, investigations, and licensure actions.
• Judicial and administrative proceedings: We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
• Law enforcement: We may disclose your PHI to law enforcement officials under certain circumstances, such as in response to a court order or warrant, to identify or locate a suspect, or to report certain types of wounds or injuries.
• To avert a serious threat: We may use and disclose your PHI when necessary to prevent or lessen a serious and imminent threat to your health or safety or the health and safety of the public or another person.
• Workers' compensation:We may disclose your PHI as authorized by and to the extent necessary to comply with workers' compensation laws and other similar programs.

For uses and disclosures not described in this Notice, we will obtain your written authorization before using or disclosing your PHI. You may revoke any such authorization at any time in writing, except to the extent that we have already acted in reliance on your authorization.

Your Rights Regarding Your Protected Health Information

You have the following rights with respect to your PHI:

Right to Inspect and Copy

You have the right to inspect and obtain a copy of your PHI that is maintained by us, including medical and billing records. To request access, you must submit a written request to our Privacy Officer. We may charge a reasonable, cost-based fee for providing copies. In certain limited circumstances, we may deny your request to access your records, and you may have the right to request a review of that denial.

Right to Amend

You have the right to request that we amend your PHI if you believe the information is inaccurate or incomplete. Your request must be submitted in writing and include the reason for the amendment. We may deny your request under certain circumstances, such as if the information was not created by us or if we determine the existing record is accurate and complete.

Right to an Accounting of Disclosures

You have the right to request an accounting of certain disclosures of your PHI that we have made. This accounting will not include disclosures made for treatment, payment, or healthcare operations, or disclosures you authorized in writing. The first accounting within a 12-month period is free; we may charge a reasonable fee for subsequent requests.

Right to Request Restrictions

You have the right to request that we restrict certain uses or disclosures of your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request unless the disclosure is to a health plan for payment or healthcare operations purposes, and the PHI relates solely to a service for which you have paid in full out of pocket.

Right to Request Confidential Communications

You have the right to request that we communicate with you about your health information in a particular way or at a particular location. For example, you may request that we contact you only at a specific email address or phone number. We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice upon request, even if you have previously agreed to receive it electronically.

Our Duties

We are required by law to maintain the privacy and security of your PHI, to provide you with this Notice of our legal duties and privacy practices with respect to your PHI, and to abide by the terms of this Notice as currently in effect. We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI we maintain, including information created or received before the changes were made. If we make a material change to this Notice, we will post the revised version on our website and make it available upon request.

Breach Notification

In the event of a breach of your unsecured PHI, we will notify you as required by federal and state law. A breach is defined as the acquisition, access, use, or disclosure of PHI in a manner that compromises its security or privacy. We will provide notification without unreasonable delay and no later than 60 days after discovery of the breach. Notification will include a description of the breach, the types of information involved, the steps you should take to protect yourself, what we are doing to investigate and mitigate the breach, and contact information for you to ask questions or receive additional information. We will also notify the U.S. Department of Health and Human Services and, in certain circumstances, the media, as required by law.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or directly with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint. To file a complaint with our Privacy Officer, please use the contact information below. To file a complaint with the Office for Civil Rights, visit www.hhs.gov/ocr/privacy/hipaa/complaints or call (800) 368-1019.

Contact Information for Privacy Officer

For questions about this Notice, to exercise your rights, or to file a complaint, please contact our Privacy Officer: