Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

HerpAlert is committed to maintaining the privacy of your protected health information (“PHI”). PHI is information about you that may be used to identify you (such as your name or address), and that relates to your physical or mental health or condition, the provision of healthcare to you, or your payment for the provision of health care. In conducting its business, HerpAlert will receive and create records containing your PHI. HerpAlert is required by law to maintain the privacy of your PHI and to provide you this Notice of Privacy Practices (“Notice”), which explains our legal duties and privacy practices, as well as your rights, with respect to PHI that we collect and maintain. We are required to abide by the terms of this Notice currently in effect. However, we reserve the right to change the privacy practices described in this Notice and make the new practices effective for all PHI that we maintain Should we make such a change, we will post the new Notice on its Web site and will make the new Notice available upon request.

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION

A. Routine Uses and Disclosures of Protected Health Information

We are permitted under federal law to use and disclose PHI, without your written authorization, for certain routine uses and disclosures, such as those made for treatment, payment, and the operation of our business. The following are examples of the types of routine uses and disclosures of PHI that we are permitted to make. While this list is not exhaustive, it should give you an idea of the routine uses and disclosures we are permitted to make.

For Treatment: We will use and disclose your PHI to provide, coordinate, or manage your treatment. We may disclose medical information about you to our physicians, to other health care providers treating you who are not part of HerpAlert, and to other personnel involved in your health care.

For Payment: Your PHI will be used, as needed, to obtain payment for the health care services we provide you. We may use and disclose medical information about your treatment and services to bill and collect payment from you, your insurance company or a third party payer.

For Health Care Operations: We may use or disclose your PHI in order to support the business activities of this medical practice. These activities may include, but are not limited to, quality assessment activities, practice accreditation, employee review activities, billing, and licensing, legal advice, accounting support and conducting or arranging for other business activities.

B. Uses and Disclosures That May Be Made Without Your Authorization or Opportunity to Object

We may use or disclose your PHI in the following situations without your authorization or providing you the opportunity to object.

Required by the Secretary of the Department of Health and Human Services: We may be required to disclose your PHI to the Secretary of the Department of Health and Human Services (“Secretary”) to investigate or determine our compliance with the requirements of the final rule on Standards for Privacy of Individually Identifiable Health Information.

Required By Law: We may use or disclose your PHI to the extent that the use or disclosure is otherwise required by federal, state or local law.

Public Health: We may disclose your PHI for public health activities, such as disclosures to a public health authority or other government agency that is permitted by law to collect or receive the information (e.g., the Food and Drug Administration or state or county departments of health).

Health Oversight: We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.

Abuse or Neglect: If you have been a victim of abuse, neglect, or domestic violence, we may disclose your PHI to a government agency authorized to receive such information.

Judicial and Administrative Proceedings: We may disclose your PHI in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), and, in certain circumstances, in response to a subpoena, discovery request or other lawful process.

We may disclose your PHI if the disclosure is compelled by a board, commission or administrative agency for purposes of adjudication or pursuant to an investigative subpoena or is compelled by an arbitrator or arbitration panel pursuant to a subpoena duces tecum under certain circumstances.

We may disclose your PHI to the extent it is relevant to your condition, care or treatment to a probate court investigator in the course of an investigation required or authorized in a conservatorship proceeding under state law.

Law Enforcement: We may disclose your PHI, so long as applicable legal requirements are met, for law enforcement purposes, such as providing information to the police about the victim of a crime.

Coroners and Funeral Directors: We may disclose your PHI to a coroner, medical examiner, or funeral director if it is needed to perform their legally authorized duties.

Organ Donation: If you are an organ donor, we may disclose your PHI to organ procurement organizations as necessary to facilitate organ donation or transplantation.

Research: Under certain circumstances, we may disclose your PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.

Serious Threat to Health or Safety: We may disclose your PHI if we believe it is necessary to prevent a serious and imminent threat to the public health or safety and the disclosure is made to someone we reasonably believe is able to prevent or lessen the threat.

Specialized Government Functions: When the appropriate conditions apply, we may disclose PHI for purposes related to military or national security concerns, such as for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits.

Workers’ Compensation: We may disclose your PHI as necessary to comply with workers’ compensation laws and other similar programs.

Inmates: We may use or disclose your PHI if you are an inmate of a correctional facility and we created or received your PHI in the course of providing care to you.

Business Associates: We may disclose your PHI to persons who perform functions, activities or services to us or on our behalf that require the use or disclosure of PHI. To protect your health information, we require the business associate to appropriately safeguard your information.

C. Uses and Disclosures That May Be Made Either With Your Agreement or the Opportunity to Object

Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, orally or in writing, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose your PHI to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location or general condition.

Wellness Plan Participation. If you participate in a voluntary employer or group health plan wellness program that engages HerpAlert to administer the laboratory and biometric collection, we may without your consent, share your PHI with third-party entities involved in the provision of wellness, health promotion or similar services on behalf of the employer or group health plan.

D. Uses and Disclosures of Protected Health Information Based upon Your Written Authorization

Marketing: We must obtain your written authorization to use and disclose your PHI for most marketing purposes.

Sale of PHI: We must obtain your written authorization for any disclosure of your PHI which constitutes a sale of PHI.

Other Uses: Other uses and disclosures of your PHI, not described above, will be made only with your written authorization. You may revoke your authorization, at any time, in writing, except to the extent that we have taken action in reliance on the authorization.

YOUR RIGHTS REGARDING HEALTH INFORMATION ABOUT YOU

You have certain rights regarding your PHI, which are explained below. You may exercise these rights by submitting a request in writing to our Privacy Officer.

A. You have the right to inspect and copy your PHI. If you would like to see or copy your PHI that is contained in a designated record set (e.g., medical and billing records), we are required to provide you access to such PHI for inspection and copying within 30 days after receipt of your request (with up to a 30-day extension if needed). We may charge you a reasonable fee to cover duplication, mailing and other costs incurred by us in complying with your request. We will permit you or your representative to inspect your medical records during business hours within five (5) working days after receipt of a written request by you or your representative.

You or your representative are entitled to copies of all or any portion of your patient records upon presenting a written request specifying the records to be copied, together with a fee to defray the cost of copying, that shall not exceed twenty-five cents ($0.25) per page or fifty cents ($0.50) per page for records that are copied from microfilm and any additional reasonable clerical costs incurred in making the records available. We are required to ensure that the copies are transmitted within fifteen (15) days after receiving the written request. We may choose to prepare a summary of your medical record rather than allowing access to the entire record, in which case we must make the summary of the record available to you within ten (10) working days (with up to a 20-day extension if needed) from the request date.

B. You have the right to request a restriction of your PHI. This means you may ask us not to use or disclose any part of your PHI for purposes of treatment, payment or health care operations. You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice. Your request must state the specific restriction requested and to whom you want the restriction to apply. We are not required to agree to a restriction that you may request, except we must agree not to disclose your PHI to your health plan if the disclosure is for payment or health care operations and is not otherwise required by law, and relates to a health care item or service which you paid for in full out of pocket. If we agree to the requested restriction, we may not use or disclose your PHI in violation of that restriction unless it is needed to provide emergency treatment.

C. You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable requests. We may also condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact.

D. You have the right to amend your PHI. This means you may request an amendment of your PHI in our records that is contained in a designated record set (e.g., medical and billing records) for as long as we maintain the PHI. We will respond to your request within 60 days (with up to a 30-day extension if needed). We may deny your request if, for example, we determine that your PHI is accurate and complete. If we deny your request, we will send you a written explanation and allow you to submit a written statement of disagreement.

E. You have the right to receive an accounting of certain disclosures that we have made of your PHI. You have the right to receive an accounting of certain disclosures we have made, if any, of your PHI. This right only applies to disclosures for purposes other than treatment, payment or health care operations as described in this Notice. The right to receive this information is subject to certain exceptions, restrictions and limitations. You have the right to one free request within any 12-month period, but we may charge you for any additional requests in the same 12-month period. We will notify you about any such charges, and you are free to withdraw or modify your request in writing before any charges are incurred. We will respond to your request within 60 days (with up to a 30-day extension if needed).

F. You have the right to obtain a paper copy of this Notice from us. You have the right to receive a paper copy of this Notice upon request. You may ask us to give you a copy of this Notice at any time.

G. You have the right to be notified if you are affected by a breach of unsecured PHI.

H. You have the right to opt out of receiving fundraising communications from us. We may contact you for fundraising purposes. You have the right to opt out of receiving these communications.

COMPLAINTS

If you believe that we have violated your privacy rights, you may file a complaint with us by notifying our Privacy Officer in writing at the following address:

HerpAlert.com

340 S Lemon Avenue #8802

Walnut, CA 91789

United States

support@herpalert.com

You have the right to file a complaint with the US Department of Health & Human Services (HHS). We will not retaliate against you in any way for filing a complaint. You may also submit your complaint to the Secretary.

This notice is effective on January 01, 2019.