HIPAA Notice of Privacy Practices

Introduction

Factor Sciences ("we," "us," "our," or "Company") is committed to protecting the privacy and security of your health information. This Notice of Privacy Practices describes how we may use and disclose your Protected Health Information (PHI) to carry out treatment, payment, or healthcare operations, and for other purposes permitted or required by law.

This notice also describes your rights regarding your health information and our legal duties concerning that information. We are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other applicable laws to maintain the privacy of your PHI and to provide you with this notice.

Effective Date: This notice is effective as of December 30, 2024, and applies to all Protected Health Information created or received by Factor Sciences.

1. What is Protected Health Information (PHI)?

Protected Health Information means individually identifiable health information that we create, receive, maintain, or transmit in connection with providing healthcare services. This includes:

• •Information about your past, present, or future physical or mental health conditions
• •Information about healthcare services provided to you
• •Information about payment for healthcare services
• •Information that identifies you or could reasonably be used to identify you (name, address, date of birth, etc.)

2. How We May Use and Disclose Your PHI

2.1 Treatment

We may use and disclose your PHI to provide, coordinate, or manage healthcare services. This includes consultations with healthcare providers through our platform, sharing information with specialists for referrals, and coordinating care with other healthcare professionals involved in your treatment.

Examples:

• •Sharing your medical history with a healthcare provider during a telehealth consultation
• •Sending consultation notes to your primary care physician with your authorization
• •Coordinating care recommendations with other members of your healthcare team

2.2 Payment

We may use and disclose your PHI to bill and collect payment for services provided. This includes submitting claims to insurance companies, verifying coverage, and processing payments.

Examples:

• •Processing credit card payments for consultation services
• •Providing billing statements and transaction records
• •Sharing information with payment processors for transaction verification

2.3 Healthcare Operations

We may use and disclose your PHI for our healthcare operations, which include quality improvement, provider credentialing, business planning, and other administrative activities necessary to run our platform and ensure high-quality care.

Examples:

• •Quality assessment and improvement activities
• •Training healthcare professionals and administrative staff
• •Reviewing provider performance and patient satisfaction
• •Business planning and development activities

3. Other Permitted and Required Uses and Disclosures

We may also use or disclose your PHI without your written authorization in the following circumstances:

3.1 As Required by Law

We will disclose PHI when required by federal, state, or local law, including in response to court orders, subpoenas, or administrative requests from government agencies.

3.2 Public Health and Safety

• •Reporting to public health authorities for disease prevention and control
• •Reporting suspected abuse, neglect, or domestic violence as required by law
• •Preventing or lessening a serious threat to health or safety

3.3 Health Oversight Activities

Disclosures to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure activities.

3.4 Legal Proceedings

Disclosures in response to court orders, subpoenas, discovery requests, or other lawful processes in connection with legal proceedings.

3.5 Law Enforcement

Limited disclosures to law enforcement officials as required by law or in response to valid legal requests, such as identifying suspects, locating missing persons, or reporting crimes.

3.6 Coroners and Medical Examiners

Disclosures to coroners, medical examiners, or funeral directors as necessary to carry out their duties.

4. Uses and Disclosures Requiring Your Authorization

Other uses and disclosures of your PHI not covered by this notice or permitted by law will be made only with your written authorization. You have the right to revoke any authorization at any time by submitting a written notice, except to the extent we have already acted in reliance on your authorization.

Examples requiring authorization:

• •Marketing communications (other than treatment communications)
• •Sale of PHI
• •Most uses and disclosures of psychotherapy notes
• •Sharing information with family members or friends (unless you have verbally agreed or in emergency situations)

5. Your Rights Regarding Your PHI

You have the following rights regarding your Protected Health Information:

5.1 Right to Access

You have the right to inspect and obtain a copy of your PHI maintained in our records. To request access, submit a written request to our Privacy Officer. We may charge a reasonable fee for copying and mailing costs. We will respond to your request within 30 days.

5.2 Right to Amend

If you believe information in your record is incorrect or incomplete, you may request an amendment. We may deny your request in certain circumstances, such as if the information was not created by us or if it is already accurate and complete. If denied, you have the right to submit a statement of disagreement.

5.3 Right to an Accounting of Disclosures

You have the right to request an accounting of certain disclosures of your PHI made by us during the six years prior to your request. This does not include disclosures for treatment, payment, healthcare operations, or disclosures you authorized.

5.4 Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request except in limited circumstances (e.g., you paid out-of-pocket in full and request we not disclose to your health plan). If we agree, we will comply with your request unless the information is needed for emergency treatment.

5.5 Right to Request Confidential Communications

You have the right to request that we communicate with you about your health information by alternative means or at alternative locations (e.g., by mail instead of phone, at a work address instead of home). We will accommodate reasonable requests.

5.6 Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice at any time, even if you have agreed to receive it electronically. You may request a copy from our Privacy Officer or download it from our website.

5.7 Right to Breach Notification

You have the right to be notified in the event of a breach of your unsecured PHI. We will notify you without unreasonable delay and no later than 60 days after discovering a breach.

6. Our Responsibilities

We are required by law to:

• •Maintain the privacy and security of your Protected Health Information
• •Provide you with this Notice of our legal duties and privacy practices
• •Follow the terms of the Notice currently in effect
• •Notify you if we are unable to agree to a requested restriction
• •Accommodate reasonable requests for confidential communications
• •Notify you of breaches of unsecured PHI

7. Changes to This Notice

We reserve the right to change the terms of this Notice at any time. Any changes will apply to all PHI we maintain, including information created or received before the change. When we make a material change to our privacy practices, we will:

• •Post the updated Notice on our website with a new effective date
• •Make copies available at our offices and upon request
• •Notify you of material changes via email or platform notification

The current Notice will always be available on our website at www.factorsciences.com/hipaa or by contacting our Privacy Officer.

8. Complaints

If you believe your privacy rights have been violated, you may file a complaint with Factor Sciences or with the U.S. Department of Health and Human Services (HHS). You will not be retaliated against for filing a complaint.

File a Complaint with Factor Sciences:

File a Complaint with HHS:

9. Contact Information

For questions about this Notice, to exercise your privacy rights, or for more information about our privacy practices, please contact: