Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Lifespan Logic, Inc. (“Lifespan Logic”) is committed to maintaining the privacy of your protected health information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”) and related state laws.

1. How we use and disclose your PHI

1.1 For your treatment

We share your PHI with the licensed clinician you are matched with, the pharmacy that fills any prescription, the laboratory that performs any test, and other clinicians involved in your care, so they can provide and coordinate treatment.

1.2 For payment

We use and share PHI to bill you, process your payment, and (with your authorization) bill insurance.

1.3 For healthcare operations

We use PHI to operate Lifespan Logic — quality improvement, training, fraud detection, audit, and accreditation. We minimize the data used for these purposes wherever possible.

1.4 As required or permitted by law

We may disclose PHI to public health authorities, in legal proceedings (under subpoena or court order), to law enforcement, to coroners and funeral directors, to organ procurement organizations, for workers’ compensation, and to avert a serious threat to health or safety. We will only disclose what is required.

1.5 With your written authorization

For any use or disclosure not covered above — including for marketing or for the sale of PHI — we will ask for your written authorization, which you may revoke at any time.

2. Your rights

• Access: receive an electronic or paper copy of your medical and billing records, usually within 30 days.
• Amend: request a correction to information you believe is inaccurate or incomplete.
• Accounting of disclosures: receive a list of disclosures we made for purposes other than treatment, payment, or operations.
• Restrictions: request that we limit how we use or disclose your PHI. We will agree to restrictions on disclosures to a health plan when you have paid out of pocket in full.
• Confidential communications: ask us to contact you in a specific way (for example, by email only) or at a specific location.
• Paper copy: get a paper copy of this notice on request, even if you have agreed to receive it electronically.
• Breach notification: receive notice if there is a breach of your unsecured PHI.
• Choose someone to act for you: if you have given a person legal medical power of attorney or guardianship, that person can exercise these rights.

3. Our obligations

• We are required by law to maintain the privacy and security of your PHI.
• We will let you know if a breach of unsecured PHI occurs.
• We must follow the duties and privacy practices described in this notice and give you a copy.
• We will not use or share your information other than as described here unless you give us written permission.

4. Security and access controls

• PHI is encrypted at rest with Cloud KMS envelope encryption.
• All transport is TLS 1.2+ end-to-end.
• Clinician access is restricted to patients in their care.
• We log every access to PHI with a tamper-evident audit trail.
• Vendors handling PHI are under signed Business Associate Agreements.

5. How to exercise your rights

Submit requests at app.lifespanlogic.com/account/privacy/data-request or email privacy@lifespanlogic.com.

6. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@lifespanlogic.com or with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa/filing-a-complaint or by mail at 200 Independence Avenue SW, Washington, D.C. 20201. We will not retaliate against you for filing a complaint.

7. Changes to this notice

We may change this notice and apply revised terms to information we already have. Updated notices will be posted at this URL with a new effective date.

8. Contact

Lifespan Logic, Inc.  ·  Privacy Officer  ·  privacy@lifespanlogic.com.