HIPAA Notice of Privacy Practices

1. Who This Notice Applies To

This Notice describes the privacy practices of Daily Slim Down LLC and the affiliated providers and professional entities that deliver care through the Daily Slim Downplatform (collectively, the "Covered Entities"). The Covered Entities participate in an Organized Health Care Arrangement ("OHCA") so that we may share Protected Health Information ("PHI") as needed for treatment, payment, and joint healthcare operations.

2. Our Pledge Regarding Your Health Information

We are required by law to (a) maintain the privacy and security of your PHI; (b) provide you this Notice of our legal duties and privacy practices; (c) notify you in the event of a breach of unsecured PHI; and (d) follow the terms of the Notice currently in effect. We follow the federal HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164) and applicable state privacy laws (including 42 C.F.R. Part 2 where it applies).

3. How We May Use and Disclose PHI Without Your Authorization

Treatment

We use and disclose PHI to provide, coordinate, and manage your healthcare — for example, by sharing your information with your treating provider, covering providers, pharmacies, laboratories, and other clinicians involved in your care.

Payment

We use and disclose PHI for billing and to obtain payment for services — for example, by processing your payment, providing receipts, and (if you direct) submitting documentation to your insurance, HSA, or FSA administrator.

Healthcare Operations

We use and disclose PHI for healthcare-operations activities including quality assessment and improvement, peer review, provider credentialing, training, audits, accreditation, regulatory reporting, and general business management.

Business Associates

We may share PHI with vendors that perform services on our behalf (such as cloud hosting, communications, payment processing, identity verification, and analytics) only under written Business Associate Agreements that require them to safeguard PHI consistent with HIPAA.

Required by Law

We will disclose PHI when required by federal, state, or local law, including in response to subpoenas, court orders, or other valid legal process.

Public Health, Health Oversight & Safety

We may disclose PHI for public-health activities (such as reporting communicable diseases, FDA-regulated product safety, and adverse-event reporting), to health-oversight agencies, to report suspected abuse or neglect, to avert a serious threat to health or safety, and for workers' compensation purposes as required by law.

Other Permitted Uses

We may also use or disclose PHI for organ and tissue donation, research (with appropriate authorization or waiver), specialized government functions (such as military, national security, and protective services for the President), coroners and medical examiners, and to correctional institutions as permitted by law.

4. Uses and Disclosures Requiring Your Written Authorization

Unless one of the exceptions above applies, we will obtain your written authorization before:

• Using or disclosing PHI for marketing purposes (other than face-to-face communications and certain promotional gifts of nominal value);
• Selling PHI in any form;
• Disclosing psychotherapy notes (where applicable); and
• Any other use or disclosure not described in this Notice.

You may revoke an authorization at any time, in writing. The revocation will not apply to actions we already took in reliance on the authorization.

5. Your Rights Regarding Your PHI

• Right of Access. You may inspect and obtain a copy of your PHI in our designated record set, including in electronic form when readily producible. We will provide it within 30 days (extendable once by 30 days) and may charge a reasonable, cost-based fee.
• Right to Amend. You may request that we amend PHI you believe is incorrect or incomplete. We may deny the request in limited circumstances and you may submit a statement of disagreement.
• Right to an Accounting of Disclosures. You may request a list of certain disclosures we made of your PHI in the six years preceding the request (excluding disclosures for treatment, payment, healthcare operations, and several other categories).
• Right to Request Restrictions. You may request restrictions on how we use or disclose PHI for treatment, payment, or healthcare operations. We are not required to agree, except that we must agree to restrict disclosure to a health plan for items or services you paid for in full out-of-pocket.
• Right to Confidential Communications. You may request that we communicate with you in a particular manner or at a particular location. We will accommodate reasonable requests.
• Right to Receive Notice of a Breach. You will be notified following a breach of your unsecured PHI as required by law.
• Right to a Paper Copy of This Notice. You may obtain a paper copy at any time, even if you have agreed to receive it electronically.
• Right to Opt Out of Fundraising. If we use your PHI to send you fundraising communications, you may opt out.

To exercise these rights, contact our HIPAA Privacy Officer at [email protected].

6. Minimum Necessary

When using or disclosing PHI, or when requesting PHI from another covered entity, we make reasonable efforts to use, disclose, or request only the minimum amount necessary to accomplish the purpose. This standard does not apply to disclosures to or requests by a healthcare provider for treatment, disclosures to you, disclosures pursuant to your authorization, disclosures required by law, or certain other uses required by HIPAA.

7. Marketing & Sale of PHI

We do not sell your PHI.We will not use or disclose your PHI for marketing purposes that require authorization without your written authorization. Communications about treatment alternatives, refill reminders, and care coordination are not considered "marketing" under HIPAA.

8. Changes to This Notice

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have about you as well as PHI we receive in the future. The current Notice will always be posted on the Platform with its effective date and version. We will notify you of material changes by email or in-portal message.

9. Complaints

If you believe your privacy rights have been violated, you may file a complaint with our HIPAA Privacy Officer or directly with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

To file a complaint with us:
HIPAA Privacy Officer, Daily Slim Down LLC
Email: [email protected]
Mailing address available on request — please email [email protected]

To file a complaint with HHS:
Office for Civil Rights, U.S. Department of Health and Human Services
200 Independence Avenue, S.W., Room 509F HHH Building, Washington, D.C. 20201
Toll-Free: 1-877-696-6775
Online: https://www.hhs.gov/hipaa/filing-a-complaint/

10. Contact

Questions about this Notice or our privacy practices:
HIPAA Privacy Officer, Daily Slim Down LLC
Email: [email protected]
Support: [email protected]