HIPAA PRIVACY NOTICE

Effective Date: 06-March-2024

NOTICE OF PRIVACY PRACTICES FOR COMPLEMENT THEORY Inc. and its affiliates

Registered office : State of Delaware located at 8, The Green, Ste A, in the City of Dover, County of Kent, Zio 19901

Introduction:

This Notice of Privacy Practices describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully and along with our Terms of Service (https://clinicaltrial.complement1.com/tnc.html) and Privacy Policy (https://clinicaltrial.complement1.com/privacy.html)

Our Commitment to Your Privacy:

Complement Theory is committed to maintaining the privacy and security of your protected health information (PHI). We are dedicated to providing high-quality services to customers while safeguarding the confidentiality of their medical information.

Storage of your data

Your data is stored in the United States using AWS S3 with encryption at rest enabled. Your information may also be stored in Log files on Complement Theory’s server, and Complement Theory’s server discs are encryption-enabled.

Complement Theory reserves the right to store and process your personal information in the United States and in any other country, as permitted by applicable laws and regulations. Some of these countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).

When we transfer, store, or process personal information outside of your jurisdiction, we take appropriate safeguards to require that your personal information remain protected in accordance with our Privacy Policy (https://clinicaltrial.complement1.com/privacy.html) and applicable law.

Uses and Disclosures of Protected Health Information:

We may use and disclose your PHI for the purposes of treatment, payment, and healthcare operations. Here are some examples:

• 1. Treatment: We may use and disclose your PHI to provide, coordinate, or manage your exercise program. This includes sharing information with our healthcare coaches, healthcare providers and service providers to ensure a comprehensive approach to your well-being.
• 2. Payment: We may use and disclose your PHI to bill and collect payment for the exercise services we provide. This may include sharing information with your insurance company or other third-party payers.
• 3. Healthcare Operations and Research: We may use and disclose your PHI for our healthcare operations, such as quality improvement initiatives, training programs, and internal business processes.

Authorization for Other Uses and Disclosures:

We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice. You may revoke this authorization at any time, except to the extent that we have already taken action in reliance on your authorization.

Your Individual Rights:

You have the right to:

• 1. Inspect and Obtain a Copy: You may inspect and obtain a copy of your PHI.
• 2. Request an Amendment: You may request an amendment of your PHI if you believe it is inaccurate or incomplete.
• 3. Accounting of Disclosures: You have the right to receive an accounting of certain disclosures we have made of your PHI.
• 4. Request Restrictions: You may request restrictions on certain uses and disclosures of your PHI.
• 5. Request Confidential Communications: You may request to receive communications of PHI by alternative means or at alternative locations.

Our Legal Duty:

We are required by law to maintain the privacy of your PHI, provide you with this Notice of our legal duties and privacy practices, and abide by the terms of the Notice currently in effect.

Contact Information:

If you have any questions about this Notice or would like further information concerning your privacy rights, please contact Complement Theory Privacy Office at privacy@compthealth.com

Complaints:

A.      Complaints

Complaints about this Notice of Privacy Practices or how Complement Theory handles your health information should be directed to our Contact listed at the top of this Notice of Privacy Practices.

If you are not satisfied with the manner in which Complement Theory handles a complaint, you may submit a formal complaint to:

OCRMail@hhs.gov

 The complaint form may be found at www.hhs.gov/ocr/privacy/hipaa/complaints/hipcomplaint.pdf.  You will not be penalized in any way for filing a complaint.

Changes to this Notice:

We reserve the right to change the terms of this Notice at any time. We will post a revised Notice on our website and make copies available upon request.

This Notice is effective as of 06-March-2024