TeleMD Solutions Inc. (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy and security of your Protected Health Information (“PHI”) as required under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, and applicable federal and state privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your PHI and other personal information when you use our telehealth services and our medical management application (the “Services”).

1. Definitions

• Protected Health Information (PHI): Any individually identifiable health information, including demographic data, medical history, test results, insurance information, and other data that relates to your physical or mental health, healthcare services, or payment for healthcare.
• Covered Entity:A healthcare provider, health plan, or healthcare clearinghouse subject to HIPAA.
• Business Associate: A third-party service provider that creates, receives, maintains, or transmits PHI on behalf of a Covered Entity.

2. Information We Collect

We may collect the following categories of information:

• PHI: Medical history, diagnoses, prescriptions, provider notes, consultation records, treatment information, and insurance/payment details.
• Personal Information: Name, address, contact information, date of birth, and account credentials.
• Employment & Workforce Data (for platform users): Work schedules, performance records, licensing information, training, and compliance data.
• Technical Data: Device identifiers, IP addresses, system logs, and usage analytics.

3. How We Use Your PHI and Personal Information

We use PHI and personal information to:

• Provide telehealth consultations, diagnosis, and treatment.
• Support care coordination between healthcare providers.
• Facilitate scheduling, billing, payroll, and compliance for healthcare organizations.
• Operate, maintain, and improve our Services.
• Ensure regulatory compliance, including HIPAA and state privacy laws.
• Communicate important updates, security notices, and service information.
• Conduct quality assurance and data analytics to enhance patient care and workforce efficiency.

4. How We Disclose Your Information

We may disclose PHI and other information only as permitted or required by HIPAA, including:

• For Treatment: Sharing with healthcare providers to coordinate care.
• For Payment: Submitting claims, processing insurance, or collecting payments.
• For Healthcare Operations: Quality improvement, auditing, workforce management, and compliance activities.
• To Business Associates: Vendors and contractors who perform services on our behalf (e.g., cloud hosting, billing, telecommunication), provided they sign a Business Associate Agreement (BAA) ensuring HIPAA compliance.
• As Required by Law: To comply with federal or state laws, court orders, or regulatory authorities.
• Public Health & Safety: For reporting communicable diseases, preventing serious threats to health or safety, or responding to emergencies.
• Corporate Transactions: If we undergo a merger, acquisition, or sale of assets, PHI may be transferred as permitted by law.

We do not sell PHI or personal information to third parties.

5. Patient Rights Under HIPAA

As a patient or user, you have the following rights regarding your PHI:

• Right to Access: ou can request copies of your PHI.
• Right to Amend: ou may request corrections to your PHI if inaccurate or incomplete.
• Right to Restrict Use & Disclosure: You may request restrictions on how your PHI is used or shared (subject to limitations).
• Right to Confidential Communications: You may request communications via alternate means (e.g., mailing to a different address).
• Right to Accounting of Disclosures: You may request a record of disclosures of your PHI.
• Right to File a Complaint: You may file a complaint with us or directly with the U.S. Department of Health and Human Services (HHS) if you believe your privacy rights have been violated.

Requests should be submitted to the privacy@telemdinc.com.

6. Safeguards and Security

We implement physical, administrative, and technical safeguards required by HIPAA to protect PHI, including:

• Encryption of PHI in transit and at rest.
• Multi-factor authentication and strict access controls.
• Regular security monitoring, audits, and risk assessments.
• Workforce training on HIPAA compliance.

7. Data Retention

We retain PHI and related records for the period required by federal and state law, or as necessary to provide services. When no longer required, information is securely destroyed or de-identified.

8. Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals, the Secretary of HHS, and, if required, the media, in accordance with the HIPAA Breach Notification Rule.

9. Children’s Privacy

Our Services are intended for adults. PHI of minors is collected and processed only as permitted by law and with the proper consent of a parent or legal guardian.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any material changes will be posted with a revised “Last Updated” date, and we will provide notice as required by law.

11. Contact Us

If you have any questions about this Privacy Policy, your HIPAA rights, or our practices, please contact us: privacy@telemdinc.com

You may also file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights at: https://www.hhs.gov/hipaa/filing-a-complaint