Original September 1, 2019

Updated: April 1, 2021

HIPAA Notice of Privacy Practices:

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices describes how we may use and disclose your protected health information (PHI) to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” or “PHI” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services.

We are required to abide by the terms of this Notice of Privacy Practices. We may change the terms of this Notice at any time. A new Notice will be effective for all PHI that we maintain at that time. Upon your request, we will provide you with any revised Notice of Privacy Practices. Copies of this Notice are available from our receptionists, by mail, or by accessing our website http://www/byrepose.com.

1. Uses and Disclosures of Protected Health Information

Uses and Disclosures of Protected Health Information for Which Your Authorization Is Not Required. Your PHI may be used and disclosed without your prior authorization by your physical therapist, our office staff, and others outside our office that are involved in your care and treatment for the purpose of providing health care services to you, to pay your health care bills, to support the operation of the physical therapist’s practice, and any other use required by law.

Treatment: We will use and disclose your PHI to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party. For example, we would disclose your PHI, as necessary, to a home health agency that provides care to you. For example, your protected heath information may be provided to a physical therapist to which you have been referred to ensure that the physical therapist has the necessary information to diagnose or treat you.

Payment: Your PHI will be used, as needed, to obtain payment for your health care services. For example, obtaining approval for a hospital stay may require that your relevant PHI be disclosed to the health plan to obtain approval for the hospital admission.

Healthcare Operations: We may use or disclose, as needed, your PHI in order to support the business activities of your physical therapist’s practice. These activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, and conducting or arranging for other business activities. For example, we may disclose your PHI to medical school students that see patients at our office. In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physical therapist. We may also call you by name in the waiting room when your physical therapist is ready to see you. We may use or disclose your PHI, as necessary, to contact you to remind you of your appointment.

Other Permitted and Required Uses and Disclosures That May Be Made With Your Opportunity to Object. We may use and disclose your PHI in the following instances. You have the opportunity to object to the use or disclosure of all or part of your PHI. If you are not present or able to agree or object to the use or disclosure of the

PHI, then your health care provider may, using professional judgment, determine whether the disclosure is in your best interest. In this case, only the PHI that is relevant to your health care will be disclosed.

Others Involved in Your Health Care: Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose PHI to notify or assist in notifying a family member, personal representative or any other person that is responsible for the care of your location, general condition or death. Finally, we may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.

Emergencies: We may use or disclose your PHI in an emergency treatment situation. If this happens, we will try to obtain your consent as soon as reasonably practicable after the delivery of treatment. If your healthcare provider or another healthcare provider in our agency is required by law to treat you and the healthcare provider has attempted to obtain your consent but is unable to obtain your consent, he or she may still use or disclose your PHI to treat you.

Other Permitted and Required Uses and Disclosures That May Be Made Without Your Consent, Authorization, or Opportunity to Object. We may disclose your PHI in the following situations without your consent or authorization:

Required by Law: We may use or disclose your PHI to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law.

Public Health: We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. This disclosure will be made for the purpose of controlling disease, injury, or disability.

Communicable Diseases: We may disclose your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.

Health Oversight: We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, and other government regulatory programs.

Abuse or Neglect: We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your PHI if we believe that you have been a victim of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.

Food and Drug Administration: We may disclose your PHI to a person or company required by the Food and Drug Administration (i) to report adverse events, product defects or problems, biologic product deviations, track products; (ii) to enable product recalls; (iii) to make repairs or replacements; or (iv) to conduct post marketing surveillance, as required.

Legal Proceedings: We may disclose PHI in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in certain conditions in response to a subpoena, discovery request, or other lawful process.

Law Enforcement: We may disclose your PHI, so long as applicable legal requirements are met, for law enforcement purposes.

Coroners, Funeral Directors and Organ Donation: We may disclose your PHI to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law: We may also disclose PHI to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. PHI may be disclosed for cadaveric organ, eye or tissue donation purposes.

Research: We may disclose your PHI to researchers when their research has been approved by an Institutional Review Board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.

Criminal Activity: Consistent with applicable federal and state laws, we may use or disclose your PHI if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

Military Activity and National Security: When the appropriate conditions apply, we may use or disclose PHI of individuals who are Armed Forces personnel: (i) for activities deemed necessary by appropriate military command authorities; (ii) for the purpose of a determination by the Department of Veterans Affairs; or (iii) to foreign military authority if you are a member of the foreign military services.

Workers’ Compensation: We may use or disclose your PHI as authorized to comply with workers’ compensation laws and other similar legally-established programs.

Inmates: We may use or disclose your PHI if you are an inmate of a correctional facility and your health care provider created or received your PHI in the course of providing care to you.

Fundraising: We may contact you to raise funds. We may use and disclose your PHI, including demographic data, dates of health care provided, the department from which you received the services, the name of the treating physician, outcome information and health insurance status, to a business associate or institutionally related foundation for fundraising purposes without your authorization. You have the right to opt out of receiving fundraising communications from us, our business associates and our institutionally related foundations. Each fundraising communication will provide you with a clear opportunity to elect not to receive further fundraising communications.

Required Uses and Disclosures: Under the law, we must make disclosures to you, and when required by the Secretary of the Department of Health and Human Services, to investigate or determine our compliance with requirements of the Code of Federal Regulations, Part 45 Section 164.500 et seq.

Uses and Disclosures of PHI for which Your Written Authorization Is Required. Other uses and disclosures of your PHI will be made only with your written authorization, unless otherwise permitted or required by law as described below. You make revoke this authorization, at any time, in writing, except to the extent that your physical therapist or The Therapy Network has already taken an action in reliance on the use or disclosure indicated in the authorization.

The following uses and disclosures will be made only with your written authorization: (i) most uses and disclosures of psychotherapy notes; (ii) uses and disclosures of PHI for marketing purposes, including subsidized treatment communications; (iii) disclosures that constitute a sale of PHI; and (iv) other uses and disclosures not described in this Notice of Privacy Practices.

2. Your Rights. Following is a statement of your rights with respect to your PHI and a brief description of how you may exercise these rights:

You have the right to inspect and copy your protected health information. This means you may inspect and obtain a copy of your PHI that is contained in a designated record set for so long as we maintain the PHI. A “designated record set” contains medical and billing records and any other records that your health care provider and the Therapy Network uses for making decisions about you.

Under federal law, however, you may not inspect or copy the following records: psychotherapy notes, information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding, and PHI that is subject to law that prohibits access to PHI. In some circumstances, you may have a right to have this decision reviewed. Please contact our Privacy Officer if you have questions about access to your medical record.

You have the right to request a restriction of your protected health information. This means you may ask us not to use or disclose any part of your PHI for the purposes of treatment, payment, or healthcare operations. You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply. You also have a right to restrict certain disclosures of your PHI to a health plan if you have paid in full out-of-pocket for the health care item or service.

Your health care provider is not required to agree to a restriction that you may request. If your health care provider believes it is in your best interest to permit use and disclosure of your PHI, your PHI will not be restricted. You then have the right to use another healthcare provider. If your health care provider does agree to the requested restriction, we may not use or disclose your PHI in violation of that restriction unless it is needed to provide emergency treatment.

You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable requests.

You may have the right to have your physical therapist amend your protected health information. This means you may request an amendment of PHI about you in a designated record set for as long as we maintain this information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Please contact our Privacy Officer to determine if you have questions about amending your medical record.

If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.

You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information. This right applies to disclosures for purposes other than treatment, payment or healthcare operations as described in this Notice of Privacy Practices. It excludes disclosures we may have made to you, to family members or friends involved in your care, or for general notification purposes. You have the right to receive specific information regarding these disclosures that occurred after June 13, 2003. The right to receive this information is subject to certain exceptions, restrictions and limitations.

You have the right to obtain a paper copy of this Notice of Privacy Practices from us. You have a right to obtain a paper copy of this Notice from us, upon request, even if you have agreed to accept this Notice electronically.

You have a right to receive notifications of a data breach. We are required to notify you upon a breach of any unsecured PHI. PHI is “unsecured” if it is not protected by a technology or methodology specified by the Secretary. The notice must be made within 60 days from when we become aware of the breach. However, if we

have insufficient contact with you, an alternative notice method (posting on website, broadcast media, etc.) may be used.

3. Complaints. You may complain to us or to the Secretary of Health and Human Services if you believe your privacy rights have been violated by us. You may file a complaint with us by notifying our Privacy Officer of your complaint. We will not retaliate against you for filing a complaint.

We are required by law to maintain the privacy of PHI, to provide individuals with notice of our legal duties and privacy practices with respect to PHI, and to notify affected individuals following a breach of unsecured PHI.

This notice was published and becomes effective on or before April 01, 2021. If you have any objections to this form, please speak with our Privacy Officer at +1 212 920 1976.

Questions or Suggestions

If you have questions or concerns about our collection, use, or disclosure of your PHI, please contact us:

By Repose LCSW PLLC and By Repose LLC

46 Guion St., Pleasantville, NY 10570

hello@byrepose.com

+1 212 920 1976