HIPAA Privacy Policy and Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

1. Our Commitment to Your Privacy

AlphaDX ("we," "us," or "our") is committed to maintaining the privacy of your Protected Health Information (PHI). We are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI.

We do not sell or share user data with third parties except for designated physicians or hospitals, and only with the user's consent.

2. Collection of Protected Health Information (PHI)

We collect PHI that you voluntarily provide to us when using our services. This may include:

• Personal identifiers (name, address, date of birth, contact details)
• Medical history, symptoms, and current physical conditions
• Clinical histories, symptom timelines, and related medical context
• Records of communications and scheduling information

3. How We Use and Disclose Your PHI

We may use or disclose your PHI for the following purposes without your explicit authorization:

• Treatment: We may use your PHI to provide, coordinate, or manage your healthcare and any related services. For example, sharing information with your treating physician.
• Payment: We may use and disclose your PHI to bill and collect payment for the services and items you may receive from us.
• Healthcare Operations: We may use or disclose your PHI for our healthcare operations, such as quality assessment, auditing, and administrative purposes.
• As Required By Law: We will disclose your PHI when required to do so by federal, state, or local law.
• Public Health Activities: We may disclose your PHI to public health authorities for purposes related to preventing or controlling disease, injury, or disability.

4. Your Rights Regarding Your PHI

You have the following rights regarding the PHI that we maintain about you:

• Right to Inspect and Copy: You have the right to inspect and copy your PHI that may be used to make decisions about your care.
• Right to Amend: If you feel that PHI we have about you is incorrect or incomplete, you may ask us to amend the information.
• Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we made of your PHI for purposes other than treatment, payment, and healthcare operations.
• Right to Request Restrictions: You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment, or healthcare operations.
• Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.

5. Data Security and Business Associates

We implement physical, technical, and administrative safeguards designed to protect your PHI in accordance with HIPAA Security Rules. We may share your PHI with third-party "Business Associates" that perform various activities (e.g., cloud hosting, IT support) on our behalf. We require all Business Associates to appropriately safeguard your information through written Business Associate Agreements (BAAs).

6. Changes to This Notice

We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any information we receive in the future. The current notice will be available on our website at all times.

7. Complaints and Contact Information

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us or request further information regarding this policy, please contact our Privacy Officer at info@alphadx.ai.