DOCTOX NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

I. OUR PLEDGE REGARDING YOUR MEDICAL INFORMATION.
We understand that medical information about you and your health is personal. We are dedicated to maintaining the privacy and integrity of your protected health information (“PHI”). PHI is information about you that may be used to identify you (such as your name, social security number, or address), and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In providing DOCTOX Services, we will receive and create records containing your PHI. We need these records to provide you with quality care and to comply with certain federal and state legal requirements.

We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. To the extent required by law, when using or disclosing your PHI or when requesting your PHI from another covered entity, we will make reasonable efforts not to use, disclose, or request more than the minimum necessary set of your PHI or, if needed by us, no more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request, taking into consideration practical and technological limitations.

This Notice applies to all of the records of your care generated by DOCTOX. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or other Notice in effect at the time of the use or disclosure).

II. HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU.
For Treatment
This is the most important use and disclosure of your PHI. DOCTOX will use or disclose your medical information to provide treatment and deliver the services you have requested, for example for purposes of an e-health consultation or in connection with the provision of follow-up treatment. Use and disclosure of your medical information may include, without limitation, creation of an electronic health record and appointment reminders, discussion with your treating health care practitioners to facilitate your health care oversight, investigation of research opportunities or treatment alternatives for your health care issues, identification of health-related benefits and services that may be of interest to you and to communicate important health information with members of your family. We may also disclose PHI to other providers involved in your treatment.

For Payment
We do not accept insurance. Cash only payment for your health care services provided by our providers.

For Health Care Operations
DOCTOX may also collect aggregate data about your health (in an anonymous manner) for statistical analysis, improvement of services, and customization of web design, content layout and services. This includes internal administration and planning, as well as various activities that improve the quality and cost effectiveness of the care that we deliver to you. There are some services provided in our organization through contracts with business associates, who may gain access to PHI. Examples of business associates include management consultants, quality assurance reviewers, shredding companies, and translation services. We may disclose your PHI to our business associates so that they can perform the job we have asked them to do in order to provide better healthcare services to you. To protect your PHI, we require our business associates to sign a contract stating that they will appropriately safeguard your PHI to HIPAA standards.

For Threats to Health or Safety
DOCTOX may use and disclose your PHI when necessary to prevent a serious threat to your health and safety, or to the health and safety of the public or another person. Any disclosure would only be to someone able to help prevent the threat or to the extent necessary to comply with state and federal laws to prevent or control disease, injury or disability regarding public health.

At Your Request
DOCTOX may disclose information when requested by you. This disclosure may require written or verbal authorization by you.

OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES THAT MAY BE MADE WITHOUT YOUR AUTHORIZATION OR OPPORTUNITY TO AGREE OR OBJECT
Required By Law
We may use or disclose your protected health information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, if required by law, of any such uses or disclosures.
Health Oversight Activities
We may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Victims of Abuse, Neglect, or Domestic Violence
We may disclose your protected health information to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Legal Proceedings
We may use and disclose PHI in responding to a court or administrative order, a subpoena, or a discovery request. We may also use and disclose your PHI to the extent permitted by law without your authorization, for example, to defend a lawsuit or arbitration.
Law Enforcement
We may disclose your PHI to the police or other law enforcement officials as required or permitted by law: (1) in response to a court order, subpoena, warrant, summons or similar process; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; (4) about a death we believe may be the result of a criminal conduct; (5) about criminal conduct at DOCTOX or our medical groups; and (6) in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Food and Drug Administration
We may disclose your protected health information to a person or company required by the Food and Drug Administration for the purpose of quality, safety, or effectiveness of FDA-regulated products or activities including, to report adverse events, product defects or problems, biologic product deviations, to track products; to enable product recalls; to make repairs or replacements, or to conduct post marketing surveillance, as required.
Decedents, Coroners, Funeral Directors, and Organ Donation
We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. Protected health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes.
Research that Does Not Involve Your Treatment
We may disclose your protected health information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information. When a research study does not involve any treatment, we may disclose your PHI to researchers. To do this, we will either ask your permission to use your PHI or we will use a special process that protects the privacy of your PHI. In addition, we may use information that cannot be identified as your PHI, but that includes certain limited information (such as your date of birth and dates of service). We will use this information for research, quality assurance activities, and other similar purposes and we will obtain special protections for the information disclosed.
Military Activity and National Security
We may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State, under certain circumstances. We may use and disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law. We may use and disclose your PHI to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state, or conduct special investigations.
Criminal Activity
Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Inmates
If you are an inmate of a correctional institution or under custody of a law enforcement official, we may disclose PHI about you to the correctional institution or the law enforcement official. This is necessary for the correctional institution to provide you with health care, to protect your health and safety and the health and safety of others, and to protect the safety and security of the correctional institution.
Workers’ Compensation
We may disclose your protected health information as authorized to comply with workers’ compensation laws and other similar legally-established programs.

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION BASED UPON YOUR WRITTEN AUTHORIZATION
Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described in this Notice. You may revoke this authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose your protected health information for the reasons covered by your written authorization. Please understand that we are unable to take back any disclosures already made with your authorization, and we are required to retain our records of the care we provide to you. If you are not present or able to agree or object to the use or disclosure of the protected health information, then your provider may, using professional judgement, determine whether the disclosure is in your best interest.

OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES THAT REQUIRE PROVIDING YOU THE OPPORTUNITY TO AGREE OR OBJECT
Others Involved in Your Health Care or Payment for Your Care
Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, general condition or death. Finally, we may use or disclose your protected health information to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.
Special Categories of Treatment Information
In most cases, federal or state law requires your written authorization or the written authorization of your representative for disclosures of drug and alcohol abuse treatment, Human Immunodeficiency Virus (HIV) and Acquired Immune Deficiency Syndrome (AIDS) test results, and mental health treatment.
Research Involving Your Treatment
When a research study involves your treatment, we may disclose your PHI to researchers only after you have signed a specific written authorization. In addition, an Institutional Review Board (IRB) will already have reviewed the research proposal, established appropriate procedures to ensure the privacy of your PHI and approved the research. You do not have to sign the authorization, but if you refuse you cannot be part of the research study and may be denied research-related treatment.
Fundraising Activities
We may use demographic information and your dates of service for our own fundraising purposes; otherwise we will obtain your authorization. If you do not want us to contact you for fundraising efforts, you must notify us in writing at the address listed at the end of this Notice.

III. YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION.
You have the following rights with respect to your protected health information. You may contact DOCTOX to obtain additional information and instructions for exercising the following rights.

You have the right to inspect and copy your protected health information.
You may request access to your medical record file and billing records maintained by us, for so long as we maintain the protected health information. You may inspect and request copies of the records.
Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and laboratory results that are subject to law that prohibits access to protected health information. Under such limited circumstances, we may deny you access to a portion of your records. If you are denied access to PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review. Please contact our HIPAA Compliance Officer if you have questions about access to your medical record.
If you desire access to your records, you must submit your request in writing. If your medical information is maintained in an electronic health record, you may obtain an electronic copy of your medical information and, if you choose, instruct us to transmit such copy directly to an entity or person you designate in a clear, conspicuous, and specific manner.
If you request paper copies, we will charge you for the costs of copying, mailing, labor and supplies associated with your request. Our fee for providing you an electronic copy of your medical information will not exceed our labor costs in responding to your request for the electronic copy (or summary or explanation).
You should take note that, if you are a parent or legal guardian of a minor, certain portions of the minor’s PHI will not be accessible to you (for example, records pertaining to health care services for which the minor can lawfully give consent and therefore for which the minor has the right to inspect or obtain copies of the record; or the health care provider determines, in good faith, that access to the client records requested by the representative would have a detrimental effect on the provider’s professional relationship with the minor client or on the minor’s physical safety or psychological well-being).

You have the right to request a restriction of your protected health information.
You may ask us not to use or disclose any part of your protected health information for the purposes of treatment, payment or health care operations. You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes, such as assisting in the notification of such individuals regarding your location and general condition.
While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction, unless the disclosure is to a health plan for a payment or health care operation purpose and the medical information relates solely to a health care item or service for which we have been paid out-of-pocket in full.
Your request must state the specific restriction requested and to whom you want the restriction to apply. This request must be in writing. We will send you a written response.

You have the right to request to receive confidential communications.
You may request to receive your PHI by alternative means of communication or at alternative locations. For example, you can request that we only contact you at work or by mail. To request confidential communications, you must make your request in writing. We will not ask you for the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

You have the right to amend your records.
You have the right to request that we amend PHI maintained in your medical record file or billing records. If you desire to amend your records, your request must be in writing. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply. If we deny your request, you will be permitted to submit a statement of disagreement for inclusion in your records. You have the right to add a 250-word document addendum to your PHI.

You have the right to receive an accounting of disclosures.
Upon written request, you may obtain an accounting of certain disclosures of your PHI made by us during any period of time six years prior to the date of your request, except that for requests made on or after January 1, 2011 that relate to treatment, payment or health care operation disclosures from our electronic health record system, the accounting period is three years. Your written request should indicate in what form you want the list (for example, on paper or electronically). If you request an accounting more than once during a twelve (12) month period, we will charge you for the costs involved in fulfilling your additional request. We will inform you of such costs in advance, so that you may modify or withdraw your request to save costs. In addition, we will notify you as required by law if there has been a breach of the security of your PHI.

You have the right to obtain a paper copy of this notice.
Upon request, you may obtain a paper copy of this Notice. Even if you have agreed to receive such notice electronically, you are still entitled to a paper copy of this notice. To obtain a paper copy of this notice, please contact the DOCTOX HIPAA Compliance Officer using the contact information at the end of this Notice.

IV. OUR PLEDGE REGARDING YOUR FINANCIAL INFORMATION.
This notice applies to all of the financial records generated by DOCTOX. All financial records created will be held confidentially by DOCTOX, unless required by law to disclose the information.

V. HOW WE MAY USE AND DISCLOSE FINANCIAL INFORMATION ABOUT YOU.
DOCTOX will only use your financial information to transact business with you and for everyday business purposes of the company. We will not share this information with any affiliates or non-affiliates.

VI. OUR PLEDGE REGARDING OUR WEBSITE.
No data transmission over the Internet can be guaranteed to be 100% secure. But, we strive to protect your personal information from unauthorized access, use or disclosure. When you interact on our web site, all of your information is transmitted through the Internet using Secure Socket Layers (SSL) technology. SSL technology causes your browser to encrypt your information before transmitting it to our secure server. SSL technology, an industry standard, is designed to prevent someone other than operators of our web site from capturing and viewing your personal information. Once your information leaves our Secure Site, DOCTOX is no longer able to control further disclosure of your information. If you choose to share your PHI over email, you acknowledge the risk of unsecured communication. Cookies are text information files that your web browser places on your computer when you visit a website. Cookies assist in providing non-personal information from you as an online visitor. It can be used in the customization of your preferences when visiting our website. Most browsers accept cookies automatically, but can be configured not to accept them or to indicate when a cookie is being sent. We use Google Analytics, a third-party tracking service, which uses cookies to track non-personally identifiable information about our visitors to our main site in the aggregate to capture usage and volume statistics. We have no access to or control over these cookies. This Notice covers the use of cookies by our company only and does not cover the use of cookies by any third-party.

VII. CHANGES TO THIS STATEMENT.
DOCTOX will occasionally update this Notice of Privacy Practices to reflect company and customer feedback, or as regulated by federal and/or state law. This Notice is effective for Health Information we already have about you as well as any information we receive in the future. DOCTOX encourages you to periodically review this Notice to be informed about how DOCTOX is protecting your information. In addition, at any time you may request a copy of the current Notice in effect.

VIII. QUESTIONS OR COMPLAINTS.
If you have any questions about this Notice of Privacy Practice, please contact DOCTOX Patient Relations attn: HIPAA Compliance Officer, phone, fax, email administrator@doctox.com

If you believe your privacy rights have been violated, or if you believe that DOCTOX has not adhered to this statement, you may file a complaint with DOCTOX or with the Secretary of the Department of Health and Human Services, Office for Civil Rights.

To file a written complaint with DOCTOX, contact DOCTOX Patient Relations attn: HIPAA Compliance Officer phone, fax, email You will not be penalized for filing a complaint.

IX. CONTACT
The name and address of the person you may contact for further information concerning our privacy practices is: