HIPAA Notice of Privacy Practices

WeTotalCare is operated by PureRx Biotech INC ("WeTotalCare," "we," "our," or "us"). We facilitate access to telehealth services that are delivered by independent, licensed healthcare providers through third-party telemedicine provider networks. To the extent we maintain Protected Health Information ("PHI") about you as a business associate or covered entity under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"), we are required by law to maintain the privacy of your PHI, provide you with this Notice describing our legal duties and privacy practices with respect to your PHI, and follow the terms of the Notice currently in effect.

1. What is Protected Health Information (PHI)?

PHI is information about you, including demographic data, that can reasonably be used to identify you and that relates to (a) your past, present, or future physical or mental health condition; (b) the provision of health care to you; or (c) the past, present, or future payment for that health care.

2. Permitted Uses and Disclosures of PHI

We may use and disclose your PHI without your authorization for the following purposes:

• Treatment. We disclose your PHI to licensed healthcare providers in our partner networks (including physicians, nurse practitioners, pharmacists, and laboratory technicians) so they can evaluate, diagnose, prescribe, and otherwise provide care to you.
• Payment. We use and disclose PHI as necessary to bill and collect payment for services, verify membership, process refunds, and resolve disputes related to your account.
• Health Care Operations. We use PHI for internal operations such as quality assessment, provider credentialing, compliance audits, business planning, training, and customer support.
• Business Associates. We share PHI with vendors that perform services on our behalf (including hosting, telehealth platform providers, pharmacy partners, and analytics providers) under written agreements that require them to safeguard your PHI consistent with HIPAA.
• Appointment Reminders, Health-Related Benefits. We may contact you to remind you of appointments, refills, or lab results, or to tell you about treatment alternatives or health-related services that may be of interest to you.

3. Disclosures Required or Allowed by Law

We may also use or disclose your PHI without your authorization when permitted or required by law, including:

• As required by law, including federal, state, and local laws and court orders.
• Public health activities (disease prevention, FDA-regulated product reporting, child-abuse reporting).
• Health oversight activities (audits, investigations, licensure actions).
• Judicial and administrative proceedings in response to a court order or qualifying subpoena.
• Law enforcement purposes in response to a valid request and within HIPAA limits.
• To avert a serious threat to health or safety.
• Military and veterans, workers' compensation, national security, organ donation, coroners and funeral directors, and other limited situations recognized by HIPAA.

4. Uses and Disclosures That Require Your Written Authorization

We will not use or disclose your PHI for the following purposes without your written authorization, which you may revoke in writing at any time:

• Marketing communications, other than those permitted by HIPAA
• Sale of PHI
• Most uses and disclosures of psychotherapy notes
• Any other use or disclosure not described in this Notice

We do not sell your PHI.

5. Your Rights Regarding Your PHI

You have the following rights with respect to your PHI:

• Right to inspect and copy. You may request access to the PHI we maintain about you. We may charge a reasonable, cost-based fee for copies as permitted by law.
• Right to amend. You may request that we amend PHI you believe is incorrect or incomplete. We may deny the request in certain circumstances, and you have the right to submit a written statement of disagreement.
• Right to an accounting of disclosures. You may request a list of disclosures we have made of your PHI, with some exceptions, for up to six years prior to the date of your request.
• Right to request restrictions. You may request that we restrict the uses or disclosures of your PHI. We are not required to agree to your request, except where required by HIPAA (e.g., disclosures to a health plan for an item or service you paid for in full out of pocket).
• Right to confidential communications. You may request that we contact you in a particular way or at a particular location.
• Right to a paper copy of this Notice. You may request a paper copy at any time, even if you have agreed to receive it electronically.
• Right to be notified of a breach. We will notify you in the event of a breach of your unsecured PHI as required by HIPAA.
• Right to revoke authorization. You may revoke any prior authorization at any time, except to the extent we have already acted in reliance on it.

To exercise any of these rights, please contact our Privacy Officer using the information in Section 8 below.

6. Our Duties

We are required by law to:

• Maintain the privacy and security of your PHI
• Provide you with notice of our legal duties and privacy practices regarding PHI
• Follow the terms of the Notice currently in effect
• Notify you in writing if a breach of your unsecured PHI occurs

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit and at rest, role-based access controls, employee confidentiality training, regular security audits, and written Business Associate Agreements with vendors that handle PHI on our behalf.

7. Changes to This Notice

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have about you as well as any PHI we receive in the future. The current Notice will always be available on our website with its effective date. You may request a paper copy at any time.

8. Complaints

If you believe your privacy rights have been violated, you may file a written complaint with our Privacy Officer (contact details below) or with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll-Free: 1-877-696-6775
www.hhs.gov/ocr/privacy/hipaa/complaints/

This Notice is provided pursuant to the HIPAA Privacy Rule, 45 C.F.R. § 164.520. State laws may provide you with additional rights with respect to your medical information.