Notice of Privacy Practices Aviso de Prácticas de Privacidad

Our Commitment to Your Privacy

Claramente Health Navigation ("Claramente") is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HITECH Act to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of our legal duties and privacy practices, and to follow the terms of this Notice. We will not use or share your information other than as described here unless you give us written permission.

1. What Is Protected Health Information (PHI)?

PHI is any information that identifies you and relates to your past, present, or future physical or mental health condition, the provision of healthcare services to you, or payment for those services. This includes your name, address, date of birth, Social Security number, Medicare ID, diagnoses, medications, appointment records, and care coordination notes.

2. How We May Use and Disclose Your PHI

We use and disclose your PHI only as permitted or required by HIPAA. The following are the primary ways we may use or share your information:

• Treatment. We may use or disclose your PHI to coordinate your care and share information with your physicians, specialists, pharmacies, or other healthcare providers involved in your treatment.
• Payment. We may use or disclose your PHI to facilitate billing and payment for services, including submitting claims to Medicare or Medicare Advantage plans.
• Healthcare Operations. We may use your PHI for quality improvement, staff training, compliance audits, and other internal operational activities necessary to run our organization.
• Required by Law. We will disclose your PHI when required by federal, state, or local law — such as reporting to public health authorities or complying with court orders.
• Public Health Activities. We may disclose PHI to public health agencies to prevent or control disease, injury, or disability as required by law.
• Health Oversight. We may disclose PHI to government agencies for oversight activities including audits, investigations, and inspections related to the healthcare system.
• Serious Threats to Health or Safety. We may disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
• Business Associates. We may share PHI with third-party vendors ("Business Associates") who perform services on our behalf, such as billing or IT support. All Business Associates are required to sign a Business Associate Agreement (BAA) committing them to safeguard your PHI in accordance with HIPAA.

3. Uses Requiring Your Written Authorization

For uses and disclosures not described above, we will ask for your written authorization. This includes:

• Most uses and disclosures of psychotherapy notes.
• Uses and disclosures of PHI for marketing purposes.
• Sale of your PHI — we do not and will not sell your PHI.

You may revoke any authorization you have given us at any time in writing, except where we have already acted in reliance on it.

4. Your Rights Regarding Your PHI

You have the following rights with respect to your PHI. To exercise any of these rights, please submit a written request to our Privacy Officer at diego@claramentesalud.com.

• Right to Access. You may inspect and obtain a copy of your PHI. We will respond within 30 days. A reasonable cost-based fee may apply for copies.
• Right to Amend. If you believe your PHI is incorrect or incomplete, you may request that we amend it. We will explain in writing if we deny your request.
• Right to an Accounting of Disclosures. You may request a list of disclosures we have made during the past six years, other than for treatment, payment, operations, or those you authorized.
• Right to Request Restrictions. You may request restrictions on certain uses or disclosures of your PHI. We must agree to your request not to share information with your health plan if you pay entirely out of pocket.
• Right to Confidential Communications. You may request that we contact you only by specific means or at a specific location. We will accommodate all reasonable requests.
• Right to a Paper Copy of This Notice. You may request a paper copy at any time, even if you previously agreed to receive it electronically.
• Right to Be Notified of a Breach. You have the right to be notified if a breach occurs that may have compromised the privacy or security of your PHI, as required by the HITECH Act.

5. Our Duties Under HIPAA

Claramente is required by law to:

• Maintain the privacy and security of your PHI.
• Provide you with this Notice of our legal duties and privacy practices.
• Follow the terms of the Notice currently in effect.
• Notify you promptly if a breach occurs that may have compromised your PHI.
• Not use or share your PHI other than as described in this Notice without your written permission.

6. Safeguards & Security (HIPAA Security Rule)

Claramente implements administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of your PHI in compliance with the HIPAA Security Rule, including:

• Access to PHI restricted to authorized personnel only.
• Encryption of electronic PHI (ePHI) in transit and at rest.
• Regular risk assessments and ongoing staff HIPAA training.
• Secure policies for handling, storing, and disposing of PHI.
• Incident response procedures for potential breaches.

7. Minimum Necessary Standard

When using or disclosing PHI, Claramente makes reasonable efforts to limit information to the minimum necessary to accomplish the intended purpose, in accordance with HIPAA's Minimum Necessary standard.

8. Website Privacy & Cookies

Our website collects non-identifying usage data (pages visited, browser type, device type) through standard analytics tools to improve user experience. This data is not PHI and is not used for clinical or treatment purposes. You may disable cookies in your browser settings at any time.

9. Changes to This Notice

We reserve the right to update this Notice and make any revised version effective for PHI we already hold, as well as PHI we receive in the future. The current Notice will always be available at claramentesalud.com/privacy.html. A paper copy is available upon request.

10. How to File a Complaint

If you believe your HIPAA privacy rights have been violated, you may file a complaint with us or directly with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. We will never retaliate against you for filing a complaint.

• Complaint to Claramente — Privacy Officer: Diego Montemayor — diego@claramentesalud.com — 303-943-4469
• Complaint to HHS Office for Civil Rights: www.hhs.gov/ocr/privacy/hipaa/complaints/

11. Contact Our Privacy Officer

• Privacy Officer: Diego Montemayor
• Email: diego@claramentesalud.com
• Phone: 303-943-4469
• Address: 909 N Bannock St, Denver, CO 80204
• Hours: Mon–Sun, 9am–7pm