Notice of Privacy Practices for Protected Health Information (PHI)

Last Updated: March 1, 2026 | Effective: March 1, 2026

RespondWell, LLC (“RespondWell,” “we,” “us,” or “our”) operates the Platform and provides related administrative support services that facilitate access to Clinical Services. Clinical Services are provided by independent licensed clinicians (“Providers”) through one or more affiliated professional practices or medical groups (each, a “Practice” or “Medical Group”), not by RespondWell. Capitalized terms used but not defined in this Notice have the meanings given in the RespondWell Terms of Use.

To the extent RespondWell receives, maintains, or transmits PHI on behalf of an affiliated Medical Group, Provider, laboratory, or pharmacy, RespondWell may do so in a service-provider or business-associate capacity, as applicable. The Medical Group and/or Provider responsible for your care is responsible for the delivery of Clinical Services and for applicable legal obligations relating to PHI under HIPAA and other applicable law.

This Notice describes the privacy practices applicable to PHI created, received, maintained, or transmitted in connection with Clinical Services facilitated through the Platform. We and our affiliated Practices and Providers are required by law, to the extent applicable, to maintain the privacy of PHI, provide notice of applicable privacy practices, and abide by the terms of this Notice as currently in effect.

We and the affiliated Practices, Providers, and service partners involved in your care may use and disclose PHI for the following purposes, as permitted or required by applicable law:

• Treatment: We may use and disclose PHI to provide, coordinate, or manage your Clinical Services, including communications among Providers, Practices, laboratories, and pharmacies involved in your care.

• Payment: We may use and disclose PHI as necessary to facilitate payment-related activities associated with Clinical Services provided to you, including billing, payment processing, collections, and related administrative functions, to the extent applicable.

• Healthcare Operations: We may use and disclose PHI for healthcare operations and related administrative activities, including quality assessment, improvement activities, case management, care coordination, accreditation, licensing, credentialing, auditing, compliance, and legal services.

• As Required by Law: We may use and disclose PHI when required to do so by federal, state, or local law.

• Public Health and Safety: We may use and disclose PHI for public health and safety purposes as permitted or required by law, including reporting certain diseases, injuries, adverse events, abuse, neglect, or threats to health or safety.

• Health Oversight Activities: We may disclose PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure activities.

• Judicial and Administrative Proceedings: We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, as permitted by law.

• Law Enforcement: We may disclose PHI for law enforcement purposes as permitted or required by law.

• Research: We may use and disclose PHI for research purposes when permitted by applicable law and when required approvals, waivers, or authorizations are in place.

• Organ and Tissue Donation: If applicable, we may disclose PHI to organizations involved in organ procurement, transplantation, or donation, as permitted by law.

• Workers’ Compensation: We may disclose PHI as authorized by and to the extent necessary to comply with workers’ compensation laws and similar programs.

• Military and Veterans: If you are a member of the armed forces or a veteran, we may disclose PHI as required or permitted by applicable law and military authority.

• Inmates: If you are an inmate or in lawful custody, we may disclose PHI to the correctional institution or law enforcement official having lawful custody, as permitted by law.

You may have the following rights with respect to PHI maintained by the Medical Group, Provider, or other entity maintaining the applicable designated record set, subject to applicable law:

• Right to Inspect and Copy: You have the right to inspect and obtain a copy of your PHI, with certain exceptions. To request access, submit a written request to the Privacy Officer identified below. A reasonable, cost-based fee may apply where permitted by law.

• Right to Amend: You have the right to request an amendment to your PHI if you believe it is incorrect or incomplete. To request an amendment, submit a written request specifying the information you believe is incorrect and why. Requests may be denied in circumstances permitted by law.

• Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures of your PHI, subject to applicable legal limitations and exceptions.

• Right to Request Restrictions: You have the right to request restrictions on certain uses or disclosures of your PHI. We are not required to agree to every requested restriction except where required by law.

• Right to Request Confidential Communications: You have the right to request that communications about your PHI be sent by alternative means or to alternative locations.

• Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice, even if you have agreed to receive it electronically.

• Right to Be Notified of a Breach: You have the right to be notified following a breach of unsecured PHI when notification is required by applicable law.

We use commercially reasonable administrative, technical, and physical safeguards designed to protect PHI, including encryption in transit and at rest where appropriate, access controls, vendor management measures, and other security practices required or permitted by applicable law.

We reserve the right to change this Notice. Any revised Notice may apply to PHI we already maintain, as well as PHI received in the future, to the extent permitted by law. The current version of the Notice will be made available through the Platform and will include its effective date.

If you believe your privacy rights have been violated, you may file a complaint with the applicable Privacy Officer or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

To exercise any of your rights, or if you have questions about this Notice or applicable privacy practices, please contact:

[email protected]

RespondWell, LLC

1500 N Grant St #7116

Denver, CO 80203

Certain states may provide additional privacy protections, consent requirements, or patient rights with respect to PHI or other health-related information. Where applicable, we and the affiliated Practices and Providers will comply with those state-specific requirements.

For example, some states provide additional protections for categories of information such as mental health records, HIV/AIDS-related information, substance use disorder records, reproductive health information, genetic information, or minors’ health information. In states where additional authorization, consent, access rights, confidentiality protections, or disclosure limitations apply, those state-specific rules will govern to the extent required by law.

If you have questions about rights that may apply in your state, please contact the Privacy Officer listed above.