BALANCED HEALTH MEDICAL CENTER

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

EFFECTIVE DATE: June 18, 2026

1. OUR PLEDGE REGARDING YOUR PROTECTED HEALTH INFORMATION (PHI)

At Balanced Health Medical Center, we understand that medical information about you and your health is personal. We are contractually and legally mandated by the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy of your health data, known as Protected Health Information (PHI).

All clinical evaluations, medical weight loss oversight, hormone replacement therapies, and surgical procedures are provided exclusively by licensed medical professionals practicing under Balanced Health Medical Center, PLLC (the "Clinic"). Non-clinical administrative, technological infrastructure, hosting, and data management operations are supported by Balancing Health Medical Center, LLC (the "MSO") acting as a fully bound Business Associate under federal privacy guidelines.

2. HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION

We may use and disclose your PHI for the following core operational purposes without requiring your explicit written authorization:

• For Treatment: We may disclose your PHI to physicians, nurse practitioners, and clinical technicians who are involved in providing your medical care. For example, your provider will transmit your medical data and lab orders directly to LabCorp to process your testosterone, PSA, estradiol, or hematocrit blood panels.

• For Payment: We may use and disclose your PHI so that the medical treatments and wellness programs you receive may be billed and collected. This includes routing secure transactional data through encrypted payment gateways managed by our MSO.

• For Healthcare Operations: We may use and disclose your PHI to run our practice efficiently and ensure all patients receive high-quality care. For example, we use a secure, HIPAA-compliant Electronic Health Record (EHR) system and patient portal to track appointment scheduling, laboratory tracking, and prescription management.

• Business Associates: We contract with trusted third-party service providers (Business Associates), including our administrative MSO, secure cloud-hosting servers, and integrated EHR networks, to perform functions on our behalf. All such entities are contractually mandated via signed Business Associate Agreements (BAAs) to safeguard your PHI to the exact same standards required of our Clinic.

• As Required by Law: We will disclose your PHI when mandated to do so by federal, state, or local law enforcement, or in response to a valid judicial or administrative subpoena.

3. USES AND DISCLOSURES THAT REQUIRE YOUR EXPLICIT AUTHORIZATION

• Marketing & Social Media Restrictions: We strictly protect your healthcare privacy. We do not sell, rent, or disclose your medical information, PHI, or clinical intake records to third-party social media advertisers (including Meta/Facebook or Google) for marketing purposes. While our website utilizes tracking technologies to measure basic, non-medical consumer traffic, no patient treatment records, prescription details, or clinical communication logs are ever linked to these systems.

• Highly Sensitive Health Records: Uses and disclosures of your PHI for purposes outside of routine treatment, payment, or healthcare operations will be executed only with your explicit, signed written authorization, which you may revoke in writing at any time.

4. YOUR INDIVIDUAL RIGHTS REGARDING YOUR PHI

Under federal law, you possess the following rights regarding the medical information we maintain about you:

• Right to Inspect and Copy: You have the right to inspect and obtain an electronic or physical copy of your medical and billing records. All records can be requested securely through your patient EHR portal.

• Right to Request Restrictions: You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment, or healthcare operations. While we will carefully consider all requests, we are not legally required to agree to restrictions that interfere with necessary patient care or mandatory legal compliance.

• Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a specific way or at a specific location (for example, via a specific personal email or texting number).

• Right to Amend: If you feel that the medical records or health information we maintain about you is incorrect or incomplete, you have the right to request an amendment for as long as the data is kept by our practice.

• Right to an Accounting of Disclosures: You have the right to request a customized list tracking certain external disclosures we have made of your PHI for purposes other than routine treatment, payment, and operations.

5. PRIVACY BREACH NOTIFICATION

In the highly unlikely event of an unauthorized security breach, data leak, or systemic failure that compromises the privacy or security of your unencrypted Protected Health Information, we are legally mandated under the HIPAA Breach Notification Rule to notify you directly via written or electronic communication without unreasonable delay, and no later than 60 days following the discovery of the breach.

6. CHANGES TO THIS NOTICE

We reserve the right to change, modify, or update this Notice of Privacy Practices at any time to reflect evolving regulatory frameworks or internal business operational adjustments. We reserve the right to make the revised notice effective for medical information we already have about you, as well as any information we receive in the future. The current version of this notice will always be posted visibly in our website footer infrastructure.

7. COMPLAINTS AND CONTACT INFORMATION

If you believe your privacy rights have been violated, or if you wish to file a formal request regarding your individual data rights, you may contact our Practice Administrator directly at:

Balanced Health Medical Center

ATTN: Privacy Compliance Officer

Email: ktyson_81@hotmail.com

Address: Phoenix, AZ 85008

You may also file a formal, non-punitive complaint with the Secretary of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. You will not be penalized, retaliated against, or treated differently for filing a complaint.