This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Effective date: [DATE OF LAUNCH]

Our pledge regarding your protected health information

AerisMD is committed to protecting the privacy of your protected health information ("PHI"). This Notice describes how we may use and disclose your PHI and your rights regarding that information, in compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and applicable state laws.

How we may use and disclose your PHI

For treatment. We may use and disclose your PHI to provide, coordinate, or manage your healthcare. This includes sharing information with our partner pharmacy to fulfill prescriptions.

For payment. We may use and disclose your PHI to obtain payment for services, including processing payments through our payment processor.

For healthcare operations. We may use and disclose your PHI for activities such as quality assessment, training, licensing, and business management.

Business associates. We work with vendors who help us deliver services (telehealth platform, payment processor, hosting provider, etc.). These business associates are bound by HIPAA Business Associate Agreements and must protect your PHI.

Required by law. We may disclose your PHI when required by federal, state, or local law.

Public health and safety. We may disclose your PHI for public health activities, to report abuse or neglect, to prevent serious threats to health or safety, or as otherwise authorized by law.

With your authorization. Other uses and disclosures will be made only with your written authorization, which you may revoke at any time.

Your rights regarding your PHI

You have the right to:

• Inspect and copy your PHI in our designated record set

• Request amendments to your PHI if you believe it is incorrect or incomplete

• Receive an accounting of certain disclosures we have made

• Request restrictions on certain uses and disclosures

• Request confidential communications at alternate addresses or by alternate means

• Receive a paper copy of this Notice

• File a complaint if you believe your privacy rights have been violated, with us or with the U.S. Department of Health and Human Services

To exercise any of these rights, contact our Privacy Officer at [PRIVACY EMAIL] or [BUSINESS ADDRESS].

Our responsibilities

We are required by law to:

• Maintain the privacy and security of your PHI

• Provide you with this Notice of our legal duties and privacy practices

• Notify you in the event of a breach of unsecured PHI

• Follow the terms of the Notice currently in effect

Changes to this Notice

We reserve the right to change this Notice. Revised Notices will be posted on our website and will apply to all PHI we maintain. You may request a paper copy of the current Notice at any time.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

AerisMD Privacy Officer [PRIVACY EMAIL] [BUSINESS ADDRESS]

U.S. Department of Health and Human Services, Office for Civil Rights 200 Independence Avenue SW Washington, DC 20201 1-877-696-6775 www.hhs.gov/ocr

You will not be retaliated against for filing a complaint.

Acknowledgment

[LAWYER TO ADVISE — many practices require patients to sign acknowledgment of receipt of this Notice during onboarding. Telehealth platforms typically handle this digitally during intake.]