Notice of Privacy Practices

Effective date: February 14, 2026

TeleDirectMD ("we," "our," or "the Practice") is committed to protecting the privacy of your health information. This Notice of Privacy Practices describes how we may use and disclose your protected health information (PHI) and your rights regarding that information. We are required by law to maintain the privacy of your PHI, provide you with this Notice, notify you following a breach of unsecured PHI, and abide by the terms of this Notice currently in effect.

TeleDirectMD provides telehealth services across multiple U.S. states. This Notice applies to all PHI created or received by TeleDirectMD regardless of the state in which you are located at the time of your visit. Where state law provides greater privacy protections than federal HIPAA requirements, we follow the more protective standard.

---

How We May Use and Disclose Your Health Information

Uses and Disclosures That Do Not Require Your Authorization

For treatment. We may use and disclose your PHI to provide, coordinate, or manage your health care. For example, we may share your health information with a pharmacy to fulfill a prescription ordered during your telehealth visit, with a laboratory to process tests we order on your behalf, or with a specialist to whom we refer you for follow-up care.

For payment. We may use and disclose your PHI to obtain payment for health care services we provide. This includes submitting claims and related information to your health insurance plan or health plan, verifying your coverage and eligibility, obtaining prior authorization for services, and conducting billing and collection activities. If you pay for your visit out of pocket in full and request that we not bill your health plan, we will honor that request as described in the "Your Rights" section below.

For health care operations. We may use and disclose your PHI for our own health care operations, such as quality improvement activities, clinical reviews, provider credentialing and training, auditing functions, compliance programs, and business planning.

As required by law. We will disclose your PHI when required to do so by federal, state, or local law.

Public health activities. We may disclose your PHI for public health activities, including reporting diseases, injuries, and vital events; conducting public health surveillance or investigations; and reporting adverse events related to medications or medical devices.

Health oversight activities. We may disclose your PHI to a health oversight agency for activities authorized by law, including audits, investigations, inspections, licensure, and disciplinary actions.

Judicial and administrative proceedings. We may disclose your PHI in response to a court order, subpoena, discovery request, or other lawful process.

Law enforcement. We may disclose your PHI to law enforcement officials for certain law enforcement purposes as required or permitted by law, including to report certain types of wounds or injuries, to comply with a court order or warrant, or to assist in identifying or locating a suspect or missing person.

To avert a serious threat to health or safety. We may use and disclose your PHI when necessary to prevent or lessen a serious and imminent threat to your health or safety or the health or safety of the public or another person.

Specialized government functions. We may disclose your PHI for military, national security, protective services, and government benefits determinations as permitted by law.

Workers' compensation. We may disclose your PHI as authorized by and necessary to comply with workers' compensation laws.

Coroners, medical examiners, and funeral directors. We may disclose your PHI to a coroner, medical examiner, or funeral director as necessary to carry out their duties.

Organ and tissue donation. We may disclose your PHI to organizations involved in organ, eye, or tissue procurement, banking, or transplantation if you are an organ donor.

Research. Under certain circumstances, we may use and disclose your PHI for research purposes, subject to approval by an institutional review board or privacy board.

Uses and Disclosures That Require Your Written Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes not described in this Notice, including:

• Marketing purposes (with limited exceptions for face-to-face communications and promotional gifts of nominal value)
• Sale of your PHI
• Most uses and disclosures of psychotherapy notes, if applicable
• Any other purpose not otherwise permitted or required by law

You may revoke an authorization at any time by notifying us in writing, except to the extent we have already acted in reliance on your authorization.

Reproductive Health Information

As required by federal regulations effective December 23, 2024, we will not use or disclose your PHI related to reproductive health care for the purpose of conducting a criminal, civil, or administrative investigation into, or imposing liability on, any person in connection with seeking, obtaining, providing, or facilitating lawful reproductive health care.

---

Your Rights Regarding Your Health Information

Right to request restrictions. You have the right to request restrictions on certain uses and disclosures of your PHI for treatment, payment, or health care operations. We are not required to agree to your request unless you are asking us to restrict disclosures to a health plan for services you paid for out of pocket in full. If you pay for a service entirely out of pocket and request that we not disclose that information to your health plan, we are required to honor that request. To make this request, contact us using the information below.

Right to confidential communications. You have the right to request that we communicate with you about your health information by alternative means or at alternative locations. For example, you may ask that we contact you only at a certain phone number or email address. We will accommodate reasonable requests.

Right to inspect and copy. You have the right to inspect and obtain a copy of your PHI contained in a designated record set for as long as we maintain it. We may charge a reasonable, cost-based fee for copies. If your records are maintained electronically, you may request an electronic copy in a readily producible format. We will respond to your request within 30 days (or up to 60 days with written notice of the reason for delay).

Right to amend. You have the right to request that we amend your PHI in a designated record set. We may deny your request in certain circumstances (for example, if the information was not created by us, or if we determine the record is accurate and complete). If we deny your request, we will provide you with a written explanation.

Right to an accounting of disclosures. You have the right to request a list of certain disclosures we have made of your PHI in the six years prior to your request (or since the effective date of this Notice, whichever is more recent). This accounting will not include disclosures made for treatment, payment, or health care operations; disclosures you authorized in writing; disclosures made directly to you; or certain other disclosures.

Right to a paper copy of this Notice. You have the right to obtain a paper copy of this Notice at any time, even if you previously agreed to receive it electronically. You may request a paper copy by contacting us.

Right to be notified of a breach. You have the right to be notified if we or one of our business associates discovers a breach of your unsecured PHI. We will notify you in accordance with applicable federal and state law.

---

How We Protect Your Information in Telehealth

TeleDirectMD delivers care through telehealth video visits across multiple U.S. states. We take the following measures to protect your PHI:

Secure technology. Our telehealth platform uses encryption for video consultations. We maintain a signed Business Associate Agreement (BAA) with all technology vendors who may access, transmit, or store your PHI.

Electronic health records. Your medical records are maintained in a HIPAA-compliant electronic health record (EHR) system with role-based access controls, audit logging, and encryption at rest and in transit.

Electronic prescribing. Prescriptions are transmitted electronically to your chosen pharmacy using HIPAA-compliant e-prescribing systems.

Insurance claims transmission. If we submit claims to your health plan on your behalf, that information is transmitted through secure, HIPAA-compliant electronic data interchange (EDI) channels.

Your responsibility. When participating in a telehealth visit, we recommend you join from a private location where others cannot overhear your conversation, and connect over a secure internet connection. We cannot guarantee the security of information on your end of the communication.

---

Changes to This Notice

We reserve the right to change the terms of this Notice at any time. Any revised Notice will apply to PHI we already have about you as well as any PHI we receive in the future. The revised Notice will be posted on our website at teledirectmd.com/notice-of-privacy-practices with a new effective date. We will make the revised Notice available to you upon request.

---

Complaints

If you believe your privacy rights have been violated, you may file a complaint with TeleDirectMD or with the U.S. Department of Health and Human Services, Office for Civil Rights. You will not be retaliated against for filing a complaint.