PRIVACY POLICY

Last updated May 06, 2024

This privacy notice for Headstart Health, Inc. ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

Visit our website at headstart.health , or any website of ours that links to this privacy notice
Download and use our mobile application (Headstart Health), or any other application of ours that links to this privacy notice
Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at admin@headstart.health .

SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.

Do we receive any information from third parties? We may receive information from public databases, marketing partners, social media platforms, and other outside sources. Learn more about information collected from other sources.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cyber criminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the privacy notice in full.

WHAT INFORMATION DO WE COLLECT?
HOW DO WE PROCESS YOUR INFORMATION?
WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
HOW DO WE HANDLE YOUR SOCIAL LOGINS?
HOW LONG DO WE KEEP YOUR INFORMATION?
HOW DO WE KEEP YOUR INFORMATION SAFE?
DO WE COLLECT INFORMATION FROM MINORS?
WHAT ARE YOUR PRIVACY RIGHTS?
CONTROLS FOR DO-NOT-TRACK FEATURES
DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
DO WE MAKE UPDATES TO THIS NOTICE?
HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate inactivities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

names
phone numbers
email addresses
mailing addresses
usernames
passwords
contact or authentication data

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

health data

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Information collected from other sources

In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.

In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account (e.g., Facebook or Twitter), we receive personal information about you such as your name, email address, and gender. Any personal information that we collect from your social media account depends on your social media account's privacy settings.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

When we have no on going legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cyber criminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at admin@headstart.health.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your account at any time.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consentat any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

If you have questions or comments about your privacy rights, you may email us at admin@headstart.health.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of Utah, Virginia, Colorado, Connecticut or California, you are granted specific rights regarding access to your personal information.

What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months:

Category	Examples	Collected
A. Identifiers	Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name	Yes
B. Personal information as defined in the California Customer Records statute	Name, contact information, education, employment, employment history, and financial information	Yes
C. Protected classification characteristics under state or federal law	Gender and date of birth	Yes
D. Commercial information	Transaction information, purchase history, financial details, and payment information	No
E. Biometric information	Fingerprints and voiceprints	No
F. Internet or other similar network activity	Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements	No
G. Geolocation data	Device location	No
H. Audio, electronic, visual, thermal, olfactory, or similar information	Images and audio, video or call recordings created in connection with our business activities	No
I. Professional or employment-related information	Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us	No
J. Education Information	Student records and directory information	No
K. Inferences drawn from collected personal information	Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics	No
L. Sensitive personal Information	Account login information, health data and personal data from a known child	Yes

We will use and retain the collected personal information as needed to provide the Services or for:

Category A - As long as the user has an account with us
Category B - As long as the user has an account with us
Category C - As long as the user has an account with us
Category L - As long as the user has an account with us

Category L information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You have the right to limit the use or disclosure of your sensitive personal information.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

Receiving help through our customer support channels;
Participation in customer surveys or contests; and
Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information?

Learn about how we use your personal information in the section, "HOW DO WE PROCESS YOUR INFORMATION?"

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section, "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

Category L. Sensitive personal information

The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

California Residents

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that your eside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA Privacy Notice

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below.

The California Code of Regulations definesa "residents" as:

(1) every individual who is in the State of California for other than a temporary or transitory purpose and

(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as "non-residents."

If this definition of "resident" applies to you, we must ad here to certain rights and obligations regarding your personal information.

Your rights with respect to your personal data

Right to request deletion of the data — Request to delete

You can ask for the deletion of your personal information. If you ask usto delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed — Request to know

Depending on the circumstances, you have a right to know:

whether we collect and use your personal information;
the categories of personal information that we collect;
the purposes for which the collected personal information is used;
whether we sell or share personal information to third parties;
the categories of personal information that we sold, shared, or disclosed for a business purpose;
the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;
the business or commercial purpose for collecting, selling, or sharing personal information; and
the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information

If the business collects any of the following:

social security information, drivers' licenses, state ID cards, passport numbers
account login information
credit card numbers, financial account information, or credentials allowing access to such accounts
precise geolocation
racial or ethnic origin, religious or philosophical beliefs, union membership
the contents of email and text, unless the business is the intended recipient of the communication
genetic data, biometric data, and health data
data concerning sexual orientation and sex life

you have the right to direct that business to limit its use of your sensitive personal information to that use which is necessary to perform the Services.

Once a business receives your request, they are no longer allowed to use or disclose your sensitive personal information for any other purpose unless you provide consent for the use or disclosure of sensitive personal information for additional purposes.

Please note that sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer is not covered by this right, as well as the publicly available information.

To exercise your right to limit use and disclosure of sensitive personal information, please email admin@headstart.health or submit a data subject access request.

Verification process

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the informational ready maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security orfraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights

You may object to the processing of your personal information.
You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.
You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.

To exercise these rights, you can contact us by submitting a data subject access request, by email at admin@headstart.health, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

Colorado Residents

This section applies only to Colorado residents. Under the Colorado Privacy Act (CPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

Right to be informed whether or not we are processing your personal data
Right to access your personal data
Right to correct in accuracies in your personal data
Right to request deletion of your personal data
Right to obtain a copy of the personal data you previously shared with us
Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

To submit a request to exercise these rights described above,
please email admin@headstart.health or submit a data subject access request.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at admin@headstart.health. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Connecticut Residents

This section applies only to Connecticut residents. Under the Connecticut Data Privacy Act (CTDPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

Right to be informed whether or not we are processing your personal data
Right to access your personal data
Right to correct in accuracies in your personal data
Right to request deletion of your personal data
Right to obtain a copy of the personal data you previously shared with us
Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

To submit a request to exercise these rights described above, please email admin@headstart.health or submit a data subject access request.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at admin@headstart.health. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Utah Residents

This section applies only to Utah residents. Under the Utah Consumer Privacy Act (UCPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

Right to be informed whether or not we are processing your personal data
Right to access your personal data
Right to request deletion of your personal data
Right to obtain a copy of the personal data you previously shared with us
Right to opt out of the processing of your personal data if it is used for targeted advertising or the sale of personal data

To submit a request to exercise these rights described above, please email admin@headstart.health or submit a data subject access request.

Virginia Residents

Under the Virginia Consumer Data Protection Act (VCDPA):

"Consumer" means a natural person who is a resident of the Common wealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably link able to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition of "consumer" applies to you, we must ad here to certain rights and obligations regarding your personal data.

Your rights with respect to your personal data

Right to be informed whether or not we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to request deletion of your personal data
Right to obtain a copy of the personal data you previously shared with us
Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

Exercise your rights provided under the Virginia VCDPA

You may contact us by email at admin@headstart.health or submit a data subject access request.

If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without un due delay, but in all cases, within forty-five (45) days of receipt. The response period may beextended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at admin@headstart.health. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

12. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how weare protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at admin@headstart.health or contact us by post at:

Headstart Health, lnc.

United States

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.

Notice of Privacy Practices (NPP)

Effective Date: 4/19/2024

This Joint Notice of Privacy Practices (“Notice”) describes how Headstart Health IPA, LLC (“Headstart”) and the providers that contract with Headstart within the Headstart Organized Health Care Arrangement (“Headstart OHCA”, collectively, with “Headstart”, referred to herein as “us”, “we”, or “our”), uses information about you and when we can share that information with others. It also informs you about your rights to your protected health information (“PHI”).

As members of the Headstart OHCA, we protect the privacy and security of your patient records in accordance with the standards set forth in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). We are required by law to maintain the privacy of your health information in accordance with applicable federal and state law.

ORGANIZED HEALTH CARE ARRANGEMENT:

Headstart participates in an Organized Health Care Arrangement (“OHCA”) with certain healthcare providers and groups. An OHCA is an arrangement or relationship, recognized in the HIPAA privacy rules, that allows two or more Covered Entities who participate in joint activities to share the PHI about their patients in order to manage and benefit their joint operations. Headstart will share PHI with participants in the Headstart OHCA for treatment, payment and health care operations of the Headstart OHCA. The providers that comprise the Headstart OCHA are in numerous locations throughout the U.S. but are considered one single entity for purposes of our privacy practices. You can find a list of all the members of the OHCA here:. If you are uncertain if your provider participates in the Headstart OHCA, please contact the Headstart Privacy Officer at admin@headstart.health.

INTRODUCTION

This Notice outlines our legal duties and privacy practices with respect to health information. We are required by law to provide you with a copy of this Notice and to notify you following a breach of your unsecured health information. We will abide by the terms of the Notice.

We reserve the right to make changes to this Notice as permitted by law. We reserve the right to make the new Notice provisions effective for all health information we currently maintain, as well as any health information we receive in the future. If we make material or important changes to our privacy practices, we will promptly revise our Notice. Each version of the Notice will have an effective date listed on the first page. If we change this Notice, you can access the revised Notice on our website.

You have the right to file a complaint if you believe your privacy rights have been violated. If you would like to file a complaint about our privacy practices, you can do so by sending a letter outlining your concerns to:

Headstart Health IPA, LLC
Attention: Privacy Officer
2025 Zach Scott St.
Austin, TX 78723

or by contacting our Privacy Officer by telephone at (312) 972-7868 or by email at admin@headstart.health.

You have the right to complain to the Secretary of Health and Human Services or the United States Attorney for the judicial district in which the violation occurs if you believe your privacy rights have been violated by us. You will not be penalized or otherwise retaliated against for filing a complaint.

USES AND DISCLOSURES OF YOUR HEALTH INFORMATION:

We will obtain your written authorization to use and disclose your health information unless we are permitted to use or disclose your information without your authorization under applicable law. The following categories describe the ways that we may use and disclose your health information without your written authorization under HIPAA. To the extent applicable state law is even more restrictive than HIPAA on how we use and disclose any of your health information, we comply with more restrictive state law.

Treatment: Your protected health information may be used and disclosed in order to treat you. Your protected health information may be shared with other professionals who are treating you. For example, clinicians involved in your care will use and disclose your protected health information to coordinate your care or to plan a course of treatment for you. For example, sending medical information about you to your doctor or to a specialist as part of a referral. We may also share your information with providers outside of the Headstart OHCA, such as a specialist or a laboratory.

Payment: Your protected health information may be used, as needed, to obtain payment for your health care services. For example, obtaining approval from your health insurance plan for a particular treatment may require that your relevant protected health information be disclosed to your health insurance plan to obtain approval for the treatment.

Healthcare Operations: We may use or disclose, as needed, your protected health information in order to support the normal business activities of Headstart. Examples of these activities include, but are not limited to, quality assessment activities, employee review activities, training, licensing, and conducting or arranging for other business activities.

We also may need to share your protected health information with certain of our “business associates” or other third parties that perform various activities (e.g., billing, coordinating care, transcribing records) for Headstart. Whenever an arrangement between Headstart and a business associate involves the use or disclosure of your protected health information, we will have in place the legally required safeguards to protect the privacy of your health information.

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION BASED UPON YOUR WRITTEN AUTHORIZATION:

Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described below. You may revoke your authorization, at any time, in writing, except to the extent that Headstart has taken an action in reliance on the use or disclosure indicated in the authorization.

OTHER USES AND DISCLOSURES THAT MAY BE MADE AND TO WHICH YOU MAY AGREE OR OBJECT:

In the circumstances listed below, you may agree or object to the use or disclosure of the protected health information in the manner described. In the absence of agreement or objection, Headstart may, using professional judgment, determine whether the disclosure of health information is in your best interest. If such a determination is made, only the protected health information that is relevant to your health care will be disclosed.

Others Involved in Your Healthcare: Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interests, based on our professional judgment. We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, general condition or death. Finally, we may use or disclose your protected health information to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.

Emergencies: In an emergency treatment situation, we may have to use or disclose your protected health information in a context in which consent for the release of information has not already been given. If this happens, Headstart will try to obtain your consent to the release of information as soon as reasonably practicable after the delivery of the treatment. If a Headstart provider is required to treat you and has attempted to obtain your consent but is unable to obtain your consent, it may still use or disclose your protected health information to treat you.

OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES THAT MAY BE MADE WITHOUT YOUR CONSENT, AUTHORIZATION, OR OPPORTUNITY TO OBJECT:

There are other circumstances in which we may have to use or disclose your protected health information, even without your consent or authorization. These situations include:

Disclosure Required By Law: We may use or disclose your protected health information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.

Public Health: We may disclose your protected health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability. We may also disclose your protected health information, if directed by the public health authority, to a government agency that is collaborating with the public health authority.

Communicable Diseases: We may disclose your protected health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise beat risk of contracting or spreading the disease or condition.

Health Oversight: We may disclose protected health information to a health over sight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that over see the health care system, government benefit programs, other government regulatory programs and civil rights laws.

Abuse or Neglect: We may disclose your protected health information to a government authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws

Food and Drug Administration: We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products; to enable product recalls; to make repairs or replacements; or to conduct post marketing surveillance, as required.

Legal or Administrative Proceedings or Investigations: We may disclose protected health information in the course of any judicial or administrative proceeding or investigation, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in certain conditions in response to a subpoena, discovery request or other lawful process or request.

Law Enforcement: We may disclose protected health information, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include requests: (1) pursuant to legal processes or as otherwise required by law; (2) for limited information for identification and location purposes; (3) pertaining to potential victims of a crime; (4) relating to suspicion that a death has occurred as a result of criminal conduct; (5) in the event that a crime occurs at Headstart; or (6) relating to a medical emergency (not at Headstart) and it is necessary to alert law enforcement regarding a potential crime.

Coroners, Funeral Directors, and Organ Donation: We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out his/her duties. We may disclose such information in reasonable anticipation of death. protected health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes.

Threat to Public Safety: Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.

Information Not Personally Identifiable. We may use or disclose your protected health information in ways that do not personally reveal your identity.

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION:

‍This section describes your rights regarding the health information we maintain about you and a brief description of how you may exercise these rights.

Right to Inspect and Copy: You have the right to inspect and receive a copy of your health information. We may charge you a fee as authorized by law to meet your request. You may request access to your health information in a certain electronic form and format, if readily producible, or, if not readily producible, in a mutually agreeable electronic form and format. Further, you may request in writing that we transmit such a copy to any person or entity you designate. Your written, signed request must clearly identify such designated person or entity and where you would like us to send the copy. We may deny your request to inspect and copy in limited circumstances. If you are denied access to your health information, you may request that the denial be reviewed by a licensed health care professional chosen by us. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

Right to Request Confidential Communications: You have the right to request that we communicate your health information to you in a certain manner or at a certain location. For example, you may wish to receive information through a written letter sent to a private address. We will grant reasonable requests. We will not ask you the reason for your request.

Right to Amend: You have a right to request that we amend or correct your health information that you believe is incorrect or incomplete. For example, if your date of birth is incorrect, you may request that the information be corrected. To request a correction or amendment to your health information, you must make your request in writing and provide a reason for your request. You have the right to request an amendment for as long as the information is kept by or for us. Under certain circumstances we may deny your request. If your request is denied, we will provide you with information about our denial and how you can file a written statement of disagreement with us that will become part of your medical record.

Right to an Accounting of Disclosures: You have the right to request an accounting of disclosures we make of your health information. Please note that certain disclosures need not be included in the accounting we provide to you, including most disclosures we make pursuant to your authorization. Your request must state a time period which may not go back further than six years. You will not be charged for this accounting, unless you request more than one accounting per year, in which case we may charge you a reasonable cost-based fee for providing the additional accounting(s). We will notify you of the costs involved and give you an opportunity to withdraw or modify your request before any costs have been incurred.

Right to Request Restrictions: HIPAA provides that you have the right to request restrictions on how your health information is used or disclosed for treatment, payment, or healthcare operations activities but that we are not required to agree to your requested restriction, unless that restriction is regarding disclosure of health information to your health insurance company and: (1) the disclosure is for the purpose of carrying out payment or healthcare operations and is not otherwise required by law; and (2) the health information pertains solely to a healthcare item or service for which you or another person (other than your health insurance company) paid for in full.

Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice at any time, even if you previously agreed to receive this Notice electronically. A copy of this Notice can be obtained at any time from our website here.

CONTACT INFORMATION:

If you have questions or concerns about your privacy rights, or the information contained in this Notice, please contact the Headstart Privacy Officer by mail at Headstart Health IPA, LLC, Attn: Privacy Officer, 2025 Zach Scott St. , Austin, TX 78723, by telephone at (312) 972-7868, or by email at admin@headstart.health.

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Effective Date: 4/19/2024

This Joint Notice of Privacy Practices (“Notice”) describes how Headstart Health IPA, LLC(“Headstart”) and the providers that contract with Headstart within the Headstart Organized Health Care Arrangement (“Headstart OHCA”, collectively, with “Headstart”, referred to hereinas “us”, “we”, or “our”), uses information about you and when we can share that information with others. It also informs you about your rights to your protected health information (“PHI”).

ORGANIZED HEALTH CARE ARRANGEMENT:

Headstart participates in an Organized Health Care Arrangement (“OHCA”) with certain healthcare providers and groups. An OHCA is an arrangement or relationship, recognized in theHIPAA privacy rules, that allows two or more Covered Entities who participate in joint activities to share the PHI about their patients in order to manage and benefit their joint operations. Headstart will share PHI with participants in the Headstart OHCA for treatment, payment and health care operations of the Headstart OHCA. The providers that comprise the Headstart OCHA are in numerous locations throughout the U.S. but are considered one single entity for purposes of our privacy practices. You can find a list of all the members of the OHCA here:. If you are uncertain if your provider participates in the Headstart OHCA, please contact the Headstart Privacy Officer at admin@headstart.health.

INTRODUCTION

‍

Headstart Health IPA, LLC
Attention: Privacy Officer
2025 Zach Scott St.
Austin, TX 78723

or by contacting our Privacy Officer by telephone at (312) 972-7868 or by email at admin@headstart.health.

‍

USES AND DISCLOSURES OF YOUR HEALTH INFORMATION:

‍

We will obtain your written authorization to use and disclose your health information unless weare permitted to use or disclose your information without your authorization under applicable law. The following categories describe the ways that we may use and disclose your health information without your written authorization under HIPAA. To the extent applicable state law is even more restrictive than HIPAA on how we use and disclose any of your health information, we comply with more restrictive state law.

‍

Treatment: Your protected health information may be used and disclosed in order to treat you.Your protected health information may be shared with other professionals who are treating you.For example, clinicians involved in your care will use and disclose your protected health information to coordinate your care or to plan a course of treatment for you. For example, sending medical information about you to your doctor or to a specialist as part of a referral. We may also share your information with providers outside of the Headstart OHCA, such as a specialist or a laboratory.

‍

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION BASED UPON YOUR WRITTEN AUTHORIZATION:

‍

Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described below. Youmay revoke your authorization, at any time, in writing, except to the extent that Headstart has taken an action in reliance on the use or disclosure indicated in the authorization.

‍

OTHER USES AND DISCLOSURES THAT MAY BE MADE AND TO WHICH YOU MAY AGREE OR OBJECT:

‍

Emergencies: n an emergency treatment situation, we may have to use or disclose your protected health information in a context in which consent for the release of information has not already been given. If this happens, Headstart will try to obtain your consent to the release of information as soon as reasonably practicable after the delivery of the treatment. If a Headstart provider is required to treat you and has attempted to obtain your consent but is unable to obtain your consent, it may still use or disclose your protected health information to treat you.

‍

OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES THAT MAY BE MADE WITHOUT YOUR CONSENT, AUTHORIZATION, OR OPPORTUNITY TO OBJECT:

‍

There are other circumstances in which we may have to use or disclose your protected health information, even without your consent or authorization. These situations include:

‍

Health Oversight: We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.

‍

Law Enforcement: We may disclose protected health information, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include requests: (1) pursuant to legal processes or as otherwise required by law; (2) for limited information for identification and location purposes; (3) pertaining to potential victims of a crime;(4) relating to suspicion that a death has occurred as a result of criminal conduct; (5) in the event that a crime occurs at Headstart; or (6) relating to a medical emergency (not at Headstart)and it is necessary to alert law enforcement regarding a potential crime.
‍

Coroners, Funeral Directors, and Organ Donation: We may disclose protected healthin formation to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out his/her duties. We may disclose such information in reasonable anticipation of death. protected health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes.

‍

Information Not Personally Identifiable. We may use or disclose your protected health information in ways that do not personally reveal your identity.

‍

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION:

‍

‍This section describes your rights regarding the health information we maintain about you and a brief description of how you may exercise these rights.

‍

Right to Inspect and Copy: You have the right to inspect and receive a copy of your health information. We may charge you a fee as authorized by law to meet your request. You may request access to your health information in a certain electronic form and format, if readily producible, or, if not readily producible, in a mutually agreeable electronic form and format.Further, you may request in writing that we transmit such a copy to any person or entity you designate. Your written, signed request must clearly identify such designated person or entity and where you would like us to send the copy. We may deny your request to inspect and copy in limited circumstances. If you are denied access to your health information, you may request that the denial be reviewed by a licensed health care professional chosen by us. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

‍

Right to Request Confidential Communications: You have the right to request that we communicate your health information to you in a certain manner or at a certain location. For example, you may wish to receive information through a written letter sent to a private address.We will grant reasonable requests. We will not ask you the reason for your request.

‍

Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures we make of your health information. Please note that certain disclosures need not be included in the accounting we provide to you, including most disclosures we make pursuant to your authorization. Your request must state a time period which may not go back further than six years. You will not be charged for this accounting, unless you request more than one accounting per year, in which case we may charge you a reasonable cost-based fee fo rproviding the additional accounting(s). We will notify you of the costs involved and give you an opportunity to withdraw or modify your request before any costs have been incurred.

‍

Right to Request Restrictions: HIPAA provides that you have the right to request restrictions on how your health information is used or disclosed for treatment, payment, or health care operations activities but that we are not required to agree to your requested restriction, unless that restriction is regarding disclosure of health information to your health insurance company and: (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (2) the health information pertains solely to a health care item or service for which you or another person (other than your health insurance company) paid for in full.

‍

CONTACT INFORMATION:

‍

If you have questions or concerns about your privacy rights, or the information contained in thisNotice, please contact the Headstart Privacy Officer by mail at Headstart Health IPA, LLC, Attn: Privacy Officer, 2025 Zach Scott St., Austin, TX 78723, by telephone at (312) 972-7868, or by email at admin@headstart.health.

PRIVACY POLICY

SUMMARY OF KEY POINTS

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

Information automatically collected

Information collected from other sources

2. HOW DO WE PROCESS YOUR INFORMATION?

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

6. HOW LONG DO WE KEEP YOUR INFORMATION?

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

8. DO WE COLLECT INFORMATION FROM MINORS?

9. WHAT ARE YOUR PRIVACY RIGHTS?

Account Information

10. CONTROLS FOR DO-NOT-TRACK FEATURES

11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

How do we use and share your personal information?

Will your information be shared with anyone else?

California Residents

CCPA Privacy Notice

Your rights with respect to your personal data

Colorado Residents

Connecticut Residents

Utah Residents

Virginia Residents

12. DO WE MAKE UPDATES TO THIS NOTICE?

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

ORGANIZED HEALTH CARE ARRANGEMENT:

INTRODUCTION

USES AND DISCLOSURES OF YOUR HEALTH INFORMATION:

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION BASED UPON YOUR WRITTEN AUTHORIZATION:

OTHER USES AND DISCLOSURES THAT MAY BE MADE AND TO WHICH YOU MAY AGREE OR OBJECT:

OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES THAT MAY BE MADE WITHOUT YOUR CONSENT, AUTHORIZATION, OR OPPORTUNITY TO OBJECT:

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION:

CONTACT INFORMATION:

Contact Us

Join Our Waitlist