Legal

Last Updated: February 17, 2025

Who We Are and What This Notice Covers

This HIPAA Notice applies to BATWatch, Inc., BATWatch Medical Group, LLC, all affiliated state-licensed BATWATCH™ entities, Series LLCs, and operational partners that collectively deliver proactive brain health services under the BATWATCH™ brand (“BATWatch,” “we,” “us,” or “our”). This includes our collaborative programs and initiatives, such as BAT LEVELS™, the BATWATCH™ Protocol, and the BATWATCH™ Provider Network.

Our Role:
BATWatch operates as a coordinated network of independent healthcare professionals, state-licensed clinical entities, and technology partners. Our structure includes:

• BATWatch, Inc. (parent, technology, and compliance)
• BATWatch Medical Group, LLC (national management and operations)
• BATWATCH™ State Entities (licensed clinical corporations per state)
• Series LLCs and operational affiliates (supporting coordination, data, and logistics)

All medical care is provided by appropriately licensed BATWATCH™ State Entities and independent clinicians (including physicians, nurse practitioners, and group practices) operating within the BATWATCH™ Provider Network. Operational, technological, and logistical support is provided centrally by BATWatch Medical Group, LLC and its affiliates.

The BATWATCH™ Community and Data-Sharing Model

By participating in any BATWATCH™ service or program, you become part of an Organized Health Care Arrangement (“OHCA”). This arrangement allows for secure sharing of health information among BATWATCH™ -affiliated providers and operational entities to deliver coordinated care, support lab testing, facilitate telehealth, and track health outcomes across our platform.

• Clinical services are rendered by licensed BATWATCH™ State Entities and participating independent providers.
• Operational support, technology infrastructure, and centralized coordination are provided by BATWatch Medical Group, LLC and affiliated Series LLCs.
• Data sharing within the OHCA is strictly limited to treatment, payment, healthcare operations, and patient-authorized research, as permitted by HIPAA and state law.

Our Commitment to Privacy

We understand that your health information is sensitive and personal. We are committed to protecting your privacy in every aspect of our operations, from digital health records to laboratory coordination and telehealth. All BATWatch staff, providers, and partners are required to uphold the highest standards of patient confidentiality, in line with federal and state laws.

We are required by law to:

• Protect your health information in all formats (paper, digital, electronic).
• Provide this Notice describing our privacy practices and legal duties.
• Notify you in the event of a breach involving your unsecured protected health information (PHI), consistent with federal and state law.

Who Must Follow This Notice?

This Notice applies to:

• All BATWatch, Inc. and BATWatch Medical Group, LLC employees, contractors, and operational partners
• All state-licensed BATWATCH™ clinical entities and their staff
• All licensed healthcare professionals, including physicians and nurse practitioners, participating in the BATWATCH™ Provider Network
• Any subcontractors, business associates, or affiliates who support BATWatch operations and may have access to PHI as part of their duties

All providers and support staff participating in BATWATCH™ services agree to follow these privacy practices as a condition of participation.

Protected Health Information (PHI) refers to any information that can be used to identify you and relates to your past, present, or future physical or mental health, the healthcare services you receive, or payment for those services. PHI may be collected or shared in written, electronic, or verbal form.

Examples of PHI include:

• Your name, address, date of birth, contact information
• Medical records, test results, diagnoses, and treatment plans
• Billing, insurance, and payment details
• Communications about your care between you and your provider

We may collect and store your PHI through our digital health records, lab coordination systems, telehealth platforms, and patient support tools as part of delivering BATWATCH™ services.

How and Why We Use and Share Your Health Information

We only use or share your PHI as allowed by law, and only when it is necessary to provide you with care, operate our services, or meet our legal obligations. Here are the main ways your information may be used or disclosed:

1. Treatment:
   We use and share your health information with authorized BATWATCH™ providers and specialists to coordinate your care, manage test results, and support your ongoing health. For example, your BAT LEVELS™ test results may be shared with your assigned provider for clinical review or discussed with you during a telehealth visit.
2. Payment:
   We use and share your health information to bill your health plan, process insurance claims, and verify coverage for lab testing, telehealth visits, and other services. This may include sharing information with your insurer, Medicare, or other payers as needed.
3. Healthcare Operations:
   We use your information for activities necessary to run BATWATCH™ and support quality care, such as care coordination, data analytics, quality improvement, compliance audits, staff training, and secure recordkeeping. Only authorized staff and partners who need your information for these tasks can access it.
4. Legal and Regulatory Compliance:
   We may use or share your information when required by law (such as reporting certain infectious diseases, complying with court orders, or fulfilling government requests), or to protect public health and safety.
5. Health Information Exchange:
   To provide coordinated care, your health information may be securely shared among BATWATCH™ network providers and affiliated partners through electronic health record systems. This allows your current provider, lab, or care team to access your information as needed for your care. We only share the minimum necessary information and maintain strict security standards for all electronic exchanges.
6. Research and Analytics:
   With proper safeguards, we may use de-identified or anonymized health information for research, quality improvement, or public health purposes. This means your data is stripped of identifying details and cannot be linked back to you.

We will never sell your PHI or use it for marketing without your explicit written consent.

When We Need Your Permission

For any situation not covered above, or if required by law, we will ask for your written authorization before using or sharing your PHI. You may revoke this permission at any time by contacting us in writing. Revoking your authorization does not affect uses or disclosures already made based on your prior consent.

Minimum Necessary Standard

BATWatch follows the HIPAA “minimum necessary” rule. We only use, access, or share the minimum amount of PHI needed for a specific purpose. For example, a provider reviewing your lab results will only access the relevant information needed to assess your brain health, not your entire medical history.

Your Rights Regarding Your Health Information

You have important rights under federal and state law regarding your protected health information (PHI) held by BATWatch and its affiliated providers. We support your right to understand and control how your information is used.

1. Right to Access and Copy Your Health Information
   You may request to view or receive a copy of your health records, lab results, or billing information held by BATWatch or your assigned provider. This can include both paper and electronic formats. To make a request, contact us through the BATWATCH™ Portal, your assigned Brain Health Coordinator, or your BATWATCH™ provider. Reasonable fees may apply for copies or mailed records as permitted by law.
2. Right to Request Changes (Amendments)
   If you believe any of your health information is incorrect or incomplete, you have the right to ask us to correct it. You may be required to submit your request in writing. If we deny your request, we will explain why in writing, and you have the right to add a statement of disagreement to your record.
3. Right to an Accounting of Disclosures
   You may request a list (an “accounting”) of certain disclosures of your PHI made by BATWatch in the last six years. This list does not include disclosures made for treatment, payment, or healthcare operations, or those you authorized. The first request in a 12-month period is free; additional requests may involve a fee.
4. Right to Request Confidential Communications
   You may ask us to communicate with you in a specific way or at a specific location (for example, only by mail or only at a certain phone number). We will honor all reasonable requests.
5. Right to Request Restrictions
   You can request that we limit the use or sharing of your PHI for treatment, payment, or operations. While we are not required to agree to most restriction requests, we will consider all written requests and will comply where legally required. For example, if you pay for a service entirely out-of-pocket, you can ask us not to share information about that service with your health plan, and we will comply unless prohibited by law.
6. Right to Receive Notice of a Breach
   You will be notified promptly if there is a breach of your unsecured PHI that may have compromised the privacy or security of your information, consistent with federal and state requirements.
7. Right to Obtain a Paper Copy of This Notice
   You may request a paper copy of this privacy notice at any time, even if you have received it electronically.

How to Exercise Your Rights

To exercise any of these rights, please contact the BATWATCH™ Privacy Officer or your assigned Brain Health Coordinator. Requests must be submitted in writing when required by law. We will respond to your requests as quickly as possible and in accordance with all applicable legal requirements.

If you think your rights may have been violated, you may contact us at ops [at] batlevels [dot] com or call 1-202-681-1274, or contact our Privacy Officer. You may also send a written complaint to the U.S. Department of Health and Human Services, Office of Civil Rights at OCRComplaint@hhs.gov or Centralized Case Management Operations, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Room 509F HHH Bldg., Washington, D.C. 20201. We will not take any action against you or change our treatment of you for filing a complaint. CONTACT INFORMATION: Privacy Officer Phone: 202-681-1274 Email: ops [at] batlevels [dot] com.

How and When We May Be Required or Permitted to Share Your Information

There are situations where federal or state law requires or permits BATWatch to use or share your health information, even without your specific authorization. Below are the most common scenarios.

1. Public Health and Safety
   We may share your PHI as required or permitted by law with public health authorities or government agencies whose work includes:

• Preventing or controlling disease, injury, or disability
• Reporting births, deaths, or certain diseases
• Tracking reactions to medications or problems with medical devices
• Responding to public health emergencies or pandemics

2. Required by Law
   We must disclose PHI when required to do so by law, such as:

• Reporting child, elder, or dependent adult abuse or neglect
• Responding to subpoenas, court orders, or legal investigations
• Complying with audits or investigations by health oversight agencies (e.g., Medicare, Medicaid, licensing boards)

3. Law Enforcement
   We may share your PHI with law enforcement officials in certain circumstances, such as:

• To report or locate a missing person
• To comply with a court order or warrant
• To report a crime committed on BATWatch premises or during the provision of care
• In emergencies, to report details about a crime or crime victim

4. Coroners, Medical Examiners, and Funeral Directors
   If you die, we may share necessary information with a coroner, medical examiner, or funeral director as required to identify you, determine cause of death, or carry out their duties.
5. Organ and Tissue Donation
   If you are an organ donor, we may release necessary PHI to organizations involved in organ, eye, or tissue donation and transplantation.
6. Serious Threats to Health or Safety
   We may use or share your information when necessary to prevent or reduce a serious threat to your health or safety, or the health or safety of others, in accordance with the law and professional ethics.
7. Workers’ Compensation
   We may share your health information with workers’ compensation or similar programs providing benefits for work-related injuries or illness, as permitted by law.
8. Military, Veterans, and Government Functions
   If you are or were a member of the armed forces, we may be required to share your information with military command authorities. We may also share information for national security, intelligence, or other government functions as required by law.
9. Inmates or Those in Custody
   If you are an inmate or in custody, we may release PHI to the correctional institution or law enforcement when necessary to provide you with health care or ensure the safety and security of the facility.

Marketing and Sale of Health Information

We do not sell your health information, and we do not use or disclose your PHI for marketing purposes without your explicit written consent.

• You have the right to refuse any marketing communications about non- BATWATCH™ services or products.
• We may contact you directly about your care, BATWATCH™ programs, or health-related services you are already enrolled in, but you can opt out of fundraising or non-essential communications at any time.

Other Uses and Disclosures

For any situation not described above, or for uses not permitted by law, we will ask for your written permission before using or sharing your PHI.

• If you give us written authorization, you can revoke it at any time by contacting us in writing. Revoking does not affect disclosures already made with your prior permission.

Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in the law, our operations, or privacy practices.

The current version will always be posted on our website at [batlevels.com/legal/hipaa].

The “Effective Date” at the top of this Notice tells you when it was last updated.

We will notify you in advance, as required by law, if there are any material changes to how your PHI is used or disclosed.