HIPAA Notice of Privacy Practices

This Notice of Privacy Practices ("Notice") describes how Reidy Labs LLC ("Company," "we," "us," or "our"), the operator of BiomarkerHelp, may use and share your Protected Health Information ("PHI") and explains your rights regarding that information. We are required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations to maintain the privacy of your PHI and to provide you with this Notice.

1. What Is Protected Health Information?

Protected Health Information (PHI) is individually identifiable health information that is created, received, maintained, or transmitted in any form—electronic, paper, or oral. This includes information that relates to your past, present, or future physical or mental health condition; the provision of healthcare to you; or the past, present, or future payment for healthcare, when that information can be used to identify you.

In the context of BiomarkerHelp, PHI may include health-related search criteria you provide (such as medical conditions or diagnoses), genetic and genomic data from biomarker reports (including gene mutations, fusions, amplifications, and expression markers), biomarker report files you upload, AI-extracted biomarker data, and identifying information such as your name and email address.

2. Our Responsibilities Under HIPAA

We are required by law to:

• Maintain the privacy and security of your Protected Health Information.
• Provide you with this Notice explaining our legal duties and privacy practices regarding your PHI.
• Follow the terms of this Notice currently in effect.
• Notify you if a breach of your unsecured PHI occurs, as required by the HIPAA Breach Notification Rule.

We will not use or share your PHI except as described in this Notice or as otherwise permitted or required by law.

3. How We May Use or Share Your PHI Without Authorization

Under HIPAA, we may use or disclose your PHI without your written authorization in the following circumstances:

a. Treatment

We may use or share your PHI to assist in coordinating or managing your healthcare. For example, if a feature of the platform facilitates communication between you and a clinical trial site, we may share relevant information to support that connection.

b. Healthcare Operations

We may use your PHI for our operational activities, including quality assessment, training, auditing, and improving our Services. For instance, we may analyze aggregated or de-identified health-related search data to improve the accuracy and relevance of clinical trial results.

c. Legal Compliance

We may use or disclose your PHI when required to do so by federal, state, or local law. This includes responding to court orders, subpoenas, or lawful requests from governmental agencies.

d. Public Health Activities

We may disclose your PHI to public health authorities for purposes such as preventing or controlling disease, reporting adverse events, or tracking products or medications as required by the FDA or other agencies.

e. Research

We may use or disclose your PHI for research purposes when the research has been approved by an Institutional Review Board (IRB) or privacy board that has established protocols to ensure the privacy of your information. In most cases, we will use de-identified data for research purposes.

f. Threat to Health or Safety

We may disclose your PHI if we believe in good faith that disclosure is necessary to prevent a serious and imminent threat to your health or safety or that of others.

g. Business Associates

We may share your PHI with third-party service providers ("Business Associates") who perform services on our behalf and require access to your PHI, including AI service providers used for biomarker extraction and analysis. All Business Associates are bound by written agreements (Business Associate Agreements) that require them to safeguard your PHI in accordance with HIPAA.

4. When Your Written Authorization Is Required

For uses and disclosures not described above, we will obtain your written authorization before using or sharing your PHI. This includes, but is not limited to:

• Marketing communications that involve the use of your PHI (beyond what is permitted without authorization).
• Sale of your PHI to third parties.
• Most uses of psychotherapy notes, if applicable.

If you provide an authorization, you may revoke it at any time by submitting a written request to our Privacy Officer. Revocation will not affect any uses or disclosures made in reliance on your authorization before it was revoked.

5. Your Rights Regarding Your PHI

a. Right to Access

You have the right to inspect and obtain a copy of the PHI we maintain about you. To make a request, submit a written request to our Privacy Officer. We may charge a reasonable fee to cover the costs of copying and mailing. In certain limited circumstances, we may deny your request, but you will have the right to have the denial reviewed.

b. Right to Request Restrictions

You may request that we place additional restrictions on how we use or disclose your PHI. While we will consider your request, we are not required to agree to it, except where the disclosure is to a health plan for payment or healthcare operations purposes and the PHI relates solely to a service for which you have paid in full out of pocket.

c. Right to Confidential Communication

You have the right to request that we communicate with you about your PHI in a specific way or at a specific location. For example, you may ask that we contact you only at a particular email address. We will accommodate reasonable requests.

d. Right to Request Corrections

If you believe that the PHI we maintain about you is inaccurate or incomplete, you may request that we amend it. Your request must be in writing and include the reason for the amendment. We may deny the request under certain circumstances, such as if we did not create the information or if we determine the information is already accurate.

e. Right to an Accounting of Disclosures

You have the right to request a list of certain disclosures of your PHI that we have made. This accounting does not include disclosures made for treatment, healthcare operations, or disclosures you authorized in writing. To request an accounting, submit a written request to our Privacy Officer specifying the time period (not to exceed six years prior to the request).

f. Right to a Copy of This Notice

You have the right to receive a paper or electronic copy of this Notice at any time. To request a copy, contact our Privacy Officer.

6. Questions and Complaints

If you have questions about this Notice or believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights:

We will not retaliate against you for filing a complaint.

7. Changes to This Notice

We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI that we maintain. If we make a material change, the revised Notice will be posted on our website and will be available upon request. The effective date of any revised Notice will be clearly indicated.

8. Contact Information

For any questions, concerns, or requests related to this Notice, please contact: