HIPAA Compliance & Notice of Privacy Practices

About This Notice

This Notice of Privacy Practices ("Notice") describes how MedaSynq Technologies ("MedaSynq," "we," "us," or "our") may use and disclose your Protected Health Information (PHI) and your rights regarding that information.

Protected Health Information (PHI) is information that identifies you and relates to your past, present, or future physical or mental health condition, health care, or payment for health care services. In our context, this includes information related to life insurance policies, which may contain health-related information.

Our Commitment to HIPAA Compliance

MedaSynq is committed to maintaining the privacy and security of your Protected Health Information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and all applicable regulations.

We maintain compliance through:

• Administrative safeguards (policies, procedures, training)
• Physical safeguards (facility access controls, workstation security)
• Technical safeguards (encryption, access controls, audit controls)
• Business Associate Agreements with all third-party service providers
• Regular risk assessments and compliance audits

How We May Use and Disclose Your PHI

With Your Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes other than those described below. You may revoke your authorization at any time in writing.

For Treatment, Payment, and Health Care Operations

While MedaSynq is not a health care provider, we may use and disclose your PHI:

• For Services: To provide our life insurance assistance services, including communicating with insurance carriers on your behalf
• For Payment: To process payments for our services and communicate with insurance carriers about claim payments
• For Operations: To improve our services, conduct quality assessments, and ensure compliance

As Required by Law

We may disclose your PHI when required by federal, state, or local law, including:

• Court orders and legal proceedings
• Public health activities and reporting
• Law enforcement purposes
• To prevent serious threats to health or safety

With Your Written Authorization

Other uses and disclosures not described in this Notice will only be made with your written authorization, which you may revoke at any time.

Your Rights Regarding Your PHI

Right to Access

You have the right to inspect and obtain a copy of your PHI maintained by us. Requests must be made in writing. We may charge a reasonable fee for copies.

Right to Request Amendment

You may request that we amend your PHI if you believe it is incorrect or incomplete. We may deny your request in certain circumstances but will provide a written explanation.

Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI. We are not required to agree to your request, but if we do, we will honor those restrictions.

Right to Confidential Communications

You may request that we communicate with you about your PHI in a specific way or at a specific location (e.g., only by mail, only at a certain address).

Right to Accounting of Disclosures

You have the right to receive a list of certain disclosures we have made of your PHI. The first accounting in any 12-month period is free; we may charge for additional requests.

Right to Receive Notice of Breach

You have the right to be notified if there is a breach of your unsecured PHI. We will notify you promptly if such a breach occurs.

Right to a Paper Copy of This Notice

You may request a paper copy of this Notice at any time, even if you previously agreed to receive it electronically.

Our Responsibilities

We are required by law to:

• Maintain the privacy and security of your PHI
• Provide you with this Notice of our legal duties and privacy practices
• Notify you if there is a breach of your unsecured PHI
• Follow the terms of this Notice currently in effect
• Not use or disclose your PHI for marketing purposes without your authorization
• Not sell your PHI without your authorization

Security Measures

We implement comprehensive technical and organizational security measures to protect your PHI:

• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Infrastructure: HIPAA-eligible AWS services with SOC 2 compliance
• Access Controls: Role-based access with multi-factor authentication
• Audit Logging: Comprehensive logging of all PHI access
• Employee Training: Regular HIPAA training for all staff
• Incident Response: Documented procedures for security incidents

Changes to This Notice

We reserve the right to change this Notice and make the new provisions effective for all PHI we maintain. If we make material changes, we will post the revised Notice on our website and notify you of the changes.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights. You will not be retaliated against for filing a complaint.

To file a complaint with us:

To file a complaint with HHS:

Contact Information

For questions about this Notice, our privacy practices, or to exercise your rights, please contact our Privacy Officer: