Medical Group Notice of Privacy Practices

Effective Date: July 1, 2025

Who this Notice covers. This Notice of Privacy Practices (“Notice”) describes how the independent physician‑owned professional entities that provide medical services via the IVÉ Wellness platform (the “Medical Groups”) may use and disclose your protected health information (“PHI” or “medical information”), and explains your rights and our legal duties regarding your PHI. “We,” “us,” and “our” refer to the Medical Groups and their workforce members.

  • A current list of Medical Group entities and their states of practice is available at: ivewellness.com/legal/medical-groups (the “Roster”).
  • IVÉ Wellness LLC operates the technology and scheduling/billing service but does not practice medicine.

Privacy Office (for all Medical Groups):
IVÉ Wellness – Medical Groups Privacy Office
PO Box 187, 43 Dillard Rd, Highlands, NC 28741
Email: [email protected]

Our pledge regarding PHI: We are committed to protecting your PHI, providing you this Notice, and following it. We will notify you if a breach compromises the privacy or security of your unsecured PHI, as required by law.

1) Our Legal Duties

  • Maintain the privacy and security of your PHI;
  • Provide you with this Notice and follow it;
  • Notify you following certain breaches of unsecured PHI; and
  • Abide by applicable federal and state privacy laws (including stricter state rules where they apply).

2) How We May Use and Disclose Your PHI Without Your Authorization

We may use or disclose PHI for the following purposes. Examples are illustrative, not exhaustive.

A. Treatment, Payment, and Health Care Operations (“TPO”)

  • Treatment. To provide, coordinate, or manage your care (e.g., clinicians consulting with one another; sending prescriptions to a pharmacy; referring you to a lab).
  • Payment. To bill and collect amounts owed for services you receive (e.g., invoices, payment processing, eligibility or coverage checks if applicable, claims to you or third parties where permitted).
  • Health Care Operations. For quality assessment and improvement, utilization review, training, auditing, legal, compliance, business planning, credentialing, and other operations.

B. Business Associates

We may disclose PHI to vendors who perform services for us (e.g., EHR/hosting, secure messaging, e‑fax, scheduling/billing) under Business Associate Agreements requiring appropriate safeguards.

C. Appointment Reminders; Benefits and Alternatives

We may contact you about appointments, refills, care coordination, or to discuss health‑related products or services that may be of interest. You can tell us your preferred contact method.

D. Fundraising (limited)

If we engage in permissible HIPAA fundraising, you may receive fundraising communications. You can opt out at any time, and we will honor your choice.

E. Public Health and Safety; Oversight

  • Public Health. To report certain diseases, injuries, adverse events, or vital events; to track regulated products; or to notify people exposed to disease.
  • Abuse, Neglect, or Domestic Violence. To appropriate authorities as required or permitted by law.
  • Health Oversight. To health oversight agencies for audits, licensure, or investigations.
  • To Avert a Serious Threat. To prevent or lessen a serious and imminent threat to health or safety.

F. Research

We may use/disclose PHI for research (i) with your authorization, (ii) with an Institutional Review Board (IRB)/Privacy Board waiver, or (iii) in a de‑identified or limited data set format under a data use agreement.

G. Judicial and Administrative Proceedings; Law Enforcement

In response to a court or administrative order, subpoena (with required safeguards), or for law enforcement purposes as permitted by law.

H. Decedents; Organ Donation; Workers’ Compensation

To coroners/medical examiners/funeral directors; to organ procurement organizations; and for workers’ compensation or similar programs.

I. Specialized Government Functions & Inmates

For special government functions (e.g., national security) or correctional situations, as the law permits.

J. Directory/Disaster Relief

If applicable, to a facility directory or to disaster‑relief organizations to coordinate notification—subject to your preferences and law.

3) Uses and Disclosures Requiring Your Written Authorization

We will obtain your written authorization for:

  • Marketing communications that involve financial remuneration from a third party;
  • Sale of PHI (we do not sell PHI);
  • Most disclosures of psychotherapy notes (if applicable); and
  • Other uses/disclosures not described in this Notice.

You may revoke an authorization at any time in writing, except to the extent we have already acted in reliance on it.

4) Electronic Communications and Telehealth

You may receive communications via email, SMS, patient portal, or app. Electronic communication can involve inherent risks (e.g., misdelivery). We use reasonable safeguards, but please tell us your preferred methods and any restrictions. Telehealth services are provided under separate consents and applicable law.

5) State Law and Special Protections (GA & NC emphasis)

Where state law is more protective than HIPAA, we will follow state law. Depending on the state and services, additional protections may apply to:

  • HIV/communicable disease information;
  • Mental/behavioral health records and psychotherapy notes;
  • Substance use disorder records (including potential 42 C.F.R. Part 2 protections if a Part 2 program is involved);
  • Genetic testing and reproductive health information; and
  • Certain minors’ records (e.g., where minors may consent to particular services).

We will obtain any additional consents or follow special procedures as required by Georgia and North Carolina law (and by other states as we expand).

6) Your Rights Regarding PHI

A. Right to Inspect and Obtain Copies

You may inspect and get a copy of PHI in our designated record set (including electronic format where readily producible).

  • Timing: Usually within 30 days, with one 30‑day extension if needed (we’ll notify you in writing).
  • Fees: Reasonable, cost‑based fees may apply for copies, media, mailing, or labor for summaries/explanations if requested.

B. Right to Request an Amendment

If you believe PHI is incorrect or incomplete, you may request an amendment.

  • Timing: We will respond within 60 days (with one 30‑day extension if needed).
  • We may deny requests in certain cases (e.g., we did not create the record; it is accurate/complete). If denied, you may submit a statement of disagreement to be included in the record.

C. Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI made in the past six (6) years, excluding those for TPO and some other routine disclosures permitted by law. The first accounting in a 12‑month period is free; reasonable fees may apply thereafter.

D. Right to Request Restrictions

You may request restrictions on how we use/disclose PHI for TPO or to people involved in your care.

  • We are not required to agree, except we must agree not to disclose PHI to a health plan about an item/service you paid for in full out of pocket, unless disclosure is required by law. (Note: you are responsible for telling other providers—like pharmacies—about this restriction.)

E. Right to Request Confidential Communications

You can ask us to contact you at alternative locations or by alternative means (e.g., personal email only). We will accommodate reasonable requests.

F. Right to Obtain a Paper Copy

You can request a paper copy of this Notice at any time, even if you agreed to receive it electronically.

G. Right to Breach Notification

You will be notified if a breach compromises the privacy or security of your unsecured PHI, as required by law.

H. Right to Designate a Personal Representative

You may authorize someone to act for you (e.g., via healthcare power of attorney). We will verify authority before acting on a representative’s request.

How to exercise your rights: Email [email protected] or mail the Privacy Office (address above).

7) Organized Health Care Arrangement / Joint Notice

The Medical Groups may function as an Organized Health Care Arrangement (OHCA) for purposes of sharing PHI for TPO and to present this Joint Notice. Each Medical Group is a separate legal entity responsible for its own providers and workforce. This Notice covers all Medical Groups listed on the Roster and may be updated as entities are added.

8) No Waiver; Changes to This Notice

We may change this Notice at any time. Changes apply to PHI we already hold and future PHI. The current Notice will be posted on our website and available upon request. We will highlight material changes.

9) Complaints and Non‑Retaliation

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Office (contact above). You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

10) Contact (Privacy Officer)

IVÉ Wellness – Medical Groups Privacy Office
PO Box 187, 43 Dillard Rd, Highlands, NC 28741
Email: [email protected]

Last Updated: July 1, 2025