NOTICE OF PATIENT PRIVACY POLICY

Effective Date: February 16, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

If you have questions about this Notice, please contact our Privacy Officer.

Privacy Officer: Nathan Nagy
Phone: 630-377-8844

---

OUR LEGAL DUTY

We are required by federal law to maintain the privacy of your Protected Health Information (PHI), provide you with this Notice of our legal duties and privacy practices, and follow the terms of the Notice currently in effect.

We use administrative, physical, and technical safeguards designed to protect your health information.

We reserve the right to change this Notice at any time. Any revised Notice will apply to all PHI we maintain and will be posted in our office and on our website.

If state law provides greater privacy protections than federal law, we will follow the more stringent state law.

HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION

We may use and disclose your PHI without your written authorization for the following purposes:

1. Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This includes sharing information with physicians, specialists, laboratories, or other healthcare professionals involved in your care.

The “minimum necessary” standard does not apply to disclosures made for treatment purposes.

2. Payment

We may use and disclose your PHI to obtain payment for services provided. This may include verifying insurance coverage, obtaining prior authorization, determining medical necessity, or processing claims.

3. Healthcare Operations

We may use or disclose your PHI for healthcare operations including quality assessment, training, compliance activities, auditing, accreditation, and business planning.

We may share your PHI with business associates (such as billing companies, IT providers, and consultants) who perform services on our behalf. These entities are required by written agreement to protect your PHI.

When applicable, we limit disclosures to the minimum necessary information required to accomplish the intended purpose. The minimum necessary standard does not apply when disclosure is required by law.

---

OTHER USES AND DISCLOSURES PERMITTED BY LAW

We may disclose your PHI without authorization in the following situations, as permitted or required by law:

• Public health activities
• Reporting abuse, neglect, or domestic violence
• Health oversight activities
• Judicial and administrative proceedings (except as otherwise limited by federal law governing substance use disorder records under 42 C.F.R. Part 2)
• Law enforcement purposes
• Workers’ compensation claims
• To avert a serious threat to health or safety
• Disaster relief efforts
• As otherwise required by federal or state law

---

USES AND DISCLOSURES REQUIRING WRITTEN AUTHORIZATION

We will obtain your written authorization for:

• Use or disclosure of psychotherapy notes
• Marketing communications that involve financial remuneration
• Sale of Protected Health Information
• Any use or disclosure not described in this Notice

You may revoke your authorization in writing at any time, except to the extent we have already relied upon it.

---

SPECIAL CONFIDENTIALITY PROTECTIONS FOR SUBSTANCE USE DISORDER RECORDS

Certain records relating to substance use disorder diagnosis, treatment, or referral may be protected under federal law (42 C.F.R. Part 2) in addition to HIPAA.

If your records include information protected under Part 2:

• Such records may not be used or disclosed without your written consent except as expressly permitted by federal law.
• A subpoena alone is not sufficient to permit disclosure of Part 2 records.
• Part 2 records generally may not be used or disclosed in civil, criminal, administrative, or legislative proceedings against you without your explicit written consent or a court order that complies with federal regulations.
• You may revoke consent for future disclosures as permitted by law.

These additional protections apply only to records subject to 42 C.F.R. Part 2.

---

REDISCLOSURE NOTICE

Health information disclosed with your authorization may be subject to redisclosure by the recipient and may no longer be protected by federal privacy laws. Covered entities remain subject to applicable privacy regulations.

---

APPOINTMENTS, COMMUNICATIONS, AND FACILITY PRACTICES

We may contact you by phone, voicemail, text message, email, or mail regarding appointments, treatment information, or billing matters.

You may request confidential communications at an alternative location or by alternative means. You may also request to opt out of certain communications, such as text or email reminders, subject to reasonable administrative limitations.

Standard message and data rates may apply to text communications.

We may use sign-in sheets and call your name in reception areas. Certain services may occur in open treatment areas. We implement reasonable safeguards to protect your privacy, and private rooms are available upon request. Incidental disclosures may occur as permitted by law.

---

TELEHEALTH SERVICES

We may provide healthcare services to you through telehealth technologies, including secure video conferencing, remote monitoring, telephone consultations, or other electronic communication methods.

Telehealth services may involve the electronic transmission of your Protected Health Information to healthcare providers or clinical staff. We use reasonable administrative, technical, and physical safeguards to protect information transmitted during telehealth encounters.

As with any electronic communication, there is a potential risk of unauthorized access despite security measures. By participating in telehealth services, you acknowledge and accept these inherent risks.

You have the right to request in-person services when reasonably available and may withdraw consent to telehealth services at any time.

---

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION

Inspect and Copy

You have the right to inspect and obtain a copy of your PHI maintained in a designated record set. If your PHI is maintained electronically, you have the right to request an electronic copy in the form and format readily producible. You may also request that an electronic copy of your PHI be transmitted directly to a third party you designate.

We will respond to your request within 30 days. A one-time 30-day extension may be permitted if necessary, and you will be notified in writing if an extension is required.

We may charge a reasonable, cost-based fee for copies as permitted by law.

Request an Amendment

You may request an amendment to your PHI if you believe it is incorrect or incomplete.

Request Restrictions

You may request restrictions on certain uses or disclosures. We are required to agree to restrict disclosure to a health plan if you pay out-of-pocket in full for a specific service and request the restriction.

Confidential Communications

You may request communications by alternative means or at alternative locations.

Accounting of Disclosures

You may request an accounting of certain disclosures made outside of treatment, payment, and healthcare operations.

Breach Notification

You have the right to receive notification if your unsecured PHI is breached.

Paper Copy

You may request a paper copy of this Notice at any time.

---

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights. Filing a complaint will not result in retaliation.

To file a complaint with our office, contact:

Nathan Nagy
Privacy Officer
630-377-8844

To file a complaint with the Office for Civil Rights, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html

---

We are committed to protecting your health information and maintaining your trust.