HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

Our Legal Duty

We understand that your medical information is personal. We are committed to protecting the privacy of your Protected Health Information (PHI), which includes any information that relates to your past, present, or future health or condition, healthcare provided to you, or payment for your healthcare. We are required by law to:

• Maintain the privacy of your PHI.
• Provide you with this Notice of our legal duties and privacy practices.
• Follow the practices described in this Notice.

If we change our privacy practices, we will update this Notice and make the new one available upon request.

How We May Use and Disclose Medical Information About You

We may use and disclose your PHI for treatment, payment, and health care operations.

Treatment: We may use or disclose your PHI to provide, coordinate, or manage your healthcare and related services. For example, we may share your PHI with other healthcare providers involved in your care for certification purposes.

Payment: We may use or disclose your PHI to obtain payment for services we provide to you.

Healthcare Operations: We may use or disclose your PHI to manage our practice, improve quality of care, train staff, or for other operational purposes. Examples include reviewing treatment effectiveness or compliance activities.

Other Permitted Uses and Disclosures

We may also use or disclose your PHI without your permission for:

• Required by Law: As mandated by federal, state, or local laws.
• Public Health Activities: Such as reporting disease outbreaks, vital statistics, or FDA-regulated product issues.
• Health Oversight Activities: For audits, investigations, or inspections by government agencies.
• Legal Proceedings: In response to court orders, subpoenas, or administrative requests.
• Law Enforcement: In specific circumstances, such as reporting certain injuries or responding to criminal investigations.
• Coroners, Funeral Directors, and Organ Donation: As permitted by law.
• Research: Under strict IRB oversight or de-identified data.
• To Avoid Serious Harm: To prevent imminent threat to health or safety.
• Military and Veterans: If you are in the Armed Forces.
• National Security/Intelligence: As required for intelligence or national security activities.

Disclosures Requiring Your Written Authorization

For any other purpose not described above, we will ask for your written authorization before using or disclosing your PHI. You may revoke such authorization at any time, except to the extent we have already acted in reliance on it.

Marketing: We will not use or disclose your PHI for marketing without your authorization, except for communications about our own services or products.
Sale of PHI: We will not sell your PHI without your authorization.

Your Individual Rights

You have the following rights regarding your PHI:

Right to Request Restrictions: You may ask us not to use or disclose certain parts of your PHI for treatment, payment, or operations. We are not required to agree unless it involves payment we are not submitting to insurance. Contact our Privacy Officer to request.

Right to Receive Confidential Communications: You may request we communicate with you in a specific way (e.g., private mail or phone) to protect your privacy.

Right to Inspect and Copy: You may request access to your PHI in a designated record set. We may charge a reasonable fee for copying. Response within 30 days (extendable to 60).

Right to Amend: You may request an amendment if you believe your PHI is incorrect or incomplete. We may deny but will provide an explanation.

Right to an Accounting: You may request a list of disclosures we made (excludes treatment, payment, operations, etc.). Limited to 6 years prior; once per 12 months free.

Right to a Paper Copy: Even if you received this electronically, you may request a paper copy.

Right to Privacy Breach Notification: We will notify you if there is a breach of your unsecured PHI.

To exercise any rights, contact our Privacy Officer in writing.

Our Duties Regarding Privacy Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

• Us: Privacy Officer at MMJ Medical Practice, 978-594-0816.
• U.S. Department of Health and Human Services Office for Civil Rights: 
• www.hhs.gov/ocr/privacy/hipaa/complaints/
•  1-877-696-6775

We support your right to complain without retaliation. We will not retaliate against you for filing a complaint.

Contact Information

Privacy Officer: Heidi Prieur, Owner & Telehealth Specialist
978-594-0816 | info@mmjmedicalpractice.net | 60 Washington St., Suite 403 Salem, MA 01970

This Notice is effective February 4, 2026. If you have questions, please contact our Privacy Officer.