Here at LifeRx.md, we value your privacy and the confidentiality of your PHI with the utmost seriousness. This Notice explains our privacy practices, our legal duties, and your rights concerning your health information. It applies to all PHI we may create, receive, maintain, or transmit in connection with providing healthcare services through our telemedicine platform.

We are required by law to maintain the privacy of your PHI, to notify you following a breach of unsecured PHI, and to follow the terms of this Notice currently in effect. We will follow the practices described in this Notice, which we may revise on occasion. Covered Entities, such as professional medical corporations and professional medical associations, are required by law to maintain the privacy of your PHI, to provide you with notice of our legal duties and privacy practices with respect to your PHI, and to notify you following a breach of unsecured PHI.

While we as a management services organization are not required by law to maintain a HIPAA notice of privacy practices as covered entities, we shall follow the practices described in this Notice, which we may revise on occasion. While a covered entity’s HIPAA notice of privacy practices may be similar to our Notice, both may not be identical. For any conflict between both notices, the business associate agreement between the covered entity and the business associate (i.e., LifeRx.md entities) shall govern which policy term supersedes the other.

The following categories describe the ways we may use and disclose your PHI without your written authorization. For each category of uses and disclosures, we explain what we mean and provide examples when possible. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.

Treatment, Payment, and Health Care Operations

Treatment. We may use and disclose your PHI for treatment purposes to provide, coordinate, or manage your healthcare and related services. This includes the coordination or management of your healthcare with a third party. For example, we may disclose your PHI to physicians, nurses, pharmacists, laboratory technicians, or other healthcare providers who are involved in your care. We may also disclose your PHI to other healthcare providers or facilities so that they may treat you (e.g., by dispensing prescriptions). If you receive services through our telemedicine platform, your PHI may be shared with the independent contracted healthcare providers who deliver your care.

Payment. We may use and disclose your PHI so that healthcare providers, covered entities, and LifeRx.md Inc. may bill and collect payment for the services we provide to you. We may also disclose your PHI to pharmacies, medical equipment companies, or other healthcare providers for their payment activities.

Health Care Operations. We may use and disclose your PHI for our health care operations (or the health care operations of other covered entities with which you have or had a relationship), which are activities necessary to run an organization and ensure that our patients receive excellent care. Healthcare operations include quality assessment and improvement activities; reviewing the competencies or qualifications of healthcare professionals; evaluating practitioner and provider performance; conducting training programs; accreditation, certification, licensing, or credentialing activities; and other business activities related to operating LifeRx.md.

Other PHI Uses and Disclosures Not Requiring Your Authorization

• As Required by Law. We will disclose your PHI when required to do so by federal, state, local law, court order, or the like.
• Public Health Activities. We may disclose your PHI for public health activities, including reporting to a public health authority authorized by law to collect or receive information for the purpose of preventing or controlling disease, injury, or disability. This includes reporting vital events such as birth or death, and conducting public health surveillance, investigations, and interventions. We may also disclose PHI to report adverse events and product defects, enable product recalls, and conduct post-marketing surveillance.
• Abuse, Neglect, or Domestic Violence. We may disclose your PHI to a government authority authorized by law to receive reports of abuse, neglect, or domestic violence if we reasonably believe you are a victim. We will make this disclosure only to the extent required by law, when authorized by you, or when the disclosure is necessary to prevent serious harm.
• Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized or required by law (e.g., audits, investigations, inspections, and licensure).
• Judicial and Administrative Proceedings. We may disclose your PHI in the course of judicial or administrative proceedings in response to an order or other lawful process, with reasonable efforts to notify you or obtain a protective order.
• Law Enforcement Purposes. We may disclose your PHI to law enforcement officials as required by law or in compliance with legal process, to identify or locate a suspect or missing person, or to report a crime on our premises.
• Coroners, Medical Examiners, and Funeral Directors. We may disclose PHI for identifying a deceased person, determining cause of death, or other duties as permitted by law, and to funeral directors as necessary.
• Organ and Tissue Donation. We may use or disclose your PHI to facilitate organ, eye, or tissue donation and transplantation.
• Research. Under certain circumstances, we may use or disclose your PHI for research when appropriate safeguards (e.g., IRB/privacy board approval) are in place.
• Serious Threats to Health or Safety. We may use and disclose your PHI to prevent or lessen a serious and imminent threat to you or others.
• Specialized Government Functions. We may disclose your PHI for military and veterans’ activities, national security and intelligence activities, protective services, correctional institutions, and other specialized government functions as permitted by law.
• Workers' Compensation. We may disclose your PHI as authorized by and to the extent necessary to comply with workers' compensation laws and similar programs.
• Appointment Reminders, Treatment Alternatives, and Health-Related Benefits. We may use and disclose your PHI to contact you for reminders, treatment alternatives, or health-related benefits and services that may interest you.

PHI Uses and Disclosures Requiring Your Written Authorization

• For uses and disclosures not described in this Notice, we will obtain your written authorization. You may revoke any authorization in writing (except to the extent already relied upon). We must follow stricter state laws when applicable.
• Sale of PHI. We do not sell your PHI; any such use would require your written authorization or as permitted by HIPAA for deidentified data.
• Marketing. We may use or disclose your PHI for marketing purposes only with your written authorization.
• Research. We may use or disclose your PHI for research purposes with your written authorization.
• Psychotherapy Notes. Except in limited circumstances, we may not use or disclose psychotherapy notes without your written authorization.

To exercise any of these rights, submit a written request to our Privacy Officer.

• Right to Inspect and Copy. You may inspect and receive a copy of your PHI in a designated record set. We will provide access in your requested format if readily producible, or in a readable electronic format. Reasonable costs may apply. Certain denials may be subject to review.
• Right to Request Amendment. You may request an amendment to PHI you believe is incorrect or incomplete, with a supporting reason. We may deny requests in certain circumstances (e.g., not created by us, not part of the record set, or believed accurate and complete).
• Right to an Accounting of Disclosures. You may request an accounting of certain disclosures (excluding treatment, payment, operations, disclosures to you, those with your authorization, national security, correctional institutions, or pre–April 14, 2003). Specify a time period up to six years; first accounting in 12 months is free, subsequent may incur fees.
• Right to Request Restrictions. You may request restrictions on PHI use/disclosure for treatment, payment, operations, or to persons involved in your care. We are not required to agree except for disclosures to your health plan for services paid out of pocket in full; if we agree, we will comply except in emergencies.
• Right to Request Confidential Communications. You may request communications in a certain manner or location (e.g., specific phone or email). We will accommodate reasonable requests.
• Right to Receive a Paper Copy. You may obtain a paper copy of this Notice at any time, even if you agreed to electronic receipt.
• Right to Be Notified of a Breach. You have the right to receive notification following a breach of your unsecured PHI.

We are required by law to maintain the privacy and security of your PHI, abide by this Notice, and notify you following a breach of unsecured PHI. We will not use or disclose your PHI without your authorization except as described in this Notice. We will not sell your PHI or use/disclose it for marketing without your written authorization, except where permitted by law.

We may change this Notice and apply the revised Notice to PHI we already have and to future information. The current Notice will be posted at www.liferx.md and will show the effective date. We will provide a copy upon request.

Some state laws may provide greater privacy protections than federal law. We will comply with the stricter standard when applicable (e.g., California CMIA). Contact our Privacy Officer with questions about state-specific protections.

If you believe your privacy rights have been violated, you may file a complaint with LifeRx.md or the Secretary of the U.S. Department of Health and Human Services. To file with the Secretary, visit hhs.gov/ocr/privacy/hipaa/complaints or write to the Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201. You will not be penalized for filing a complaint.

Privacy OfficerNorma TorresLifeRx.md Inc.401 Cooper Landing Rd # C1Cherry Hill, NJ 08002Email: info@liferxtelemd.comPhone: +1 (609) 201-0119Website: www.liferx.md

By using our services through the LifeRx.md platform, including scheduling and participating in telehealth appointments, you acknowledge that you have received and had the opportunity to review this HIPAA Notice of Privacy Practices (as well as the Privacy Policy and Telehealth Consent Form). You understand how your medical information may be used and disclosed and your rights as described herein.

If you have questions or would like a paper copy of this Notice, contact our Privacy Officer or request a copy through your patient portal. Our 24/7 support team is available at info@liferxtelemd.com.

This HIPAA Notice of Privacy Practices is effective as of December 10, 2025.