HIPAA Notice of Privacy Practices

Green Wellness is a Washington State medical marijuana evaluation practice. We are a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and are required by law to maintain the privacy of your protected health information (PHI), provide you with this Notice, and follow the terms of this Notice.

We use and disclose health information about you for the following purposes:

• Treatment: To provide, coordinate, or manage your healthcare and related services, including sharing information with providers involved in your care.
• Appointment communications: To send appointment reminders, confirmations, and follow-up messages via email and SMS (with your consent).
• Health records: To create and maintain your medical evaluation records in our electronic health records system (Practice Fusion).
• Required by law: When required by federal, state, or local law, including reporting to Washington State Department of Health for medical marijuana authorization records.
• Business operations: For internal operations, quality improvement, and administrative purposes, subject to HIPAA limitations.

• Access: You have the right to inspect and obtain a copy of your health information.
• Correction: You may request that we correct inaccurate or incomplete information about you.
• Accounting of disclosures: You may request a list of certain disclosures we have made of your health information.
• Restriction: You may request restrictions on how we use or disclose your health information.
• Confidential communications: You may request that we communicate with you about health matters in a certain way or at a certain location.
• Revoke consent: You may revoke your consent to SMS communications at any time by contacting us.

We implement physical, technical, and administrative safeguards to protect your health information, including encryption of data in transit and at rest, access controls, and annual HIPAA training for all staff. We have signed Business Associate Agreements (BAAs) with all vendors who handle protected health information on our behalf.

We share PHI with the following Business Associates under signed BAAs, solely as necessary to provide our services:

• Practice Fusion — electronic health records
• Salesforce — patient relationship management
• Stripe — payment processing
• Twilio — SMS appointment reminders (with your consent)
• Resend — email communications
• Vercel / Neon — application hosting and database storage

We reserve the right to change this Notice. We will post a revised Notice on our website and make it available upon request. Changes will apply to health information we already hold as well as information we receive in the future.

To exercise your rights, report a privacy concern, or request a paper copy of this Notice, contact our Privacy Officer:

Green Wellness Privacy Officer

Phone: 1-888-885-9949

Email: admin@greenwellness.org

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr. We will not retaliate against you for filing a complaint.