HIPAA Authorization

Oatmeal Health LLC offers services, such as helping you to find and learn about nearby healthcare providers/imaging centers, assists you with booking appointments with the healthcare provider(s) of your choice (each,“Your Healthcare Provider”), and managing and forwarding your health history forms and other health-related information to share with Your Healthcare Providers (“Oatmeal Health Services”). As part of providing the Oatmeal Health Services, Oatmeal Health may collect, use, share, and exchange your health history forms and other health-related information with Your Healthcare Providers. Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some of this health and health-related information may be considered “protected health information” or “PHI” if such information is received from or on behalf of Your Healthcare Providers.

Safeguards for PHI

HIPAA protects the privacy and security of your PHI by limiting the uses and disclosures of PHI by most healthcare providers and by health plans (called “Covered Entities”) as well as companies, like Oatmeal Health, that provide certain types of assistance to Covered Entities (called “Business Associates”). Under certain circumstances described in HIPAA, an individual needs to sign an Authorization form before a Covered Entity, like Your Healthcare Provider(s), can disclose protected health information to a third party.

Non-Protected Health Information

As a condition of creating your Oatmeal Health account, you are required to read and agree to Oatmeal Health’s Privacy Policy. Oatmeal Health’s Privacy Policy explains how Oatmeal Health processes and shares information received from you that is not covered by HIPAA (“Non-PHI”).

Your PHI Authorization

The purpose of this Oatmeal Health Authorization (“Authorization”) is to request your written permission to allow Oatmeal Health to use and disclose your PHI in the same way as we use and disclose your Non-PHI. If Oatmeal Health is a Business Associate of Your Healthcare Providers, Oatmeal Health needs your Authorization to be able to use and disclose your PHI in the same way it can currently use and disclose your Non-PHI when Oatmeal Health is not working on behalf of Your Healthcare Providers but is instead working on its own behalf. Therefore, when Oatmeal Health relies on this Authorization and uses and discloses PHI as described in this Authorization, it is not working as a Business Associate, and the HIPAA requirements that apply to Business Associates will not apply to such uses and disclosures.

If you e-sign this Authorization, you give your permission to Oatmeal Health to retain your PHI and to use and/or disclose your PHI in the same way that you have agreed that your Non-PHI can be used and disclosed.

Specifically, you agree that Oatmeal Health can use your PHI to:

• enable and customize your use of the Oatmeal Health Services;
• provide you alerts or other Oatmeal Health Services regarding future appointments;
• notify you regarding providers we think you may be interested in learning more about;
• share information with you regarding services, products or resources about which we think you may be interested in learning more;
• provide you with updates and information about the Oatmeal Health Services;
• market to you about Oatmeal Health and third-party products and services;
• conduct analysis for Oatmeal Health’s business purposes;
• support development of the Oatmeal Health Services; and
• create de-identified information and then use and disclose this information in any way permitted by law, including to third parties in connection with their commercial and marketing efforts.

You also agree that Oatmeal Health can disclose your PHI to:

• third parties assisting Oatmeal Health with any of the uses described above;
• Your Healthcare Providers to enable them to refer you to, and make appointments with, other providers on your behalf, or to perform an analysis on potential health issues or treatments, provided that you choose to use the applicable Oatmeal Health Service;
• a third party as part of a potential merger, sale or acquisition of Oatmeal Health;
• our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to the operation or provision of our services, even when Oatmeal Health is no longer working on behalf of Your Healthcare Providers;
• a provider of medical services, in the event of an emergency; and
• organizations that collect, aggregate and organize your information so they can make it more easily accessible to your providers.

Redisclosure

If Oatmeal Health discloses your PHI, Oatmeal Health will require that the person or entity receiving your PHI agrees to only use and disclose your PHI to carry out its specific business obligations to Oatmeal Health or for the permitted purpose of the disclosure (as described above). Oatmeal Health cannot, however, guarantee that any such person or entity to which Oatmeal Health discloses your PHI or other information will not re-disclose it in ways that you or we did not intend or permit.

Expiration and Revocation of Authorization

Your Authorization remains in effect until you provide written notice of revocation to Oatmeal Health.

YOU CAN CHANGE YOUR MIND AND REVOKE THIS AUTHORIZATION AT ANY TIME AND FOR ANY (OR NO) REASON.

If you wish to revoke this Authorization, you must notify Oatmeal Health by submitting a revocation through your account settings page. Your decision not to execute this Authorization or to revoke it at any time will not affect your ability to use certain of the Oatmeal Health Services. A Revocation of Authorization is effective after you submit it to Oatmeal Health, but it does not have any effect on Oatmeal Health’s prior actions taken in reliance on the Authorization before revoked.

Once Oatmeal Health receives your Revocation of Authorization, Oatmeal Health can only use and disclose your PHI as permitted in Oatmeal Health’s agreements with Your Healthcare Provider(s). Your Revocation of Authorization does not affect Oatmeal Health’s use of your Non-PHI.

We will make available to Your Healthcare Provider(s), current and past, your agreement to or revocation of this Authorization.