Care Medical Practice

Notice of Privacy Practices

Effective 05/21/2026

THIS NOTICE DESCRIBES HOW CARE MEDICAL PRACTICE, PLLC (“we” or “our”) MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

We are required by law to protect the privacy of health information that may reveal your identity and to provide you with our notice of our legal duties and privacy practices with respect to your health information. We are also required to give you a notice to tell you how it may be used and disclosed (given out).

How We May Use or Disclose Your Protected Health Information

Treatment, Payment, and Health Care Operations

We may use and disclose Protected Health Information (PHI) for the purposes of treatment, payment, and health care operations without your written permission, in most cases. Examples of the uses and disclosures that we, as a health care provider, may make for these purposes include the following:

Treatment refers to the provision, coordination, or management of health care and related services by one or more health care providers. For example, as a health care provider, we may disclose your PHI, as necessary, to other health care providers involved in your treatment. We may use and disclose your PHI to provide the treatment you require, such as communicating your PHI to a hospital or dispatch center and providing a hospital with information that we create while treating and transporting you.

Payment refers to activities we undertake to obtain reimbursement for your health care services. For example, we may use and disclose your PHI to bill a third-party payer for the cost of treatment, equipment, and supplies provided to you.

Health Care Operations refers to the basic business functions necessary to operate as a health care provider. For example, we may use or disclose, as needed, your PHI in order to support business activities, including quality assessment and improvement activities, employee review and evaluation activities, training, licensing, legal services, auditing, business planning, business management activities, and conducting or arranging for other business activities.

Other Uses and Disclosures Allowed Without Authorization

Federal law also allows us to use and disclose PHI, without your written authorization, in certain situations, unless the use or disclosure is prohibited by a more stringent state law. The examples of permitted uses and disclosures of your PHI include, but are not limited to, those listed below.

Public Health Activities: We may disclose your PHI for public health activities in certain situations and as required by law. For example, we may use or disclose your PHI to: a public health authorities for public health activities such as preventing or controlling disease, injury or disability; a government authority authorized to receive child abuse or neglect reports; the Food and Drug Administration (FDA), for activities related to the quality, safety, or effectiveness of FDA- regulated products or activities, including drugs, food, medical devices, and dietary supplements; a person who may have been exposed to a communicable disease or who may be at risk of contracting or spreading a disease or condition; to a person or entity in order to prevent or lessen a serious threat to health or safety of a person or the public; an employer, under certain circumstances, such as those related to work-related illness or injury; and a school, in certain circumstances, if you are a student or prospective student of the school and the PHI is limited to proof of immunization.

Health Oversight Activities: We may disclose your health information to agencies authorized to perform health oversight activities. These activities may include audits, investigations, inspections, and licensure. These activities are necessary to monitor the operation of the health care system, government benefit programs such as Medicaid and Medicare, and compliance with Civil rights laws.

Lawsuits, Disputes, and Other Legal Matters: We may disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or administrative proceeding, or as required by law. In some cases, we may also disclose your PHI in response to a discovery request, subpoena, or other lawful process.

Law Enforcement: We may disclose your health information to law enforcement officials to comply with a legal order or law we are required to follow. In certain circumstances we are required to disclose your health information to law enforcement agencies.

Required by Law: We will share information about you if required by state or federal laws.

Military and Veterans: We may use and disclose your PHI if you are a member of the Armed Forces or a foreign military if certain criteria are met.

Workers’ Compensation: We may disclose your PHI as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs.

Appointment Reminders: Through a Business Associate, we may use or disclose PHI to remind you of an upcoming appointment.

Artificial Intelligence (AI) and Recording: Your visit may be recorded by audio or video and may also be transcribed. AI may be used for clinical, quality, and operational purposes.

Health Information Exchanges: We may disclose your PHI to a health information exchange (HIE) to facilitate the secure exchange of PHI among health care providers and other health care entities, such as your health insurance plan, as permitted by law. In some states, the inclusion of your medical information is voluntary and subject to your right to opt-in or opt-out. If you choose to opt-in or not to opt-out, we may provide your medical information in accordance with the law applicable to the HIEs in which we participate.

CRISP Participation: We have chosen to participate in the Chesapeake Regional Information System for our Patients (“CRISP”), a regional health information exchange (“HIEs”) serving Maryland. CRISP is also affiliated with and shares data with other HIEs, including those in Alaska, Connecticut, District of Columbia, Maryland, and West Virginia. As permitted by law, your health information will be shared with this exchange to provide faster access, better coordination of care and assist providers and public health officials in making more informed decisions. You may “opt-out” and disable access to your health information available through CRISP by calling 1-877-952-7477 or completing and submitting an Opt Out form to CRISP by mail, fax or through their website at www.crisphealth.org. Public health reporting and Controlled Dangerous Substances information, as part of the Maryland Prescription Drug Monitoring Program (“PDMP”), will still be available to providers. We encourage you to read our Notice of Privacy Practices and find more information about CRISP medical record sharing policies at www.crisphealth.org.

Uses and Disclosures with Authorization

We are required to obtain your authorization under the following circumstances:

Psychotherapy Notes: Most uses and disclosures of psychotherapy notes will require your authorization.

Marketing: Uses and disclosures of PHI for marketing purposes, unless allowed by HIPAA, the Privacy Rule, or applicable law, will require your authorization. Marketing communications allowed without authorization include communications pertaining to care or treatment and/or our services.

Sale of PHI: Disclosures that constitute a “sale” of PHI under HIPAA or the Privacy Rule will require your authorization.

Substance Use Disorders: To the extent that we have your substance use disorder patient records, subject to 42 CFR part 2, we cannot use or share information in those records in civil, criminal, administrative, or legislative investigations or proceedings against you without (1) your consent or (2) a court order and a subpoena. Please be aware that after we have shared your information in a permitted way, it is possible for the information to be redisclosed by the recipient. Upon redisclosure, this information may no longer be protected by the HIPAA Privacy Rule.

We will not use or share your information for purposes not described in this Notice without your written authorization. You may revoke (take back) your written authorization at any time, except if action has already been taken based on your authorization. You must do so in writing and can obtain an authorization form from our Compliance Office at the address listed below.

Your Rights Regarding Your Protected Health Information

We are required by law to maintain the privacy of PHI, to provide you with notice of our legal duties and privacy practices with respect to PHI, and to notify you in the event that we discover a breach of unsecured PHI. As a patient, you have rights with respect to your PHI, including:

Right to Request Restrictions on Uses and Disclosures: You have the right to request that we limit certain uses and disclosures of your PHI. Any such request must be made in writing to the contact listed in this Notice and must state the specific restriction requested and to whom that restriction would apply. We are not required to agree to certain restrictions that you request.

Your Right to Request Confidential Communication: You have the right to request that we communicate with you about your health care or medical matters through a reasonable alternative way or at an alternative location.

Right to Access Your PHI: You have the right to see and obtain an electronic or paper copy of your personal health related information held by us. This will usually be provided within 30 days of your request. Please note that we may charge a reasonable, cost-based fee.

Right to Amend PHI: You have the right to have your personal health related information amended if you believe that it is wrong or if information is missing and if we agree. If we disagree, you may have a statement of your disagreement added to your personal health-related information. If we disagree, we will notify you, in writing, within 60 days.

Right to Receive an Accounting of Disclosures: You have the right to obtain a listing of those persons or organizations who receive your personal health-related information from us for the six-year period prior to the date you ask. The list will not cover health related information that was disclosed to you, information disclosed for treatment, payment, or health care operations, or information used to conduct routine operations.

To file a complaint (if you believe your privacy rights have been violated), you can contact your state Department of Health. You may also file a complaint with the Office for Civil Rights, US Department of Health and Human Services. You will not be penalized for filing a complaint or assisting in an investigation.

We are required to follow the terms in this notice. We have the right to change the way your personal health-related information is used and disclosed. Any new Notice will be available on our website, or at our corporate office and by writing to: Compliance Officer, CINQCARE, 2300 N Street NW Suite 200 Washington, D.C. 20037. You have the right to a paper copy of our current Notice of Privacy Practices at any time.