HIPAA Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This Privacy Notice is being provided to you by Cosmetic Surgery Associates, LLC, d/b/a Maningas Cosmetic Surgery, Talon Maningas D.O. LLC, and their medical staff (“we”, “us”, or “our”), as a requirement of a federal law, the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Notice describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law and applies to all of our facilities, services, and persons that provide health care to you. It also describes your rights to access and control your protected health information in some cases. Your “protected health information” means any written and oral health information about you, including information that is created or received by your health care provider, and that relates to your past, present or future physical or mental health or condition. If you received this notice electronically, you are entitled to a paper copy of this Privacy Notice. If you received a copy of this notice in paper form, you can find it electronically at www.mcosmeticsurgery.com/resources/privacy-notice.

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION

We may use your protected health information for purposes of providing treatment, obtaining payment for
treatment, and conducting health care operations. Your protected health information may be used or
disclosed only for these purposes unless we have obtained your authorization or the use or disclosure is
otherwise permitted by the HIPPA privacy regulations or state law. Disclosures of your protected health
information for the purposes described in this Privacy Notice may be made in writing, orally, or by
facsimile.

A. TREATMENT. We will use and disclose your protected health information to provide,
coordinate, or manage your health care and any related services. This includes coordination or
management of your health care with a third party for treatment purposes. For example, we may disclose
your protected health information to a laboratory, pharmacy or other treating physicians.

B. PAYMENT. Your protected health information will be used, as needed, to obtain payment for
the services that we provide. This may include certain communications to your health insurance company
to get approval for the procedure that we have scheduled (i.e. pre-authorization or prior approval). We
may also disclose protected health information to your health insurance company to determine your
eligibility for benefits or whether a particular service is covered under your plan or to demonstrate
medical necessity of the services or as required by your insurance company, for utilization review. We
may also disclose protected health information to another provider involved in your case for the other
provider’s payment activities. This may include disclosure of demographic information to anesthesia care
providers.

C. OPERATIONS. We may use or disclose your protected health information as necessary for our
own health care operation, to facilitate the function of our surgical facilities, and to provide quality care to all
patients. Health care operations include such activities as: quality assessment and administration improvement
activities, employee review activities, post-operative patient assessments, training programs, including those in
which students, trainees, or practitioners in health care learn under supervision, accreditation, certification,
licensure, or credentialing activities, review and auditing, including compliance review, medical reviews, legal
services and maintaining compliance programs, and business management and general administrative activities.

D. OTHER USES AND DISCLOSURES. As a part of your treatment, payments, and health care
operations, we may also use or disclose your protected health information for the following purposes: to remind
you of your surgery date, provide pre-operative instructions and discuss financial arrangements.

USES AND DISCLOSURES BEYOND TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS PERMITTED WITHOUT AUTHORIZATION OR OPPORTUNITY TO OBJECT

Federal privacy rules allow us to use or disclose your protected health information without your permission or authorization for a number of reasons including the following:

A. WHEN LEGALLY REQUIRED. We will disclose your protected health information when we
are required to do so by any federal, state, or local law. For example, we may disclose medical information to
federal, state, and local law enforcement officials; in response to a judicial order, subpoena, or other lawful
process; and to address matters of public interest as required or permitted by law. For example, we are required
to disclose medical information about you to the Secretary of the U.S. Department of Health and Human
Services if the Secretary is investigating or determining compliance with HIPAA.

B. WHEN THERE ARE RISKS TO PUBLIC HEALTH. We may disclose your protected health information for the following public activities and purposes:

  • To prevent, control, or report disease, injury or disability as permitted by law.
  • To report vital events such as birth or death as permitted by or required by law.
  • To conduct public health surveillance, investigations and interventions as permitted or required by law.
  • To collect or report adverse events and product defects, track FDA regulated products, enable product recalls, repairs or replacements to the FDA and to conduct post marketing surveillance.
  • To notify a person who has been exposed to a communicable disease or who may be at risk of contracting or spreading a disease as authorized by law.
  • To report to an employer information about an individual who is a member of the workforce as legally permitted or required.

C. TO REPORT SUSPECTED ABUSE, NEGLECT, OR DOMESTIC VIOLENCE. We may notify government authorities if we believe that a patient is the victim of abuse, neglect or domestic violence
when specifically required or authorized by law or when the patient agrees to the disclosure.

D. TO CONDUCT HEALTH OVERSIGHT ACTIVITIES. We may disclose your protected health information to a health oversight agency for activities including audits; civil, administrative, or criminal investigations, proceedings, or actions; inspections; licensure or disciplinary actions; or other activities necessary for appropriate oversight as authorized by law. We will not disclose your health information under this authority if you are the subject of an investigation and your health information is not directly related to your receipt of healthcare or public benefits.

E. IN CONNECTION WITH JUDICIAL AND ADMINISTRATIVE PROCEEDINGS. We may disclose your protected health
information to a health oversight agency for activities including audits; civil, administrative, or criminal
investigations, proceedings, or actions; inspections; licensure or disciplinary actions; or other activities
necessary for appropriate oversight as authorized by law. We will not disclose your health information under
this authority if you are the subject of an investigation and your health information is not directly related to your
receipt of healthcare or public benefits.

F. FOR LAW ENFORCEMENT PURPOSES.We may disclose your health information to a law enforcement official for law enforcement purposes as follows:

* As required by law for reporting of certain types of wounds or other physical injuries. * Pursuant to court order, court-ordered warrant, subpoena, summons or similar process. * For the purpose of identifying or locating a suspect, fugitive, material witness or missing person. * Under certain limited circumstances, when you are the victim of a crime. * To a law enforcement official if we suspect that your health was the result of a crime. * In an emergency to report a crime.

G. TO CORONER, FUNERAL DIRECTORS, AND ORGAN DONATION. We may disclose
health information to a coroner or medical examiner for identification purposes, to determine cause of death or
for the coroner or medical examiner to perform other duties authorized by law. We may also disclose health
information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their
duties.

H. FOR RESEARCH PURPOSES. We may use or disclose your health information for research
when the use or disclosure for research has been approved by an institutional review board that has reviewed
the research proposal and research protocols to address the privacy of your protected health information.

I. IN THE EVENT OF A SERIOUS THREAT TO HEALTH OR SAFETY. We may, consistent
with applicable law and ethical standards of conduct, use or disclose your health information if we believe, in
good faith that such use or disclosure is necessary to prevent or lessen a serious and imminent threat to your
health and safety or to the health and safety of the public.

J. FOR SPECIFIED GOVERNMENT FUNCTIONS.In certain circumstances, federal regulations
authorize us to use or disclose your health information to facilitate specified government functions relating to
military and veterans activities, national security and intelligence activities, protective services for the President
and others, medical suitability determinations, correctional institutions, and law enforcement custodial
situations.

K. FOR WORKER’S COMPENSATION. We may release your health information to comply with worker’s compensation laws or similar programs.

L. TO BUSINESS ASSOCIATES.We may disclose your health information to our business associates (as defined under HIPAA) provided we enter into contracts with these persons requiring them to only use and disclose your health information as we are permitted to do so under HIPAA.

Uses and Disclosure Permitted without Authorization but with Opportunity to Object.

We may disclose your health information to your family member or a close family friend if it is directly
relevant to the person’s involvement in your surgery or payment related to your surgery. We can also disclose
your information in connection with trying to locate or notify family members or others involved in your care
concerning your location, condition or death.

You may object to these disclosures. If you do not object to these disclosures or we can infer from the
circumstances that you do not object or we determine, in the exercise of our professional judgment, that it is in
your best interests for us to make disclosure of information that is directly relevant to the person’s involvement
with your care, we may disclose your health information.

Uses and Disclosures which you Authorize.

Other than as stated above, we will not disclose your health information other than with your written
authorization. You may revoke your authorization in writing at any time except to the extent that we have acted
in reliance upon the authorization.

Your Rights.

You have the following rights regarding your health information:

A. THE RIGHT TO INSPECT AND COPY YOUR HEALTH INFORMATION. You may
inspect and obtain a copy of your health information that is contained in a designated record set for as long as
we maintain the health information. A “designated record set” contains medical and billing records and any
other records that your surgeon and we use for making decisions about you. Under the federal law, however,
you may not inspect or copy the following records:

*Psychotherapy notes. Information compiled in reasonable anticipation, or for use in, a civil, criminal,
or administrative action or proceeding; and health information that is subject to a law that prohibits
access to health information. Depending on the circumstances, you may have the right to have a
decision to deny access reviewed. We may deny your request to inspect or copy your health
information, if in our professional judgment, we determine that the access requested is likely to
endanger your life or safety or that of another person, or that it is likely to cause substantial harm to
another person referenced with the information. You have the right to request a review of this decision.
To inspect and copy your medical information, you submit a written request to the Privacy Officer
whose contact information is listed on the last page of this Privacy Notice. If you request a copy of
your information, we may charge you a fee for the costs of copying, mailing or other costs incurred by
us in complying with your request. These costs will be made known to you at the time of your request.

B. THE RIGHT TO REQUEST A RESTRICTION ON USES AND DISCLOSURES OF YOUR HEALTH INFORMATION. You may ask us not to use or disclose certain parts of your health information
for the purposes of treatment, payment or health care operations. You may also request that we do not disclose
your health information to family members or friends who may be involved in your care or for notification
purposes as described in this Privacy Notice. Your request must state the specific restriction requested and to
whom you want the restriction to apply. We are not required to agree to a restriction that you may request. We
will notify you if we deny your request to a restriction. If we do agree to the requested restriction, we will not
use or disclose your health information in violation of that restriction unless it is needed to provide emergency
treatment. Under certain circumstance, we may terminate our agreement to a restriction.

C. THE RIGHT TO REQUEST TO RECEIVE CONFIDENTIAL COMMUNICATIONS FROM US BY ALTERNATIVE MEANS OR AT AN ALTERNATIVE LOCATION. You may have the
right to request that we communicate with you in certain ways. We will accommodate reasonable requests. We
may condition this accommodation by asking you for information as to how payment will be handled or
specification of an alternative address or other method of contact. We will not require you to provide an
explanation for your request.

D. THE RIGHT TO REQUEST AMENDMENTS TO YOUR HEALTH INFORMATION.You
may request an amendment of health information about you in a designated record set for you as long as we
maintain this information. In certain cases, we may deny your request. If we deny your request, you have the
right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will
provide you with a copy of any such rebuttal. Requests for amendment must be in writing and must be directed
to our Privacy Officer. In this written request, you must also provide a reason to support the requested
amendments.

E. THE RIGHT TO RECEIVE AN ACCOUNTING.You may have the right to request an
accounting of certain disclosures of your health information made by us. This right applies to disclosure for
purposes other than treatment, payment or health care operations as described in the Privacy Notice. We are
also not required to account for disclosures that you requested, disclosures that you agreed to by signing and
authorization form disclosures for our directory, to friends or family members involved in your care, or certain
other disclosures we are permitted to make without your authorization. The request must be made in writing to
our Privacy Officer. The request should specify the time period sought for the accounting. We are not required
to provide an accounting for disclosures that take place prior to April 14, 2003. Accounting requests may not be
made for periods of time in excess of six years. We will provide the first accounting you request during any 12-
month period without charge. Subsequent accounting requests may be subject to a reasonable cost-based fee.

F. THE RIGHT TO OBTAIN A COPY OF THIS NOTICE. Upon request, we will provide a
separate paper copy of this notice even if you have already received a copy of this notice.

Our Duties.

We are required by law to maintain the privacy of your health information and to provide you with this Privacy
Notice of our duties and privacy practices. We are required to abide by terms of this Notice as may be amended
from time to time. We reserve the right to change the terms of this Notice and to make the new Notice
provisions effective for all future health information that we maintain. If we change our Notice, we will provide
a copy of the revised Notice by sending a copy of the revised Notice via regular mail or through in-person
contact.

Complaints.

You have the right to lodge complaints to us and to the Secretary of Health and Human Services if you believe
that your privacy rights have been violated. You may complain to us by contacting the Privacy Officer verbally
or in writing, using the information below. We encourage you to express any concerns you may have regarding
the privacy of your information. You will not be retaliated against in any way for filing a complaint.

Contact Person.

Our contact person for all issues regarding patient privacy and your rights under the federal privacy standards is
the Privacy Officer. Information regarding matters covered by this Notice can be requested by contacting the
Privacy Officer. If you feel that your privacy rights have been violated by us, you may submit a complaint to
our Privacy Officer at:

Cosmetic Surgery Associates, LLC

d/b/a Maningas Cosmetic Surgery

620 West 32nd St. Suite B

ATTN: Privacy Officer

Or

Talon Maningas D.O. LLC

620 West 32nd St. Suite B

ATTN: Privacy Officer

The Privacy Officer can be contacted by telephone at 417-437-0303