Notice of Privacy Practices

Chia Endocrinology & Wellness

Effective Date: June 2, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Commitment to Your Privacy

Chia Endocrinology & Wellness, operated by Chia Health LLC (“the Practice,” “we,” “us,” or “our”), is required by law to protect the privacy of your health information, to provide you with this Notice of our legal duties and privacy practices, and to follow the terms of the Notice currently in effect. We take this responsibility seriously and are committed to safeguarding the information you entrust to us.

This Notice applies to all records of your care created or maintained by the Practice, whether by Dr. Hasan or other members of our workforce. It describes how we may use and disclose your protected health information, and your rights regarding that information.

What Is Protected Health Information?

Protected health information (“PHI”) is information that identifies you and relates to your past, present, or future physical or mental health, the care you receive, or payment for that care. It includes your symptoms, test results, diagnoses, treatment, and billing and payment records. Under federal and state law, this information is confidential.

How We May Use and Disclose Your Health Information

The following describes the ways we may use and disclose your PHI without your written authorization.

For Treatment

We use and disclose your PHI to provide and coordinate your medical care. For example, Dr. Hasan records information in your medical record and uses it to determine the most appropriate treatment. We may share information with other physicians, laboratories, pharmacies, hospitals, or specialists involved in your care.

For Payment

We use and disclose your PHI to obtain payment for the services we provide. As a direct-pay practice, this most often means generating statements and maintaining payment records. For patients with Medicare Part B, we may submit claims and disclose information necessary to obtain payment for covered services. We do not share credit card or payment-account information beyond what is required to process your payment.

For Health Care Operations

We use and disclose your PHI for the routine operation of the Practice. For example, we may use your information to assess and improve the quality of care, conduct administrative activities, and support business management.

Appointment Reminders and Health-Related Communications

We may contact you by phone, mail, or secure electronic means to remind you of appointments, to discuss treatment alternatives, or to inform you of health-related benefits and services that may be of interest to you. By providing your email address or mobile number, you authorize us to use those methods to communicate with you.

Individuals Involved in Your Care

If you agree, we may share information with a family member, friend, or other person you identify who is involved in your care or payment for your care. We will not release your information to anyone you have not authorized, except as otherwise permitted by law. To designate such a person, please provide their name in writing or on our Patient Contact Authorization Form.

Other Uses and Disclosures Permitted or Required by Law

We may use or disclose your PHI without your authorization in the following circumstances:

•      As Required by Law — when federal, state, or local law requires the use or disclosure.

•      Public Health Activities — to public health authorities for disease prevention, vital statistics, product recalls, and similar purposes.

•      Abuse, Neglect, or Domestic Violence — to appropriate authorities when we reasonably believe a patient may be a victim.

•      Health Oversight Activities — for audits, investigations, inspections, and licensure activities by oversight agencies.

•      Judicial and Administrative Proceedings — in response to a court order, subpoena, or other lawful process.

•      Law Enforcement — for limited law enforcement purposes as permitted by law.

•      Coroners, Medical Examiners, and Funeral Directors — to allow them to carry out their duties.

•      Organ and Tissue Donation — to organizations that handle procurement or transplantation.

•      Serious Threat to Health or Safety — to prevent or lessen a serious and imminent threat to you or to the public.

•      Research — in limited circumstances and subject to special approval and safeguards.

•      Military, Veterans, and National Security — as required by military command authorities or for authorized national security activities.

•      Workers’ Compensation — as authorized by and necessary to comply with workers’ compensation laws.

•      Inmates — to a correctional institution if you are an inmate, as permitted by law.

Uses and Disclosures That Require Your Written Authorization

Other uses and disclosures not described in this Notice will be made only with your written authorization. In particular, the following always require your authorization:

•      Marketing — most uses or disclosures of your PHI for marketing purposes.

•      Sale of Information — any disclosure that constitutes a sale of your PHI.

•      Psychotherapy Notes — most uses or disclosures of psychotherapy notes, if any are maintained.

You may revoke an authorization in writing at any time, except to the extent we have already acted in reliance on it. Once revoked, we will no longer use or disclose your PHI for the reasons covered by that authorization.

Your Rights Regarding Your Health Information

You have the following rights regarding the PHI we maintain about you. To exercise any of these rights, submit your request in writing to our Office Manager or to Dr. Hasan.

Right to Request Restrictions

You may request that we limit how we use or disclose your PHI for treatment, payment, or health care operations. We are not required to agree to most such requests, but if we do, we will honor them unless the information is needed to provide you emergency treatment.

Important for our patients: If you pay in full, out of pocket, for a specific item or service, you have the right to ask that we not disclose information about that item or service to your health plan for payment or operations purposes, and we must honor that request unless the disclosure is otherwise required by law. Because we are a direct-pay practice, this right is particularly relevant to you.

Right to Confidential Communications

You may request that we communicate with you about your health in a specific way or at a specific location — for example, by mail to a particular address or only by your mobile phone. We will accommodate all reasonable requests.

Right to Inspect and Obtain a Copy

You have the right to inspect and obtain a copy of the PHI we maintain about you, including the right to receive an electronic copy when the information is stored electronically and to have it sent to a third party you designate. We may charge a reasonable, cost-based fee for copies. We will act on your request within 30 days; if we need more time, we may extend once by an additional 30 days and will notify you in writing.

Right to Amend

If you believe information in your record is incorrect or incomplete, you may request that we amend it. We will respond within 60 days (with one possible 30-day extension). We may deny your request in certain circumstances; if we do, we will explain why in writing, and you may submit a statement of disagreement to be included in your record.

Right to an Accounting of Disclosures

You have the right to request a list of certain disclosures we made of your PHI for purposes other than treatment, payment, or health care operations, for up to six years prior to your request.

Right to a Paper Copy of This Notice

You have the right to a paper copy of this Notice at any time, even if you have agreed to receive it electronically. A copy is also available on our website at www.chiaendo.com.

Right to Be Notified of a Breach

You have the right to be notified following a breach of your unsecured PHI.

Right to Choose Someone to Act for You

If you have given someone medical power of attorney, or if someone is your legal guardian, that person may exercise your rights and make choices about your PHI. We will verify that the person has this authority before taking any action.

Our Responsibilities

•      We are required by law to maintain the privacy and security of your PHI.

•      We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

•      We must follow the duties and privacy practices described in this Notice and provide you a copy of it.

•      We will not use or share your information other than as described here unless you tell us we may, in writing. If you give us written permission, you may change your mind at any time, in writing.

Changes to This Notice

We reserve the right to change this Notice and to make the revised Notice effective for all PHI we maintain. If we make a material change, we will post the updated Notice in our office and on our website, and we will make paper copies available upon request. The effective date appears at the top of this Notice.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with the Practice by contacting our Office Manager or Dr. Hasan. You may also file a written complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We will provide the appropriate address upon request. You will not be penalized or retaliated against in any way for filing a complaint.

How to Contact Us

Chia Endocrinology & Wellness

1000 Brooktree Road, Suite 209

Wexford, PA 15090

Phone: 412-485-0311  |  Fax: 412-631-5023

Website: www.chiaendo.com