Notice of Privacy Practices

How your protected health information is used and disclosed.

Effective June 4, 2026 · Last updated June 4, 2026

This Notice of Privacy Practices ("Notice") describes how The Edit Health LLC ("we," "us," or "our") and our affiliated clinical providers may use and disclose your Protected Health Information (PHI) to carry out treatment, payment, or healthcare operations and for other purposes that are permitted or required by law. This Notice also describes your rights regarding your PHI. We are required by law to maintain the privacy of your PHI, provide you with this Notice of our legal duties and privacy practices, and to abide by the terms of this Notice.

How our practice is structured

The Edit Health LLC operates as a management services organization (MSO) and does not itself practice medicine. Clinical care is delivered by an independent, affiliated medical practice, Arora Health & Aesthetics, LLC, and PHI is maintained within the HIPAA-covered clinical platform used to deliver that care. This Notice applies to PHI handled in connection with services you obtain through The Edit. PHI submitted on this public marketing website is addressed separately in our Privacy Policy; we do not collect PHI on this website.

Uses and disclosures of PHI

We may use and disclose your PHI for the following purposes:

• Treatment. To provide, coordinate, or manage your healthcare and related services, including communication with other healthcare providers about your treatment and coordinating your care.
• Payment. To obtain payment for healthcare services provided to you, including verifying coverage, billing and collection activities, and sharing PHI with other healthcare providers, insurers, or collection agencies.
• Healthcare operations. For quality assessment, improvement activities, case management, accreditation, licensing, credentialing, and conducting or arranging for medical reviews, audits, or legal services.
• As required by law. When required to do so by federal, state, or local law.
• Public health and safety. To prevent or control disease, injury, or disability, report child abuse or neglect, report reactions to medications or problems with products, and notify persons who may have been exposed to a communicable disease.
• Health oversight activities. To health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.
• Judicial and administrative proceedings. In response to a court or administrative order, subpoena, discovery request, or other lawful process.
• Law enforcement. For law enforcement purposes, such as to report certain wounds or injuries, or to comply with a court order, warrant, or other legal process.
• Research. For research purposes when approved by an institutional review board and privacy protections are in place.
• Organ and tissue donation. If you are an organ donor, to organizations that handle organ procurement, transplantation, or donation.
• Workers' compensation. For workers' compensation or similar programs that provide benefits for work-related injuries or illnesses.
• Military and veterans. If you are a member of the armed forces, as required by military authorities.
• Inmates. If you are an inmate, to the correctional institution or law enforcement official having custody of you.

Your rights regarding PHI

• Right to inspect and copy. You may inspect and copy your PHI that we maintain, with certain exceptions. Submit a written request to our Privacy Officer. We may charge a reasonable fee for copying, mailing, or supplies.
• Right to amend. You may request an amendment to your PHI if you believe it is incorrect or incomplete. We may deny the request if we believe the information is accurate and complete, or if we did not create it.
• Right to an accounting of disclosures. You may request an accounting of disclosures of your PHI made in the past six years, except for disclosures for treatment, payment, or healthcare operations and certain other disclosures.
• Right to request restrictions. You may request a restriction on our use or disclosure of your PHI for treatment, payment, or healthcare operations. We are not required to agree but will consider it.
• Right to request confidential communications. You may request that we communicate with you about your PHI in a certain way or at a certain location.
• Right to a paper copy of this Notice. You may receive a paper copy even if you agreed to receive it electronically.
• Right to be notified of a breach. You have the right to be notified if we discover a breach of your unsecured PHI.

Transmission of PHI

We are committed to protecting the privacy of your PHI and will ensure that any electronic transmission of PHI complies with the HIPAA Privacy and Security Rules (45 CFR 164). This includes the use of Secure Sockets Layer (SSL) or equivalent technology for transmission of PHI, as well as adherence to applicable security standards for online transmission of PHI.

Changes to this Notice

We reserve the right to change this Notice, and the revised Notice will be effective for PHI we already have about you as well as any information we receive in the future. We will post the current Notice on our website with its effective date on the first page.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

Contact information

To exercise any of your rights, or if you have questions about this Notice or our privacy practices, contact our Privacy Officer:

The Edit Health LLC
Attn: Privacy Officer
5900 Balcones Drive STE 100
Austin, TX 78731
privacy@theedithealth.com
theedithealth.com

This Notice is provided in accordance with the Notice of Privacy Practices for Protected Health Information from the U.S. Department of Health and Human Services' model and is applicable across all U.S. states. Certain states may provide additional privacy protections that apply to your PHI.

State-specific provisions

In addition to the practices described above, we comply with applicable state-specific privacy laws related to PHI. The following are examples.

Texas residents

For residents of Texas, we comply with the Texas Medical Privacy Act, which offers protections beyond HIPAA, including consent requirements for certain disclosures of PHI, additional safeguards for electronic PHI, and specific requirements for the destruction of PHI. We also adhere to Texas's protections for mental health records and substance use treatment records.

California residents

For residents of California, we comply with the Confidentiality of Medical Information Act (CMIA) and California's privacy laws related to access, restriction of certain disclosures to health plans where you paid out of pocket in full, marketing and sale of PHI, and minors' rights for certain sensitive services. We will obtain written consent before disclosing certain information as required by California law.

New York residents

For residents of New York, we comply with New York's confidentiality laws, which provide additional protections for HIV-related information, mental health records, and genetic testing results, including obtaining written consent before disclosing such information, even for treatment, payment, or healthcare operations.

Other states

Florida, Illinois, Massachusetts, and other states provide additional protections for categories such as mental health records, HIV/AIDS-related information, genetic testing results, and substance use treatment records. Where applicable, we will obtain written consent before disclosing such information and implement the specific security measures those states require. If you reside in a state other than those listed, please consult your state's specific privacy laws, or contact our Privacy Officer for more information about your rights.