HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA Notice of Privacy Practices

Last updated: May 9, 2026

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Notice of Privacy Practices

This Notice of Privacy Practices (“Notice”) describes how health information about you may be used and disclosed and how you may access that information. Please review it carefully.

Ody Health is a technology and administrative platform operated by ECM One, LLC. Ody Health is not a medical practice and does not itself provide medical care. Independent licensed medical providers, provider networks, pharmacies, laboratories, and other health care entities may be subject to HIPAA and may provide their own notices of privacy practices.

This Notice applies to protected health information (“PHI”) that Ody Health creates, receives, maintains, or transmits on behalf of a HIPAA-regulated provider or other covered entity, or where Ody Health is otherwise required to provide notice under applicable law or contractual obligations.

Uses and disclosures for treatment, payment, and health care operations

We may use and disclose PHI to support treatment, payment, and health care operations. For treatment, PHI may be shared with independent licensed providers, provider networks, pharmacies, laboratories, or other professionals involved in your care or service coordination. For payment, PHI may be used or disclosed to process payments, determine billing status, support pharmacy or laboratory transactions, or resolve payment issues. For health care operations, PHI may be used or disclosed for quality review, compliance, security, credentialing support, vendor management, customer support, auditing, recordkeeping, and platform operations.

Ody Health does not make clinical decisions, prescribe medications, dispense medications, or operate a pharmacy. Clinical decisions are made by independent licensed providers.

Other uses and disclosures permitted or required by law

We may use or disclose PHI as permitted or required by law, including for public health activities, health oversight activities, legal proceedings, law enforcement requests, serious threats to health or safety, workers’ compensation, coroners or medical examiners, organ donation, research where legally permitted, military or national security purposes, correctional institutions, and other purposes authorized by HIPAA or applicable law.

We may also disclose PHI to business associates and service providers that perform functions for us or for covered entities, provided they agree to safeguard PHI as required by law or contract.

Uses requiring authorization

We will obtain your written authorization before using or disclosing PHI for purposes that require authorization under HIPAA, including most uses and disclosures of psychotherapy notes, certain marketing communications involving PHI, and any sale of PHI. We do not sell PHI.

You may revoke an authorization in writing at any time, except to the extent action has already been taken in reliance on the authorization or where the authorization was obtained as a condition of insurance coverage and other law permits the insurer to contest a claim or policy.

Your HIPAA rights

Where HIPAA applies, you may have the right to request access to inspect or receive a copy of PHI maintained about you in a designated record set, request an amendment of PHI you believe is incorrect or incomplete, request restrictions on certain uses or disclosures, request confidential communications, request an accounting of certain disclosures, and receive a paper copy of this Notice.

You also have the right to receive notice following a breach of unsecured PHI where notification is required by law.

Requests may be sent to info@odyhealth.co. We may ask you to submit certain requests in writing and may verify your identity before responding.

Access, copies, and fees

If you request copies of records, we or the applicable provider may charge a reasonable, cost-based fee where permitted by law. Certain requests may be denied or limited as permitted by HIPAA or other applicable law, including where records are maintained by an independent provider, pharmacy, laboratory, or other third party rather than Ody Health.

Our duties

Where HIPAA applies, we are required to maintain the privacy and security of PHI, provide notice of our legal duties and privacy practices, notify affected individuals following certain breaches of unsecured PHI, and follow the terms of the Notice currently in effect.

We will not use or disclose PHI other than as described in this Notice, as permitted by law, as authorized by you, or as directed by the applicable covered entity or provider.

Changes to this Notice

We may change this Notice from time to time. We reserve the right to make the revised Notice effective for PHI we already maintain as well as information we receive in the future. When we make a material change, we will post the revised Notice on odyhealth.co and update the effective date.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us at info@odyhealth.co. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

We will not retaliate against you for filing a complaint or exercising your privacy rights.

Contact for this Notice

Questions about this Notice may be sent to:

ECM One, LLC
Attn: Privacy
1049 Havenhurst Dr
West Hollywood, CA 90046
Email: info@odyhealth.co

This document is for informational purposes and does not constitute legal advice. Questions: legal@odyhealth.co.

HIPAA Notice of Privacy Practices | Ody Health