Notice of Privacy Practices

MAIS Consulting ("MAIS," "we," "us," or "our") is an insurance consulting and marketing organization that assists individuals, employers, and insurance agents in accessing health insurance products and related services. In the course of providing these services, MAIS may receive, create, maintain, or transmit Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations, including the HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164).

This Notice of Privacy Practices ("Notice") describes how we may use and disclose your PHI and your rights regarding that information. We are required by law to maintain the privacy of your PHI, to provide you with this Notice, and to abide by the terms of the Notice currently in effect.

PHI includes any individually identifiable health information that we create, receive, maintain, or transmit in connection with providing services to you. This may include:

• Your name, address, date of birth, Social Security number, or other identifiers • Information about your health status, medical history, or health insurance coverage • Information about payment for health care services • Any other information that could reasonably be used to identify you and relates to your past, present, or future physical or mental health condition, the provision of health care to you, or payment for health care

We collect PHI only to the extent necessary to provide our consulting and insurance placement services.

We may use and disclose your PHI for the following purposes without your written authorization:

Treatment: We may disclose your PHI to health care providers, insurance carriers, or other entities involved in coordinating your health coverage or care.

Payment: We may use and disclose your PHI to facilitate payment for health insurance premiums, process claims, or determine eligibility and coverage.

Health Care Operations: We may use and disclose your PHI for our internal business operations, including quality assessment, compliance activities, training, and auditing.

As Required by Law: We will disclose your PHI when required to do so by federal, state, or local law, including disclosures to public health authorities, law enforcement, or government oversight agencies.

Business Associates: We may share your PHI with third-party service providers ("Business Associates") who perform functions on our behalf, provided they agree in writing to protect your PHI in accordance with HIPAA through a Business Associate Agreement (BAA).

All other uses and disclosures of your PHI not described in this Notice require your written authorization. You may revoke such authorization at any time in writing, except to the extent we have already acted in reliance on it.

You have the following rights with respect to your PHI:

Right to Access: You have the right to inspect and obtain a copy of your PHI that we maintain in a designated record set. We may charge a reasonable cost-based fee for copies.

Right to Amend: If you believe your PHI is incorrect or incomplete, you may request that we amend it. We may deny your request under certain circumstances.

Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI during the six years prior to your request.

Right to Request Restrictions: You may request that we restrict certain uses or disclosures of your PHI. We are not required to agree to your request, except in limited circumstances required by law.

Right to Confidential Communications: You may request that we communicate with you about your PHI in a specific way or at a specific location. We will accommodate reasonable requests.

Right to a Paper Copy of This Notice: You have the right to obtain a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

To exercise any of these rights, please contact our Privacy Officer using the contact information below.

MAIS Consulting implements appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of your PHI. These safeguards include:

• Encryption of PHI in transit and at rest where feasible • Access controls limiting PHI access to authorized personnel only • Employee training on HIPAA privacy and security requirements • Policies and procedures governing the use, disclosure, and protection of PHI • Regular risk assessments to identify and address potential vulnerabilities

In the event of a breach of unsecured PHI, we will notify affected individuals, the Secretary of HHS, and, where required, prominent media outlets, in accordance with the HIPAA Breach Notification Rule (45 C.F.R. Part 164, Subpart D).

When using or disclosing PHI or requesting PHI from another covered entity, MAIS Consulting makes reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. This standard does not apply to disclosures to or requests by a health care provider for treatment purposes, disclosures to the individual who is the subject of the PHI, uses or disclosures made pursuant to an individual's authorization, or uses or disclosures required by law.

We reserve the right to change the terms of this Notice at any time. We reserve the right to make the revised or changed Notice effective for PHI we already have about you as well as any information we receive in the future. We will post the current Notice on our website and make it available upon request. The effective date of the current Notice is shown at the top of this document.

If you have questions about this Notice, wish to exercise your rights, or need to report a privacy concern, please contact:

MAIS Consulting — Privacy Officer Email: [email protected] Website: https://maisconsulting.com

You also have the right to file a complaint with the U.S. Department of Health and Human Services: Office for Civil Rights, U.S. Department of Health and Human Services 200 Independence Avenue, S.W., Washington, D.C. 20201 Toll-free: 1-877-696-6775 Website: https://www.hhs.gov/hipaa/filing-a-complaint