Web Privacy Policy

For more information about our vascular health clinic’s approach to patient privacy, don’t hesitate to reach out. We proudly serve residents of John’s Creek, Georgia, and surrounding areas.

This notice describes how information about you may be used by Emsite LLC and disclosed and how you can get access to this information. Effective as of: November 1, 2017

Emsite's Privacy Policy
Thank you for visiting Emsite’s website. Emsite is strongly committed to protecting your privacy. This privacy policy applies to data collection and usage on Emsite’s website, through all other marketing channels and at Emsite's health screening events.

What Information is Collected?
Most of the information provided by Emsite.com is offered without collecting any personally identifiable information from you. The only time you will be asked to provide personal information is in the event that you wish to contact us using our online inquiry system, or you sign-up for our e-newsletter. You have a choice as to whether or not you would like to submit personal information such as your name, address, city, state, zip code and phone number. If you elect not to submit this information online, you may call 678-807-8627 or email info@emsite.com.

Emsite will automatically collect information about your visit, including the pages you view, the links you click and other actions taken with Emsite’s website. We also collect standard information that your browser sends to every website you visit, such as IP address, browser type and language, access times and referring Web site addresses. Additionally, we may collect information such as which pages you visit, length of stay on each page, and your navigation path. Personal information for all HealthFair participants (name, address, email, phone number) is also collected and stored privately in servers at our location.

How We Use Your Information
Emsite collects and uses your personal information to provide you with services you have requested. These services may include phone calls, emails or direct mail pieces sent to your company or home regarding screenings in your area. Information collected from your visit to our website is used to enhance and evaluate our website.

How we may use your information:
The purposes for which you specifically provided the information. For example, to enable us to contact you regarding a submitted question or inquiry, confirm and remind you of a scheduled appointment, or notify you of upcoming screenings.
To send you email notifications about upcoming screenings, to receive our e-newsletter or to otherwise contact you.
With your permission, we may share your name and address with marketing partners so they may contact you regarding relevant services.
We may also disclose or use your personal information when we, in good faith, believe that the law requires us to do so.

Third Party Access
When you submit your personal information on Emsite’s website, it may be shared with reputable third parties for marketing purposes. Emsite may share your name and address with our marketing partners, but will not disclose sensitive personal information such as age, gender, medical history or health screening results. This information will only be shared with our marketing partners if you have provided us written permission to do so.

Opting Out or Changing your Personal Information
Emsite offers its clients choices for the collection, use, and sharing of personal information. We offer you the opportunity to choose whether to receive certain communications from third parties at the time of your actual screening.

To opt out of Emsite’s mailing list, please write to:
EMSITE, LLC
4275 Johns Creek Parkway Suite C
Suwanee, GA 30024

ATTN: Marketing Department

If you have been screened by Emsite, you may make any changes to your personal information by contacting our customer service department at: 678-807-8627.

Security
All personal information is stored in limited-access servers. We use a number of security technologies and procedures to protect your personal information from unauthorized access or disclosure. Emsite will continue to maintain these safety measures to ensure the security of these servers and your personally identifiable information.

Changes to the Privacy Policy
Emsite reserves the right to modify the terms of this privacy policy. We will highlight any changes that are made to the policy, and we recommend that you re-visit the policy from time-to-time.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.

Emsite Notice of Privacy Practices
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Emsite is required by law to maintain the privacy of health information that identifies you, called protected health information (PHI), and to provide you with notice of your legal duties and privacy practices regarding PHI. Emsite is committed to the protection of your PHI and will make reasonable efforts to ensure the confidentiality of your PHI, as required by statute and regulation. We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.
Emsite Use and Disclosure of PHI
As permitted under HIPAA, the following categories explain the types of uses and disclosures of PHI that
Emsite may make. Some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements, for example, the Clinical laboratory Improvement Amendments of 1988 (CLIA). If you have any questions about any part of this notice, please contact our Privacy Officer, using the contact information provided at the end of this notice.
• For treatment - Emsite may use or disclose PHI for treatment purposes, including disclosure to physicians, nurse practitioners, physician assistants and other health care professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your physician with your ultrasound screening results.
• For payment – Emsite may use or disclose PHI to bill and collect payment for services we provide. For example, Emsite may provide PHI to your health plan to receive payment for the health care services provided to you.
• For health care operations - Emsite may use or disclose PHI for health care operations purposes. The uses and disclosures are necessary, for example, for quality assessment, accreditation, evaluate performance of staff. Emsite may also disclose PHI to other health care providers that are involved in your care for their health care operations, for example, interpretation of ultrasound images.

• Appointment reminders and health-related benefits and services - Emsite may use and disclose PHI to contact you as a reminder that you have an appointment with us and may use and disclose PHI to tell you about health-related benefits and services that may be of interest to you. For example, Emsite may contact you about new services available based on your medical history and risk factors.

Effective Date of Notice: October 22, 2018

Page l of 5

• To individuals involved in your care or payment for your care - Emsite may disclose PHI to a person who is involved in your care or helps pay for your care, such as a family member or friend. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort.
• Business associates - Emsite may disclose PHI to our business associates to perform certain business functions or provide certain business services to Emsite. For example, we may use another company to make copies and printing. All of our business associates are required to maintain the privacy and confidentiality of your PHI.
• Disclosure for judicial and administrative proceedings - Under certain circumstances,
Emsite may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process.
• Law enforcement - Emsite may disclose PHI for law enforcement purposes, including response to a court order, warrant, subpoena or summons, or similar process authorized by law. We may also disclose PHI when the information is needed: 1) for identification or location of a suspect, fugitive, material witness or missing person, 2) about a victim of a crime, 3) about an individual who has died, 4) in relation to criminal conduct on Emsite premises, or 5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.
• As required by law – Emsite must disclose your PHI if required to do so by international, federal, state, or local law.
• Public Health – We may disclose PHI for public health activities.
These activities generally include: 1) disclosures to a public health authority to report, prevent
or control disease, injury, or disability; 2) disclosures to report births and deaths, or to report
child abuse or neglect; 3) disclosures to a person subject to the jurisdiction of the Food and
Drug Administration ("FDA") for purposes related to the quality, safety or effectiveness of an
FDA-regulated product or activity, including reporting reactions to medications or problems with
products or notifying people of recalls of products they may be using; 4) disclosures to notify
a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and 5) disclosures to an employer about an employee to conduct medical surveillance in certain limited circumstances concerning workplace illness or injury.
• Disclosure about victims of abuse, neglect, or domestic violence – We may disclose PHI about an individual to a government authority, including social services, if we reasonably believe that an individual is a victim of abuse, neglect, or domestic violence.
• Health oversight activities – We may disclose PHI to a health care oversight agency for activities authorized by law such as audits, civil, administrative, or criminal investigations and proceedings/actions, inspections, licensure/disciplinary actions, or other activities necessary for appropriate oversight of the health care system, government benefit 'programs, and compliance with regulatory requirements and civil rights laws.

Effective Date of Notice: October 22, 2018

Page 2 of 5

• Coroners, medical examiners, and funeral directors – We may disclose PHI to a coroner, medical examiner, or funeral director for the purpose of identifying a deceased person, determining cause of death, or for performing some other duty authorized by law.
• Personal Representative – We may disclose PHI to your personal representative, as established under applicable law, or to an administrator, executor, or other authorized individual associated with your estate.
• Correctional institution - We may disclose the PHI of inmate or other individual when requested by a correctional institution or law enforcement official for health, safety, and security purposes.
• Serious threat to health or safety - We may disclose PHI if necessary, to prevent or lessen a serious and/or imminent threat to health or safety to a person or the public or for law enforcement authorities to identify or apprehend an individual.
• Research – We may use and disclose PHI for research purposes. limited data or records may be viewed by researchers to identify patients who may qualify for their research project or for other similar purposes, as long as the researchers do not remove or copy any of the PHI. Before we use or disclose PHI for any other research activity, one of the following will happen: 1) a special committee will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard PHI; 2) if the PHI relates to deceased individuals, the researchers give us assurances that the PHI is necessary for the research and will be used only as part of the research; or 3) the researcher will be provided only with information that does not identify you directly.
• Government functions - In certain situations, Emsite may disclose the PHI of military personnel and veterans, including Armed Forces personnel, as required by military command authorities. Additionally, we may disclose PHI to authorized officials for national security purposes, conducting intelligence, counter-intelligence, other national security activities, and when requested by foreign military authorities. Disclosure will be made only in compliance with U.S. Law.

• Workers' compensation - As authorized by applicable laws, we may use or disclose PHI to comply with workers' compensation or other similar programs established to provide work related injury or illness benefits.
• De-identified Information and limited Data Set - We may use and disclose health information that has been "de-identified" by removing certain identifiers making it unlikely that you could be identified. We, also, may disclose limited health information, contained in a "limited data set." The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county and zip code, but not your name or street address.

Effective Date of Notice: October 22, 2018

Page 3 of 5

Other Uses and Disclosures of PHI
For purposes not described above, including uses and disclosures of PHI for marketing purposes and
disclosures that would constitute a sale of PHI, Emsite will ask for your written authorization before using or disclosing your PHI. If you signed an authorization form, you may revoke it, in writing, at any time, except to the extent that action has been taken in reliance on the authorization.
Information Breach Notification
Emsite is required to provide client notification if it discovers a breach of unsecured PHI unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised. You will be notified without unreasonable delay and no later than 60 days after discovery of the breach. Such notification will include information about what happened and what can be done to mitigate any harm.
PHI Patient Rights Regarding
Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:
• Right to Receive a Copy of the Notice of Privacy Practices - You have a right to receive a copy of the Emsite Notice of Privacy Practices at any time by contacting us at 678-807-8627. This Notice will also be posted on Emsite Internet site at www.emsite.com.
• Right to Request limits on Uses and Disclosures of your PHI - You have the right to request that
we limit: 1) how we use and disclose your PHI for services, or 2) our disclosure of PHI to individuals involved in your care or payment for your care. We will consider your request but is not required to agree to it unless the requested restriction involves a disclosure that is not required by law.
• Right to Request Confidential Communications - You have the right to request that we communicate with you about your PHI at an alternative address or by an alternative means. Emsite will accommodate reasonable requests.
• Right to See and Receive Copies of Your PHI-You and your personal representative have the
right to access PHI consisting of your screening results. Exceptions include our inability to verify the identity of the requesting party. You have the right to access and receive your PHI in an electronic format if it is readily producible in such a format.
• Right to Receive an Accounting of Disclosures- You have the right to receive an accounting of disclosures.
• Right to Correct or Update your PHI - If you believe that your PHI contains a mistake, you may
request, in writing, that Emsite correct the information. If your request is denied, we will provide an explanation of the reasoning for our denial

Page 4 of 5
Effective Date of Notice: October 22, 2018

How to Contact Us or File a Complaint
If you have questions or comments regarding the Emsite Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact: 678-807-8627. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services. Emsite will not take retaliatory action against you for filing a complaint about our privacy practices.
Changes to Emsite Notice of Privacy Practices
Emsite reserves the right to make changes to this notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. Emsite is required to abide by the terms of the notice currently in effect. When changes are made, we will update this notice and post the information on the website at www.emsite.com. Please review this site periodically to ensure that
you are aware of any such updates.

Effective Date of Notice: October 22, 2018

Page 5 of 5