Notice of Privacy Practices

Effective Date: December 9, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Commitment to Your Privacy

Justlabs is committed to protecting the privacy of your health information. This Notice of Privacy Practices describes how we may use and disclose your protected health information (PHI) to carry out treatment, payment, healthcare operations, and for other purposes permitted or required by law. It also describes your rights to access and control your PHI.

"Protected Health Information" (PHI) is information about you, including demographic information, that may identify you and relates to your past, present, or future physical or mental health condition and related healthcare services.

How We May Use and Disclose Your PHI

For Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare. This includes sharing information with:

  • Quest Diagnostics and other laboratories performing your tests
  • Licensed physicians in our network who order tests on your behalf
  • Your healthcare providers when you authorize us to share results

For Payment

We may use and disclose your PHI to obtain payment for services. This may include disclosing information to:

  • Your health insurance plan (if applicable)
  • Third parties that assist in billing and payment processing

For Healthcare Operations

We may use and disclose your PHI for our healthcare operations, including:

  • Quality assessment and improvement activities
  • Reviewing the competence and performance of healthcare professionals
  • Training programs and educational activities
  • Business planning and development
  • Customer service and complaint resolution

Other Permitted Uses and Disclosures

We may use or disclose your PHI without your authorization for:

  • As Required by Law: When federal, state, or local law requires disclosure
  • Public Health Activities: To prevent or control disease, injury, or disability; report births and deaths; report abuse or neglect
  • Health Oversight Activities: To health oversight agencies for audits, investigations, and inspections
  • Judicial and Administrative Proceedings: In response to a court order, subpoena, or other lawful process
  • Law Enforcement: For law enforcement purposes as required by law
  • To Avert Serious Threat: To prevent or lessen a serious and imminent threat to your health or safety or that of others
  • Workers' Compensation: As authorized by workers' compensation laws
  • Research: Under certain circumstances with appropriate oversight and safeguards

Uses and Disclosures Requiring Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes other than those described above, including:

  • Marketing purposes
  • Sale of your PHI
  • Most uses of psychotherapy notes (if applicable)

You may revoke an authorization at any time by submitting a written request, except to the extent we have already acted in reliance on your authorization.

Your Rights Regarding Your PHI

Right to Access

You have the right to inspect and obtain a copy of your PHI maintained by us. To request access, submit a written request to our Privacy Officer. We may charge a reasonable fee for copies.

Right to Amend

You have the right to request an amendment to your PHI if you believe it is inaccurate or incomplete. Submit a written request with the reason for the amendment. We may deny requests in certain circumstances.

Right to an Accounting of Disclosures

You have the right to receive a list of certain disclosures we made of your PHI. The list will not include disclosures for treatment, payment, healthcare operations, or certain other purposes. Submit a written request specifying the time period (not longer than 6 years).

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request, except we must honor a request to restrict disclosure to a health plan if you paid out-of-pocket in full.

Right to Confidential Communications

You have the right to request that we communicate with you in a certain way or at a certain location. For example, you may ask that we contact you only by email or at a specific phone number.

Right to a Paper Copy

You have the right to obtain a paper copy of this Notice of Privacy Practices upon request, even if you have agreed to receive it electronically.

Our Duties

We are required to:

  • Maintain the privacy of your PHI
  • Provide you with this Notice of our legal duties and privacy practices
  • Abide by the terms of this Notice currently in effect
  • Notify you if a breach of unsecured PHI occurs
  • Obtain your written authorization for uses and disclosures not covered by this Notice

Minimum Necessary Standard

When using or disclosing PHI or when requesting PHI from another covered entity, we will make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.

Breach Notification

In the event of a breach of your unsecured PHI, we will notify you as required by law. Notification will be made without unreasonable delay and no later than 60 days after discovery of the breach.

Changes to This Notice

We reserve the right to change this Notice and make the new provisions effective for all PHI we maintain. The current Notice will be posted on our website and available upon request.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

File a complaint with HHS:
Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll-free: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints

Contact Information

For questions about this Notice or to exercise your rights, contact our Privacy Officer:

Justlabs Privacy Officer

Butterfly Technologies, Inc.

Email: contact@palomahealth.com

Phone: (434) 248-7508

Address: 386 Park Ave South, 5th Floor, New York, NY 10016

Acknowledgment: By using Justlabs services, you acknowledge that you have received this Notice of Privacy Practices and understand how your protected health information may be used and disclosed.