Withings Medical Group

Notice of Privacy Practices

Effective Date: July 06, 2026 · Version 2026-07-06

Withings Medical Group is committed to protecting the privacy of your health information. As used in this Notice of Privacy Practices (this "Notice"), "Withings Medical Group", "we", "us" or "our" means Withings Medical Group PA and, where appropriate, its affiliated professional entities organized to provide clinical services in the states in which we operate.

We are required by law to maintain the privacy of your protected health information ("PHI"), to provide you with this notice of our legal duties and privacy practices with respect to your PHI, to notify you following a breach of your unsecured PHI, and to abide by the terms of the notice currently in effect. This Notice applies to all records of your care generated by Withings Medical Group. "Protected health information" is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or mental health, the provision of health care to you, or payment for that care. In some cases, once your PHI is disclosed as permitted by this notice, HIPAA may no longer provide protection of that information from further disclosure.

1. How We May Use and Disclose Your Health Information Without Your Authorization

We may use and disclose your PHI, without your written authorization, for the following purposes:

Treatment. We may use and disclose your PHI to provide, coordinate, or manage your health care and related services. For example, we may share your information with physicians, nurses, technicians, or other personnel involved in your care, including providers outside our practice to whom we refer you.

Payment. We may use and disclose your PHI to obtain payment for the services we provide. For example, we may send claims and supporting information to your health plan or share information to determine eligibility or obtain prior authorization.

Health Care Operations. We may use and disclose your PHI for our health care operations, such as quality assessment and improvement, staff review and training, licensing, accreditation, and business management. For example, we may use your information to evaluate the performance of our staff or to plan our services.

Appointment Reminders and Health-Related Information. We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.

Individuals Involved in Your Care. Unless you object, we may share with a family member, relative, friend, or other person you identify the PHI directly relevant to that person's involvement in your care or payment for your care, and we may use or disclose your PHI to notify such a person of your location or general condition. If you are not present or able to agree or object, we will use our professional judgment to determine whether the disclosure is in your best interest.

Business Associates. We may disclose your PHI to third parties who perform services on our behalf ("Business Associates"). We require our Business Associates to protect your PHI through written agreements.

2. Other Uses and Disclosures Permitted or Required by Law

Subject to applicable legal requirements and limitations, we may use or disclose your PHI without your authorization in the following circumstances:

3. Uses and Disclosures That Require Your Written Authorization

Other than as described above, we will not use or disclose your PHI without your written authorization. In particular, the following require your authorization: most uses and disclosures of psychotherapy notes (if we maintain them); uses and disclosures for marketing purposes; and disclosures that constitute a sale of PHI. Any other use or disclosure not described in this notice will be made only with your written authorization. You may revoke an authorization at any time, in writing, except to the extent we have already acted in reliance on it.

4. Special Protections for Certain Information

Certain categories of information receive additional protection under federal and state law and may require your specific authorization before we use or disclose them. These may include information about HIV/AIDS status or testing, mental health, substance use disorder treatment, genetic information, and reproductive health care. Where state or other law provides greater privacy protection than HIPAA, we will follow the more protective law.

5. Your Rights Regarding Your Health Information

To exercise any of your rights, please submit your request in writing to our Privacy Officer at the contact information below.

Right to Access. You may inspect and obtain a copy of your PHI in a designated record set, including an electronic copy if we maintain it electronically. We may charge a reasonable, cost-based fee.

Right to Amend. You may request that we amend PHI you believe is incorrect or incomplete. We may deny your request in certain circumstances and will provide a written explanation.

Right to an Accounting of Disclosures. You may request a list of certain disclosures we made of your PHI, other than those for treatment, payment, health care operations, and certain other purposes.

Right to Request Restrictions. You may request restrictions on how we use or disclose your PHI. We are not required to agree, except that we must agree to a request to restrict disclosure to a health plan for a service you paid for in full, out of pocket, unless the disclosure is otherwise required by law.

Right to Confidential Communications. You may request that we communicate with you about your health matters by alternative means or at an alternative location.

Right to a Paper Copy. You may obtain a paper copy of this notice on request, even if you agreed to receive it electronically.

Right to Breach Notification. You have the right to be notified following a breach of your unsecured PHI.

6. Our Duties

We are required by law to maintain the privacy of your PHI, provide you with this Notice, abide by the terms of the notice currently in effect, and notify you following a breach of unsecured PHI. We reserve the right to change this Notice and to make the revised notice effective for PHI we already have as well as information we receive in the future. If we make a material change, we will make the revised notice available on our website and by mail on request and post its effective date.

7. Additional State and Federal Requirements

Some state and federal laws provide additional privacy protection of your health information. These include:

Withings Medical Group is committed to following all state and federal legal requirements.

8. Complaints

Protecting your confidential information is important to us. If you feel we have violated your rights, please contact us using the information at the end of this Notice. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, SW, Washington, DC 20201, calling 800.368.1019 or visiting hhs.gov/ocr/about-us/contact-us/index. We will not retaliate against you for filing a complaint either to Withings Medical Group or to the Office for Civil Rights.

9. For More Information or to File a Complaint

Privacy Officer, Withings Medical Group
225 Franklin Street, Suite 1250
Boston, MA 02110
Privacy@withings.com

This Notice is not a form you sign. Its availability is acknowledged through the HIPAA Acknowledgment of Receipt during ACCESS enrollment. You may request a paper copy at any time.