Notice of Privacy Practices

Effective Date: January 21, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. Who This Notice Applies To

This Notice of Privacy Practices (“Notice”) describes the privacy practices applicable to protected health information (“PHI”) created, accessed, used, or maintained in connection with healthcare services provided to you by independent, licensed healthcare providers who use the TRTBOSS platform.

Healthcare services are provided by independent Covered Entities (such as physician practices or provider groups).

VALKORA LLC, a Texas limited liability company doing business as TRTBOSS (“TRTBOSS”), is a non-clinical technology company and management services organization that provides administrative, technical, and support services to those providers.

When TRTBOSS handles PHI on behalf of a Covered Entity, it does so solely as a Business Associate pursuant to a written Business Associate Agreement (“BAA”).

This Notice is provided on behalf of the applicable healthcare providers using the Platform, as required by HIPAA.

2. Our Legal Duties

Under federal law, healthcare providers are required to:

Maintain the privacy of your PHI

Provide you with this Notice describing their legal duties and privacy practices

Follow the terms of this Notice currently in effect

TRTBOSS, as a Business Associate, is required by law and contract to:

Safeguard PHI

Use and disclose PHI only as permitted by HIPAA and the applicable BAA

3. What Is Protected Health Information (PHI)

PHI is individually identifiable health information that relates to:

Your past, present, or future physical or mental health or condition

The provision of healthcare to you

Payment for healthcare services

PHI may include your name, contact information, medical history, laboratory results, prescriptions, diagnoses, and other health-related information.

4. How PHI May Be Used and Disclosed Without Authorization

The following uses and disclosures of PHI are permitted or required by law and do not require your written authorization.

A. Treatment

PHI may be used or disclosed to provide, coordinate, or manage your healthcare and related services, including sharing information with other providers, pharmacies, laboratories, or facilities involved in your care.

B. Payment

PHI may be used or disclosed for billing, payment processing, eligibility determinations, utilization review, and related administrative activities.

C. Healthcare Operations

PHI may be used or disclosed for healthcare operations, including quality assessment, clinical training, accreditation, licensing, audits, compliance activities, and business management.

5. Business Associates

Healthcare providers may share PHI with Business Associates, including TRTBOSS and other service providers, who perform functions on their behalf.

Business Associates are required by law and contract to:

Protect PHI

Use PHI only for permitted purposes

Implement appropriate safeguards

6. Uses and Disclosures Required or Permitted by Law

PHI may be used or disclosed as required or permitted by law, including for:

Public health activities

Health oversight activities

Law enforcement purposes

Judicial or administrative proceedings

Reporting abuse, neglect, or domestic violence

Preventing or reducing a serious threat to health or safety

7. Uses and Disclosures Requiring Authorization

Certain uses and disclosures of PHI require your written authorization, including:

Uses or disclosures for marketing purposes not otherwise permitted by law

Sale of PHI

Certain disclosures of psychotherapy notes (if applicable)

You may revoke an authorization at any time in writing, except to the extent action has already been taken in reliance on it.

8. Your Rights Regarding PHI

You have the following rights regarding your PHI, subject to certain legal limitations:

A. Right to Access

You may request access to or a copy of your PHI, including an electronic copy where applicable.

B. Right to Amend

You may request correction or amendment of PHI you believe is inaccurate or incomplete.

C. Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI.

D. Right to Request Restrictions

You may request restrictions on certain uses or disclosures of PHI. Providers are not required to agree to all requests, except that you may request restriction of disclosures to a health plan for services you paid for in full out-of-pocket.

E. Right to Request Confidential Communications

You may request that communications be sent in a specific manner or to a specific location.

F. Right to a Paper Copy

You may request a paper copy of this Notice at any time.

9. Breach Notification

If a breach of unsecured PHI occurs, affected individuals will be notified as required by law, including information about:

What happened

The types of information involved

Steps you should take to protect yourself

What is being done to investigate and mitigate the breach

10. Changes to This Notice

Healthcare providers reserve the right to change this Notice. Changes will apply to all PHI maintained and will be made available with an updated effective date.

11. Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

The applicable healthcare provider, or

The U.S. Department of Health and Human Services, Office for Civil Rights

You will not be retaliated against for filing a complaint.

12. Contact Information

Privacy Officer
TRTBOSS (VALKORA LLC)
1220 Toro Grande Blvd
Cedar Park, TX 78613
Email: contact@trtboss.com

Requests related to PHI will be routed to the appropriate healthcare provider.