HIPAA Authorization for Use and Disclosure of Protected Health Information

Docsa Health

---

Service Provider Information

Company Name: SMARTAUTOMATICA LLC Operating As: Docsa Health State of Incorporation: Delaware, United States Website: https://docsa.health/ Privacy Contact: privacy@docsa.health General Contact: info@docsa.health

IMPORTANT NOTICE: Docsa Health operates as a Business Associate under HIPAA, not as a Covered Entity. We provide personal health records management services and may receive Protected Health Information from Covered Entities (healthcare providers, health plans) on your behalf pursuant to Business Associate Agreements.

---

Section 1: Authorization Purpose

This Authorization permits Docsa Health and its affiliates to use and disclose your Protected Health Information (“PHI”) as described below. This Authorization is provided voluntarily and is required for you to use the Docsa Health platform.

Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations (45 C.F.R. Parts 160 and 164), you have the right to control the use and disclosure of your health information. This Authorization describes how your PHI will be used and disclosed through the Docsa Health platform.

---

Section 2: Description of Information

2.1 Categories of PHI Covered

This Authorization applies to the following categories of Protected Health Information:

Category	Examples
Demographic Information	Name, address, date of birth, contact information
Medical Records	Clinical notes, discharge summaries, consultation reports
Diagnostic Information	Laboratory results, imaging reports, pathology reports
Treatment Information	Prescriptions, treatment plans, surgical records
Insurance Information	Policy numbers, coverage details, claims history
Provider Information	Names and contact details of healthcare providers
Health History	Past medical conditions, family history, allergies
Medication Records	Current and past medications, dosages, adherence data
Wearable Device Data	Vital signs, activity data, health metrics from connected devices

2.2 Sensitive Information Categories

This Authorization specifically includes, where applicable:

• Mental health records
• Substance abuse treatment records
• HIV/AIDS-related information
• Genetic information
• Reproductive health information

Note: Some categories of sensitive information may have additional state-law protections. By signing this Authorization, you consent to the disclosure of all categories listed above, subject to applicable law.

---

Section 3: Purposes of Use and Disclosure

3.1 Primary Purposes

Docsa Health is authorized to use and disclose your PHI for the following purposes:

Purpose	Description
Storage and Organization	To securely store and organize your health records on the platform
Display and Access	To display your health information to you through the platform interface
Data Import	To receive and integrate health data from healthcare providers and institutions
Reminders	To send you reminders about appointments, medications, and medical procedures
Sharing at Your Direction	To share your PHI with persons or entities you specifically authorize
Emergency Access	To provide access to designated PHI to emergency medical personnel as configured by you
Customer Support	To provide technical support related to your health records
Legal Compliance	To comply with legal obligations and respond to valid legal process

3.2 AI-Assisted Processing (Requires Additional Consent)

With your separate consent, your PHI may be processed using artificial intelligence for:

• Optical character recognition (OCR) of medical documents
• Automatic classification and categorization of health records
• Translation of medical documents between languages
• Transcription of audio recordings of medical consultations
• Generation of correspondence with healthcare providers

AI Disclaimer: AI-generated content does NOT constitute medical advice and should NOT be used for medical decision-making. AI systems do not store or accumulate your data beyond immediate processing tasks.

---

Section 4: Persons and Entities Authorized to Receive PHI

4.1 At Your Direction

You may authorize disclosure of your PHI to:

• Healthcare providers you designate
• Family members or caregivers you specify
• Insurance companies for claims purposes
• Employers (with your explicit authorization)
• Legal representatives
• Other third parties you identify

4.2 Service Providers (Business Associates)

Your PHI may be disclosed to the following service providers who have signed Business Associate Agreements:

Provider	Purpose	Location
Amazon Web Services	Cloud hosting, AI processing	United States
Cloudflare	Security, content delivery	United States

4.3 Affiliated Entities

Your PHI may be shared with:

• Dmitrii Fedorov (RESICO PF, Mexico) — Affiliated operator for certain service functions

Such sharing is governed by appropriate data protection agreements.

4.4 Legal and Regulatory Disclosures

Your PHI may be disclosed without your authorization when required by:

• Court orders or subpoenas
• Law enforcement requests
• Public health authorities
• Health oversight agencies
• As otherwise required by law

---

Section 5: Your Rights

5.1 Right to Revoke

You have the right to revoke this Authorization at any time by submitting a written request to:

Email: privacy@docsa.health Subject Line: “HIPAA Authorization Revocation”

Effect of Revocation:

• Revocation is not retroactive and does not affect disclosures made prior to revocation
• Revocation will result in termination of your Docsa Health account
• Your data will be deleted within 30 days of revocation, except as required by law

5.2 Right to Receive a Copy

You have the right to receive a copy of this Authorization after you sign it.

5.3 Right to Access Your PHI

You have the right to access, inspect, and obtain a copy of your PHI maintained by Docsa Health. You can:

• Export your data through the platform interface
• Request a copy by emailing privacy@docsa.health
• Download your data during the account deletion process

5.4 Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your PHI, though Docsa Health is not required to agree to all requests.

5.5 Right to Amend

You have the right to request amendments to your PHI if you believe it is incorrect or incomplete.

5.6 Right to an Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your PHI made by Docsa Health.

---

Section 6: Expiration

6.1 Duration

This Authorization remains in effect until:

• You revoke it in writing, OR
• Your Docsa Health account is terminated, OR
• Docsa Health ceases operations

6.2 Data Retention After Expiration

Upon expiration or revocation:

Scenario	Retention Period
User-initiated revocation	30 days, then permanent deletion
Data from healthcare institutions	Up to 6 years (legal compliance)
Required by law	As specified by applicable law

---

Section 7: Consequences of Refusal

7.1 Treatment Not Conditioned

Your healthcare providers may not condition treatment, payment, enrollment in a health plan, or eligibility for benefits on whether you sign this Authorization.

7.2 Service Availability

However, Docsa Health may not be able to provide its services without this Authorization, as the platform requires access to your PHI to function.

---

Section 8: Re-Disclosure Notice

IMPORTANT: Once your PHI is disclosed pursuant to this Authorization, federal privacy protections may no longer apply to the disclosed information, and the information may be subject to re-disclosure by the recipient. However:

• Disclosures to Docsa Health’s Business Associates are protected by Business Associate Agreements
• Disclosures to healthcare providers are generally protected by HIPAA
• Disclosures to other persons you authorize may not be protected

---

Section 9: Contact Information

Questions About This Authorization

Email: privacy@docsa.health Data Protection Officer: Dmitrii Fedorov

Questions About Your Privacy Rights

U.S. Department of Health and Human Services Office for Civil Rights Website: www.hhs.gov/ocr Phone: 1-800-368-1019

---

Section 10: Acknowledgments

By signing this Authorization, I acknowledge and understand that:

1. I have read this Authorization and understand its contents

2. I understand that my PHI includes sensitive health information

3. I authorize Docsa Health to use and disclose my PHI as described in this Authorization

4. I understand that I may revoke this Authorization at any time in writing

5. I understand that revocation will not affect disclosures already made

6. I understand that Docsa Health is a Business Associate, not a Covered Entity, under HIPAA

7. I understand that once disclosed, my PHI may no longer be protected by federal privacy laws

8. I understand that AI features do NOT provide medical advice

9. I have been provided a copy of the Docsa Health Privacy Notice

10. I am signing this Authorization voluntarily

---

Section 11: Authorization Consent

☐ I AUTHORIZE Docsa Health to use and disclose my Protected Health Information as described in this Authorization for the primary purposes listed in Section 3.1.

Optional AI Processing Consent

☐ I AUTHORIZE Docsa Health to process my PHI using artificial intelligence features as described in Section 3.2. I understand that AI-generated content is for informational purposes only and does not constitute medical advice.

---

Section 12: Digital Authorization Record

By creating an account on Docsa Health and accepting this Authorization through the platform interface, you:

1. Provide valid authorization for the use and disclosure of your PHI
2. Acknowledge that electronic acceptance has the same legal effect as a handwritten signature under the Electronic Signatures in Global and National Commerce Act (E-SIGN Act)

This Authorization is electronically recorded with:

• Date and time of acceptance
• IP address
• Version of document accepted
• Unique session identifier

---

Document Version: 1.0 Effective Date: January 20, 2025 Last Updated: January 20, 2025