HIPAA Notice of Privacy Practices

Ola Migraine Inc.

Effective Date: May 23, 2026
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Practice
Ola Migraine Inc.
dba Ola Migraine, Ola Migraine Honolulu & Ola Migraine Clinic
Website
www.olamigraine.com/hipaa
Email
support@olamigraine.com
Phone
(808) 378-3753

Our Legal Duties

We are required by law to:

  • Maintain the privacy and security of your protected health information (PHI);
  • Provide you with this Notice of Privacy Practices describing our legal duties and privacy practices with respect to your PHI;
  • Notify you following a breach of your unsecured PHI; and
  • Abide by the terms of the Notice currently in effect.

We reserve the right to change the terms of this Notice and to make the new notice provisions effective for all PHI we maintain. If we make a material change to this Notice, we will post the updated version on our website atwww.olamigraine.com/privacy and make it available upon request. The effective date at the top of this Notice reflects the most current version.

How We May Use and Disclose Your Health Information

The following describes the ways we may use and disclose your PHI. For each category, we provide a description. Not every use or disclosure in a category will be listed, but all of the ways we are permitted to use and disclose information will fall within one of the categories below.

Treatment

We may use your PHI to provide, coordinate, or manage your healthcare and any related services. We may disclose your PHI to other healthcare providers involved in your care.

Example: We may share your medical records, consultation notes, imaging reports, or medication list with a neurologist, pharmacist, laboratory, or other specialist involved in treating your migraines.

Payment

We may use and disclose your PHI so that we may bill and receive payment for the treatment and services we provide to you, or so that your health plan may reimburse you for out-of-network care.

Healthcare Operations

We may use and disclose your PHI for our healthcare operations. These activities are necessary to run our practice and ensure that all of our patients receive quality care.

Appointment Reminders and Treatment Alternatives

We may contact you to provide appointment reminders, information about treatment alternatives, or other health-related information that may be of interest to you, using contact information you have provided to us.

Business Associates

We share certain PHI with third-party service providers(called Business Associates) who perform services on our behalf. Each Business Associate is required to sign a Business Associate Agreement (BAA) with us and to appropriately safeguard your PHI. Our current Business Associates include:

•      Elation Health — electronic health record system for clinical documentation and care management

•      Spruce Health — HIPAA-compliant patient communication and secure messaging platform

A complete and current list of our Business Associates is available upon request.

As Required by Law

We will disclose your PHI when required to do so by federal, state, or local law, court order, subpoena, or other lawful process.

Public Health Activities

We may disclose your PHI for public health activities permitted or required by law, including reporting to public health authorities for the purpose of preventing or controlling disease, injury, or disability.

Health Oversight Activities

We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure activities necessary for oversight of the healthcare system.

Serious Threats to Health or Safety

We may use or disclose your PHI if we, in good faith, believe it is necessary to prevent or lessen a serious and imminent threat to your health or safety or to the health or safety of the public or another person, and the disclosure is to a person or entity reasonably able to prevent or lessen the threat.

Workers' Compensation

We may disclose your PHI as authorized by and to the extent necessary to comply with laws relating to workers' compensation or other similar programs providing benefits for work-related injuries or illness.

Law Enforcement

We may disclose your PHI to law enforcement officials under specific circumstances permitted by law, including in response to a court order, warrant, or subpoena; to identify or locate a suspect, fugitive, or missing person; or to report a crime on our premises.

Coroners, Medical Examiners, and Funeral Directors

We may disclose PHI to a coroner or medical examiner for the purpose of identifying a deceased person, determining the cause of death, or as otherwise authorized by law. We may also disclose PHI to funeral directors as necessary to carry out their lawful duties.

Research

Under certain circumstances, we may use or disclose your PHI for research purposes, subject to the approval of an Institutional Review Board or Privacy Board, or when a waiver of authorization has been granted consistent with HIPAA requirements.

Specialized Government Functions

We may use or disclose PHI of military personnel and veterans under certain circumstances, to authorized federal officials for intelligence, national security, or protective services activities, and to correctional institutions or law enforcement officials with lawful custody of an inmate.

Uses and Disclosures Requiring Your Written Authorization

Certain uses and disclosures of your PHI require your written authorization. We will not use or disclose your PHI for the following purposes without your prior written authorization, which you may revoke at any time in writing:

  • Most marketing communications involving your PHI;
  • Sale of your PHI;
  • Psychotherapy notes (where applicable);
  • Uses or disclosures not described in this Notice; and
  • Any other use or disclosure not otherwise permitted by HIPAA.
  • Uses or disclosures not described in this Notice; and

Your Rights Regarding Your Health Information

You have the following rights with respect to your PHI. To exercise any of these rights, please submit a written request to us atsupport@olamigraine.com or by calling (808) 378-3753. We will respond within the time frames required by law.

Right to Access Your PHI

You have the right to inspect and obtain a copy of your PHI that we maintain in a designated record set, including your medical and billing records. We may charge a reasonable, cost-based fee for copying, postage, or preparing a summary. We may deny your request under certain limited circumstances; if we do, we will explain the reason in writing and describe your right to have the denial reviewed.

You may request your records in electronic format if we maintain them electronically. Requests should be submitted in writing to support@olamigraine.com.

Right to Amend Your PHI

If you believe the PHI we have about you is incorrect or incomplete, you have the right to request that we amend it. We may deny your request if the information was not created by us, is not part of the records we maintain, is not information you would be permitted to access, or is already accurate and complete. If we deny your request, you may submit a statement of disagreement to be included in your record.

Right to an Accounting of Disclosures

You have the right to request a list of certain disclosures we have made of your PHI in the six years before your request. This accounting does not include disclosures made for treatment, payment, or healthcare operations; disclosures made to you; disclosures made pursuant to your authorization; and certain other disclosures. We will provide the first accounting free of charge; subsequent requests within a 12-month period may incur a reasonable fee.

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations, and on disclosures to family members or others involved in your care. We are not required to agree to your request except in one circumstance: if you request that we not disclose PHI to your health plan for a service you paid for in full out of pocket, and disclosure is not otherwise required by law, we must honor that restriction.

Please submit restriction requests in writing to support@olamigraine.com.

Right to Request Confidential Communications

You have the right to request that we communicate with you about your health matters in a certain way or at a certain location. For example, you may request that we contact you only by email or only at a specific phone number. We will accommodate reasonable requests. Please submit your request in writing to support@olamigraine.com.

Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Notice of Privacy Practices at any time, even if you have agreed to receive it electronically. To request a paper copy, please contact us atsupport@olamigraine.com or (808) 378-3753.

Right to Be Notified of a Breach

You have the right to be notified if your unsecured PHI has been breached. We will notify you without unreasonable delay and within 60 days of discovery of a breach, as required by the HIPAA Breach Notification Rule. The notification will describe what happened, what information was involved, what we are doing, and what steps you can take to protect yourself.

Minor Patients

For minor patients, the parent or legal guardian is generally authorized to exercise HIPAA rights on behalf of the minor and to access the minor's PHI, subject to certain exceptions under Hawaii state law. Certain healthcare services that a minor may consent to independently — such as services related to reproductive health, substance use, or mental health — may be protected from disclosure to parents or guardians in accordance with applicable state law. If you have questions about minor patient rights, please contact us.

How to File a Privacy Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). We will not retaliate against you in any way for filing a complaint.

File a Complaint with Ola Migraine

To file a complaint with our practice, please contact us:

Ola Migraine Inc. (dba Ola Migraine, Ola Migraine Honolulu & Ola Migraine Clinic)

Website:  www.olamigraine.com

Email: support@olamigraine.com

Phone: (808) 378-3753

File a Complaint with the HHS Office for Civil Rights
  • Online: www.hhs.gov/ocr/privacy/hipaa/complaints
  • By mail: Office for Civil Rights, U.S. Department of Health & Human Services, 200 Independence Ave., S.W., Washington, D.C.20201
  • By phone: 1-800-368-1019 (TDD: 1-800-537-7697)

We will not retaliate against you for filing a complaint with HHS OCR or with our practice.

Effective Date and Changes to This Notice

This Notice is effective as of May 23, 2026. We reserve the right to change the terms of this Notice at any time. Any changes will apply to the PHI we already maintain as well as the PHI we receive in the future. We will post the current version of this Notice on our website at www.olamigraine.com/hipaa. You may request a copy of the current Notice at any time by contacting us at support@olamigraine.com or (808) 378-3753.