Notice of Privacy Practices

Effective Date: October 20, 2025

This Notice describes how Healthspan Group LLC (d/b/a “Protocol”) may use and disclose your health information and how you can access that information.

We are committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Please read this notice carefully.

1. Our Role and Relationship With Your Physician

Protocol provides health education, wellness coaching, and lifestyle guidance services.

We often work with physicians and clinical practices that deliver your medical care.

When we work under a Business Associate Agreement (BAA) with your physician or practice, we handle certain Protected Health Information (“PHI”) on their behalf.

Your physician or practice remains the Covered Entity responsible for your medical care and overall HIPAA compliance.

In some limited situations, Protocol may also operate as a covered entity for specific health coaching services we provide directly.

2. How We May Use and Disclose Health Information

We may use and share your PHI in the following ways, as permitted under HIPAA:

For Treatment

To support your care coordination with your physician or other health professionals.

Example: sharing progress notes with your physician about your health goals or test results.

For Payment

To help your physician or practice obtain payment for services rendered, if applicable.

Example: verifying participation or billing details if required by your physician’s office.

For Health Care Operations

To evaluate and improve the quality and efficiency of our programs and services.

Example: internal audits, staff training, and quality assurance activities.

When Required by Law

We may disclose PHI when required to do so by federal, state, or local law.

With Your Authorization

Any other uses or disclosures of your PHI will require your written authorization.

You may revoke your authorization at any time in writing, except where we have already relied on it.

3. Your Rights Regarding Your Health Information

You have the right to:

  • Access your records: Receive copies of your PHI maintained by Protocol.

  • Request corrections: Ask us to amend information you believe is incorrect or incomplete.

  • Request restrictions: Limit how your information is used or shared (we will honor reasonable requests where possible).

  • Request confidential communications: Ask that we contact you via a specific method or location (e.g., email only).

  • Receive a list of disclosures: Obtain a record of certain disclosures made by Protocol in the past six years.

  • Receive a paper copy of this Notice: You may request one at any time.

To exercise these rights, please contact us at careteam@protocol.us.

4. Our Responsibilities

Protocol is required by law to:

  • Maintain the privacy and security of your PHI

  • Provide you with this Notice explaining our privacy practices

  • Notify you if a breach occurs that may have compromised the privacy or security of your PHI

  • Follow the terms of this Notice currently in effect

5. How We Protect Your Information

We use secure, HIPAA-compliant technology and administrative safeguards to protect PHI from unauthorized access, disclosure, or alteration.

Access to PHI is restricted to authorized personnel involved in providing or supporting your care.

6. Changes to This Notice

We may revise this Notice as laws or our practices change.

The updated version will be posted on our website at https://protocol.us/ with a new effective date.

You may request a copy of the current Notice at any time.

7. Questions or Complaints

If you have questions about this Notice or believe your privacy rights have been violated, you may contact us at:

Email: info@protocol.us

Concierge Care, LLC

Concierge Care, LLC (Dr. Leslie Fang’s practice) is a premier concierge primary care practice led by Harvard–trained physicians with longstanding academic affiliations and national recognition for clinical and teaching excellence. The practice emphasizes longitudinal, relationship-based care and serves a diverse patient population, including individuals with complex medical needs and those seeking highly personalized preventive care.

Physicians in the practice have received multiple awards for excellence in teaching and clinical service from major academic medical centers and maintain active roles in medical education. The practice integrates evidence-based internal medicine with a personalized approach that prioritizes continuity, proactive health management, and thoughtful care coordination.

Since my early days as a medical student, I’ve been obsessed with defining and creating a truly exceptional primary care experience. This is my life’s work.

Dr. Ajay Haryani trained at the world’s top institutions and bridges worlds that rarely meet. He is a Board-Certified Internal Medicine physician and Assistant Clinical Professor of Medicine at Mount Sinai, with an expert understanding of chronic disease, longevity, fitness, and nutrition.

Unlike most physicians who focus solely on illness, or wellness experts who lack medical training, he brings knowledge of how the body functions in both health and disease – where we thrive and where we falter. He develops personalized care plans that address the full spectrum of health needs, from cardiometabolic health and weight management to emotional health and complex chronic conditions. He is also a Certified Personal Trainer and avid cyclist.

Most recently, he worked with the founder of One Medical (Dr. Tom Lee) to build the cutting-edge primary care company Galileo, supervising doctors and clinical operations across the country. He currently advises leading digital health companies focused on primary care, nutrition and mental health.

Credentials

  • Residency Training: UCSF Medical Center (Ranked #1 Program)
  • Medical School: Northwestern University Feinberg School of Medicine
  • Business School: Northwestern University Kellogg School of Management
  • Undergraduate: Northwestern University