HIPAA Notice of Privacy Practices

Last Updated: November 24, 2025

Our website address is: https://tbmlabs.com.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU (OR YOUR CHILD) MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. Introduction

TBM Labs Corp. (“TBM Labs,” “we”) provides the CareTinuum platform, a Connected Care solution designed to bridge the gap between clinics, schools, and homes. In doing so, we handle Protected Health Information (PHI). We are required by the Health Insurance Portability and Accountability Act (HIPAA) to maintain the privacy and security of your PHI and to provide you with this Notice of our legal duties and privacy practices.

2. Our Responsibilities

We are required by law to:

  • Maintain the privacy and security of your Protected Health Information (PHI).
  • Notify you promptly if a breach occurs that may have compromised the privacy or security of your information.
  • Follow the duties and privacy practices described in this Notice.

3. How We May Use and Disclose Your Health Information

We typically use or share your health information in the following ways:

  • For Treatment (Continuation of Care): We use your information to facilitate the “One Child – One Plan – One Team” approach. For example, we may share progress notes or behavioral tracking data between your therapist, your child’s educator, and you (the parent) within the secure CareTinuum platform to ensure everyone is aligned on the care plan.
  • For Payment: We may use specific information (such as session duration or CPT codes) to help therapy clinics bill for services, including Caregiver Training and Remote Therapeutic Monitoring (RTM).
  • For Healthcare Operations: We use information to run our practice, improve our services, and contact you when necessary. This includes using de-identified data to train our systems to better predict outcomes and support neurodivergent care journeys.
  • To Business Associates: We may share information with third-party vendors (such as our secure cloud host, AWS) that perform services on our behalf. These partners are also required by law to protect your PHI.

4. Your Rights

When it comes to your health information, you have certain rights:

  • Get an electronic or paper copy of your medical record: You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.
  • Ask us to correct your medical record: You can ask us to correct health information about you that you think is incorrect or incomplete.
  • Request confidential communications: You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
  • Get a list of those with whom we’ve shared information: You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • Choose someone to act for you: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.

5. Security of Your Information

TBM Labs utilizes advanced “Software as a Medical Device” (SaMD) standards. Your data is stored on private, secure servers via Amazon Web Services (AWS) with strict access controls. We utilize encryption protocols (TLS for data in transit and AES-256 for data at rest) to ensure your information remains private.

6. Changes to the Terms of This Notice

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, on our website, and we will mail a copy to you.

7. Contact Information

If you have questions or concerns about your privacy rights, or if you wish to file a complaint, please contact our Privacy Officer:

  • TBM Labs Corp.
  • Address: 905 Pearl Park Way, 7th Floor, Charlotte, NC 28204
  • Email: privacy@tbmlabs.com