Energy Renewal Revolutionized UNLTD, LLC
1039 Washington Ave
Bronx, NY 10456

Effective Date: February 20, 2026
Approved By: Dewidi Lama Hali
Review Date: February 17, 2026

Energy Renewal Revolutionized UNLTD, LLC (“the Company”) is committed to protecting the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule, as administered by the U.S. Department of Health and Human Services (HHS).

This policy establishes safeguards to ensure PHI is handled confidentially, securely, and in accordance with federal and New York State laws.

This policy applies to:

• All employees
• Contractors
• Volunteers
• Temporary staff
• Business associates

It covers all forms of PHI, including:

• Electronic PHI (ePHI)
• Paper records
• Verbal communications

Protected Health Information (PHI):
Individually identifiable health information relating to an individual’s past, present, or future physical or mental health condition, healthcare services, or payment for healthcare.

Electronic PHI (ePHI):
PHI stored or transmitted electronically.

Business Associate:
Any vendor or third party that creates, receives, maintains, or transmits PHI on behalf of the Company.

PHI may be used or disclosed for:

• Treatment
• Payment
• Healthcare operations
• When required by law
• Public health reporting
• As authorized by the patient in writing

All other disclosures require written authorization from the individual.

The Company will limit PHI use, disclosure, and requests to the minimum necessary to accomplish the intended purpose.

Individuals have the right to:

• Access their PHI
• Request amendments
• Request restrictions on disclosures
• Receive an accounting of disclosures
• Obtain a copy of the Notice of Privacy Practices
• File a complaint without retaliation

Complaints may also be filed with the Office for Civil Rights within HHS.

The Company implements administrative, physical, and technical safeguards.

• Appoint a HIPAA Privacy Officer and Security Officer
• Conduct regular risk assessments
• Provide annual HIPAA training
• Implement sanction policies for violations
• Maintain Business Associate Agreements (BAAs)

• Secure facility access controls
• Locked filing cabinets
• Secure workstation positioning
• Device and media controls
• Visitor sign-in procedures

• Unique user IDs
• Strong password policies
• Multi-factor authentication (where feasible)
• Encryption of ePHI at rest and in transit
• Automatic logoff
• Audit controls and system monitoring

A breach is any unauthorized acquisition, access, use, or disclosure of unsecured PHI.

In the event of a breach:

1. Conduct a risk assessment immediately.
2. Notify affected individuals within 60 days.
3. Notify HHS as required.
4. Notify media if more than 500 individuals are affected.

All breaches must be documented.

All workforce members must:

• Complete HIPAA training upon hire and annually
• Safeguard PHI at all times
• Report suspected breaches immediately
• Follow all Company privacy and security procedures

Failure to comply may result in disciplinary action, up to and including termination.

The Company will execute written Business Associate Agreements with all vendors who handle PHI, ensuring they comply with HIPAA standards.

All HIPAA-related documentation, training logs, risk assessments, and breach records will be retained for a minimum of six (6) years as required by law.

HIPAA Privacy Officer:
Name: Dewidi Lama hali
Phone: (833) 912 - 3998
Email: dpo@errtechnology.com

Individuals may also file complaints with the U.S. Department of Health and Human Services Office for Civil Rights.

This policy will be reviewed annually and updated as necessary to maintain compliance with federal and New York State regulations.

Energy Renewal Revolutionized UNLTD, LLC respects your privacy. We use your health information only for treatment, payment, and healthcare operations unless otherwise permitted or required by law. You have the right to access and control your health information.

A full Notice of Privacy Practices is available upon request.

If you'd like, I can also create:

• A full Notice of Privacy Practices (patient-facing document)
• A HIPAA employee handbook section
• A HIPAA training outline
• A Breach response checklist
• A Business Associate Agreement template
• A HIPAA compliance binder checklist

Let me know what type of services your company provides (medical, wellness, therapy, home health, etc.) so I can tailor this specifically to your operations in New York.