Notice of Privacy Practices

This Notice of Privacy Practices describes the legal obligations of following plans of Prairie States Enterprises, Inc. (the "Business Associate") and its legal rights regarding your protected health information and Substance Use Disorders ("SUD") records held by the Business Associate of the participants of group health plans ("Covered Entities") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH") and the corresponding regulations (collectively referred to as "HIPAA").

This Notice has been drafted in accordance with the HIPAA Privacy Rule, contained in the Code of Federal Regulations at 45 CFR Parts 2, 160 and 164. Terms not defined in this Notice have the same meaning as they have in the HIPAA Privacy Rule.

Among other things, this Notice describes how your protected health information and SUD records may be used or disclosed to carry out treatment, payment, or health care operations, or for any other purposes that are permitted or required by law.

We are required to provide this Notice of Privacy Practices (the "Notice") to you pursuant to HIPAA.

Protected Health Information (PHI)

The HIPAA Privacy Rule protects only certain medical information known as "protected health information" (PHI). Generally, PHI is individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health care clearinghouse, a health plan, or your employer on behalf of a group health plan that relates to:

  1. Your past, present or future physical or mental health or condition;
  2. The provision of health care to you; or
  3. The past, present or future payment for the provision of health care to you.

Substance Use Disorder (SUD) Records (42 CFR Part 2)

SUD (Substance Use Disorder) privacy involves strict federal rules (42 CFR Part 2) protecting treatment records, aligned more closely with HIPAA for care coordination while retaining strictness. These rules generally require explicit patient consent for most disclosures and add rights such as accounting for disclosures. A key compliance deadline is February 16, 2026, for HIPAA entities to update practices and notices for SUD records.

Contact Person

If you have any questions about this Notice or about our privacy practices, please contact:
Michou Reichelsdorfer, President
800-615-7020

Effective Date

This Notice is effective February 13, 2026.

Our Responsibilities

We are required by law to:

  • Maintain the privacy of your protected health information and SUD records;
  • Inform you promptly if a breach occurs that may have compromised the privacy or security of your information;
  • Provide you with certain rights with respect to your protected health information and SUD records;
  • Provide you with a copy of this Notice of our legal duties and privacy practices with respect to your PHI and SUD records;
  • Follow the terms of the Notice that is currently in effect; and
  • Not use or share your information other than as described here unless you tell us in writing that we can. If you tell us we can share information, you may change your mind at any time and advise us in writing of such change.

We reserve the right to change the terms of this Notice and to make new provisions regarding your PHI and SUD records that we maintain, as allowed or required by law. If we make any material change to this Notice, we will provide you with a copy of our revised Notice of Privacy Practices by [describe how Plan will provide individuals with a revised notice-e.g., by mail to their last-known address on file].

How We May Use and Disclose the Participants' PHI and SUD Records

Under the law, we may use or disclose a participant's PHI and SUD records under certain circumstances without their permission. The following categories describe the different ways that we may use and disclose your PHI and SUD records. Not every use or disclosure will be listed, but all permitted uses and disclosures will fall within one of the categories.

For Treatment

We may use or disclose a participant's PHI and SUD records to facilitate medical treatment or services by providers, including doctors, nurses, technicians, medical students, or other hospital personnel involved in taking care of the participant. Example: prior prescriptions may be disclosed to a pharmacist to check for conflicts.

Substance Use Disorder (SUD) Records (42 CFR Part 2)

Records received from an SUD treatment program ("Part 2 Program") are protected by federal law. We will not share a participant's SUD treatment records unless we have your written consent or it is permitted by 42 CFR Part 2.

If you consent to share your Part 2 records with us, we may further disclose those records to our business associates or other providers for Treatment, Payment, and Healthcare Operations purposes as allowed under HIPAA.

We will not use or disclose a participant's Part 2 records (or testimony) in legal proceedings against them unless the participant consents in writing or in response to a specific court order.

For Payment

We may use or disclose a participant's PHI and SUD records to determine eligibility for benefits, facilitate payment for treatment/services, determine benefit responsibility, or coordinate coverage.

Note: A participant may provide one single consent for all future uses or disclosures for treatment, payment and health care operations (TPO) for SUD and his or her rights with regards to revoking such consent.

For Health Care Operations

We may use or disclose a participant's PHI and SUD records to determine eligibility for benefits, evaluate benefit responsibility, coordinate coverage, and assist with financial recoveries from responsible third parties.

To Other Parties

We may contract with individuals or entities to perform functions on our behalf. They may receive, create, maintain, use and/or disclose PHI or SUD records only after agreeing in writing to appropriate safeguards (e.g., Business Associate Agreement).

As Required by Law

We will disclose PHI and SUD records when required by federal, state, or local law, including to the Department of Health and Human Services to verify compliance with privacy law.

To Prevent a Serious Threat to Health and Safety

We may use and disclose PHI and SUD records when necessary to prevent a serious threat to a participant's health and safety, or the health and safety of the public or another person, and only to someone able to help prevent the threat.

To the Plan Sponsors

For administration of the Covered Entity, we may disclose PHI and SUD records to certain employees of the plan sponsor, who may only use/disclose as necessary for plan administration or as required by HIPAA. PHI and SUD records cannot be used for employment purposes without specific authorization.

Special Situations

Organ and Tissue Donation

If a participant is an organ donor, we may release PHI and SUD records to organizations that handle organ procurement or transplantation, as necessary.

Military and Veterans

If a participant is a member of the armed forces, we may release PHI and SUD records as required by military command authorities, including information about foreign military personnel to appropriate foreign military authority.

Workers' Compensation

We may release PHI and SUD records for workers' compensation or similar programs that provide benefits for work-related injuries or illness.

Public Health Risks

We may disclose PHI and SUD records for public health actions such as:

  • Preventing or controlling disease, injury, or disability;
  • Reporting births and deaths;
  • Reporting child abuse or neglect;
  • Reporting reactions to medications or problems with products;
  • Notifying people of recalls of products they may be using;
  • Notifying a person exposed to or at risk for contracting/spreading a disease or condition;
  • Notifying appropriate government authority if we believe a patient is a victim of abuse, neglect, or domestic violence (only if participant agrees or when required/authorized by law).

Health Oversight Activities

We may disclose PHI and SUD records to a health oversight agency for audits, investigations, inspections, licensure, and other activities authorized by law.

Lawsuits and Disputes

If you are involved in a lawsuit or dispute, we may disclose PHI and SUD records in response to a court/administrative order, or in response to subpoena, discovery request, or other lawful process (with required notice/efforts to obtain protective order).

Law Enforcement

We may disclose PHI and SUD records if asked by law enforcement, including:

  • In response to a court order, subpoena, warrant, summons or similar process;
  • To identify or locate a suspect, fugitive, material witness, or missing person;
  • About the victim of a crime under limited circumstances when agreement cannot be obtained;
  • About a death believed to be the result of criminal conduct;
  • About criminal conduct; and
  • In emergency circumstances to report a crime, location of crime/victims, or identity/description/location of the person who committed the crime.

Coroners, Medical Examiners and Funeral Directors

We may release PHI and SUD records to a coroner/medical examiner (e.g., identify a deceased person, determine cause of death) and to funeral directors as necessary.

National Security and Intelligence Activities

We may release PHI and SUD records to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.

Inmates

If a participant is an inmate of a correctional institution or under custody of law enforcement, we may disclose PHI and SUD records to the institution or official if necessary to provide health care, protect health/safety, or for safety/security of the institution.

Research

We may disclose PHI and SUD records to researchers when identifiers have been removed, or when an institutional review board/privacy board approves the research with privacy protections.

Required Disclosures

Government Audits

We are required to disclose PHI and SUD records to the Secretary of the United States Department of Health and Human Services when investigating or determining our compliance.

Disclosures to a Participant

Upon request, we are required to disclose to a participant the portion of PHI and SUD records that contain medical records, billing records, and other records used to make decisions regarding health care benefits. We are also required, when requested, to provide an accounting of most disclosures not for payment, treatment, or health care operations, and not made pursuant to individual authorization.

A Participant's Choices

For certain health information, a participant can tell us your choices about what we share. If a participant has a clear preference for how we share information in the situations below, tell us what you want us to do, and we will follow your instructions.

In these cases, a participant has both the right and choice to tell us to:

  • Share information with family, close friends, or others involved in payment for care.
  • Share information in a disaster relief situation.

If a participant is not able to tell us preference (e.g., unconscious), we may share information if we believe it is in the participant's best interest, or to lessen a serious and imminent threat.

Personal Representatives

We will disclose PHI and SUD records to individuals authorized by the participant or a personal representative (attorney-in-fact, etc.) with written authorization and supporting documents (e.g., power of attorney). Under HIPAA, we may decline disclosure to a personal representative in limited circumstances (e.g., reasonable belief of domestic violence/abuse/neglect, endangerment, or not in participant's best interest).

Fundraising and Marketing

Prior to disclosing PHI and SUD records for fundraising, a participant will be notified and given an option to opt out. Uses/disclosures for marketing purposes and disclosures constituting a sale of PHI or SUD records require authorization.

Spouses and Other Family Members

With limited exceptions, we will send all mail to the participant, including mail related to covered spouse and family members (benefit use and denial information). If restrictions or confidential communications have been requested and agreed to, mail will be sent as provided by that request.

Authorizations

Other uses/disclosures not described will only be made with written authorization. Most uses/disclosures of psychotherapy notes (when appropriate) require authorization.

A participant may revoke written authorization at any time in writing. Revocation applies to future uses/disclosures only, not to information already used/disclosed in reliance on authorization.

A Participant's Rights

A participant has the following rights with respect to PHI and SUD records:

Right to Access

A participant has the right to inspect and copy certain PHI and SUD records used to make decisions about health care benefits. Requests must be in writing to [insert name of our Contact]. Reasonable fees may apply for copying, mailing, and supplies.

A participant may request electronic copies in a designated record set. If the requested format is not readily producible, the information will be provided in a readable electronic form and format mutually agreed upon. Reasonable fees may apply for labor and supplies.

We may deny access in limited circumstances. If denied, a participant may request review by submitting a written request to [insert name of our Contact].

Right to Amend

If a participant believes PHI/SUD records are incorrect or incomplete, they may request an amendment while the information is kept by/for the Covered Entity. Requests must be in writing to:
Michou Reichelsdorfer, President
800-615-7020

A reason supporting the request is required. We may deny requests that are not in writing, lack supporting reason, or relate to information that is not part of the medical information kept by/for the Covered Entity, not created by us (unless creator unavailable), not inspectable/copiable, or already accurate and complete.

Right to an Accounting of Disclosures

A participant may request an accounting of certain disclosures of PHI and SUD records. The accounting will not include disclosures for treatment, payment, or health care operations; disclosures to the participant; disclosures made pursuant to authorization; certain disclosures to friends/family; national security purposes; and incidental disclosures.

Requests must be in writing to:
Michou Reichelsdorfer, President
PO Box 23, Sheboygan, WI 53082-0023

The time period requested may be no longer than six years prior to the request date, and the request should indicate desired format (paper/electronic). One list per 12-month period is free; additional lists may incur costs (notified in advance).

Right to Request Restrictions

A participant may request restrictions on use/disclosure for treatment, payment, or operations, and may request limits on disclosures to persons involved in care or payment. If a participant requests a restriction, it is their responsibility to notify other entities impacted by the restriction.

We are not required to agree to restrictions, but if we agree we will honor them until revoked or we notify the participant.

Effective February 13, 2026, we will comply with any restriction request if: (1) except as required by law, the disclosure is to the health plan for payment/operations (not treatment); and (2) the PHI or SUD records pertain solely to an item/service paid out-of-pocket in full.

To request restrictions, submit in writing to:
Michou Reichelsdorfer, President
PO Box 23, Sheboygan, WI 53082-0023

Requests must state: (1) what information to limit; (2) whether to limit use, disclosure, or both; and (3) to whom limits apply (e.g., spouse).

Right to Request Confidential Communications

A participant may request contact in a certain way or location (e.g., only at work or by mail). Requests must be in writing to:
Michou Reichelsdorfer, President
PO Box 23, Sheboygan, WI 53082-0023

We will not ask the reason. Requests must specify how/where the participant wishes to be contacted. We will accommodate reasonable requests if the participant clearly provides information that disclosure could endanger them.

Right to be Notified of a Breach

A participant has the right to be notified if we (or a third-party Business Associate) discover a breach of unsecured PHI or SUD records. Notice will be provided within 60 days of the breach being identified.