Self-Insured Schools of California (SISC)

HIPAA Notice of Privacy Practices

Esta noticia es disponible en espanol si usted lo suplica. Por favor contacte el oficial de privacidad indicado a continuación.

Purpose of This Notice

This Notice is required by law.

The Self-Insured Schools of California (SISC) group health plan consisting of these self-funded benefits: medical PPO plan options including utilization management, prescription benefit management (PBM) and medical plan claims administration services, telemedicine program with MDLIVE, self-funded dental PPO plan options, self-funded vision PPO plan options, Wellness program, Medicare Supplement program, COBRA administration, and Health Flexible Spending Account (FSA) administration, (hereafter referred to as the “Plan”), is required by law to take reasonable steps to maintain the privacy of your personally identifiable health information (called Protected Health Information or PHI) and to inform you about the Plan’s legal duties and privacy practices with respect to protected health information including:

• The Plan’s uses and disclosures of PHI,
• Your rights to privacy with respect to your PHI,
• The Plan’s duties with respect to your PHI,
• Your right to file a complaint with the Plan and with the Secretary of the U.S. Department of Health and Human Services (HHS), and
• The person or office you should contact for further information about the Plan’s privacy practices.
• To notify affected individuals following a breach of unsecured protected health information.

PHI use and disclosure by the Plan is regulated by the Federal law, Health Insurance Portability and Accountability Act, commonly called HIPAA. You may find these rules in 45 Code of Federal Regulations Parts 160 and 164. This Notice attempts to summarize key points in the regulation. The regulations will supersede this Notice if there is any discrepancy between the information in this Notice and the regulations. The Plan will abide by the terms of the Notice currently in effect. The Plan reserves the right to change the terms of this Notice and to make the new Notice provisions effective for all PHI it maintains.

You may receive a Privacy Notice from a variety of the insured group health benefit plans offered by SISC. Each of these notices will describe your rights as it pertains to that plan and in compliance with the Federal regulation, HIPAA. This Privacy Notice however, pertains to your protected health information held by the SISC self-funded group health plan (the “Plan”) and outside companies contracted with SISC to help administer Plan benefits, also called “business associates.”

Effective Date

The effective date of this Notice is February 16,2026, and this notice replaces notices previously distributed to you.

Privacy Officer

The Plan has designated a Privacy Officer to oversee the administration of privacy by the Plan and to receive complaints. The Privacy Officer may be contacted at:

Privacy Officer: Chief Information Systems Officer

Self-Insured Schools of California (SISC)

2000 “K” Street P.O. Box 1847 – Bakersfield, CA 93303-1847

Phone: 661-636-4410

Confidential Fax: 661-636-4893

Your Protected Health Information

The term “Protected Health Information” (PHI) includes all information related to your past, present or future health condition(s) that individually identifies you or could reasonably be used to identify you and is transferred to another entity or maintained by the Plan in oral, written, electronic or any other form.

PHI does not include health information contained in employment records held by your employer in its role as an employer, including but not limited to health information on disability, work-related illness/injury, sick leave, Family or Medical Leave (FMLA), life insurance, dependent care flexible spending account, drug testing, etc.

This Notice does not apply to information that has been de-identified in accordance with HIPAA. De-identified information is information that does not identify you, and with respect to which there is no reasonable basis to believe that the information can be used to identify you, is not individually identifiable health information.

When the Plan May Disclose Your PHI

Under the law, the Plan may disclose your PHI without your written authorization in the following cases:

• At your request. If you request it, the Plan is required to give you access to your PHI in order to inspect it and copy it.
• As required by an agency of the government. The Secretary of the Department of Health and Human Services may require the disclosure of your PHI to investigate or determine the Plan’s compliance with the privacy regulations.
• For treatment, payment or health care operations (“Plan Administration”). The Plan and its business associates will use your PHI (except psychotherapy notes in certain instances as described below) without your consent, authorization or opportunity to agree or object in order to carry out treatment, payment, or health care operations.

The Plan does not need your consent or authorization to release your PHI when you request it, a government agency requires it, or the Plan uses it for treatment, payment or health care operations.

The Plan Sponsor has amended its Plan documents to protect your PHI as required by Federal law. The Plan may disclose PHI to the Plan Sponsor for purposes of treatment, payment and health care operations in accordance with the Plan amendment. The Plan may disclose PHI to the Plan Sponsor for review of your appeal of a benefit or for other reasons related to the administration of the Plan.

When the Disclosure of Your PHI Requires Your Written Authorization

Generally, the Plan will require that you sign a valid authorization form in order to use or disclose your PHI other than:

• When you request your own PHI
• A government agency requires it, or
• The Plan uses it for treatment, payment or health care operation.

You have the right to revoke an authorization.

Although the Plan does not routinely obtain psychotherapy notes, generally, an authorization will be required by the Plan before the Plan will use or disclose psychotherapy notes about you. Psychotherapy notes are separately filed notes about your conversations with your mental health professional during a counseling session. They do not include summary information about your mental health treatment. However, the Plan may use and disclose such notes when needed by the Plan to defend itself against litigation filed by you.

• The Plan may use and disclose (either by the Plan directly or through third party vendors to the Plan) your PHI to tell you about possible treatment options, health care alternatives, or health-related (including mental health and substance abuse) benefits or services that may be of interest to you, provided that the Plan does not receive financial remuneration from a third party in exchange for making the communication. Such a third-party vendor to the Plan may contact you directly about those options, alternatives, benefits or services.

The Plan generally will require an authorization form for uses and disclosure of your PHI for marketing purposes (a communication that encourages you to purchase or use a product or service) if the Plan receives direct or indirect financial remuneration (payment) from the entity whose product or service is being marketed. The Plan generally will require an authorization form for the sale of protected health information if the Plan receives direct or indirect financial remuneration (payment) from the entity to whom the PHI is sold. The Plan does not intend to engage in fundraising activities.

Use or Disclosure of Your PHI Where You Will Be Given an Opportunity to Agree or Disagree Before the Use or Release

Disclosure of your PHI to family members, other relatives and your close personal friends without your written consent or authorization is allowed if:

• The information is directly relevant to the family or friend’s involvement with your care or payment for that care, and
• You have either agreed to the disclosure or have been given an opportunity to object and have not objected.

Note that PHI obtained by the Plan Sponsor’s employees through Plan administration activities will NOT be used for employment related decisions.

Use or Disclosure of Your PHI Where Consent, Authorization or Opportunity to Object Is Not Required

In general, the Plan does not need your written authorization to release your PHI if required by law or for public health and safety purposes. The Plan and its Business Associates are allowed to use and disclose your PHI without your written authorization (in compliance with section 164.512) under the following circumstances:

• When required by law.
• When permitted for purposes of public health activities. This includes reporting product defects, permitting product recalls and conducting post-marketing surveillance. PHI may also be used or disclosed if you have been exposed to a communicable disease or are at risk of spreading a disease or condition, if authorized by law.
• To a school about an individual who is a student or prospective student of the school if the protected health information this is disclosed is limited to proof of immunization, the school is required by State or other law to have such proof of immunization prior to admitting the individual and the covered entity obtains and documents the agreements to this disclosure from either a parent, guardian or other person acting in loco parentis of the individual, if the individual is an unemancipated minor; or the individual, if the individual is an adult or emancipated.
• When authorized by law to report information about abuse, neglect or domestic violence to public authorities if a reasonable belief exists that you may be a victim of abuse, neglect or domestic violence. In such case, the Plan will promptly inform you that such a disclosure has been or will be made unless that notice would cause a risk of serious harm. For the purpose of reporting child abuse or neglect, it is not necessary to inform the minor that such a disclosure has been or will be made. Disclosure may generally be made to the minor’s parents or other representatives, although there may be circumstances under Federal or state law when the parents or other representatives may not be given access to the minor’s PHI.
• To a public health oversight agency for oversight activities authorized by law. These activities include civil, administrative or criminal investigations, inspections, licensure or disciplinary actions (for example, to investigate complaints against providers) and other activities necessary for appropriate oversight of government benefit programs (for example, to investigate Medicare or Medicaid fraud).
• When required for judicial or administrative proceedings. For example, your PHI may be disclosed in response to a subpoena or discovery request, provided certain conditions are met, including that:
• the requesting party must give the Plan satisfactory assurances a good faith attempt has been made to provide you with written Notice, and
• the Notice provided sufficient information about the proceeding to permit you to raise an objection, and
• no objections were raised or were resolved in favor of disclosure by the court or tribunal.
• When required for law enforcement health purposes (for example, to report certain types of wounds).
• For law enforcement purposes if the law enforcement official represents that the information is not intended to be used against the individual, the immediate law enforcement activity would be materially and adversely affected by waiting to obtain the individual’s agreement and the Plan in its best judgment determines that disclosure is in the best interest of the individual. Law enforcement purposes include:
• identifying or locating a suspect, fugitive, material witness or missing person, and
• disclosing information about an individual who is or is suspected to be a victim of a crime.
• When required to be given to a coroner or medical examiner to identify a deceased person, determine a cause of death or other authorized duties. When required to be given to funeral directors to carry out their duties with respect to the decedent; for use and disclosures for cadaveric organ, eye or tissue donation purposes.
• For research, subject to certain conditions.
• When, consistent with applicable law and standards of ethical conduct, the Plan in good faith believes the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and the disclosure is to a person reasonably able to prevent or lessen the threat, including the target of the threat.
• When authorized by and to the extent necessary to comply with workers’ compensation or other similar programs established by law.
• When required, for specialized government functions, to military authorities under certain circumstances, or to authorized Federal officials for lawful intelligence, counter intelligence and other national security activities.

Any other Plan uses and disclosures not described in this Notice will be made only if you provide the Plan with written authorization, subject to your right to revoke your authorization, and information used and disclosed will be made in compliance with the minimum necessary standards of the regulation.

Your Individual Privacy Rights

A.You May Request Restrictions on PHI Uses and Disclosures

You may request the Plan to restrict the uses and disclosures of your PHI:

• To carry out treatment, payment or health care operations, or
• To family members, relatives, friends or other persons identified by you who are involved in your care.

The Plan, however, is not required to agree to your request if the Plan Administrator or Privacy Officer determines it to be unreasonable, for example, if it would interfere with the Plan’s ability to pay a claim.

The Plan will accommodate an individual’s reasonable request to receive communications of PHI by alternative means or at alternative locations where the request includes a clear statement that disclosure could endanger the individual. You or your personal representative will be required to complete a form to request restrictions on the uses and disclosures of your PHI. To make such a request contact the Privacy Officer at their address listed on the first page of this Notice.

B.You May Inspect and Copy Your PHI

You have the right to inspect and obtain a copy (in hard copy or electronic form) of your PHI (except psychotherapy notes and information compiled in reasonable contemplation of an administrative action or proceeding) contained in a “designated record set,” for as long as the Plan maintains the PHI. You may request your hard copy or electronic information in a format that is convenient for you, and the Plan will honor that request to the extent possible. You may also request a summary of your PHI.

A Designated Record Set includes your medical records and billing records that are maintained by or for a covered health care provider. Records include enrollment, payment, billing, claims adjudication and case or medical management record systems maintained by or for a health plan or other information used in whole or in part by or for the covered entity to make decisions about you. Information used for quality control or peer review analyses and not used to make decisions about you is not included in the designated record set.

The Plan must provide the requested information within 30 days of its receipt of the request, if the information is maintained onsite or within 60 days if the information is maintained offsite. A single 30-day extension is allowed if the Plan is unable to comply with the deadline and notifies you in writing in advance of the reasons for the delay and the date by which the Plan will provide the requested information.

You or your personal representative will be required to complete a form to request access to the PHI in your Designated Record Set. Requests for access to your PHI should be made to the Plan’s Privacy Officer at their address listed on the first page of this Notice. You may be charged a reasonable cost-based fee for creating or copying the PHI or preparing a summary of your PHI.

If access is denied, you or your personal representative will be provided with a written denial describing the basis for the denial, a description of how you may exercise those review rights and a description of how you may complain to the Plan’s Privacy Officer or the Secretary of the U.S. Department of Health and Human Services.

C.You Have the Right to Amend Your PHI

You or your Personal Representative have the right to request that the Plan amend your PHI or a record about you in a designated record set for as long as the PHI is maintained in the designated record set. The Plan has 60 days after receiving your request to act on it. The Plan is allowed a single 30-day extension if the Plan is unable to comply with the 60-day deadline (provided that the Plan notifies you in writing in advance of the reasons for the delay and the date by which the Plan will provide the requested information).

If the Plan denied your request in whole or part, the Plan must provide you with a written denial that explains the basis for the decision. You or your personal representative may then submit a written statement disagreeing with the denial and have that statement included with any future disclosures of your PHI. You should make your request to amend PHI to the Privacy Officer at their address listed on the first page of this Notice.

You or your personal representative may be required to complete a form to request amendment of your PHI. Forms are available from the Privacy Officer at their address listed on the first page of this Notice.

D.You Have the Right to Receive an Accounting of the Plan’s PHI Disclosures

At your request, the Plan will also provide you with an accounting of disclosures by the Plan of your PHI during the six years (or shorter period if requested) before the date of your request. The Plan will not provide you with an accounting of disclosures related to treatment, payment, or health care operations, or disclosures made to you or authorized by you in writing. The Plan has 60 days after its receipt of your request to provide the accounting. The Plan is allowed an additional 30 days if the Plan gives you a written statement of the reasons for the delay and the date by which the accounting will be provided. If you request more than one accounting within a 12-month period, the Plan will charge a reasonable, cost-based fee for each subsequent accounting.

E.You have the Right to Request that PHI be Transmitted to You Confidentially

The Plan will permit and accommodate your reasonable request to have PHI sent to you by alternative means or to an alternative location (such as mailing PHI to a different address or allowing you to personally pick up the PHI that would otherwise be mailed), if you provide a written request to the Plan that the disclosure of PHI to your usual location could endanger you. If you believe you have this situation, you should contact the Plan’s Privacy Officer to discuss your request for confidential PHI transmission.

F.You Have the Right to Receive a Paper or Electronic Copy of This Notice Upon Request

To obtain a paper or electronic copy of this Notice, contact the Plan’s Privacy Officer at their address listed on the first page of this Notice. This right applies even if you have agreed to receive the Notice electronically.

G.Breach Notification

If a breach of your unsecured protected health information occurs, the Plan will notify you in the time and manner required by law.

Your Personal Representative

You may exercise your rights to your protected health information (PHI) by designating a person to act as your Personal Representative. Your Personal Representative will generally be required to produce evidence (proof) of the authority to act on your behalf before the Personal Representative will be given access to your PHI or be allowed to take any action for you. Under this Plan, proof of such authority will include (1) a completed, signed and approved Appoint a Personal Representative form; (2) a notarized power of attorney for health care purposes; (3) a court-appointed conservator or guardian; or, (4) for a Spouse under this Plan, the absence of a Revoke a Personal Representative form on file with the Privacy Officer.

This Plan will automatically recognize your legal Spouse as your Personal Representative and vice versa, without you having to complete a form to Appoint a Personal Representative. However, you may request that the Plan not automatically honor your legal Spouse as your Personal Representative by completing a form to Revoke a Personal Representative (copy attached to this notice or also available from the Privacy Officer). If you wish to revoke your Spouse as your Personal Representative, please complete the Revoke a Personal Representative form and return it to the Privacy Officer and this will mean that this Plan will NOT automatically recognize your Spouse as your Personal Representative and vice versa.

The recognition of your Spouse as your Personal Representative (and vice versa) is for the use and disclosure of PHI under this Plan and is not intended to expand such designation beyond what is necessary for this Plan to comply with HIPAA privacy regulations.

You may obtain a form to Appoint a Personal Representative or Revoke a Personal Representative by contacting the Privacy Officer at their address listed on this Notice. The Plan retains discretion to deny access to your PHI to a Personal Representative to provide protection to those vulnerable people who depend on others to exercise their rights under these rules and who may be subject to abuse or neglect.

Because HIPAA regulations give adults certain rights and generally children age 18 and older are adults, if you have dependent children age 18 and older covered under the Plan, and the child wants you, as the parent(s), to be able to access their protected health information (PHI), that child will need to complete a form to Appoint a Personal Representative to designate you (the employee/retiree) and/or your Spouse as their Personal Representatives. This does not apply to Explanation of Benefits (EOB) sent to an employee for services provided to the child or a spouse

The Plan will consider a parent, guardian, or other person acting in loco parentis as the Personal Representative of an unemancipated minor (a child generally under age 18) unless the applicable law requires otherwise. In loco parentis may be further defined by state law, but in general it refers to a person who has been treated as a parent by the child and who has formed a meaningful parental relationship with the child for a substantial period of time. Spouses and unemancipated minors may, however, request that the Plan restrict PHI that goes to family members as described above under the section titled “Your Individual Privacy Rights.”

The Plan’s Duties

The Plan is required by law to maintain the privacy of your PHI and to provide you and your eligible dependents with Notice of its legal duties and privacy practices. The Plan is required to comply with the terms of this Notice. However, the Plan reserves the right to change its privacy practices and the terms of this Notice and to apply the changes to any PHI maintained by the Plan. In addition, the Plan may not (and does not) use your genetic information that is PHI for underwriting purposes.

Notice Distribution: The Notice will be provided to each person when they initially enroll for benefits in the Plan (the Notice is provided in the Plan’s Initial Enrollment material/packets). The Notice is also available on the Plan’s website: . The Notice will also be provided upon request. Once every three years the Plan will notify the individuals then covered by the Plan where to obtain a copy of the Notice. This Plan will satisfy the requirements of the HIPAA regulation by providing the Notice to the named insured (covered employee) of the Plan; however, you are encouraged to share this Notice with other family members covered under the Plan.

Notice Revisions: If a privacy practice of this Plan is changed affecting this Notice, a revised version of this Notice will be provided to you and all participants covered by the Plan at the time of the change. Any revised version of the Notice will be distributed within 60 days of the effective date of a material change to the uses and disclosures of PHI, your individual rights, the duties of the Plan or other privacy practices stated in this Notice. Material changes are changes to the uses and disclosures of PHI, an individual’s rights, the duties of the Plan or other privacy practices stated in the Privacy Notice.

Because our health plan posts its Notice on its web site, we will prominently post the revised Notice on that web site by the effective date of the material change to the Notice. We will also provide the revised notice, or information about the material change and how to obtain the revised Notice, in our next annual mailing to individuals covered by the Plan.

Disclosing Only the Minimum Necessary Protected Health Information

When using or disclosing PHI or when requesting PHI from another covered entity, the Plan will make reasonable efforts not to use, disclose or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request, taking into consideration practical and technological limitations. However, the minimum necessary standard will not apply in the following situations:

• Disclosures to or requests by a health care provider for treatment,
• Uses or disclosures made to you,
• Disclosures made to the Secretary of the U.S. Department of Health and Human Services in accordance with their enforcement activities under HIPAA,
• Uses of disclosures required by law, and
• Uses of disclosures required for the Plan’s compliance with the HIPAA privacy regulations.

This Notice does not apply to information that has been de-identified. De-identified information is information that does not identify you and there is no reasonable basis to believe that the information can be used to identify you.

As described in the amended Plan document, the Plan may share PHI with the Plan Sponsor for Plan administrative purposes, such as determining claims and appeals, performing quality assurance functions and auditing and monitoring the Plan. The Plan shares the minimum information necessary to accomplish these purposes.

In addition, the Plan may use or disclose “summary health information” to the Plan Sponsor for obtaining premium bids or modifying, amending or terminating the group health Plan. Summary health information means information that summarizes claims history, claims expenses or type of claims experienced by individuals for whom the Plan Sponsor has provided health benefits under a group health plan. Identifying information will be deleted from summary health information, in accordance with HIPAA.

Your Right to File a Complaint

If you believe that your privacy rights have been violated, you may file a complaint with the Plan in care of the Plan’s Privacy Officer, at the address listed on the first page of this Notice. Neither your employer nor the Plan will retaliate against you for filing a complaint.

You may also file a complaint (within 180 days of the date you know or should have known about an act or omission) with the Secretary of the U.S. Department of Health and Human Services by contacting their nearest office as listed in your telephone directory or at this website () or this website: or contact the Privacy Officer for more information about how to file a complaint.

If You Need More Information

If you have any questions regarding this Notice or the subjects addressed in it, you may contact the Plan’s Privacy Officer at the address listed on the first page of this Notice.

Notice of Privacy Practices: Appendix A

Effective February 16, 2026, this Appendix A (including the Addendum below) is added to and made a part of the SISC’s Notice of Privacy Practices.

Special Protections for Substance Use Disorder (SUD) Information

Federal law (42 CFR Part 2) provides special protections for the privacy of medical records related to SUD treatment. This notice describes how health information related to SUD treatment may be used and disclosed, your rights with respect to your SUD treatment information and how to file a complaint concerning a violation of the privacy or security of your SUD treatment information, or of your rights concerning your SUD treatment information.

There are limited circumstances where we may disclose this information without your consent:

• To Medical Personnel in a Medical Emergency: If you are experiencing a medical emergency, we may share information with medical personnel to the extent necessary to address the emergency.
• For Research: We may disclose de-identified SUD information for research purposes, provided the researcher meets specific federal requirements to protect your privacy.
• For Audit or Evaluation: Your SUD information may be disclosed to qualified personnel for audit or program evaluation purposes, but strict confidentiality protections apply.
• Under a Court Order: We may disclose SUD information in response to a court order accompanied by a subpoena or other similar legal mandate that meets strict legal requirements under 42 CFR Part 2. Records, or testimony relaying the content of such records, shall not be used or disclosed in any civil, administrative, criminal, or legislative proceedings against you unless based on specific written consent or a court order. If there is a court order, we will provide you with notice and an opportunity to object. A court order authorizing use or disclosure must be accompanied by a subpoena or other similar legal mandate compelling disclosure before the record is used or disclosed.
• For Reporting Child Abuse or Neglect: If we suspect child abuse or neglect, we are required by law to report it, which may include disclosing SUD information.
• To Report Crime on Premises or Against Personnel: If a crime is committed on our premises or against our personnel, we may disclose limited information to law enforcement.
• For Qualified Service Organizations (QSO): We may share information with organizations that provide services to us (like billing or record storage) if they sign an agreement to protect the confidentiality of your SUD information.

All other uses or disclosures of your SUD information require your specific written authorization.

Possibility of Re-Disclosure. You may provide a single consent to allow us to share information about you outside of our program for all future treatment, payment, and healthcare operations purposes. You may revoke the consent at any time in writing. Recipients who are required to protect your information as required by HIPAA may share your information only as allowed by HIPAA but Recipients who receive information under this Notice and are not regulated by HIPAA generally may use or redisclose such information without further limitation by the HIPAA Rules.

What are your rights regarding your SUD health information

You have certain additional rights to your SUD health information, which is as follows:

• Right to request restrictions of disclosures made with prior consent for purposes of treatment, payment, and health care operations. We will review your request but are not required to agree unless the request relates to sharing information with your insurance provider and your care has already been paid for by another source. If we agree to your request, we may still share your information where needed for emergency care or where required by law.
• Right to an accounting of disclosures of electronic records under this part for the past three years, and a right to an accounting of disclosures by an intermediary for the past three years.
• Right to obtain a paper or electronic copy of this notice from the SUD program upon request, and to discuss it with our Privacy Officer whose contact information is listed below if you have any questions

We are required by law to maintain the privacy of your records, to provide you with notice of our legal duties and privacy practices with respect to records, and to notify affected individuals of a breach. We are required to follow the terms of the notice currently in effect. If we make changes to how we manage your records, we will change our notice. You may request an updated copy of our notice or you may find the most recent notice in effect on our website.

You have the right to revoke your authorization at any time, in writing. Revoking your authorization will not apply to information already disclosed based on your previous authorization.

What can you do if you have a complaint?

If you believe that your privacy rights have been violated, you may file a complaint with the above Privacy Officer

PART 2 ADDENDUM TO THE NOTICE OF PRIVACY PRACTICES

(For Substance Use Disorder Treatment Records)

Substance Use Disorder Patient Records law (42 U.S.C. 290dd-2) and regulations (42 C.F.R. Part 2) ("Part 2") protect your substance use disorder treatment records, including the fact that you are enrolled in a Part 2 Program and any other information that would identify you as having or having had a substance use disorder (collectively, "Part 2 Records")

THE NOTICE AND THIS ADDENDUM DESCRIBE:

• HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
• YOUR RIGHTS WITH RESPECT TO YOUR HEALTH INFORMATION
• HOW TO FILE A COMPLAINT CONCERNING A VIOLATION OF THE PRIVACY OR SECURITY OF YOUR HEALTH INFORMATION, OR OF YOUR RIGHTS CONCERNING YOUR INFORMATION

YOU HAVE A RIGHT TO A COPY OF THE NOTICE AND THIS ADDENDUM (IN PAPER OR ELECTRONIC FORM).

HOW THE PART 2 PROGRAM MAY Use and Disclose Part 2 Records Without Your WRITTEN Consent:

We may use and disclose your Part 2 Records without your written consent under the following circumstances

• Medical Emergencies. We may disclose your Part 2 Records to medical personnel to the extent necessary to meet a bona fide medical emergency and (i) your prior written consent cannot be obtained; or (ii) we are closed and unable to provide services or obtain your prior written consent during a temporary state of emergency declared by a state or federal authority as the result of a natural or major disaster, until such time as we resume operations. We will obtain your consent prior to disclosing your information for non-emergency treatment. We may also disclose your Part 2 Records to medical personnel of the Food and Drug Administration (FDA) who assert (i) a reason to believe that your health may be threatened by an error in the manufacturer, labeling, or sale of a product under the FDA jurisdiction; and (ii) that your Part 2 Records will be used for the exclusive purpose of notifying you or your physicians of potential danger.
• Scientific Research. Under certain circumstances, we may use and disclose your Part 2 Records without your consent for scientific research purposes. Generally, we would first obtain your written consent; however, in certain circumstances, we may be permitted to use or disclose your Part 2 Records for research purposes without your consent to the extent permitted by HIPAA, the FDA and HHS regulations regarding the protection of human subjects.
• Audits and Program Evaluations. Under certain circumstances we may use or disclose your Part 2 Records in connection with a management or financial audit or a program evaluation. For example, in certain situations, we may disclose your identifying information to any federal, state, or local government agency that provides financial assistance to the Part 2 Program or is authorized by law to regulate the activities of the Part 2 Program. We may also disclose your identifying information to a third-party payer or health plan covering the services provided to you, a quality improvement organization (QIO) performing QIO review of the Part 2 Program or an entity with direct administrative control over the Part 2 Program.
• Public Health. We may disclose Part 2 Records to a public health authority for public health purposes. However, the contents of the information from the Part 2 Records disclosed will be de-identified in accordance with the requirements of the HIPAA regulations, such that there will be no reasonable basis to believe that the information can be used to identify you.
• Qualified Service Organizations (QSOs). We may share Part 2 Records with contractors who provide certain services to us or on our behalf. These contractors are called qualified service organizations or QSOs. Our QSOs are required to agree in writing to protect Part 2 Records.
• Crimes. We may disclose limited information to law enforcement to report a crime or threatened crime on our premises or against our personnel.
• Suspected Child Abuse and Neglect Reports. We may disclose information to the appropriate authorities to report suspected child abuse and neglect as required by state law.
• Adult Patients Who Lack Capacity and Deceased Patients. If an adult patient is adjudicated as lacking capacity or dies, we may disclose the patient's Part 2 Records with the consent of the patient's personal representative.
• Substantial Threat to Life or Well Being. We may disclose facts relevant to reducing a substantial threat to the life or physical well-being of a minor patient or any person to the personal representative of the minor patient if certain conditions are met.
• Vital Statistics. We may disclose patient identifying information relating to a patient's cause of death or death investigation under laws requiring the collection of death or other vital statistics or permitting inquiry into the cause of death.
• U.S. Department of Health and Human Services (HHS). We must disclose Part 2 Records to the Secretary of HHS if required for an investigation or to determine compliance with Part 2.
• Court Order with Legal Mandate. We may disclose Part 2 Records, or testimony relaying the content of such Part 2 Records, pursuant to a specific court order. Part 2 Records may only be used or disclosed based on a court order after notice and an opportunity to be heard is provided to you (the patient) and/or us (the record holder), if required by Part 2. The court order must also be accompanied by a subpoena or other similar legal mandate compelling disclosure before the Part 2 Record is used or disclosed.
• Fundraising. We may use or disclose your Part 2 Records to fundraise for the benefit of the Part 2 Program, but you have the right to opt-out of receiving fundraising communications from us, as noted in the Notice of Privacy Practices.
• Other Permissible Purposes. We may use or disclose Part 2 Records without your consent as otherwise permitted by Part 2.

We will only use or disclose your Part 2 Records without your written consent as described in this Addendum. To the extent other applicable law is more protective than Part 2, we comply with that law.

HOW THE PART 2 PROGRAM May Use and Disclose Part 2 Records with Your WRITTEN Consent:

The Part 2 Program may use and disclose your Part 2 Records with written consent that satisfies the requirements of Part 2 as follows:

• Treatment, Payment, and Healthcare Operations (TPO). We may use and disclose your Part 2 Records for TPO purposes, as described in the Notice of Privacy Practices, with your written consent. You may provide a single consent for all future TPO uses or disclosures. For example, you may give us permission to share your Part 2 Records with your treating providers and/or health plans for TPO purposes. Part 2 Records disclosed for TPO purposes to another Part 2 program or an individual/entity subject to the Health Insurance Portability and Accountability Act (HIPAA) pursuant to your consent may be further disclosed by that Part 2 program or individual/entity subject to HIPAA to the extent permitted by HIPAA, or if the Part 2 Program is not subject to HIPAA, to the extent permitted by your consent. However, your Part 2 Records cannot be used or disclosed in civil, criminal, administrative, or legislative proceedings against you without your written consent or a court order, as noted below.
• Central Registry or Withdrawal Management Program. We may disclose your Part 2 Records to a central registry or to any withdrawal management or treatment program with your written consent. For example, if you consent to participating in a drug treatment program, we can disclose your information to the program to coordinate care or to a central registry to avoid duplicate enrollment.
• Criminal Justice System. We may disclose information from your Part 2 Records to persons within the criminal justice system who made your participation in the Part 2 Program a condition of the disposition of any criminal proceeding against you with your written consent. The written consent must state that it is revocable upon the passage of a specified amount of time or the occurrence of a specified, ascertainable event. The time or occurrence upon which your consent becomes revocable may be no later than the final disposition of the conditional release or other action in connection with which written permission was given. For example, if you consent, we can inform a court-appointed officer, prosecutor or law enforcement about your treatment status as part of a legal agreement or sentencing conditions.
• Prescription Drug Monitoring Program. We may report any medication prescribed or dispensed by us to the applicable state prescription drug monitoring program (PDMP) if required by applicable state law. However, we will obtain your consent prior to reporting such information.
• Legal Proceeding Against a Patient. We will not use or disclose Part 2 Records, or testimony relaying the content of Part 2 Records, in any civil, administrative, criminal, or legislative proceeding against you unless such use or disclosure is pursuant to your specific written consent (separate from consent for any other use or disclosure) or a court order, as described above.
• Designated Person or Entities. We may use and disclose your Part 2 Records in accordance with your written consent to any other person or category of persons identified or generally designated in your consent. For example, if you consent to a disclosure of your Part 2 Records to your spouse or a healthcare provider, we will share your health information with them as outlined in your consent.

If you want to revoke (take back) your written consent to use or disclose your Part 2 Records, please send a written request to a Privacy Officer named above. Your revocation will not apply to the extent we already used or disclosed your Part 2 Records based on your consent.

PART 2 PROGRAM COMPLAINTS:

If you believe your rights under Part 2 or this Part 2 Program Addendum have been violated, you may file a complaint with the Part 2 Program and/or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

To file a complaint with the Part 2 Program, submit a written complaint to the above Privacy Officer

EFFECTIVE DATE: February 16,2026

Form to Revoke a Personal Representative

Annual Notice: Women’s Health and Cancer Rights Act (WHCRA)

Your group health plan, as required by the Women’s Health and Cancer Rights Act of 1998, provides benefits for mastectomy-related services including reconstruction and surgery to achieve symmetry between the breasts, prostheses, and complications resulting from a mastectomy (including lymphedema).

For more information call the Customer Service phone number on your ID card or the SISC Benefits department at 661-636-4410.

Where to Find a HIPAA Privacy Notice for Our Group Health Plan

HIPAA Privacy pertains to the following group health plan benefits sponsored by the Self-Insured Schools of California (SISC):

• medical PPO plan options including utilization management, prescription benefit management (PBM) and medical plan claims administration services,
• telemedicine program with MD live,
• self-funded dental PPO plan options,
• self-funded vision PPO plan options,
• Wellness program,
• Medicare Supplement program,
• COBRA administration,
• Health Flexible Spending Account (FSA) administration

You are provided with a complete HIPAA Privacy Notice when you enroll for these benefits. You can obtain another copy of the plan's HIPAA Privacy Notice by going to the SISC website at or you can write or call the SISC Benefits Department at P. O. Box 1847 Bakersfield, CA 93303-1847.

HIPAA Privacy Notices that pertain to the insured medical plan benefits can be obtained by contacting the insurance companies at the Customer Service phone number on your ID card.