Consumer Health Data Privacy Statement
Last Updated: August 1, 2025
Pursuant to the Washington My Health My Data Act and the Nevada Consumer Health Privacy Law (collectively, the “Health Privacy Laws”), Carlsmed, Inc. (“we,” “us,” or “our”) is providing the following details regarding the categories of consumer health data that we collect, use, and share about Washington and Nevada consumers. This Consumer Health Data Privacy Statement (the “Privacy Statement”) supplements our Privacy Policy at https://carlsmed.com/privacy-policy.
Collection of Consumer Health Data
For purposes of this Privacy Statement, consumer health data means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status.
The consumer health data we may collect about you and share with third parties includes:
| Categories of Consumer Health Data We Collect | Categories of Third Parties with Whom We Share Consumer Health Data |
|---|---|
| Health conditions, treatment, diseases, or diagnosis, particularly related to spinal care | Your healthcare providers; our service providers |
| Social, psychological, behavioral, and medical interventions | Your healthcare providers; our service providers; governmental authorities where required by law |
| Health-related surgeries or procedures, such as spine surgery | Your healthcare providers; our service providers; governmental authorities where required by law |
| Bodily functions, symptoms, or measurements | Your healthcare providers; our service providers; governmental authorities where required by law |
| Diagnoses or diagnostic testing, or treatment | Your healthcare providers; our service providers; governmental authorities where required by law |
| Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies, such as the address where the surgical services were provided to you | Your healthcare providers; our service providers; healthcare insurance providers in order to obtain prior authorization for medical surgeries or procedures |
| Information that could identify your attempt to seek health care services | Your healthcare providers; our service providers; governmental authorities where required by law; healthcare insurance providers in order to obtain prior authorization for medical surgeries or procedures |
Sources of Consumer Health Data
We collect consumer health data from you and from your healthcare providers.
How We Use and Share Consumer Health Data
We collect, use, and share consumer health data to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including, for example: to design, improve, and maintain our products and services; market our products and services with your consent; conduct research under approved protocols, analytics, and data analysis; undertake quality and safety assurance measures; audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.
We may also use consumer health data and share it with a third party in the context of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). In certain circumstances, it may be necessary to provide consumer health data to other third parties, for example, to comply with applicable law or to protect the rights, safety or property of us, you, and others.
We do not “sell” Consumer Health Data, as defined in the Health Privacy Laws.
Individual Rights
If you are a Washington or Nevada consumer, you may make the following requests regarding your consumer health data, subject to applicable law and certain exceptions:
- Request to Know
You may request that we disclose:
• Whether we are collecting, sharing, or selling your consumer health data; and
• The third parties to whom we have shared or sold your consumer health data. - Request to Opt-out
You may request to opt-out of the collection, sharing, or sale of your consumer health data. - Request to Delete
You may request that we delete your consumer health data. - Request to Access
If you are a Washington consumer, you may request that we provide you with:
• The email address or other online mechanism you can use to contact the third parties with whom your consumer health data is shared or sold; and
• A copy of your consumer health data.
To make an Individual Rights request, please contact us at patientprivacy@carlsmed.com. We will verify and respond to your request consistent with applicable law. We may need to request additional information from you in order to verify your identity and protect against fraudulent requests. If you make a Request to Delete, we may ask you to confirm your request before we delete your consumer health data.
If we refuse to take action on your request, you may appeal this refusal by contacting us at patientprivacy@carlsmed.com.
Changes to This Privacy Statement
POL-016
