ENGAGEMED COWORKER RECORDS CONFIDENTIALITY  POLICY Revised: 5/14/2025 EngageMED’s philosophy is to safeguard personal coworker information in its possession to ensure  the confidentiality of the information. Additionally, EngageMED will only collect personal information that is required to pursue its business operations and to comply with government reporting and  disclosure requirements. Personal coworker information is considered confidential and as such will be shared only as required  and with those who have a need to have access to such information. Personal information collected  by EngageMED includes, but is not limited to, coworker names, addresses, telephone numbers, e-mail  addresses, emergency contact information, equal employment opportunity (EEO) demographic data,  medical information, social security numbers, date of birth, employment eligibility data, benefits plan  enrollment information, which may include dependent personal information, and school/college or  certification credentials. Participants in EngageMED’s benefit plans should be aware that personal  information will be shared with plan providers as required for their claims handling or record keeping  needs. All hard copy records will be maintained in locked, secure areas with access limited to those who have  a need for such access. Personal coworker information maintained electronically will be safeguarded  by EngageMED, with access granted to those with a legitimate need. Certain records, such as I-9 forms  and medical records, will be maintained separate from general personnel records whether maintained  electronically or hard copy. If a coworker becomes aware of a material breach in maintaining the confidentiality of coworker  personal information, the coworker should report the incident to a representative of the People  Services Department. The People Services Department has the responsibility to investigate the incident  and take corrective action. Please be aware that a standard of reasonableness will apply in these  circumstances. Examples of the release of coworker information that will not be considered a breach  include the following: • Release of partial coworker birth dates, i.e., day and month is not considered confidential and  may be shared to recognize coworkers on such dates. • Personal telephone numbers or e-mail addresses may be distributed in order to facilitate  company work schedules or business operations. • Coworker identifier information used in salary or budget planning, review processes and for  timekeeping purposes will be shared. • Coworker’s company anniversary or service recognition information will be distributed  periodically