GINA/PHI Notice

<h2 style="text-align: left;"><b>Authorization For Use and Disclosure of Protected Health Information</b></h2> **Last updated: July 28, 2025** The Bank of America, N.A. (“Company”) Wellness Programs (the “Programs”) are voluntary wellness programs available to eligible employees of the Company, along with their spouses, domestic partners and other adult dependents, participating in certain of the Company’s major medical plan options. Employees, spouses, domestic partners and other adult dependents participating in the Programs can earn financial incentives such as lower annual medical plan premium contributions. The Programs are administered according to federal rules permitting employer-sponsored wellness programs that seek to improve employee health or prevent disease, including the Americans with Disabilities Act of 1990, the Genetic Information Nondiscrimination Act of 2008, and the Health Insurance Portability and Accountability Act, as applicable, among others. To the extent applicable, by checking the box that prompted me to review this authorization form, I understand and agree that I am requesting to voluntarily participate in Programs that may include the following: * *Health Risk Assessment.* This type of assessment may ask questions about your health-related activities and behaviors and whether you have or have had certain medical conditions (e.g., cancer or heart disease). This data from this assessment will be used to recommend specific Programs to you as well as to provide information on how to manage current health conditions and potential risks. * *Health Screening.* This type of screening may include meeting with a healthcare professional to collect information such as your height, weight, waist circumference, blood pressure, A1C level, total cholesterol, and HDL cholesterol. Your results may be used to direct you to specific Programs to help you meet your health goals or to help you learn more about your current health conditions and potential risks. * *Phone and Chat-Based Coaching. *Certified health coaches and other trained staff will ask questions about your health, such as your health metrics, lifestyle, diagnoses and medications to learn about your wellbeing and goals. This information will be used to help you set and work towards your desired goals and to recommend specific Programs to you. You are not required to complete a health risk assessment or participate in any medical examination or screening. However, employees who choose to participate in some or all of the Programs may receive an incentive such as a wellness credit toward their annual medical plan premium from the Company. Although you are not required to participate in any of the Programs, only employees who do so will receive a wellness credit or other wellness incentive from the Company. If you are unable to participate in any of the Wellness Programs required to earn an incentive, you may be entitled to a reasonable accommodation or alternative standard by contacting the organization that is sponsoring the Program, Well. I understand that health information, which may include genetic information about me, such as manifestation of a disease or disorder in me or my family members, may be collected during my participation in the Programs as described in the notice. The information from any health risk assessment or health screening will be used to provide you with information to help you understand your current health and potential risks and may also be used to offer you services through the Programs. You also are encouraged to share your results or concerns with your own doctor. **Protection from Disclosure of Medical Information** We are required by law to maintain the privacy and security of your personally identifiable health information. Although the Programs and Company may use aggregate information it collects to design a program based on identified health risks in the workplace, the Programs will never disclose any of your personal information either publicly or to the employer, except as necessary to respond to a request from you for a reasonable accommodation needed to participate in the Programs, or as expressly permitted by law. Medical information that personally identifies you that is provided in connection with the Programs will not be provided to your supervisors or managers and may never be used to make decisions regarding your employment. Your health information will not be sold, exchanged, transferred, or otherwise disclosed except to the extent permitted by law to carry out specific activities related to the Programs, and you will not be asked or required to waive the confidentiality of your health information as a condition of participating in the Programs or receiving an incentive. Anyone who receives your information for purposes of providing you services as part of the Programs will abide by the same confidentiality requirements. The only individual(s) who will receive your personally identifiable health information are trained and qualified user support personnel, in order to provide you with services under the Programs. In addition, all medical information obtained through the Programs will be maintained separate from your personnel records, information stored electronically will be encrypted, and no information you provide as part of the Programs will be used in making any employment decision. Appropriate precautions will be taken to avoid any data breach, and in the event a data breach occurs involving information you provide in connection with the Programs, we will notify you immediately. You may not be discriminated against in employment because of the medical information you provide as part of participating in the Programs, nor may you be subjected to retaliation if you choose not to participate. If you have questions or concerns regarding this notice, or about protections against discrimination and retaliation, please contact Well Member Services by calling 844-939-5100 (in the US) or by sending an email to BofA.MyWellness@wellsupport.co . I acknowledge that I have received a complete description of the Wellness Programs from the Company, that materials describing the Programs are available in the [2021 Bank of America Health & Insurance Summary Plan Description](http://sharepoint4.bankofamerica.com/sites/ECComms/ECComms/Regulatory/SPDs/2021%20HandI%20SPD_Online_Final.pdf) (and any subsequent Summary of Material Modifications) available on [HR Connect](https://hrconnect.bankofamerica.com/portal/site/hrc15010092/menuitem.6d6e06fef3a2b6b71a46b3d521e3abba/?vgnextoid=277b36344ff4e410VgnVCM100000773925a5RCRD&vgnextrefresh=1#tab-ci:f13a3988c0cdf410VgnVCM10000096c8ab9eRCRD), and that I agree to the terms of the Wellness Programs as described to me therein. I have received a notice from the Company regarding my rights under the Americans with Disabilities Act of 1990, the Genetic Information Nondiscrimination Act of 2008, and the Health Insurance Portability and Accountability Act. **Spouses/Domestic Partners/Other Adult Dependents** As applicable, a spouse, partner, or other adult dependent of a Bank of America employee, by agreeing to this Authorization For Use and Disclosure of Protected Health Information, I, the spouse/domestic partner/other adult dependent of a Company employee, am requesting to participate in the Programs, which as described above, may include a health risk assessment and health screening. I acknowledge that I have received a complete description of the Wellness Programs from the Company, and that I agree to the terms of the Wellness Programs as described to me therein. I have received a notice from the Company regarding my rights under the Americans with Disabilities Act of 1990, the Genetic Information Nondiscrimination Act of 2008, and the Health Insurance Portability and Accountability Act. I understand that health information, which may include genetic information about me, such as manifestation of a disease or disorder in me or my family members, may be collected during my participation in the Programs as described in the notice. I understand that this health information will be used to provide me with results and follow-up information to help me understand my current health and potential health risks, and in some cases may also be used to offer me services through the Programs. I understand the Programs will not disclose my health information publicly, to the Company, or to the participant who is employed at the Company, except as expressly permitted by law. I understand my health information will not be sold, exchanged, transferred, or otherwise disclosed except to the extent permitted by law to carry out specific activities related to the Programs, and I will not be asked or required to waive the confidentiality of my health information as a condition of participating in the Programs or for the participant who is employed at the Company to receive a Program incentive. I understand that my health information may not be used by the Company in making an employment decision relating to the participant, and the participant will not be discriminated against or subject to retaliation by the Company if I decide not to participate in one or more components of the Programs or because of the health information I provide. **By agreeing to this Authorization For Use and Disclosure of Protected Health Information, I acknowledge that I am 18 years or older and have read, understand, and accept all of the information in this Form, and I knowingly and voluntarily authorize the collection and use of genetic and health information described above, related to the Programs.**