NOTICE OF PRIVACY PRACTICES
Effective Date: June 2017
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (this “Notice”) will tell you about the ways in which Agendia protects, uses and discloses your protected health information (“PHI”) and required by Health Insurance Portability and Accountability Act of 1996 (HIPAA). This Notice also describes your rights and certain obligations we have regarding the use and disclosure of PHI.
Protected Health Information means any information, whether in oral, electronic or paper form, which we create or receive that relates to your physical or mental health, the delivery of health care services to you, or payment of health care services, and that identifies you or could be used to identify you. We maintain your PHI in records we create related to the services you receive from us. This Notice applies to all those records created, received or maintained by Agendia.
Your Information, Your Rights, Agendia’s Responsibilities
We are required by law to: make sure that PHI is kept private; give you this Notice of Agendia’s legal responsibilities and privacy practices with respect to your PHI; and comply with the currently effective terms of this Notice
Protecting Your Privacy
We take your privacy seriously and we want you to know how we collect, use, share and protect your information. We are required by law to maintain the privacy and security of your Protected Health Information. We adhere to stringent standards designed to safeguard PHI against accidental or unauthorized access or disclosure. We have taken reasonable steps to ensure the integrity and confidentiality of your PHI.
We understand that Protected Health Information is personal. As a certified laboratory under the Clinical Laboratory Improvement Amendment of 1988 (CLIA) and as a Covered Entity under HIPAA, in most situations, we have an indirect treatment relationship with you in that Agendia’s interaction is mainly with your health care provider ordering the test. Because we receive and maintain a record of your Protected Health Information for testing services, please be assured that we are committed to protecting your Protected Health Information.
Your Rights and How to Exercise Them
When it comes to your PHI, you have certain rights under HIPAA and federal privacy rules that implement HIPAA with respect to your PHI:
Right to Request an Electronic or Paper Copy of your Completed Test Reports: You (or your authorized representative) may request a copy of your completed laboratory test report. We will provide a copy or a summary of your PHI, usually within 30 days of your request. We may charge you a reasonable, cost- based fee. If you would like to make this request, please submit a written request to Agendia Privacy Officer.
Right to Inspect and Copy: You have the right to inspect and copy your PHI maintained by us. Generally, this information includes health care and billing records. You have the right to obtain electronic copies of your PHI. You do not have a right of access to (1) information prepared in anticipation of, or for use in, a civil, criminal, or administrative action; and (2) PHI maintained by us that is (a) subject to the Clinical Laboratory Improvement Amendments of 1988 (“CLIA”), if access to the individual would be prohibited by law, or (b) exempt from CLIA pursuant to 42 U.S.C. 493.3(a)(2). Under certain circumstances, you also do not have a right of access to information created or obtained in the course of research involving treatment or received from someone other than a health care provider under a promise of confidentiality.
To inspect and/or obtain copies of your PHI maintained by us, you must submit your request in writing to Agendia’s Privacy Officer. We may charge you a fee for the costs of copying, mailing or other expenses associated with complying with your request consistent with federal and state law. We may deny your request to inspect and copy your PHI for the reasons set forth above or under certain other circumstances. If you are denied access to PHI other than for a reason stated above, you will receive a written denial. You may request that the denial be reviewed. Thereafter, a licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Amend Your PHI: You may ask us to amend your PHI we have about you. You have the right to request an amendment for so long as the information is kept by or for us. To request an amendment to your PHI, your request must be made in writing and submitted to Agendia’s Privacy Officer. You must provide a reason that supports your request. We will generally make a decision regarding your request for amendment within sixty (60) days after receipt of your request. If we deny your requested amendment, we will provide you with a written denial.
We have the right to deny your request for an amendment if it is not in writing or does not include a reason to support your request. We are not required to agree to your request if you ask us to amend PHI that was not created by us, unless the person or entity that created the information is no longer available to make the amendment; or is not part of the PHI kept by or for us; or is not part of the PHI which you would be permitted to inspect and copy; or is already accurate and complete.
Right to Request Confidential Communication: You have the right to request that we communicate with you about health care matters in a certain way or at a certain location. Your request must specify how or where you wish to be contacted. For example, you may ask that we use an alternative address for billing purposes. To request confidential communications, you must make your request in writing to Agendia’s Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests.
Right to Choose Someone to Act for You: You have the right to request that we transmit a copy of your PHI to another person. For example, if you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your Protected Health Information on your behalf. To do so, you must request this in writing, you must sign the request, and it must clearly identify the designated person and where to send the copy of the PHI.
Right to an Accounting of Disclosures: You have the right to request an accounting of Agendia’s disclosures of PHI about you. We do not have to list certain disclosures, such as those made pursuant to a prior authorization by your or for certain law enforcement purposes.
To request this list or accounting of such disclosures, your request must be submitted in writing to Agendia’s Privacy Officer. Your request must state a time period, which may not be longer than six (6) years. Your request should also specify the format of the list you prefer (e.g., paper or electronic). The first list you request within a twelve (12) month period will be free of charge. For additional lists, we may charge you a reasonable, cost-based fee. We will notify you of the costs involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions on Use or Disclosure: You have the right to request that we restrict uses and/or disclosures of PHI about you to carry out treatment, payment, or Agendia’s health care operations, and also to request that we restrict disclosures to a family member, other relative or any person identified with your PHI directly relevant to that person’s involvement with your health care or payment related to your health care. To request restrictions, you must make your request in writing to Agendia’s Privacy Officer. Your request must specify (1) what PHI you want to limit; (2) whether you want to limit Agendia’s use, disclosure, or both; and (3) to whom you want the limits to apply. We may terminate Agendia’s agreement to the restriction if you verbally agree to the termination and it is documented, you request the termination in writing or we inform you that we are terminating Agendia’s agreement with respect to any information created or received after receipt of Agendia’s notice. We will document the restriction and maintain it in written or electronic form for a period of at least six (6) years from the date it was created or when it was last in effect, whichever is later.
However, we are not required to agree to your request to restrict the disclosure to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and if the PHI pertains solely to a health care item or service for which you or a person other than a health plan on your behalf has paid us in full.
We cannot restrict disclosures required by law or requested by the federal government to determine if we are meeting Agendia’s privacy protection obligations. We are not required to agree to your request; however, if we do agree, we will comply with your request unless the information is needed to provide you emergency health care treatment.
Right to Obtain a Copy of this Notice: You have the right to a paper copy of this Notice. You may ask for a paper copy of this Notice at any time, even if you have agreed to receive the Notice electronically. To obtain a paper copy, you must make your request in writing to Agendia’s Privacy Officer.
Agendia’s Uses and Disclosures of Your Protected Health Information
We typically use or share your Protected Health Information in the following ways:
For Treatment: We may use and disclose your PHI to provide, coordinate or manage your health care treatment and related services. For example, we may disclose PHI about you to Agendia’s personnel, as well as to your health care providers who are involved in your care. Your PHI may be provided to a health care professional to whom you have been referred so as to ensure that the health care provider has appropriate information regarding your previous treatments and diagnoses.
For Health Care Operations: We may use or disclose your PHI to improve Agendia’s laboratory operations for administrative and quality assurance purposes. For example, we may disclose your PHI to conduct quality assessment and improvement activities; to review the qualifications and performance of health care providers; training and perform accreditation, certification or licensing activities; and managing Agendia’s business and performing general administrative activities.
For Payment: We may use and disclose your PHI so that the services you receive from us may be billed and payment may be collected from you, an insurance company or other entities. For example, we may disclose your PHI to your health plan for determinations of eligibility and coverage, to collect outstanding amounts, and to appeal any reimbursement denial.
We will not share treatment information with your insurance company or another third party payer when you pay out-of-pocket for the treatment.
How Else Can We Share Your Protected Health Information?
We are allowed or required to share your PHI in other ways, usually in ways that contribute to the public good, such as public health and research. We have to meet many legally mandated conditions before we can share your PHI for these purposes:
Individuals Involved in You Care or Payment for Your Care: We may release PHI about you to a friend or family member who is involved in your medical care or who helps to pay for your care. In addition, we may disclose PHI about you to an entity assisting in a disaster relief effort so that you family can be notified about your condition, status or location. You have the right to object to such disclosure, unless you are unable to function or there is an emergency.
Public Health and Safety Issues: We may disclose PHI about you for public health activities, including to prevent or control disease; reporting adverse reactions to medications; preventing or reducing a serious threat to someone’s health or safety; or reporting suspected abuse, neglect, or domestic violence. We may disclose necessary information about you to law enforcement, to family members, or to others if we believe that you may present a serious danger to yourself or others. We may warn others in order to prevent or lessen serious threat to you or to others.
Research: Under certain circumstances, we may use or disclose PHI about you for research purposes. For example, we may disclose PHI for use in a research project involving the effectiveness of certain medical procedures. In some cases, we might disclose PHI for research purposes without your knowledge or approval. Limited data or records may be viewed by researchers to identify patients who may qualify for the research project or for other similar purposes, so long as the researchers do not remove or copy any of the PHI. Before we use or disclose PHI for any other research activity, one of the following will happen:
- A special process will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard PHI; or
- The researcher will be provided only with information that does not identify you directly.
Business Associates: We obtain some services provided through contracts with business associates in which PHI is disclosed. For example: we may use a third party for billing and collections, document destruction, software support and quality assurance. We may disclose your PHI to Agendia’s business associates so that the business associates can provide services to, or on behalf of, us. We require that any business associate who receive your PHI appropriately safeguards your PHI through a written Business Associate Agreement. The business associates are required to maintain the privacy and security safeguards of PHI. If Agendia’s business associates disclose the PHI to its own subcontractors, it must enter into a similar agreement with the subcontractor regarding your PHI as we have with them.
Military: If you are a member of the armed forces, we may share PHI about you as required by military command authorities.
Legal Proceedings: We will disclose PHI about you in response to a court or administrative order, or in response to a subpoena.
To Avert a Serious Threat to Health or Safety: We may use and disclose PHI about you when necessary to prevent a serious threat to your health or safety or the health or safety of the public.
Law Enforcement and Other Government Requests: We may disclose PHI about you for worker’s compensation claims; for law enforcement purposes or with a law enforcement official; with health oversight agencies for activities authorized by law; or with special government functions such as national security and presidential protective services.
Coroners and Medical Examiners: We may release PHI about you to a coroner or medical examiner which may be necessary, for example, to identify a deceased person or determine the cause of death.
About a Decedent: In the event of your death, disclosures about you (the decedent) can be made to family members or others involved in your care or payment for your care prior to your death unless inconsistent with you prior expressed preferences that are known to us. Disclosures may also be made to your personal representative.
As Required by Law: We will disclose PHI if federal, state or local laws require that we make these disclosures.
Uses and Disclosures of PHI that Require Your Written Authorization
Uses and disclosures of your PHI for purposes other than those referred to in the Notice will be made only with your written permission. You have the right to revoke such authorization in writing for any future uses and disclosures. However, it will not stop any uses or disclosures that we have already made before you revoked your authorization.
The disclosure of your PHI is subject to your authorization if we receive financial remuneration from a third party whose product or service is the subject of the receipt of PHI. Financial remuneration consists of direct or indirect payment to us from, or on behalf of, the third party whose product is the subject of the PHI. We may obtain conditional or unconditional authorizations for research activities provided the authorization differentiates between those that are conditional and those that are unconditional.
If we receive direct or indirect remuneration in exchange for the disclosure of PHI, e.g., sale of PHI, an authorization must be obtained from you.
We must obtain authorization from you for any use or disclosure of PHI for marketing, except if the communication is in the form of (1) face-to-face communication made by us to you; and (2) a promotional gift of nominal value provided by us.
Breach of Your Unsecured PHI
We will notify you in the event we become aware of a breach of your unsecured PHI. A breach is an acquisition, access, use or disclosure of PHI in a manner not permitted unless we are able to demonstrate that there is a low probability that the PHI has been compromised based on a risk assessment of at least the following factors: (1) the nature and extent of the PHI involved, including the types of identifiers and the likelihood of identification; (2) the unauthorized person who used the PHI or to whom the disclosure was made; (3) whether the PHI was actually acquired or viewed; and (4) the extent to which the risk to the PHI has been mitigated.
How to Contact Us or File a Complaint
If you have questions or comments regarding the Agendia Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact firstname.lastname@example.org, call us toll-free in the United States at 888-321-2732 or 949-540-6300 and ask for the Agendia Privacy Officer, or send a written request to: Privacy Officer, Agendia, 22 Morgan, Irvine, California 92618. To file a complaint with the Secretary of the Department of Health and Human Services (DHHS), you may file your complaint either in paper or electronically. You will not be penalized or retaliated against for filing a complaint.
Changes to the terms of this Notice
Agendia reserves the right to change this notice and privacy policies at any time, and the changes will apply to all Protected Health Information we have about you. When changes are made to Agendia’s Notice of Privacy Practices currently in effect, we will promptly, post a message on Agendia’s website at http://www.agendia.com.