Notice of Privacy Practices under HIPPA
THIS NOTICE DESCRIBES HOW MEDICAL OR OTHER PERSONAL HEALTH INFORMATION PROVIDED TO US ABOUT YOU MAY BE USED AND DISCLOSED BY AGENDIA AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This version of our Notice of Privacy Practices reflects changes in recent data protection laws. When we refer to “AGENDA” we mean the Agendia entity including Agendia NV and Agendia Inc. that acts as the processor of your information, as explained in detail in the sections below.
We have locations in the United States and in the Netherlands. If you are an EU citizen, please see our EU Privacy Notice.
If you have any questions or wish to make a request in relation to your information, please contact us at:
Irvine, California 92618
‘ Protected Health Information’ means any information, whether in oral, electronic or paper form, which we create or receive that relates to your physical or mental health, the delivery of health care services to you, or payment of health care services, and that identifies you or could be used to identify you.
‘ Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available alignment or combination, restriction, erasure or destruction.
‘ Customer data’ means any information created by an authorized user of services or software under contract, for which the Customer is the controller and Agendia is the processor.
‘ Other information’ means information provided by individuals when interacting with agendia.com website and information maintained by Agendia for marketing and communication purposes (e.g., contact databases, email lists).
‘ Data Controller’ means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data.
Data Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Protecting Your Privacy.
We are required by law to maintain the privacy and security of your Protected Health Information or PHI. We adhere to stringent standards designed to safeguard PHI against accidental or unauthorized access or disclosure. We have taken reasonable steps to ensure the integrity and confidentiality of your PHI.
Your Health Information. Your Rights. Our Responsibilities.
We are required by law to (1) make sure that your information is kept private; (2) provide you this Notice of our legal responsibilities and privacy practices with respect to your PHI; and (3) comply with the currently effective terms of this Notice.
How We Collect Your Information?
We collect information about you indirectly – when your family physician, hospital physician or other health care provider sends your information and asks us to do tests.
The information we collect will be sent to us by email, fax, web portal and phone and stored on computer and electronic systems.
The information includes Personal Data:
- Basic details about you, such as address, date of birth, NHS number and next of kin.
As well as Sensitive Personal Data:
- Notes and reports about your health care
- Results of laboratory tests
Agendia is acting as a Data Processor on behalf of your health care provider who is the Data Controller. We will only process personal and sensitive personal data as instructed by your health care provider.
Our Uses and Disclosures of Your Information.
We may use or share your Information in the following ways:
For Treatment: We may use and disclose your information to provide, coordinate or manage your health care treatment and related services. For example, we may disclose information about you to Agendia’s personnel, as well as to your health care providers who are involved in your care. Your information may be provided to a health care professional to whom you have been referred to ensure that the health care provider has appropriate information regarding your previous treatments and diagnoses.
For Health Care Operations: We may use or disclose your information to improve Agendia’s laboratory operations for administrative and quality assurance purposes. For example, we may disclose your information to conduct quality assessment and improvement activities; to review the qualifications and performance of health care providers; training and perform accreditation, certification or licensing activities; and managing Agendia’s business and performing general administrative activities.
For Payment: We may use and disclose your information so that the services you receive from us may be billed and payment may be collected from you, an insurance company or other entities. For example, we may disclose your information to your health plan for determinations of eligibility and coverage, to collect outstanding amounts, and to appeal any reimbursement denial.
We will not share your information with your insurance company or another third-party payer when you pay out-of-pocket for the testing services.
How Else Can We Share Your Health Information?
We are allowed or required to share your information in other ways, usually in ways that contribute to the public good, such as public health and research. We must meet many legally mandated conditions before we can share your PHI for these purposes:
Individuals Involved in Your Care or Payment for Your Care: We may release information about you to an authorized representative who is involved in your medical care or who helps to pay for your care. In addition, we may disclose information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status or location. You have the right to object to such disclosure, unless you are unable to function or there is an emergency.
Public Health and Safety Issues: We may disclose information about you for public health activities, including to prevent or control disease; reporting adverse reactions to medications; preventing or reducing a serious threat to someone’s health or safety; or reporting suspected abuse, neglect, or domestic violence. We may disclose necessary information about you to law enforcement, to family members, or to others if we believe that you may present a danger to yourself or others. We may warn others to prevent or lessen serious threat to you or to others.
Research: Under certain circumstances, we may use or disclose information about you for research purposes. For example, we may disclose information for use in a research project involving the effectiveness of certain medical procedures. In some cases, we might disclose information for research purposes without your knowledge or approval. Before we use or disclose information for any other research activity, one of the following will happen:
- A special process will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard your information; or
- The researcher will be provided only with information that does not identify you
Business Associates: We obtain some services provided through contracts with business associates in which information is disclosed. For example: we may use a third party for billing and collections, document destruction, software support and quality assurance. We may disclose your information to Agendia’s business associates so that the business associates can provide services to, or on behalf of, us. We require that any business associate who receive your information maintain the privacy and security safeguards your information.
Military: If you are a member of the armed forces, we may share information about you as required by military command authorities.
Legal Proceedings: We may disclose information about you in response to a court or administrative order, or in response to a subpoena.
To Avert a Serious Threat to Health or Safety: We may use and disclose information about you when necessary to prevent a serious threat to your health or safety or the health or safety of the public.
Law Enforcement and Other Government Requests: We may disclose information about you for worker’s compensation claims; for law enforcement purposes or with a law enforcement official; with health oversight agencies for activities authorized by law; or with special government functions such as national security and presidential protective services.
Coroners and Medical Examiners: We may release information about you to a coroner or medical examiner which may be necessary, for example, to identify a deceased person or determine the cause of death.
About a Decedent: In the event of your death, disclosures about you (the decedent) can be made to family members or others involved in your care or payment for your care prior to your death unless inconsistent with your prior expressed preferences that are known to us. Disclosures may also be made to your personal representative.
As Required by Law: We will disclose information if federal, state or local laws require that we make these disclosures.
Uses and Disclosures of Information that Require Your Written Authorization.
Uses and disclosures of your information for purposes other than those referred to in the Notice will be made only with your written permission. You have the right to revoke such authorization in writing for any future uses and disclosures. However, it will not stop any uses or disclosures that we have already made before you revoked your authorization.
The disclosure of your information is subject to your authorization if we receive financial remuneration from a third party whose product or service is the subject of the receipt of information. Financial remuneration consists of direct or indirect payment to us from, or on behalf of, the third party whose product is the subject of the information. We may obtain conditional or unconditional authorizations for research activities provided the authorization differentiates between those that are conditional and those that are unconditional.
We must obtain authorization from you for any use or disclosure of information for marketing, except if the communication is in the form of (1) face-to-face communication made by us to you; and 2) a promotional gift of nominal value provided by us.
Your Rights. Your Choices.
You have certain rights under HIPAA and federal privacy rules that implement HIPAA with respect to your health information:
Right to Request an Electronic or Paper Copy of your Completed Test Reports: You (or your authorized representative) may request a copy of your completed laboratory test report. We will try to provide a copy or a summary of your information usually within 30 days of your request. We may charge you a reasonable, cost- based fee. If you would like to make this request, please submit a written request to Agendia’s Customer Care department.
Right to Inspect and Copy: You have the right to inspect and copy your information maintained by us. Generally, this information includes health care and billing records. You do not have a right of access to (1) information prepared in anticipation of, or for use in, a civil, criminal, or administrative action; and (2) information maintained by us that is subject to the Clinical Laboratory Improvement Amendments of 1988 (“CLIA”), if access to the individual would be prohibited by law, or exempt from CLIA pursuant to 42 U.S.C. 493.3(a)(2). Under certain circumstances, you also do not have a right of access to information created or obtained during research involving treatment or received from someone other than a health care provider under a promise of confidentiality.
To inspect and/or obtain copies of your information maintained by us, you must submit your request in writing to Agendia’s Customer Care department. We may charge you a fee for the costs of copying, mailing or other expenses associated with complying with your request consistent with federal and state law. We may deny your request to inspect and copy your information for the reasons set forth above or under certain other circumstances. If you are denied access to your information other than for a reason stated above, you will receive a written denial. You may request that the denial be reviewed. Thereafter, a licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Amend Your Information: You may ask us to amend your information we have about you. You have the right to request an amendment for so long as the information is kept by or for us. To request an amendment to your information, your request must be made in writing and submitted to Agendia’s Customer Care department. You must provide a reason that supports your request. We will generally make a decision regarding your request for amendment within sixty (60) days after receipt of your request. If we deny your requested amendment, we will provide you with a written denial.
We have the right to deny your request for an amendment if it is not in writing or does not include a reason to support your request. We are not required to agree to your request if you ask us to amend information that was not created by us, unless the person or entity that created the information is no longer available to make the amendment; or is not part of the information kept by or for us; or is not part of the information which you would be permitted to inspect and copy; or is already accurate and complete.
Right to Request Confidential Communication: You have the right to request that we communicate with you about health care matters in a certain way or at a certain location. Your request must specify how or where you wish to be contacted. For example, you may ask that we use an alternative address for billing purposes. To request confidential communications, you must make your request in writing to Agendia’s Customer Care department. We will not ask you the reason for your request. We will accommodate all reasonable requests.
Right to Choose Someone to Act for You: You have the right to request that we transmit a copy of your information to another authorized representative. For example, if you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your information on your behalf. To do so, you must request this in writing, you must sign the request, and it must clearly identify the authorized representative and where to send the copy of the information.
Right to an Accounting of Disclosures: You have the right to request an accounting of Agendia’s disclosures of information about you. We do not have to list certain disclosures, such as those made pursuant to a prior authorization by you or for certain law enforcement purposes.
To request this list or accounting of such disclosures, your request must be submitted in writing to Agendia’s Customer Care department. Your request must state a time period, which may not be longer than six (6) years. Your request should also specify the format of the list you prefer (e.g., paper or electronic). The first list you request within a twelve (12) month period will be free of charge. For additional lists, we may charge you a reasonable, cost-based fee. We will notify you of the costs involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions on Use or Disclosure: You have the right to request that we restrict uses and/or disclosures of information about you (ask us to stop processing your information while you make inquiries or complaints) and to request that we restrict disclosures to an authorized representative or any person identified with your information directly relevant to that person’s involvement with your health care or payment related to your health care. To request restrictions, you must make your request in writing to Agendia’s Customer Care department. Your request must specify (1) what information you want to limit; (2) whether you want to limit Agendia’s use, disclosure, or both; and (3) to whom you want the limits to apply. We will document the restriction and maintain it in written or electronic form for a period of at least six (6) years from the date it was created or when it was last in effect, whichever is later.
However, we are not required to agree to your request to restrict the disclosure to a health plan if the disclosure is for carrying out payment or health care operations and is not otherwise required by law, and if the information pertains solely to a health care item or service for which you or a person other than a health plan on your behalf has paid us in full.
We cannot restrict disclosures required by law or requested by the federal government to determine if we are meeting Agendia’s privacy protection obligations. We are not required to agree to your request; however, if we do agree, we will comply with your request unless the information is needed to provide you emergency health care treatment.
Right to Obtain a Copy of this Notice: You have the right to a paper copy of this Notice. You may ask for a paper copy of this Notice at any time, even if you have agreed to receive the Notice electronically. To obtain a paper copy, you must make your request in writing to Agendia’s Customer Care department.
We will notify you in the event we become aware of a breach of your information. A breach is an acquisition, access, use or disclosure of information in a manner not permitted unless we are able to demonstrate that there is a low probability that the information has been compromised based on a risk assessment of at least the following factors: (1) the nature and extent of the information involved, including the types of identifiers and the likelihood of identification; (2) the unauthorized person who used the information or to whom the disclosure was made; (3) whether the information was actually acquired or viewed; and (4) the extent to which the risk to the information has been mitigated.
How to Contact Us or File a Complaint?
If you have questions or comments regarding our Notice of Privacy Practices, or have a complaint about our use or disclosures of your information or our privacy practices, please contact Customer Care toll-free in the United States at 888-321-2732 or 949-540-6300, or send a written request to: Customer Care, Agendia, 22 Morgan, Irvine, California 92618. To file a complaint with the Secretary of the Department of Health and Human Services (DHHS), you may file your complaint either in paper or electronically. You will not be penalized or retaliated against for filing a complaint.
Changes to Terms of this Notice.