Effective Date of this Notice: March 28, 2018
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (“notice”) applies to Biotheranostics and each of its business units and subsidiaries, as applicable (collectively, “Biotheranostics”, “we”, “us”, or “our”)
Biotheranostics is a provider of laboratory testing services. In providing testing services, obtaining payment for these services, conducting healthcare operations, and other purposes permitted or required by law (“purposes”), we receive, create and disclose protected health information. This information is private and confidential. This notice describes information we collect, how we use that information, and when and to whom we may disclose it in the context of providing laboratory testing services. See our Website Privacy Statement regarding information we collect, use and disclose relating to our website.
Protected health information or PHI is information that can be used to identify you and relates to current, past or future information created or received by Biotheranostics from physicians, patients, health plans, government, private or commercial payors or other sources about patients for whom testing is ordered from Biotheranostics. It may indicate the physical condition of a patient, the provision of health care to that patient, or payment for the provision of health care to that patient.
Certain laws require Biotheranostics to maintain the privacy and security of PHI and to make available this notice of our legal duties, privacy practices and patient rights with respect to PHI. When we use or disclose PHI, we are required to abide by the terms of this notice (or other notice in effect at the time of the use or disclosure). In the event of a breach involving unsecured PHI, Biotheranostics is required to notify affected individuals as described below. This notice does not apply to non-diagnostic services that we may perform, such as clinical trials.
If you share this information or these test results with anyone, you are responsible for any compromise of confidentiality that may result from such sharing.
Biotheranostics collects the minimally necessary information for these purposes. This may include name, address, telephone number, social security number, date of birth, medical history, diagnosis, treatment, provider identification and treatment information, financial responsibility and payment information.
Biotheranostics creates, through its testing services, information to be used by a physician in the diagnosis of disease or condition or in the treatment of a disease or condition.
Access to PHI is restricted to those employees of Biotheranostics who need it in order to provide services to clients and patients and conduct business operations. While there can be no guarantee of privacy, Biotheranostics maintains physical, technical and procedural safeguards, including policies and procedures, to reasonably protect PHI against unauthorized use and disclosure. We have a Privacy Officer who is responsible for overseeing the development, implementation and enforcement of policies and procedures designed to safeguard PHI against inappropriate use and disclosure consistent with the applicable law and educating Biotheranostics personnel about this.
In the course of providing laboratory services, Biotheranostics uses PHI internally and discloses it to health care providers (doctors requesting services, laboratory personnel involved in ordering services and other caregivers), insurers, third party administrators, plan sponsors and other payors (employers, health care provider organizations and others who may be responsible for paying for or administering your health benefits); third-party service providers, vendors and consultants (business associates); government authorities; and their respective agents. They are required by law to keep PHI confidential. Some examples of what we do with the information we collect and the reasons it might be disclosed to third parties are described below.
We may use or disclose PHI with or without your consent to provide health care services. Examples of these uses and disclosures include:
Other activities permitted or required by law
We may use or disclose PHI for other important activities permitted or required by law, with or without your authorization. These include:
It is possible to request that we disclose PHI to people in ways not described above. To authorize us to disclose your protected health information to a person or organization or for reasons other than those described in the section above, see the “Copy of notice, questions or complaints” section below for contact information at the bottom of this page. If you make a special authorization and later change your mind about this, you may send a letter to us to let us know that you would like to revoke the special authorization at any time, except to the extent that action has been taken in reliance on the authorization. In any communication with us, please provide your name, address, patient identification number, and a telephone number where we can reach you in case we need to contact you about your request.
Subject to certain exceptions, the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively “HIPAA”), establishes the following patient rights with respect to PHI.
For more information, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
To exercise any of your rights described above, see the “Copy of notice, questions or complaints” section below for contact information. In some cases, a written request or completed form may be required. We will respond to requests in a timely manner.
If Biotheranostics enters into a business transaction, such as a merger, acquisition by another company, selling some or all of its assets, or bankruptcy, your personal information will, in most instances, be part of the assets transferred. We will require the acquiring company to comply with the material provisions of this notice, as amended from time to time.
We are required to provide notification to affected individuals if we discover a breach of unsecured PHI, unless a formal risk assessment demonstrates that there is a low probability that the PHI has been compromised. You will be notified without unreasonable delay within legally required timeframes after discovery of the breach. Such notification will include information about what happened and what can be done to mitigate any harm.
Our use and disclosure of PHI must comply not only with federal privacy regulations but also with applicable state law.
This notice is published on the Biotheranostics’ website at www.Biotheranostics.com/Privacy-Policy and is made available in printed form upon request. See the “Copy of notice, questions or complaints” section below for how you can make such a request.
We may change the terms of this notice at any time. If we change this notice, we may make the new notice terms effective for all PHI that we maintain, including any information created or received prior to issuing the new notice. If we change this notice, we will post the new notice on our Internet site at www.Biotheranostics.com. Please review this site periodically to ensure you are aware of any such update.
As a convenience, Biotheranostics may make available email addresses by which you can communicate with us. Please be advised that email is not a secure means of communication, therefore Biotheranostics cannot guarantee the secure transmission of any information that you send to us. This fact may also restrict our use of email in communicating any response to you – we will make every attempt to use alternate means of communicating anything that may be considered sensitive information.
If you would like to exercise any of your rights described above, request a paper copy of this notice, have questions about it, or believe its terms or any Biotheranostics privacy or security policy has been violated with respect to information about you, please let us know immediately by contacting us either by phone, mail or email as indicated below. Please provide your name, address, a telephone number where we can contact you, and a brief description of the request, question or complaint. If you prefer, you may lodge an anonymous complaint.
Biotheranostics, Inc. Privacy Officer
9620 Towne Center Drive, Suite 200
San Diego, CA 92121
Toll Free: 1-877-886-6739
You also may contact the Secretary of the Department of Health and Human Services, Office for Civil Rights (OCR) using one of the methods identified at www.hhs.gov/ocr/privacy/hipaa/complaints/ which include fax, email, electronically via the OCR Compliant Portal or mail to your regional HHS Office.
The U.S. Department of Health and Human Services
Office of Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free: 1-877-696-6775
Please provide as much information as possible so that the complaint can be properly investigated. Biotheranostics will not retaliate against a person who files a complaint with us or with the Secretary of the Department of Health and Human Services.