HIPAA Notice of Privacy Practices

This policy was last modified on April 20, 2015.

HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

GenomeDx Biosciences Inc. (“GenomeDx”) is committed to protecting the privacy of your personal information, laboratory test results and other protected health information. This Notice of Privacy Practices (this “Notice”) describes the privacy practices of GenomeDx, its employees and other personnel.
GenomeDx is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to maintain the privacy of health information about you (“Protected Health Information” or “PHI”) and to provide you with this Notice of our legal duties and privacy practices with respect to your Protected Health Information. We are also required by HIPAA to notify you in the event of a breach of your unsecured PHI.
This Notice describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. This Notice also describes your rights with respect to your protected health information. When we use or disclose your Protected Health Information, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).

USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION
Your Protected Health Information may be used and disclosed for treatment, payment, healthcare operations and other purposes permitted or required by law. We may use and disclose your Protected Health Information for the following purposes:

A. Treatment: GenomeDx may use or disclose your health information to provide and coordinate the treatment and series you receive. For example, we may use your Protected Health Information to perform our testing services and disclose your health information, including laboratory test results, to physicians involved in your care.

B. Payment: GenomeDx may use or disclose your health information to obtain payment for healthcare services we provide. For example, we will submit a claim to you or your health plan/insurer that discloses your information about the services we performed for you to receive payment for the services provided to you.

C. Healthcare Operations: GenomeDx may use and disclose your health information to monitor and support the operation of our laboratory. These activities include, for example, monitoring the quality of our testing services, reviewing the competence or qualifications of laboratory professionals, conducting training programs, performing accreditation, certification, licensing and credentialing activities and other administrative functions.
D. Personal Representatives: We may disclose Protected Health Information about you to your authorized personal representative, as defined by applicable law, or to an administrator, executor or other authorized person responsible for your estate.

E. Minors- Protected Health Information: As permitted by federal and state law, we may disclose Protected Health Information about minors to their parents or guardians.

F. Persons Involved in Your Care or Payment for Your Care: We may disclose your health information to a person involved in your care or payment for your care, such as a family member or close friend. We may use or disclose your Protected Health Information for disaster relief efforts or to notify a family member or close friend of your location or general condition. If you do not want us to use or disclose your Protected Health Information in these ways, you must notify our Privacy Office using the contact information at the end of this Notice.

G. Communications About Our Products and Services: We may use and disclose your Protected Health Information to contact you with information about treatment alternatives or other health related benefits, products and services that we believe might be of interest to you. You may contact our Privacy Officer to request that these materials not be sent to you.

H. Business Associates: There are some services provided by GenomeDx through contractual arrangements and we may disclose your Protected Health Information to such companies or individuals, known as “business associates”, who need your information to provide services to us. For example, we may use another company to perform billing services on our behalf. GenomeDx requires our business associates to protect the privacy of your health information.

I. As Required by Law: We must disclose your Protected Health Information when required to do so by any applicable federal, state or local law.

J. Food and Drug Administration (FDA): We may disclose to the FDA, or persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.

K. Worker’s Compensation: We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs established by law.

L. Public Health: As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
M. Law Enforcement: We may disclose your PHI for law enforcement purposes as permitted by law or in response to a valid subpoena or court order.

N. Health Oversight Activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.

O. Judicial and Administrative Proceedings: If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or by us to tell you about the request or to obtain an order protecting the information requested.

P. Research: We may disclose your PHI to researchers when their research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.

Q. Coroners, Medical Examiners, and Funeral Directors: We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties.

R. Organ or Tissue Procurement Organizations: Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.

S. Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.

T. Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of other individuals.

U. To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.

V. Military and Veterans: If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.

W. Specialized Government Functions: Under certain circumstances, we may disclose your PHI to units of the government with specialized functions such as the U.S. Military or the U.S. Department of State in response to requests as authorized by law.

X. Abuse or Neglect: We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.

Y. All Other Uses and Disclosures of Protected Health Information: We will ask for your written authorization before using or disclosing your Protected Health Information for any purpose not described above (or as otherwise permitted or required by law). You may revoke your authorization, in writing, at any time, except that a revocation will not affect any use or disclosures we have made in reliance on such authorization.

YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
You have the following rights with respect to your Protected Health Information. You may request a copy of our current Notice at any time from the Privacy Officer. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. To exercise any of the rights discussed herein, please contact our Privacy Office using the contact information provided at the end of this Notice.

1. Access to Protected Health Information.
You or your authorized or designated personal representative have the right to inspect and copy your Protected Health Information and billing information maintained by us. If permitted by state law, we may charge you a fee for the costs of copying, mailing and supplies that are necessary to fulfill your request. We may deny access to certain information for specific reasons, for example, if information has been compiled for use in a civil or criminal proceeding.

2. Restrictions on Uses and Disclosures.
You have the right to request restrictions on our use and disclosure of your Protected Health Information. While we will consider all requests for additional restrictions carefully, we are not required to agree to most requested restrictions. However, we must agree if you request that we limit the disclosure of your Protected Health Information to a health plan and:
i) The disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and
ii) The Protected Health Information pertains solely to a health care item or service for which someone other than the health plan has paid us in full.

3. Communications.
You have the right to request that we communicate with you about your Protected Health Information by alternative means or to an alternative address. Your request must be in writing and must specify the alternative means or location. We will accommodate reasonable requests for confidential communications.

4. Amend or Update Information.
If you feel the Protected Health Information or billing information we maintain about you is incomplete or contains an error, you may request that we correct or update your information. Your request must be in writing and must explain why the information should be corrected or updated. We may deny your request under certain circumstances. If we deny your request, we will provide you with a written explanation for the denial, to which you will have the opportunity to provide a written statement of disagreement.

5. Accounting of Disclosures.
You have the right to receive an accounting of the disclosures we have made of your PHI for purposes other than treatment, payment, healthcare operations, and certain other activities. The right to receive an accounting is subject to certain exceptions, restrictions, and limitations. You have the right to receive specific information regarding these disclosures provided they occur after April 14, 2003. To request an accounting, you must submit a request in writing to the Privacy Officer. Your request must specify the time period for which you would like an accounting, but this time period may not be longer than six years.

QUESTIONS, COMMENTS & COMPLAINTS
If you want more information about our privacy practices, or have general questions or concerns, please contact our Privacy Office using the contact information listed at the end of this Notice. If you are concerned that we may have violated your privacy rights, you may submit a complaint to our Privacy Office using the contact information listed below. You also may submit a written complaint to the U.S. Department of Health and Human Services. We support your right to the privacy of your health information. We will not retaliate against you in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

CHANGES TO OUR NOTICE OF PRIVACY PRACTICES
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. If we change this Notice, we may make the new terms effective for all Protected Health Information that we maintain, including any information created or received prior to issuing the new Notice.
If we make changes to this Notice, we will promptly post a copy of the updated Notice on our website at: www.Deciphertest.com; please review this website periodically to ensure that you are aware of any updates. You also may request a copy of the current Notice by contacting our Privacy Office using the contact information provided below.

CONTACT INFORMATION
When communicating with us regarding this Notice, our privacy practices or your rights with respect to our use and disclosure of your Protected Health Information, please use the following contact information:
GenomeDx Biosciences
Attention: Privacy Officer
10355 Science Center Drive, Suite 240
San Diego, CA 92121
privacyofficer@genomedx.com

EFFECTIVE DATE OF NOTICE: March 19, 2013
LAST REVISED: February 14, 2018