Private Health Information
To our ResearchDx, Inc (“ResearchDx”) Customer: This notice of Privacy Practices details how ResearchDx, its employees and volunteers may use and disclose your protected health information (PHI) for purposes of testing or treatment, health care operations, payment, and for other reasons that are allowed or required by law. ResearchDx believes in protecting the security and confidentiality of the information that we collect from you and about you.
Protected health information is defined as individually identifiable health information that is maintained or transmitted in any form. These rights and responsibilities are established once a client engages in a contract with ResearchDx and entities affiliated with, controlled by or under common control with it. The current affiliated entities are ResearchDx, Inc. dba Pacific Diagnostics and ResearchDx, Inc. dba Custom Diagnostics.
We are required by law to:
- Ensure that medical information that identifies you is kept private
- Provide this notice of privacy practices and legal obligations in regards to your medical information
- Follow the terms of this notice
How we may disclose your protected health information (PHI) as required by law:
As required by law — we will disclose medical information about you when required to do so by state, federal or local laws.
Health Oversight — we will disclose medical information as required by law to a health oversight entity for activities authorized by law such as investigations, inspections, audits or licensure. The government uses such activities to monitor government programs, health care systems, and civil rights laws.
For Serious Health and Safety Reasons — we will disclose medical information about you when we believe it is necessary to prevent a serious threat to your health and safety or the health and safety of someone else or the public. The disclosure would be made only to someone to help prevent the threat.
Public Health — we will disclose medical information about you for public health reporting as required by state and federal law such as:
- To prevent or control disease, injury or disability
- To report child abuse or neglect
- To report births and deaths
- To report reactions to medications or problems with products
- To notify people of recalls of products they may have used
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease
- To notify the correct governmental authority if we believe a patient has been the victim of abuse, neglect or domestic violence.
We will only make this disclosure if authorized by law or agreed to by you.
Law Enforcement — We will release medical information if asked to do so by a law enforcement official and if permitted by law in these instances:
- In response to a court order
- To identify or locate a suspect
- If required by state or federal law
- About the victim of a crime if under limited circumstances we are unable to obtain the person’s agreement
- About a death we believe may be the result of criminal conduct
- About criminal conduct on our business premises
- In emergency circumstances to report a crime, the location of the crime or victims or the identity, description or location of the person who committed the crime
Lawsuits and Disputes — we will disclose medical information about you when properly ordered to do so by a court
How we may use and disclose medical information about you.
The following categories will describe how we will use and disclose medical information:
For Treatment — We may use medical information about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, therapists, social workers, technicians, or another providers personnel who are involved in taking care of you. We may disclose medical information about you to people outside of our office, such as other health care providers and family members, clergy or others who are involved in your medical care for example, providing your doctor with your laboratory test results.
For Payment — We may use and disclose medical information about you in order that services you receive at ResearchDx or other health care providers from whom you receive treatment may be billed to and payment may be collected from you, and insurance company or a third party. For example, ResearchDx may provide protected health information to your healthcare plan in order to receive payment for our services.
For Health Care Operations — We may use or disclose your protected health information for health care operations purposes, such as to assess the quality and accuracy of our results, performance of our personnel in caring for you, accreditation purposes, or for ResearchDx’s operation and management purposes. We may also disclose your medical information to other health care providers or health care plans that are involved in your care for their health care operations.
For Appointment Reminders and Health Related Benefits and Services – We may use and disclose medical information to contact you as a reminder that you have an appointment for treatment or medical care.
- Business Associates — We may disclose protected health information to business associates that provide business services to ResearchDx. Every Business Associate must maintain the confidentiality of your protected health information. ResearchDx may also disclose PHI to business associates of your healthcare provider or health care plan at their request in order to perform certain business functions or services.
- Individuals Involved in Your Care or Payment for Your Care — We may release certain limited information about you to a friend or family member who is involved in your care or helps pay for your care. In addition, we may disclose medical information about you to an entity assisting in disaster relief so that your family can be notified about your condition, status and location. As allowed by federal and state laws we may disclose PHI of minors to their parents or legal guardians.
- Coroners, Medical Examiners and Funeral Directors — We may disclose your private health information to a coroner, medical examiner or funeral director in order to identify a deceased person, determine the cause of death, or for performing another duty authorized by law.
- Personal Representative — We may disclose protected health information to your personal representative, as established by law, or to an administrator, executor or other authorized individual associated with your estate.
- Research — Under certain circumstances we may use and disclose medical information about you for research purposes. All research projects must meet a special approval process which evaluates research project needs in balance with patient privacy needs. We will ask for your specific permission if any research personnel have access to your name, address, or other protected health information.
- Military and Veterans — If you are a member of the Armed Forces, we may release PHI about you as required by military command authorities. If you are foreign military, we may release medical information to the appropriate foreign military authority.
- Inmates — If you are an inmate of a correctional institution or in custody of law enforcement, we may release medical information about you to the correctional facility or the law enforcement official. This release could occur for the correctional institution to provide you with health care, to protect your health and safety or that of others, and for the safety and security of the correctional institution.
- National Security and Intelligence Activities — We may release PHI about you to authorized federal officials for intelligence, counterintelligence, or other national security activities authorized by law.
Your Rights Regarding Your Protected Health Information (PHI)
- You have a right to inspect and receive a copy of medical information that may be used to make a decision about your care. Copies may be electronic or paper.
- You have a right to amend PHI that we have about you that is incomplete or incorrect. To request an amendment, your request must be made in writing and submitted to our Privacy Officer at ResearchDx, 5 Mason, Irvine, CA 92618.
- You must provide a reason that supports your request. We may deny the request if you ask us to amend information that was not created by us, is not part of the medical information kept by our office, is not part of the information that you are permitted to inspect and copy, or is not accurate and complete.
- You have a right to an accounting of disclosures. There is a list of the disclosures of medical information we made about you. Your accounting of disclosures will not list certain uses and disclosures that are exempt from the accounting requirement by federal or state law. To request this list, you must submit in writing your request for the time period which cannot be longer than six years. Your request must specify electronic or paper and the first list will be free. Subsequent lists will require a charge for costs incurred which we will notify you of. You may withdraw your request at that time. Requests should be sent to our Privacy Officer at ResearchDx, 5 Mason, Irvine CA 92618.
- You have a right to receive a notice of a breach. We will give you written notice in the event we learn of an unauthorized use, acquisition or disclosure of your medical information that has not been properly secured by HIPAA. We will notify you no later than 60 days after the breach is discovered.
- You have a right to request restrictions or limitations on how we use or disclose your PHI. For instance, you can request a limit on the medical information disclosed about you to someone who is involved in your care or the payment of your care such as a family member or friend. We are not required to agree with certain requests. If we agree, we will comply with your request unless the information is needed for your emergency treatment. To request restrictions, in writing tell us what information to limit, whether you want to limit our use, disclosure or both, and to whom you want the limits to apply. Send the request to Privacy Officer, ResearchDx, 5 Mason, Irvine, CA 92618.
- You have a right to request confidential communications. You may request that we communicate with you about medical matters in a particular way or at a certain location. Your written request must be submitted to the Privacy Officer, ResearchDx, 5 Mason, Irvine CA 92618.
- You have a right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time, either electronically or a paper copy.
To receive a paper copy of this notice, write the Privacy Officer, ResearchDx, 5 Mason, Irvine CA 92618.
EU-U.S. Privacy Shield
- ResearchDx complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. ResearchDx has certified that it adheres to the EU-US Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability, and dispute resolution. To learn more about the Privacy Shield, please visit www.privacyshield.gov/.
- ResearchDx is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regard to ResearchDx’s compliance with the Privacy Shield.
- If you are in the EU or other applicable countries, we will inform you about the purposes for which we collect and use your medical information, the types of third parties, if any, to which ResearchDx discloses that information, and the choices and means, if any, that we offer you for limiting the use and disclosure of your medical information. Notice will be provided in clear and conspicuous language when you are first asked to provide medical information to ResearchDx, or as soon as practicable thereafter, and in any event before ResearchDx uses the information for a purpose other than that for which it was originally collected. If we receive medical information from our affiliates or other entities in the EU and other countries with which ResearchDx does business, we will use such information in accordance with the notices provided by such entities and the choices made by you. You have a right to choose (opt-out) whether your PHI is (a) to be disclosed to a third party (other than ResearchDx), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you.
- ResearchDx will obtain assurances from our third-party agents that they will safeguard Medical information consistent with this policy. If we have knowledge that an agent is using or disclosing medical information in a manner contrary to this policy, we will take reasonable steps to prevent or stop the use or disclosure.
- ResearchDx will use medical information about you only in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. We will take reasonable steps to ensure that medical information is relevant to its intended use, accurate, complete and current.
- ResearchDx will conduct compliance audits of our relevant privacy practices to verify adherence to this policy. Any employee that ResearchDx determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
- In compliance with the Privacy Shield Principles, ResearchDx commits to resolve complaints about our collection or use of your personal information. Any questions or concerns regarding the use or disclosure of medical information should be directed to ResearchDx at: ResearchDx, Inc. 5 Mason Irvine, CA. 92618 USA. E-mail: email@example.com
- ResearchDx will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of medical information in accordance with the principles contained in this policy within 45 days of receiving a complaint.
- ResearchDx has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
- Under certain circumstances, ResearchDx may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of medical information that ResearchDx transfers to them. Under certain circumstances, you may have the option to select binding arbitration for the resolution of your complaint.
Changes to This Notice
We reserve the right to change this notice at any time. We reserve the right to make the changed or revised notice effective for PHI we already have about you as well as any information that we may receive in the future. We will have on hand a current copy of the notice in our facility. The notice will contain on the first page in the lower right-hand corner the effective date.
If you believe your privacy rights have been violated, you may file a complaint in writing with HIPAA Privacy Officer or with the Secretary of the Department of Health and Human Services. Please call our Privacy Officer at 1-949-812-6902 prior to filing a complaint. You will not be penalized for filing a complaint.
Other Uses of Medical Information
Other uses and disclosures of medical information not covered by this notice or applicable laws will be made only with your written permission. If you provide your permission to use or disclose medical information about you, you may revoke that permission in writing at any time.
Questions & Comments
If you have any questions or comments about this notice of Privacy Practices, you may contact us at firstname.lastname@example.org.