Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAYBE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires MDxHealth to protect the privacy of your protected health information (PHI), and to provide you with notice of our legal duties and privacy practices regarding PHI. PHI includes information that we have created, received, maintained, or transmitted regarding your health or payment for healthcare services you have received. It includes both your medical records and personal information such as your name, social security number, address, and phone number. We are required to notify affected individuals in the event of a breach involving unsecured protected health information. MDxHealth is committed to protecting the privacy of your PHI.
MDxHealth's Use and Disclosure of PHI
As permitted under HIPAA, the following categories explain the types of uses and disclosures of PHI that MDxHealth may make. Some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your health information will fall into one of the categories listed below. You may revoke this authorization, at any time, in writing, except to the extent that action has been taken in reliance on the authorization.
Treatment: MDxHealth may use and disclose your PHI for treatment purposes, including disclosure to provide, coordinate or manage your laboratory testing services and any other related activities. For example, we may disclose your health information to your providing physician with your laboratory test results.
Payment: MDxHealth may use or disclose your PHI as necessary to bill and collect payment for the services we provide to you. We will not use or disclose more information for payment purposes than is necessary.
Healthcare Operations: MDxHealth may use or disclose PHI, as needed, to support the business activities of our company. These activities include, but are not limited to, quality assessment and improvement activities, evaluate the quality of our laboratory testing, accuracy of results, accreditation, certification, licensing, and for MDxHealth's operation and management purposes.
Business Associates: MDxHealth may disclose PHI to its business associates to perform certain business functions or provide certain business services to MDxHealth. Whenever an arrangement between MDxHealth and a business associate involves the use or disclosure of your PHI, MDxHealth will have a written contract in place that will protect the privacy of your PHI.
Individuals involved in your care or payment for your care: Unless you object, MDxHealth may disclose to a member of your family, relative, a close friend or any other person you specifically identify, your PHI that directly relates to that persons involvement in your health care.
Disclosure for Legal Proceeding and Law Enforcement: Under certain circumstances, MDxHealth may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process. - MDxHealth may disclose PHI, so long as applicable legal requirements are met, for law enforcement purposes.
As required by law: MDxHealth must disclose your PHI if required to do so by federal, state, or local law. The use or disclosure will be made in compliance with law and will be limited to the relevant requirements of the law.
Research: MDxHealth may use and disclose PHI for research purposes. Any such information will be provided only with information that does not identify you directly. MDxHealth will not use or disclose any PHI unless appropriate protocols have been established to ensure the privacy of your PHI requested for such research activities.
Other Uses and Disclosures: As permitted by HIPAA, we may disclose your PHI to:
- Public Health Authorities
- Help With Public Safety Issues
- The Food and Drug Administration
- Health Oversight Agencies
- Military Command Authorities
- National Security and Intelligence Organizations
- Correctional Institutions
- Organ and Tissue Donation Organizations
- Coroners, Medical Examiners and Funeral Directors
- Workers Compensation Agents
- Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described below.
Your Rights Regarding PHI
Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:
Receive and Inspect PHI
You have a right to inspect the PHI about you that we have in our records, and to receive a copy of it. This right is limited to information about you that is kept in records that are used to make decisions about you. You also have the right to direct MDxHealth to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI.
If you want to review or receive a copy of these records, you must make the request in writing. We will respond to your request within 30 days. We may deny you access to certain information. If we do, we will inform you of the reason, in writing. We will also explain how you may appeal the decision.
You have the right to request that we limit how we use and disclose your PHI for treatment, payment, and health care operations activities or our disclosure of PHI to individuals involved in your care or payment for your care. Any request must be in writing and state the specific restriction requested and to whom you want the restriction to apply. You may not limit the uses and disclosures that we are legally required to make.
You have the right to ask us to communicate with you at an alternative address or by alternative means (other than regular mail). MDxHealth will accommodate reasonable requests.
Right to Request Amendment
You have the right to ask us to amend PHI about you which you believe is not correct, or not complete. You must make this request in writing, and give us the reason you believe the information is not correct or complete. We will respond to your request in writing within 60 days. If we approve your request, we will make the correction or addition to your PHI. If we deny your request, we will tell you why and explain your right to file a written statement of disagreement.
Accounting of Disclosures
You have a right to receive a list of certain instances (accounting) in which MDxHealth disclosed your PHI for purposes other than treatment, payment and health care operations as previously described in this Notice of Privacy Practices. You have the right to receive specific information regarding these disclosures that have occurred six years prior to the date you ask. The right to receive this information is subject to certain exceptions, restrictions and limitations. We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Obtain a Paper Copy or Electronic Copy of This Notice
You have the right to obtain a paper copy of this notice upon request, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose Someone to Act For You
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
How to Exercise Your Rights or File a Complaint
To exercise any of your rights described in this notice or if you have questions or comments regarding the MDxHealth Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact: firstname.lastname@example.org, call us at 866-259-5644 and ask for the MDxHealth HIPAA Privacy Officer, or send a written request to: HIPAA Privacy Officer, MDxHealth, 15279 Alton Parkway, Suite 100, Irvine, CA 92618. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services. MDxHealth will not take retaliatory action against you for filing a complaint about our privacy practices.
Changes to the MDxHealth Notice of Privacy Practices
MDxHealth reserves the right to make changes to this notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. MDxHealth is required to abide by the terms of our notice currently in effect. When changes are made, we will promptly update this notice and post the information on the MDxHealth website at www.mdxhealth.com. Please review this site periodically to ensure that you are aware of any such updates.
Effective Date of Notice: 10/5/2014