Notice of Privacy Practices


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires MDxHealth to protect the privacy of your protected health information (PHI), and to provide you with notice of our legal duties and privacy practices regarding PHI. Generally, protected health information is health information, including demographic information, collected from you or created or received by a health care Company, a health care clearinghouse, a health plan, or your employer on behalf of a group health plan, from which it is possible to individually identify you and that relates to:

(a) your past, present, or future physical or mental health or condition;

(b) the provision of health care to you; or

(c) the past, present, or future payment for the provision of health care to you.

We are required to notify affected individuals in the event of a breach involving unsecured protected health information. MDxHealth is committed to protecting the privacy of your PHI.

Your Rights Regarding PHI

Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:

Receive and Inspect PHI

You have a right to inspect the PHI about you that we have in our records, and to receive a copy of it. This right is limited to information about you that is kept in records that are used to make decisions about you. You also have the right to direct MDxHealth to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI.

If you want to review or receive a copy of these records, you must make the request in writing. We will respond to your request within 30 days. We may deny you access to certain information. If we do, we will inform you of the reason, in writing. We will also explain how you may appeal the decision.

Request Restrictions

You have the right to request that we limit how we use and disclose your PHI for treatment, payment, and health care operations activities or our disclosure of PHI to individuals involved in your care or payment for your care. Any request must be in writing and state the specific restriction requested and to whom you want the restriction to apply. You may not limit the uses and disclosures that we are legally required to make. If we agree to your request, MDxHealth will honor the restriction until you revoke it or we notify you.

Confidential Communications

You have the right to ask us to communicate with you at an alternative address or by alternative means (other than regular mail). For example, you can request that MDx Health, Inc. only contact you at work or by mail. MDxHealth will accommodate reasonable requests.

Request Amendment

You have the right to ask us to amend PHI about you which you believe is not correct, or not complete. You must make this request in writing, and give us the reason you believe the information is not correct or complete. We will respond to your request in writing within 60 days. If we approve your request, we will make the correction or addition to your PHI. If we deny your request, we will tell you why and explain your right to file a written statement of disagreement.

Accounting of Disclosures

You have a right to receive a list of certain instances (accounting) in which MDxHealth disclosed your PHI for purposes other than treatment, payment and health care operations as previously described in this Notice of Privacy Practices. You have the right to receive specific information regarding these disclosures that have occurred six years prior to the date you ask. The right to receive this information is subject to certain exceptions, restrictions and limitations. We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Obtain a Paper Copy or Electronic Copy of This Notice

You have the right to obtain a paper copy of this notice upon request, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose Someone to Act For You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.

Opt-Out of Fundraising Communications

If MDxHealth conducts or engages in fundraising communications, you shall have the right to opt-out of such fundraising communications.

Notified of a Breach

You have the right to be notified in the event that MDxHealth (or a Business Associate) commits or discovers a breach of unsecured protected health information.

Uses and Disclosures that Require Your Authorization

The following uses and disclosures will be made by MDxHealth only with your authorization:

  • uses and disclosures for marketing purposes, including subsidized treatment communications;
  • uses and disclosures that constitute the sale of PHI;
  • if MDxHealth maintains psychotherapy notes, the use and disclosure of such notes will only be made upon the authorization from you;
  • and other uses and disclosures not described in this Notice.


You may revoke your authorization at any time, so long as the revocation is in writing. Once we receive your written revocation, it will only be effective for future uses and disclosures. It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation.

How to Exercise Your Rights or File a Complaint

To exercise any of your rights described in this notice or if you have questions or comments regarding the MDxHealth Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact: privacyofficer@mdxhealth.com, call us at 866-259-5644 and ask for the MDxHealth HIPAA Privacy Officer, or send a written request to: HIPAA Privacy Officer, MDxHealth, 15279 Alton Parkway, Suite 100, Irvine, CA 92618. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services. MDxHealth will not take retaliatory action against you for filing a complaint about our privacy practices.

Changes to the MDxHealth Notice of Privacy Practices

MDxHealth reserves the right to make changes to this notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. MDxHealth is required to abide by the terms of our notice currently in effect. When changes are made, we will promptly update this notice and post the information on the MDxHealth website at mdxhealth.com. Please review this site periodically to ensure that you are aware of any such updates.