Notice of Privacy Practices

Effective January 1, 2021

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires mdxhealth to protect the privacy of your protected health information (PHI), and to provide you with notice of our legal duties and privacy practices regarding PHI. Generally, protected health information is health information, including demographic information, collected from you or created or received by a health care Company, a health care clearing house, a health plan, or your employer on behalf of a group health plan, from which it is possible to individually identify you and that relates to:

(a) your past, present, or future physical or mental health or condition;

(b) the provision of health care to you; or

(c) the past, present, or future payment for the provision of health care to you.

We are required to notify affected individuals in the event of a breach involving unsecured protected health information. Mdxhealth is committed to protecting the privacy of your PHI. If you have questions or comments regarding this Notice of Privacy Practices, please contact us.

Your Rights Regarding PHI

Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:

Receive and Inspect PHI

You have a right to inspect the PHI about you that we have in our records, and to receive a copy of it. This right is limited to information about you that is kept in records that are used to makedecisions about you. You also have the right to direct mdxhealth to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifiesthe designated person and where to send the copy of your PHI.

 If you want to review or receive a copy of these records, you must make the request in writing. We will respond to your request within 30 days. We may deny you access to certain information.If we do, we will inform you of the reason, in writing. We will also explain how you may appeal the decision.

Request Restrictions

You have the right to request that we limit how we use and disclose your PHI for treatment, payment, and health care operations activities or our disclosure of PHI to individuals involved in yourcare or payment for your care. Any request must be in writing and state the specific restriction requested and to whom you want the restriction to apply. You may not limit the uses anddisclosures that we are legally required to make. If we agree to your request, mdxhealth will honor the restriction until you revoke it or we notify you.

Confidential Communications

You have the right to ask us to communicate with you at an alternative address or by alternative means (other than regular mail). For example, you can request that mdxhealth, Inc. only contact you at work or by mail. Mdxhealth will accommodate reasonable requests.

Request Amendment

You have the right to ask us to amend PHI about you which you believe is not correct, or not complete. You must make this request in writing, and give us the reason you believe the information is not correct or complete. We will respond to your request in writing within 60 days. If we approve your request, we will make the correction or addition to your PHI. If wedeny your request, we will tell you why and explain your right to file a written statement of disagreement.

Accounting of Disclosures

You have a right to receive a list of certain instances (accounting) in which mdxhealth disclosed your PHI for purposes other than treatment, payment and health care operations aspreviously described in this Notice of Privacy Practices. You have the right to receive specific information regarding these disclosures that have occurred six years prior to the date you ask. The right to receive this information is subject to certain exceptions, restrictions and limitations. We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Obtain a Paper Copy or Electronic Copy of This Notice

You have the right to obtain a paper copy of this notice upon request, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose Someone to Act For You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.

Opt-Out of Fundraising Communications

If mdxhealth conducts or engages in fundraising communications, you shall have the right to opt-out of such fundraising communications.

Notified of a Breach

You have the right to be notified in the event that mdxhealth (or a Business Associate) commits or discovers a breach of unsecured protected health information.

Our Uses and Disclosures

How do we typically use or share your health information? We typically use or share your health information in the following ways:

Treat you

We can use your health information and share it with other professionals who are treating you.

Run our organization

We can use and share your health information to run our organization, improve your care, and contact you when necessary.

Bill your services

We can use and share your health information to bill and get payment from health plans or other entities.

Help with public health and safety issues

We can share health information about you for certain situations such as:

  • Preventing disease
  • Helping with product recalls
  • Reporting adverse reactions to medications
  • Reporting suspected abuse neglect or domestic violence
  • Preventing or reducing a serious threat to anyone’s health or safety
Do research

We can use or share your information for health research.

Comply with the law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Work with a medical examiner or funeral director

We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Respond to lawsuits and legal actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Address workers’ compensation, law enforcement, and other government requests

We can use or share health information about you: for workers’ compensation claims, law enforcement purposes or, with a law enforcement official, with health oversight agencies for activities authorized by law, special government functions such as military, national security, and presidential protective services.

Uses and Disclosures that Require Your Authorization

The following uses and disclosures will be made by mdxhealth only with your authorization:

  • uses and disclosures for marketing purposes, including subsidized treatment communications;
  • uses and disclosures that constitute the sale of PHI;
  • if mdxhealth maintains psychotherapy notes, the use and disclosure of such notes will only be made upon the authorization from you;
  • and other uses and disclosures not described in this Notice.

You may revoke your authorization at any time, so long as the revocation is in writing. Once we receive your written revocation, it will only be effective for future uses and disclosures. It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation.

How to Contact Mdxhealth

To exercise any of your rights described in this notice or if you have questions or comments regarding the mdxhealth Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact: privacyofficer@mdxhealth.com, call us at 866-259-5644 and ask for the mdxhealth HIPAA Privacy Officer, orsend a written request to: HIPAA Privacy Officer, mdxhealth, 15279 Alton Parkway, Suite 100, Irvine, CA 92618. You also may file a complaint with the Secretary of the U.S.Department of Health and Human Services Office for Civil Rights. Mdxhealth will not take retaliatory action against you for filing a complaint about our privacy practices.

Changes to the Mdxhealth Notice of Privacy Practices

Mdxhealth reserves the right to make changes to this notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. Mdxhealth is required to abide by the terms of our notice currently in effect. When changes are made, we will promptly update this notice and post the information on the mdxhealth website at mdxhealth.com. Please review this site periodically to ensure that you are aware of any such updates.