Notice of Privacy Practices


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires MDxHealth to protect the privacy of your protected health information (PHI), and to provide you with notice of our legal duties and privacy practices regarding PHI. Generally, protected health information is health information, including demographic information, collected from you or created or received by a health care Company, a health care clearinghouse, a health plan, or your employer on behalf of a group health plan, from which it is possible to individually identify you and that relates to:

(a) your past, present, or future physical or mental health or condition; 

(b) the provision of health care to you; or 

(c) the past, present, or future payment for the provision of health care to you. 

We are required to notify affected individuals in the event of a breach involving unsecured protected health information. MDxHealth is committed to protecting the privacy of your PHI.

MDxHealth's Use and Disclosure of PHI

As permitted under HIPAA, the following categories explain the types of uses and disclosures of PHI that MDxHealth may make. Some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your health information will fall into one of the categories listed below.   You may revoke this authorization, at any time, in writing, except to the extent that action has been taken in reliance on the authorization.

  • Treatment: MDxHealth may use and disclose your PHI for treatment purposes, including disclosure to provide, coordinate or manage your laboratory testing services and any other related activities. For example, we may disclose your health information to your providing physician with your laboratory test results.
  • Payment: MDxHealth may use or disclose your PHI as necessary to bill and collect payment for the services we provide to you. We will not use or disclose more information for payment purposes than is necessary.  For example, MDxHealth, may tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.

Healthcare Operations: MDxHealth may use or disclose PHI, as needed, to support the business activities of our company.  These activities include, but are not limited to, quality assessment and improvement activities, evaluate the quality of our laboratory testing, accuracy of results, accreditation, certification, licensing, and for MDxHealth's operation and management purposes.

Business Associates: MDxHealth may disclose PHI to its business associates to perform certain business functions or provide certain business services to MDxHealth. Whenever an arrangement between MDxHealth and a business associate involves the use or disclosure of your PHI, MDxHealth will have a written contract in place that will protect the privacy of your PHI.Individuals involved in your care or payment for your care: Unless you object, MDxHealth may disclose to a member of your family, relative, a close friend or any other person you specifically identify, your PHI that directly relates to that persons involvement in your health care.

Disclosure for Legal Proceeding and Law Enforcement: Under certain circumstances, MDxHealth may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process. - MDxHealth may disclose PHI, so long as applicable legal requirements are met, for law enforcement purposes.

As required by law: MDxHealth must disclose your PHI if required to do so by federal, state, or local law.  The use or disclosure will be made in compliance with law and will be limited to the relevant requirements of the law.

Research: MDxHealth may use and disclose PHI for research purposes.  Any such information will be provided only with information that does not identify you directly. MDxHealth will not use or disclose any PHI unless appropriate protocols have been established to ensure the privacy of your PHI requested for such research activities.

Other Uses and Disclosures:  As permitted by HIPAA, we may disclose your PHI to:

  • Public Health Authorities
  • Help With Public Safety Issues
  • The Food and Drug Administration
  • Health Oversight Agencies
  • Military Command Authorities
  • National Security and Intelligence Organizations
  • Correctional Institutions
  • Organ and Tissue Donation Organizations
  • Coroners, Medical Examiners and Funeral Directors
  • Workers Compensation Agents
  • Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described below.

Your Rights Regarding PHI

Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:

Receive and Inspect PHI

You have a right to inspect the PHI about you that we have in our records, and to receive a copy of it. This right is limited to information about you that is kept in records that are used to make decisions about you.  You also have the right to direct MDxHealth to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI.

If you want to review or receive a copy of these records, you must make the request in writing.  We will respond to your request within 30 days. We may deny you access to certain information.  If we do, we will inform you of the reason, in writing.  We will also explain how you may appeal the decision.

Request Restrictions

You have the right to request that we limit how we use and disclose your PHI for treatment, payment, and health care operations activities or our disclosure of PHI to individuals involved in your care or payment for your care. Any request must be in writing and state the specific restriction requested and to whom you want the restriction to apply. You may not limit the uses and disclosures that we are legally required to make. If we agree to your request, MDxHealth will honor the restriction until you revoke it or we notify you.

Confidential Communications

You have the right to ask us to communicate with you at an alternative address or by alternative means (other than regular mail). For example, you can request that MDx Health, Inc. only contact you at work or by mail. MDxHealth will accommodate reasonable requests.

Request Amendment

You have the right to ask us to amend PHI about you which you believe is not correct, or not complete.  You must make this request in writing, and give us the reason you believe the information is not correct or complete.  We will respond to your request in writing within 60 days. If we approve your request, we will make the correction or addition to your PHI. If we deny your request, we will tell you why and explain your right to file a written statement of disagreement.

Accounting of Disclosures

You have a right to receive a list of certain instances (accounting) in which MDxHealth disclosed your PHI for purposes other than treatment, payment and health care operations as previously described in this Notice of Privacy Practices. You have the right to receive specific information regarding these disclosures that have occurred six years prior to the date you ask. The right to receive this information is subject to certain exceptions, restrictions and limitations.  We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Obtain a Paper Copy or Electronic Copy of This Notice

You have the right to obtain a paper copy of this notice upon request, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose Someone to Act For You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.

Opt-Out of Fundraising Communications

If MDxHealth conducts or engages in fundraising communications, you shall have the right to opt-out of such fundraising communications.

 Notified of a Breach. You have the right to be notified in the event that MDxHealth (or a Business Associate) commits or discovers a breach of unsecured protected health information.

Uses and Disclosures that Require Your Authorization

  • The following uses and disclosures will be made by MDxHealth only with your authorization: 
  • uses and disclosures for marketing purposes, including subsidized treatment communications; 
  • uses and disclosures that constitute the sale of PHI;
  • if MDxHealth maintains psychotherapy notes, the use and disclosure of such notes will only be made upon the authorization from you; and 
  • other uses and disclosures not described in this Notice. 

You may revoke your authorization at any time, so long as the revocation is in writing. Once we receive your written revocation, it will only be effective for future uses and disclosures. It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation.

How to Exercise Your Rights or File a Complaint

To exercise any of your rights described in this notice or if you have questions or comments regarding the MDxHealth Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact:, call us at 866-259-5644 and ask for the MDxHealth HIPAA Privacy Officer, or send a written request to: HIPAA Privacy Officer, MDxHealth, 15279 Alton Parkway, Suite 100, Irvine, CA 92618. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services. MDxHealth will not take retaliatory action against you for filing a complaint about our privacy practices.

Changes to the MDxHealth Notice of Privacy Practices

MDxHealth reserves the right to make changes to this notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. MDxHealth is required to abide by the terms of our notice currently in effect. When changes are made, we will promptly update this notice and post the information on the MDxHealth website at Please review this site periodically to ensure that you are aware of any such updates.