Notice of Privacy Practices for Protected Health Information
Effective Date: November 16, 2022
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The purpose of this Notice of Privacy and Practices (NPP) for Protected Health Information (PHI) is to inform the patient of LynxDx Inc. legal duties and privacy practices regarding use and disclosure of PHI and to notify the patient in the event of a breach of their information.
This Notice of Privacy Practices is NOT an authorization. This Notice of Privacy Practices describes how LynxDx Inc., our Business Associates, and our Business Associates’ subcontractors, may use and disclose your protected health information (PHI) to carry out treatment, payment, or health care operations (TPO), and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information.
“Protected Health Information” is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or mental health condition and related health care services.
We are required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and other applicable laws to maintain the privacy of your health information, to provide individuals with this Notice of our legal duties and privacy practices with respect to such information, and to abide by the terms of this Notice. We are also required by law to notify affected individuals following a breach of their unsecured health information.
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
Your protected health information may be used and disclosed by your physician, our office staff, and others outside of our laboratory that are involved in your care and treatment for the purpose of providing health care services to you, to obtain payment for health care related services or to resolve billing issues, to support the operation of the laboratory, and any other use required by law.
We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party. For example, your protected health information may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you.
Your protected health information will be used, as needed, to obtain payment for your laboratory testing services. For example, obtaining approval for laboratory testing may require LynxDx to disclose protected health information to your health insurance carrier for payment
We may use or disclose your protected health information to support the business activities of the laboratory. These activities include, but are not limited to, quality assessment, employee review or training, and conducting or arranging for other business activities. We may use or disclose your protected health information, as necessary, to contact you to remind you of health-related benefits and services that may be of interest to you.
We may use or disclose your protected health information in the following situations, as allowable by law, without your authorization:
- To the individual
- Treatment, Payment, or Healthcare operations
- Disclosure to relatives and other caregivers if involved in patient care when the patient cannot consent themselves
- As required by law
- Public health activities
- Victims of abuse, neglect, or domestic violence
- Health oversight activities
- Judicial and administrative proceedings
- Law enforcement officials
- Organ and tissue procurement
- Clinical trials and other research activities (if de-identified)
- Serious Threat to Health and safety
- Specialized government functions
- Workers’ compensation
Under the law, we must also disclose your protected health information when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with requirements with portions of HIPAA.
USES AND DISCLOSURES THAT REQUIRE YOUR AUTHORIZATION
Other Permitted and Required Uses and Disclosures will be made only with your consent, authorization, or opportunity to object, unless required by law.
We may NOT use or disclose your protected health information in the following situations without your authorization:
- Marketing: We are expressly prohibited from using or disclosing your protected health information for marketing purposes.
- Sales: We may not sell your protected health information without your authorization.
- Research that requires PHI disclosure. Any research that involves the use of your personal information cannot be conducted without your prior authorization. Provided, however, if appropriate steps have been taken to remove/delete personal identifiers from the data set (de-linked and de-identified) and is done so in a manner compliant with HIPAA requirements, then prior authorization is not required.
You may revoke the authorization, at any time, in writing, except to the extent that your physician or the physician’s practice has taken an action in reliance on the use or disclosure indicated in the authorization.
The following are statements of your rights with respect to your protected health information.
Right to inspect and copy your protected health information (fees may apply)
Pursuant to your written request, you have the right to inspect or copy your protected health information whether in paper or electronic format. Under federal law, however, you may not inspect or copy the following records: information compiled in reasonable anticipation of, or used in, a civil, criminal, or administrative action or proceeding, protected health information restricted by law, information whose disclosure may result in harm or injury to you or to another person, or information that was obtained under a promise of confidentiality.
Right to request a restriction on the use and disclosure of your protected health information
You have the right to request for us not to use or disclose any part of your protected health information for the purposes of treatment, payment, or healthcare operations. You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices.
Your request must state the specific restriction requested and to whom you want the restriction to apply. Your physician is not required to agree to your requested restriction except if you request that the physician not disclose protected health information to your health plan with respect to healthcare for which you have paid in full out of pocket.
Right to request an alternative or confidential method of communication
You have the right to request confidential communication from us by alternative means or at an alternative location. You have the right to obtain a paper copy of this notice from us, upon request, even if you have agreed to accept this notice alternatively i.e., electronically.
Right to request an amendment/correction to your protected health information
If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
Right to receive an accounting of certain disclosures
You have the right to receive an accounting of disclosures, paper or electronic, except for disclosures: pursuant to an authorization, for purposes of treatment, payment, healthcare operations, required by law, or that occurred six years prior to the date of the request.
Right to receive notice of a breach
We will notify you if your unsecured protected health information has been breached.
Right to obtain a paper copy of this notice from us even if you have agreed to receive the notice electronically.
We will also make available copies of our new notice if you wish to obtain one and one will be posted on our website.
We are required by law to maintain the privacy of PHI, provide individuals with this notice of our legal duties and privacy practices with respect to PHI and notify individuals following a breach of unsecured PHI. We are also required to abide by the terms of the notice currently in effect.
We reserve the right to change the terms of this notice and we will notify you of such changes on our website.
You may file a complaint with LynxDx by notifying our Compliance Officer of your complaint. We will not retaliate against you for filing a complaint. You may also file a complaint to the Secretary of Health and Human Services if you believe your privacy rights have been violated by LynxDx.
If you have any questions in reference to this form, please ask to speak with our HIPAA Compliance Officer in person or by telephone at (734) 212-6561.