NOTICE OF PRIVACY PRACTICES
Innovative Diagnostic Laboratory (“IDL”) Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
IDL’s Notice of Privacy Practices
IDL and its subsidiaries and business units (collectively referred to as “IDL”) are committed to protecting the privacy of your identifiable health information. This information is known as “protected health information” (“PHI”). PHI includes things like requisition forms, laboratory test orders, test results and statements or invoices for the laboratory tests we provide.
IDL is required by law to protect your PHI. Upon written request, IDL is also required by law to provide you with a copy of this Privacy Notice which summarizes our legal obligations and privacy practices as well as your patient rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). We are required to follow the terms of the Privacy Notice currently in effect but reserve the right to change our privacy practices from time to time. If we make any material revisions to this Privacy Notice, we are required to notify you of the revisions and their effective date. IDL is also required to notify affected individuals if there is a breach of unencrypted PHI. A copy of the most recent Privacy Notice is on our website at www.myinnovativelab.com.
IDL’s Use and Disclosure of PHI
IDL can use your PHI for treatment, payment, or healthcare operations and for any other purpose permitted by law. Some of the uses and disclosures may be limited or restricted by state laws or other legal requirements, such as the Clinical Laboratory Improvement Amendments of 1988 (“CLIA”). IDL’s privacy and security policies and procedures require employees to protect your PHI in oral, written or electronic form. We do need your authorization to use or disclose your PHI if it is used for anything other than one of the following categories.
- Treatment. IDL uses your health information in performing tests ordered by physicians or other healthcare professionals. Your health information is disclosed to an authorized healthcare professional who has ordered tests and/or who needs access to your test results for treatment purposes.
- Payment. IDL will use and disclose your PHI for billing and payment purposes. IDL may disclose PHI to health plans or other payers to determine if you are enrolled with the payer, are eligible for health benefits, or to obtain payment for our test services.
- Health Care Operations. IDL may use and disclose your PHI in connection with performing a variety of business activities referred to as “health care operations.” These health care operations include, for example, performing quality checks on our tests and testing processes, conducting internal audits, arranging for legal services or developing reference ranges for our tests.
- Appointment Reminders, Treatment Alternatives and Health-Related Benefits and Services. In the course of providing treatment to you, we may use your health information to contact you with a reminder that you have an appointment for treatment or services. We may also use your health information to recommend possible treatment alternatives or health-related benefits and services, such as health promotion activities, disease awareness or case management that may be of interest to you.
- Business Associates. IDL may disclose your PHI to other companies or individuals that need the information to provide us with services. These other entities, referred to as “business associates”, are legally required to maintain the security and privacy of PHI. For example, your PHI may be shared with a billing company or collection agency to obtain payment when necessary.
- Family Members, Relatives or Close Friends Involved in You Care. Unless you object, we may share your health information with your family members’ relatives or close personal friends identified by you as being involved in your treatment or payment for your medical care. If you are not present to agree or object, we may exercise our professional judgment to determine whether the disclosure is in your best interest. We may also notify a family members, personal representative, or another person responsible for our care about your location and general condition.
- As Required By Law. IDL may use and disclose your PHI as required by applicable law.
- Law Enforcement and Legal Proceedings. IDL may disclose PHI to law enforcement officials in response to a warrant, investigative demand or similar legal process. PHI may also be disclosed to comply with a court or administrative order, a subpoena, or other legal process in the course of a judicial or administrative proceeding, only after efforts have been made to tell you about the request or to obtain an order of protection for the requested information.
- Research. IDL may use and disclose your health information to conduct research. However, IDL has protocols in place to ensure the privacy of your PHI and to ensure that it is needed for specific research projects. Your name or identity will not, however, be used publicly.
- Completely and Partially De-Identified Information. We may use and disclose your health information if we have removed any information that has the potential to identify you so that the health information is “completely de-identified.” We may also use and disclose “partially de-identified” health information about you for public health and research purposes, or for business operations, if the person who will receive the information signs an agreement to protect the privacy of the information as required by federal and state law. Partially de-identified health information will not contain any information that would directly identify you (such as your name, street address, social security number, phone number, fax number, electronic mail address, website address, or license number).
- Public Need. IDL may use your health information, and share it with others, to comply with the law or to meet important public needs that are described below:
- if required by law (e.g., statute, court order, subpoena, etc.);
- to authorized public health officials (or a foreign government agency collaborating with such officials) to carry out their public health activities;
- to government agencies authorized to conduct audits, investigations, and inspections, as well as civil, administrative or criminal investigations, proceedings, or actions, including those agencies that monitor programs such as Medicare and Medicaid;
- to a person or company that is regulated by the Food and Drug Administration for: (i) reporting or tracking product defects or problems, (ii) repairing, replacing, or recalling defective or dangerous products, or (iii) monitoring the performance of a product after it has been approved for use by the general public;
- to the extent necessary to comply with workers’ compensation or other programs established by law that provide benefits for work-related injuries or illness without regard to fraud;
- to a family member, friend, or anyone you have identified as needing the information to be involved in your care or for payment related to your care; and
- in the unfortunate event of your death, to funeral directors to carry out their duties, to coroners or medical examiners to determine the cause of death, for example.
- Marketing. We may not use your health information or share it with others outside of IDL for marketing purposes without your prior authorization. Marketing is a communication about a product or service that encourages recipients of the communication to purchase or use the product or service. However, we may inform you about products or services during face-to-face communications with you without your authorization, including providing related written materials to you.
- State Law. Please note that when state law is more restrictive than federal law, IDL will follow the more restrictive state law requirements.
Your Rights to Access and Control Your Health Information
1. Receive Test Information. You have the right to inspect and obtain a copy of your laboratory test results unless the information is (i) compiled in anticipation of, or for use in, a civil, criminal, or administrative proceeding; or (ii) with some exceptions, the information is subject to CLIA. If IDL uses or maintains an electronic health record (“HER”) for you, you have the right to obtain a copy of your EHR in the form and format you request if the information is readily producible in that format, or, if not, a mutually agreeable alternative readable electronic format. You also have the right to direct IDL to send a copy of your EHR to a third party you clearly designate.
A written request to obtain a copy of your laboratory test results must include: (i) the desired form or format of access; (ii) a description of the specific test(s) to which the request applies; and (iii) appropriate contact information. If you would like to access test results, please send your written request to the Privacy Officer at the address listed on the last page of this Privacy Notice.
2. Amend Your Health Information. If you believe IDL has health information about you that is incorrect or incomplete, you may request in writing that we correct the information. Your written request should be sent to the address listed on the last page of this Privacy Notice. However, we may deny the request. For example, if we determine the PHI is accurate, your request will be denied and you will be provided with a written explanation of the reason for the denial and additional information regarding further actions you can take.
3. Receive an Accounting of Disclosures. You have the right to receive a list of certain disclosures of your PHI that were made by IDL and our business associates within the past six (6) years from the date of the written request. Under the law, this does not include disclosures made for purposes of treatment, payment or healthcare operations or certain other purposes. You may request such information for the six-year period prior to the date of your request. If you would like to receive an accounting of disclosures, please write to the address listed on the last page of this Privacy Notice.
4. Request Additional Privacy Protections. You have the right to request that IDL agree to restrictions on certain uses and disclosures of your PHI. IDL is not required to agree to your request, except for requests to limit disclosure to your health plan for purposes of payment or healthcare operations when you have paid IDL for the test out-of-pocket and in full and when the uses or disclosures are not required by law.
5. Request Confidential Communications. You have the right to request that we communicate with you about your health information by alternative means. If you wish to receive confidential communications in an alternative form or format, please submit a written request to the address listed below. A written request for confidential communications should include how or where you wish to be contacted. IDL will try to accommodate all reasonable requests.
6. Receive a Breach Notification. IDL is required by law to notify you if it discovers that a breach of unsecured PHI has occurred unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised. You will be notified without unreasonable delay and no later than sixty (60) days after discovery of the breach. The notification will include information about what happened and what can be done to mitigate the harm.
Copy of this Privacy Notice
You have the right to obtain a paper copy of this Notice upon request to the address listed below or by visiting IDL’s web site at www.myinnovativelab.com.
- Contact Information. If you have any questions about this Privacy Notice, you may contact the Privacy Officer by calling 1.855.420.7140 or at the following address:
Attention: Privacy Officer
8751 Park Central Drive, Suite 200
Richmond, VA 23227
- Complaints. If you are concerned that your privacy rights may have been violated, you may write to us, call using the contact information above, or use our dedicated hotline (http://www.hotline-services.com). You also have the right to file a complaint with the Secretary of the US Department of Health and Human Services, Office for Civil Rights. IDL will not retaliate against any individual for filing concerns in good faith.
- Amendments. IDL reserves the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that IDL maintains about you, including PHI created or received prior to the effective date of the Notice revision. This IDL Notice is displayed on our website and a copy is available upon request.
- Additional Rights. This Privacy Notice explains the rights you have with respect to your health information, including access and amendment rights, under federal law. Some state laws provide even greater rights, including more favorable access and amendment rights. To the extent the law in the state where you reside affords you greater rights than described in this Privacy Notice, we will comply with these laws.