HIPAA Notice of Privacy Practices
This Notice of Privacy Practices (“Notice”) describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Doctor's Data, Incorporated and its wholly owned subsidiaries (collectively, “Doctor’s Data”) are committed to protecting the privacy of your personal and health information. At Doctor’s Data, we are committed to protecting the confidentiality of individuals’ laboratory test results and other patient protected health information (PHI) that we collect or create as part of our diagnostic testing activities.
We urge you to read this Notice carefully so that you will understand both our commitment to the privacy of your PHI, and how you can participate in that commitment. Should you have any questions about this Notice or our privacy practices, please call us at 1-800-323-2784, send an email to: firstname.lastname@example.org
, or write to us at the following address:
Doctor's Data, Inc.
Attention: Privacy Officer
3755 Illinois Avenue
St. Charles, Il 60174-2420
Doctor's Data and its employees are committed to obtaining, maintaining, using and disclosing patient PHI in a manner that protects patient privacy. We will only use or disclose the minimum amount of your PHI we consider necessary to perform a job or complete an activity. This Notice applies to all PHI that we maintain. Your doctor may have different notices regarding the use and disclosure of PHI created in your doctor's office.
Doctor’s Data is required by law to provide you with this Notice with respect to PHI, to maintain the privacy of PHI, to state the uses and disclosures of PHI that Doctor's Data may make, and to list the rights of individuals and our legal duties with respect to their PHI. This Notice describes the legal obligations imposed on Doctor’s Data by the Health Insurance Portability and Accountability Act of 1996, the American Recovery and Reinvestment Act of 2009 and accompanying regulations (the “Privacy Rules”) regarding your health information.
Your PHI at Doctor’s Data includes personal and medical information (such as your name, address, date of birth, test ordered, etc.) that we obtain from you, your physician, health plan or other sources. Your PHI also includes the laboratory testing results that we create. An example of PHI is as follows: Bob Smith, Date of Birth: 2/15/08, resides at 123 Main Street, Anytown, IL, cholesterol result of 516 mg/dL.
Doctor’s Data is required to abide by the terms of the Notice currently in effect. We reserve the right to change the terms of this Notice and to make the provisions of the new Notice effective for all PHI that we maintain. The current Notice will be displayed on our website and a copy is available upon request.
How We May Use and Disclose Your Protected Health Information
Your PHI will be used or disclosed for treatment, payment or healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed; however, all of the ways we use or disclose your PHI will fall into one of the categories listed below. For more information, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
If we wanted to use or disclose your PHI for other purposes, we would have to obtain your written authorization. You have the right to revoke your authorization at any time, except if we have already made a disclosure based on that authorization. We do not need your authorization or permission to use or disclose your PHI for the following purposes:
As a healthcare provider that provides laboratory testing for ordering physicians, Doctor's Data uses your PHI as part of our testing process and discloses your PHI to physicians and other authorized health care professionals who need access to your laboratory results to treat you. In addition to your treating physician, we may provide a specialist consulting physician with information about your results to further validate the results before release to your physician. Occasionally, we may contact you to arrange for a recollection of your specimens.
We will use your PHI in our billing departments and disclose your PHI to insurance companies, hospitals, physicians and health plans for payment purposes, or to third parties to assist us in creating bills, claim forms or getting paid for our services. For example, we may send your name, date of service, test performed, diagnosis code and other information to a health plan so that the plan will pay us for the services we provided. In some cases, we may have to contact you to obtain billing information or for other billing purposes. When required, we may use an outside collection agency to obtain payment.
FOR HEALTHCARE OPERATIONS
We may use or disclose your PHI in the course of activities necessary to support our healthcare operations, such as performing quality checks on our testing, for teaching purposes or for developing normal reference ranges for tests that we perform.
DISCLOSURES TO BUSINESS ASSOCIATES
Doctor’s Data may disclose your PHI to other companies or individuals who need your PHI in order to provide specific services to us. These other entities, known as “business associates,” must comply with the terms of a contract designed to ensure that they will maintain the privacy and security of the PHI we provide to them or which they create on our behalf. Our business associates must only use your PHI for designated treatment, payment, or health care operations purposes that they perform on our behalf. For example, we may disclose your PHI to temporary employees or to the College of American Pathologists (CAP) or other private accrediting organizations that inspect and certify the quality of our laboratories.
AS PERMITTED OR REQUIRED BY LAW
We may use or disclose your PHI for various public policy purposes that are authorized or required by federal or state law. For example, we are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services (“HHS”) upon request. We must provide you with copies of your PHI at your request, except where restricted or prohibited by state law. We will provide the information regarding your specific state to you upon request.
We may disclose your PHI when reporting results to public health departments as required by law, for example, blood lead levels. We may disclose your PHI for FDA reporting purposes.
When the appropriate conditions apply, we may use or disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
TO AVERT A SERIOUS THREAT TO HEALTH OR SAFETY
We may use or disclose your PHI when necessary to prevent a serious threat to your health and safety or that of another person or the general public. Any use or disclosure for this purpose would only be made to someone able to help prevent the threat. For example, we may disclose your PHI in an investigation regarding a physician's license.
We may disclose your PHI in connection with governmental oversight, licensure, auditing and other purposes. For example, governmental agencies periodically review our records to ensure that Doctor’s Data is complying with the rules of various regulatory and licensing agencies. HHS and State Health Departments are examples of agencies that oversee aspects of Doctor’s Data’s operations. Other agencies may audit our billing and laboratory records to verify that the health care was provided as claimed or that we were paid correctly.
JUDICIAL OR ADMINISTRATIVE PROCEEDINGS
We may disclose your PHI as required to comply with court orders, discovery requests or other legal process in the course of a judicial or administrative proceeding.
We may also disclose PHI for law enforcement purposes. For example, we may be required to release PHI as required by law or in compliance with a court order, judicial subpoena, court-ordered warrant, grand jury subpoena, administrative request, investigative demand or similar legal process, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information. We may release PHI for other law enforcement purposes, such as to identify or locate a suspect, fugitive, material witness or missing person.
SPECIALIZED GOVERNMENT FUNCTIONS
We may disclose your PHI for military and veterans activities, national security or intelligence purposes, or to correctional institutions, or to law enforcement officials having custody of an inmate.
We may disclose your PHI as necessary to comply with requirements of workers’ compensation or similar programs that provide benefits for work-related injuries or illness without regard to fault. For example, workers compensation programs may require that we provide the results of laboratory testing as part of the case file.
NOTE REGARDING STATE LAW
For all of the above purposes, in cases where state law is more restrictive than federal law, we are required to follow the more restrictive state law.
We May Contact You for Specific Reasons
Although we do not do so today, we may want to contact you in the future regarding health-related products or services that may be of interest to you.
Your Rights Concerning Privacy and Confidentiality
You or your authorized or designated personal representative have the right to inspect and copy your PHI. Doctor’s Data will deny access to certain information for specific reasons, for example, where state law prohibits such patient access. If your request is denied, you may request that the denial be reviewed.
You have the right to request amendments to your PHI if you think your health records or other information is incorrect or incomplete (but we are not required to make the requested amendments). If we do not make the requested amendment, we will provide a reason in writing within 60 days.
You have the right to receive a no-cost accounting of disclosures of your PHI that were made by Doctor’s Data (including the times we’ve shared your PHI, who we shared it with and why) for a period of up to six years prior to the date of your written request. Under the law, this accounting does not include disclosures made for purposes of treatment, payment, health care operations or certain other excluded purposes, but includes other types of disclosures, including disclosures for public health reporting or in response to a court order.
You have the right to ask us if we will agree to restrictions on certain uses and disclosures of your PHI, but we are not required to agree to your request.
You have the right to request that we send your PHI to an alternate address or to contact you in a specific way. We will consider all reasonable requests, and must say “yes” if you tell us you would be in danger if we do not.
NOTICE OF PRIVACY PRACTICES
You have the right to request a paper copy of this Notice. We will provide you with a paper copy of the Notice promptly, even if you have agreed to receive the Notice electronically.
POWER OF ATTORNEY AND LEGAL GUARDIANSHIP
If you have given someone medical or general power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. To the best of our ability, we will make sure the person has this authority and can act for you before we take any action.
If you believe your privacy rights have been violated, you have the right to register a complaint with Doctor’s Data or the Secretary of the U.S. Department of Health and Human Services. Doctor’s Data will not retaliate against any individual for filing a complaint. You may file a complaint by calling us at 1-800-323-2784, or by writing to us at the address located at the beginning of this Notice. You may file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, by calling 1-877-696-6775, by writing to 200 Independence Avenue, S.W., Washington, D.C. 20201, or by visiting www.hhs.gov/ocr/privacy/hipaa/complaints/
Your Choices Concerning Privacy and Confidentiality
For certain PHI, you can tell us your choices about what we share. If you have a clear preference for how we share your PHI in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
You have both the right and choice to tell us to share PHI with your family, close friends or others involved in payment for your care, and/or to share PHI in a disaster relief situation. If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your PHI if we believe it is in your best interest. We may also share your PHI when needed to lessen a serious and imminent threat to health or safety.
We never share your PHI, unless you give us written permission, for marketing purposes or with respect to the sale of your PHI.
HOW TO EXERCISE YOUR RIGHTS
Write to us with your specific written request and be sure to include sufficient information for us to identify all of your records. You may also contact us at 1-800-323-2784 to request an access form. Doctor’s Data will consider your request and provide you a response within a reasonable time frame. Should we deny your request, you have the right to ask for the denial to be reviewed by another healthcare professional designated by Doctor’s Data. For additional details, or for instructions regarding how to exercise these rights, call us at 1-800-323-2784.
You may request a copy of this Notice in electronic and/or paper form by calling 1-800-323-2784.
We are required by law to maintain the privacy and security of your PHI as described in this Notice. Doctor’s Data must notify you within 60 days of discovery of a breach. A breach occurs if unsecured PHI is acquired, used or disclosed in a manner that is impermissible under the Privacy Rules, unless there is a low probability that the PHI has been compromised.
How to Contact Us
If you have questions or concerns regarding the privacy or confidentiality of your PHI, or you wish to register a complaint, please contact us by writing to the address located at the beginning of this notice, by calling 1-800-323-2784, or by sending an email to email@example.com
Doctor's Data reserves the right to amend this Notice, at any time, to reflect changes in our privacy practices, and these changes will apply retroactively. Any such changes will be applicable to and effective for all PHI that we maintain including PHI we created or received prior to the effective date of the Notice revision.
Effective Date: March 1, 2018