Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU
MAY BE USED AND DISCLOSED AND HOW YOU MAY GAIN ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) directs health care providers, payers, and other health care entities to develop policies and procedures to ensure the security, integrity, privacy and authenticity of health information, and to safeguard access to and disclosure of health information. The federal government has privacy rules which require that we provide you with information on how we might use or disclose your identifiable health information This notice describes the way we may use and share your protected health information within EGL Genetic Diagnostics (EGL), how under certain circumstances we may disclose it to others, and the rights you have concerning your protected health information.
OUR COMMITMENT TO YOUR PRIVACY
As a health care provider, we use your confidential health information and create records regarding that health information in order to provide you with quality care and to comply with certain legal requirements. We understand that this health information is personal, and we are dedicated to maintaining your privacy rights under Federal and State law. This Notice applies to records of your care created or maintained by EGL Genetic Diagnostics (EGL). We are required by law to: (1) make sure we have reasonable processes in place to keep your health information private; (2) make this Notice of our legal duties and privacy practices available with respect to your health information when required by law; and (3) follow the terms of the Notice that are currently in effect.
HOW WE MAY USE OR DISCLOSE YOUR HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION
The following information describes different ways that we may use or disclose your health information without your authorization. Although we cannot list every use or disclosure within a category, we are only permitted to use or disclose your health information without your authorization if it falls within one of these categories. If your health information contains information regarding your mental health or substance abuse treatment or certain infectious diseases (including HIV/AIDS tests or results), we may be required by state and federal confidentiality laws to obtain your consent prior to certain disclosures of the information. If applicable, once we have obtained your consent, we will treat the disclosure of such information in accordance with our privacy practices outlined in this Notice.
CATEGORIES FOR USES AND DISCLOSURES:
Treatment – We may use health information about you to assist with your medical treatment or services. We may disclose health information about you to doctors, nurses, genetic counselors, or others involved in your care. For example, we will allow your physician to have access to your laboratory results to assist in your treatment and for follow-up care.
Payment – We may use or disclose health information about you in order to bill and collect payment for the services you receive from us. For example, we may need to give your health insurance plan information about your testing so that your health insurance plan will pay us or reimburse you for the testing. We may also tell your health insurance plan about requested laboratory testing in order to obtain prior approval or to determine whether your health insurance plan will cover the testing. We may disclose to other health care providers health information about you for their payment activities.
Records Research – We may use or disclose health information without your authorization under certain circumstances for medical research purposes, such as studying the effectiveness of a treatment you received, if an institutional review board approves a waiver of authorization for disclosure. These research projects must go through a special process that protects the confidentiality of your protected health information. We may also use or disclose your protected health information for medical research purposes if the researcher signs a legally binding document certifying that he/she will only use the health information to prepare a research protocol or for similar purposes to prepare for a research project and that he/she will maintain the confidentiality of the information and will not remove any of the health information from the premises. We may also disclose health information to a researcher if it involves health information of deceased patients and the researcher certifies the information is necessary for research purposes.
Clinical Research – If you are enrolled in a clinical research trial through a School or Department of Emory University and you would like information on the Emory University privacy policies regarding use and disclosure of your health information related to the clinical trial, you may request information from the Emory University Privacy Officer, 1599 Clifton Road, N.E., Suite 4.105, Atlanta, Georgia 30322.
As Required By Law – We will use or disclose health information when required to do so by federal, state or local law.
To Avert a Serious Threat to Health or Safety – We may use or disclose health information when necessary to prevent a serious threat to your health and safety, or the health and safety of another person or the public. Any disclosure, however, would only be to someone able to help prevent the threat.
We may also use or disclose your health information without your authorization in the following situations:
Organ and Tissue Donations – to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary, to facilitate organ or tissue donation and transplantation.
Military and Veterans – to military command authorities as required, if you are a member of the armed forces. We may also disclose health information about foreign military personnel to the appropriate foreign military authority.
Workers' Compensation – to workers' compensation or similar programs that provide benefits for work-related injuries or illness.
Public Health Activities – to public health agencies or other governmental authorities for public health purposes, such as preventing or lessening a serious and/or imminent threat to an individual’s or the public’s health or safety. For example, a communicable disease test result may be reportable to the Georgia Department of Public Health. We also may need to report patient problems with medications or medical products to the Food and Drug Administration (FDA).
Health Oversight Activities – to a health oversight agency for activities authorized by law. These oversight activities include for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Lawsuits and Disputes – in response to a court or administrative order if you are involved in a lawsuit or a dispute. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the health information requested.
Law Enforcement – in response to a court order, subpoena, warrant, summons or similar process; or upon request by a law enforcement official to identify or locate a suspect, fugitive, material witness, or missing person or to obtain information about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person's authorization. We may report suspected criminal conduct occurring on the premises.
Coroners, Medical Examiners and Funeral Directors – to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.
USES AND DISCLOSURES WHICH REQUIRE YOUR AUTHORIZATION
Generally speaking, we cannot use your protected health information for anything other than the reasons mentioned above without your signed authorization. An authorization is a written document signed by you giving us permission to use or disclose your protected health information for the purposes you specifically set forth in the authorization. You may revoke the authorization at any time by delivering a written statement to the EGL Privacy Officer identified below. If you revoke your authorization, we will no longer use or disclose your protected health information as permitted by your authorization. However, your revocation of authorization will not reverse the use or disclosure of your protected health information made while your authorization was in effect.
YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION
Right to Request Your Protected Health Information – You have the right to access your laboratory test results or billing record, including any medical records submitted with the test request. You must submit your request in writing to the Privacy Officer at EGL identified below. You need to include in your request your name, or if acting as a personal representative, the name of the patient, your contact information, date of birth and dates of service if known. The Authorization for Release of PHI Form is available by calling Client Services at 404-778-8499. We may verify your identity by requiring a notarized authorization form. To the extent that your health information is maintained electronically and you request the information in an electronic format, to the extent possible we will provide you a machine readable copy. If you request a copy, you may be charged a fee for the costs of copying, mailing or other supplies associated with your request but we will let you know, in advance, if fees apply. We may deny your request to access your records under certain limited circumstances; however, you may request that the denial be reviewed. A licensed health care professional chosen by EGL will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review. We might not retain medical records from other facilities for inclusion in your medical record or designated record set. Such records could include radiology films, scans or compact discs that were or might be provided to your usual healthcare provider.
Right to Request an Amendment – If you feel that health information we have about you is incorrect, you may ask us to amend it. You have the right to request an amendment for as long as the health information is kept by or for EGL. To request an amendment, your request must be made in writing and submitted to the EGL Privacy Officer, identified below. You must provide a reason that supports your request. You need to include in your request your name, contact information, date of birth and dates of service if known. If you are acting as a personal representative, include the name of the patient, your contact information, date of birth and dates of service if known. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend health information that:
- Was not created by us, unless the person or entity that created the health information is no longer available to make the amendment;
- Is not part of the health information kept by or for EGL;
- Is not part of the health information which you would be permitted to access; or
- Is accurate and complete.
Right to an Accounting of Disclosures – You have the right to request a list of certain disclosures we made of your health information. If you would like to receive such a list, write to the EGL Privacy Officer, Your request must specify a time period for which you are seeking an accounting of disclosures, which must be within six years prior to the date of your request and may not include dates before April 14, 2003. You must include your name, contact information, date of birth and dates of service if known. If you are acting as a personal representative, include the name of the patient, your contact information, date of birth and dates of service if known. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you in advance of the cost involved and you may choose to withdraw or modify your request at that time.
Right to Request Restrictions – You have the right to request us not to make uses or disclosures of your protected health information for the purpose of treatment, to seek payment for care, or to operate our laboratories. We will consider your requests carefully, but we are not required to agree to your requested restriction. If you want to request a restriction, submit your request in writing to EGL Privacy Officer. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse. Our privacy officer will reply within 30 days of receiving your request.
Right to Request Confidential Communications – You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the EGL Privacy Officer. You will need to include your name, or if acting as a personal representative, include the name of the patient, contact information, date of birth and dates of service if known. We will not ask you the reason for your request. We will work to accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Right to Receive a Paper Copy of This Notice – Even if you have access to this Notice electronically, you have the right to receive a paper copy of this Notice, which you may ask for at any time. You may obtain a copy of this Notice at our website, www.geneticslab.emory.edu. To obtain a paper copy of this Notice, write to the EGL Privacy Officer.
Right to Receive Notification of a Breach of Your Health Information – We have put in place reasonable processes and procedures to protect the privacy and security of your health information. If there is a breach of your unsecured protected health information, we are required to notify you.
CHANGES TO THIS NOTICE
From time to time, we may change our practices concerning how we use or disclose protected health information or how we will implement patient rights concerning such information. We reserve the right to change this notice and to make the provisions of our new notice effective for all protected health information we maintain. If we change these practices, we will publish a revised notice.
QUESTIONS, CONCERNS, OR COMPLAINTS
If you have any questions about how we may use and disclose your protected health information, please contact the EGL Privacy Officer as set forth below. We welcome your feedback regarding any problems or concerns you have with your privacy rights or how we use or disclose your protected health information.
EGL Privacy Officer
2165 North Decatur Rd
Decatur GA, 30033
You may also file a complaint with the Secretary of the Department of Health and Human Services, http://www.hhs.gov/ocr/privacy/hipaa/complaints. We will not penalize you or retaliate against you.
Effective Date: April 2003 – Revised Dates: June 16, 2004, February 2012, June 2013, July 2014, September 2015