HIPAA Notice of Privacy Practices
DxTerity’s HIPAA Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION OR PERSONAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
DxTerity Diagnostics (referred to as "DxTerity" in this Notice), is committed to protecting the privacy of your identifiable health information, known as “protected health information” or (PHI).This Notice of Privacy Practices applies to DxTerity Diagnostics and applicable PHI , including laboratory tests orders, test results and invoices or other applicable information provided to the healthcare organizations, both private and governmental.
DxTerity's Protection of Protected Health Information (PHI)
This Notice describes our legal duties, privacy practices and your patient rights as determined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). DxTerity is required by law to maintain the privacy of your (PHI), and to provide you with notice of our legal duties and privacy practices upon request. DxTerity is committed to the protection of your PHI and will make reasonable efforts to ensure the confidentiality of your PHI, as required by statute and regulation. We are required to follow the terms of this Notice currently in effect. We are required to notify affected individuals in the event of a breach involving unsecured or secured health information (PHI). We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA, as applicable by current laws.
DxTerity's Use and Disclosure of PHI
DxTerity uses your PHI for treatment, payment, healthcare, and business operations and for other purposes as required or permitted by law (HIPAA). As permitted under HIPAA, the following categories explain the types of uses and disclosures of PHI that DxTerity may make. Some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements, for example, the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and note that not all the use and disclosures of your (PHI) is listed in this Notice, but all our uses or disclosures of your health information will be part of one of the categories listed below.
- Treatment - DxTerity may use or disclose PHI for treatment purposes, including disclosure to physicians, nurses, medical students, pharmacies, and other healthcare professionals who provide you with healthcare services and/or or who order tests or need access to your tests results for treatment purpose. Also, we may use your personal information internally in our testing process.
- Public Health - DxTerity may disclose PHI for public health activities. These activities generally include: 1) disclosures to a public health authority to report, prevent or control disease; 2) disclosures to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; 3) disclosures to an employer about an employee to conduct medical surveillance in certain limited circumstances concerning work-place illness or injury; and 4) disclosures to a person subject to the jurisdiction of the Food and Drug Administration (FDA) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity.
- Payment - DxTerity may use or disclose PHI for purpose of billing and payment for laboratory testing and services we provide to you or your employer. For example, DxTerity may provide PHI to your employer to receive payment for the testing provided to you per your employer request (COVID-19 testing).
- Healthcare Operations - DxTerity may use or disclose PHI for healthcare operations purposes. These uses and disclosures are necessary, for example, to evaluate the quality of our laboratory testing, accuracy of results, accreditation functions and for DxTerity's operation and management purposes. DxTerity may also disclose PHI to other healthcare providers, health plans or employers that are involved in your care for their healthcare operations.
- Business Associates- We may provide your PHI to our business associates to perform certain business functions or provide certain business services to DxTerity. For example, we may use another company to perform billing services on our behalf or to perform shipping. Through our contractual agreements, all our business associates are required to maintain the privacy and confidentiality of your PHI.
- Individuals involved in your care or payment for your care - DxTerity may disclose PHI to a person who is involved in your care or helps pay for your care, such as a family member, employer, or friend. As allowed by federal and state law, we may disclose the PHI of minors to their parents or legal guardians as noted in the informed consent.
- As Required by Law - DxTerity must disclose your PHI if required to do so by federal, state, or local law.
- Disclosure for Judicial and Administrative Proceedings - Under certain circumstances, DxTerity may disclose your PHI as required to comply with a court or administrative order.
- Research - DxTerity may use and disclose PHI for research purposes. Limited data, de- identified data or records may be viewed by researchers to identify patients who may qualify for their research project. Before we use or disclose PHI for any other research activity, one of the following will happen: 1) a special committee such as an Institutional Review Board( IRB) or privacy board will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard the patient’s PHI; 2) the researcher will be provided only with information that does not identify you directly, or 3) if the PHI relates to deceased individuals, the researchers give us assurances that the PHI is necessary for the research and will be used only as part of the research;
- Other Uses and Disclosures of (PHI)
- Health Oversight Agencies
- The Food and Drug Administration
- Public Health Authorities – Including Tribal Organizations and Councils
- Military Command Authorities
- National Security and Intelligence Organizations
- Correctional Institutions
- Coroners, medical examiners, and funeral directors
- Workers Compensation Agencies
- Police and law Enforcement Agencies
- Family members, friends, employers, or anyone else you may designate or is responsible of your testing and healthcare
- As needed or disclosed on the applicable Informed Consent
- De-identified Information and Limited Data Sets: DxTerity may use and disclose health information that has been “de-identified” by removing certain identifiers making it unlikely that you could be identified. DxTerity also may disclose limited health information, contained in a “limited data set”. The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county, and zip code, but not your name or street address.
- Marketing – for marketing purposes and disclosures that would constitute a sale of PHI, DxTerity will ask for patient/ individual authorization before using or disclosing PHI. You may choose to revoke any authorization, in writing, at any time, except to the extent that action has been taken in reliance on the authorization.
Information Breach Notification
DxTerity is required to provide patient notification if it discovers a breach of unsecured or secured PHI unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised. You will be notified without unreasonable delay and no later than 60 days after discovery of the breach. Such notification will include information about what happened and what can be done to mitigate any possible harm to you.
Patient Rights Regarding PHI
Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:
- Right to Request Limits on Uses and Disclosures of your PHI - You have the right to request that we limit: 1) how we use and disclose your PHI for treatment, payment, and health care operations activities; or 2) our disclosure of PHI to individuals involved in your care or payment for your care. If we agree to a restriction on other types of disclosures, we will state the agreed restrictions in writing and will abide by them, except in emergency situations when the disclosure is for purposes of treatment or deemed by health authorities.
- Right to Request Confidential Communications - You have the right to request that DxTerity communicate with you about your PHI at an alternative address or by an alternative means. DxTerity will accommodate reasonable requests.
- Right to See and Receive Copies of Your PHI - You and your personal representative have the right to access PHI consisting of your laboratory test results or reports ordered by your physician. Within 30 days after our receipt of your request ( with the possibility for another 30 days extension), you will receive a copy of the completed laboratory report from DxTerity unless an exception applies.
- You have the right to access and receive your PHI in an electronic format if it is readily producible in such a format. You also have the right to direct DxTerity to transmit a copy to your designee as applicable, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI. To request a copy of your PHI:
- Ask a DxTerity’s customer service for information regarding DxTerity’s HIPAA compliance and PHI protection and disclosure, DxTerity’s patient/customer login portal account to receive your laboratory reports electronically.
- Complete the DxTerity HIPAA Patient Request Form
- Right to Receive a List of PHI Disclosures - You have a right to receive a list of certain instances in which DxTerity discloses your PHI. You may request an accounting of your PHI disclosure made for purposes other than treatment, payment, or health care operations, and should include disclosures made in the past six years, unless you request a shorter period of disclosures.
- If you request a list of your PHI disclosures that were made for purposes of treatment, payment, or health care operations, the list will include only those disclosures made in the past three years as required by law, unless you request a shorter period of disclosures.
- Right to Correct or Update your PHI - If you believe that your PHI contains a mistake, you may request, in writing, that DxTerity correct the information. If your request is denied, we will provide an explanation of the reasoning for our denial within 15 business days.
How to Exercise Your Rights
How to Contact Us or File a Complaint
Changes to the DxTerity’s Notice of Privacy Practices
DxTerity reserves the right to make changes to this Notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. DxTerity is required to abide by the terms of our Notice currently in effect and current HIPAA laws. When changes are made, we will promptly update this notice and post the information on the DxTerity website at www.DxTerity.com.
HIPAA Contacts and Inquiries
DxTerity works diligently to provide exceptional, quality service to all its clients and is committed to implementing the necessary safeguards to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).