THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), InSource Diagnostics is mandated by law to safekeep the security or privacy of health information that identifies you, called protected health information (PHI), and to provide you with notice of our legal duties and privacy practices regarding PHI. We will promptly notify you if a breach occurs which may have compromised the security or privacy of your information. PHI is stored electronically and is subject to electronic disclosure. InSource Diagnostics is committed to the protection of your PHI and will make reasonable efforts to ensure the confidentiality of your PHI, as required by statute and regulation. We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.
In accordance with the HIPAA, the following categories explain the types of uses and disclosures of PHI that InSource Diagnostics may make. Some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements.
For Treatment. We may use or share PHI for treatment purposes, including disclosure to physicians and other healthcare professionals who provide you with healthcare services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results.
For Payment. We may use or share your health information to bill and collect payment for laboratory services we provide. For example, InSource Diagnostics may provide PHI to your health plan or other entities to receive payment for the services provided to you.
For Healthcare Operations. We may use or disclose PHI for healthcare operations purposes. These uses and disclosures are necessary, for example, to evaluate the quality of our laboratory testing, accuracy of results, accreditation functions and for InSource Diagnostics' operation and management purposes. InSource Diagnostics may also share PHI to other healthcare providers or health plans that are involved in your care for their healthcare operations. For example, InSource Diagnostics may provide PHI to manage disease, or to coordinate healthcare or health benefits.
Appointment Reminders and Health-related Benefits and Services. We may use and disclose PHI to contact you as a reminder that you have an appointment with us and may use and disclose PHI to tell you about health-related benefits and services that may be of interest to you. For example, InSource Diagnostics may contact you about a new patient service center in your area or about new testing services available at InSource Diagnostics based on services ordered by your physician.
Individuals Involved in Your Care or Payment for Your Care. We may disclose PHI to a person who is involved in your care or helps pay for your care, such as a family member or friend. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort. As allowed by federal and state law, we may disclose the PHI of minors to their parents or legal guardians.
Business Associates. We may provide your PHI to other companies or individuals that need the information to provide certain business services to us. These other entities, known as "business associates," are required to maintain the privacy and confidentiality of your PHI. For example, we may provide information to companies that assist us with billing of our services. We may also use an outside collection agency to obtain payment when necessary.
In addition, at the request of your healthcare provider or health plan, InSource Diagnostics may share PHI to their business associates for purposes of performing certain business functions or healthcare services on their behalf. For example, we may provide PHI to a business associate of Medicare for purposes of medical necessity review and audit.
Disclosure for Judicial and Administrative Proceedings. Under certain circumstances, InSource Diagnostics may provide your health information in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process to prevent or lessen a serious threat to your health and safety or that of another person.
Law Enforcement. We may disclose PHI for law enforcement purposes, including reporting of certain types of wounds or physical injuries or in response to a court order, warrant, subpoena or summons, or similar process authorized by law. We may also share PHI when the information is needed for identification or location of a suspect, fugitive, material witness or missing person. Similarly, we may also provide PHI about a victim of a crime, about an individual who has died, or in emergency cases to report a crime, the location of the crime and/or victims, or the description, identity and location of the individual responsible for the crime.
As Required by Law. It is imperative for InSource Diagnostics to provide your PHI if required to do so by federal, state, or local law.
Public Health. We may provide PHI in certain situations which generally includes:
Reporting, preventing or controlling diseases
Helping with product recalls
For purposes related to the quality, safety, or effectiveness of an FDA-approved product or service, including reporting adverse reactions to medications
Preventing or reducing a serious threat to anyone’s health or safety
Disclosure About Victims of Abuse, Neglect, or Domestic Violence. We may disclose health information about an individual to a government authority, including social services, if we reasonably believe that an individual is a victim of abuse, neglect, or domestic violence.
Health Oversight Activities. We may disclose PHI to a healthcare oversight agency for activities authorized by law such as audits, civil, administrative, or criminal investigations and proceedings/actions, inspections, licensure/disciplinary actions, or other activities necessary for appropriate oversight of the healthcare system, government benefit programs, and compliance with regulatory requirements and civil rights laws.
Coroners, Medical Examiners, and Funeral Directors. We may disclose PHI to a coroner, medical examiner, or funeral director for the purpose of identifying a deceased person, determining cause of death, or for performing some other duty authorized by law.
Personal Representative. We may disclose PHI to your personal representative - a family member, friend or anyone you designate as established under applicable law in order for that person to be involved in your care or payment related to your care.
Correctional Institution. We may disclose the PHI of an inmate or other individual when requested by a correctional institution or law enforcement official for health, safety, and security purposes.
Serious Threat to Health or Safety. We may disclose PHI if necessary to prevent or lessen a serious and/or imminent threat to health or safety to a person or the public or for law enforcement authorities to identify or apprehend an individual.
Research. We may use and disclose PHI for health research purposes. Limited data or records may be viewed by researchers to identify patients who may qualify for their research project or for other similar purposes, so long as the researchers do not remove or copy any of the PHI. An Institutional Review Board or privacy board is required to review the research proposal and establish the necessary protocols to ensure the privacy of the health information. Furthermore, it is also imperative that they determine that the researcher do not need your permission prior to using your PHI for research purposes.
Government Functions. In certain situations, InSource Diagnostics may disclose the PHI of military personnel and veterans, including Armed Forces personnel, as required by military command authorities. Additionally, we may disclose PHI to authorized officials for national security purposes, such as protecting the President of the United States, conducting intelligence, counterintelligence, other national security activities, and when requested by foreign military authorities. Disclosures will be made only in compliance with U.S. Law.
Workers' Compensation. As authorized by applicable laws, InSource Diagnostics may use or disclose PHI to comply with workers' compensation or other similar programs established to provide work-related injury or illness benefits.
De-identified Information and Limited Data Sets. InSource Diagnostics may use and disclose health information that has been “de-identified” by removing certain identifiers making it unlikely that you could be identified. InSource Diagnostics also may disclose limited health information, contained in a “limited data set”. The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county and zip code, but not your name or street address.
For purposes not described above, including uses and disclosures of health information for marketing purposes and disclosures that would constitute a sale of PHI, InSource Diagnostics will ask for patient authorization before using or disclosing PHI. If you signed an authorization form, you may revoke it, in writing, at any time, except to the extent that action has been taken in reliance on the authorization.
InSource Diagnostics is required to provide patient notification if it discovers a breach of unsecured PHI unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised. You will be notified without unreasonable delay and no later than 60 days after discovery of the breach. Such notification will include information about what happened and what can be done to mitigate any harm.
Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:
Right to Receive Test Information. You and your personal representative have the right to access PHI consisting of your laboratory test results or reports ordered by your physician. Within 30 days after our receipt of your request, you will receive a copy of the completed laboratory report from InSource Diagnostics unless an exception applies. Exceptions include a determination by a licensed healthcare professional that the access requested is reasonably likely to endanger the life or safety of you or another person, and our inability to provide access to the PHI within 30 days, in which case we may extend the response time for an additional 30 days if we provide you with a written statement of the reasons for the delay and the date by which access will be provided.
You have the right to access and receive your PHI in an electronic format if it is readily producible in such a format. You also have the right to InSource Diagnostics to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI. To request a copy of your PHI:
Ask for a courtesy copy when you visit a InSource Diagnostics patient service center for specimen collection.
Complete the InSource Diagnostics HIPAA Patient Request Form.
Contact us at 626-386-5277 or by email at info@InSourceDx.com.
Right to Request Limits on Uses and Disclosures of your PHI. You may request that we not use or share certain health information for treatment, payment or our operations. We are not required to agree to your request, except for requests to limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket and in full and when the uses or disclosures are not required by law.
Right to Request Confidential Communications. InSource Diagnostics will accommodate reasonable requests such as sending your PHI by alternative means or at an alternative address.
Right to Receive an Accounting of Disclosures. You may request that we agree to restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except for requests to limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket and in full and when the uses or disclosures are not required by law.
Right to Correct or Update your PHI. If you believe that your PHI contains an error or incomplete, you may request, in writing, that InSource Diagnostics make the necessary amendments on the information. If your request is denied, we will provide an explanation for the rejection.
Right to Request Copy of this Notice. You have the right to obtain a copy of this Notice upon request.
To exercise any of your rights described in this Notice, you may write or send us an email with your specific request, including requesting a form to fill out to obtain a copy of your test results. InSource Diagnostics will consider your request and provide you a response.
You may contact us directly if you have questions or comments regarding the InSource Diagnostics Notice of Privacy Practices, or you believe your privacy rights have been violated and have a complaint about our use or disclosure of your PHI or our privacy practices. Please refer to the contact details below:
Address: 231 W. Chestnut Ave., Monrovia, CA 91016
Phone: (626) 386-5277
Fax: (888) 677-7748
You can file a complaint with the Secretary of the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, or calling 1-877-696-6775, or visiting http://www.hhs.gov/ocr/privacy/hipaa/complaints/.
InSource Diagnostics will not take retaliatory action against you for filing a complaint about our privacy practices.
InSource Diagnostics reserves the right to make amendments to this notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. InSource Diagnostics is required to abide by the terms of our notice currently in effect. When changes are made, we will promptly update this notice and post the information on the InSource Diagnostics website at http://insourcedx.com/.
Effective Date of Notice: 21 February 2018