Genetic Testing Company | The DNA Diagnostic Experts | GeneDx

Privacy Statement

NOTICE OF PRIVACY PRACTICES

Effective Date: July 20, 2015

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Duty to Safeguard Your Protected Health Information.

BioReference Laboratories, Inc. (BRLI) and its subsidiaries, including but not limited to CareEvolve (CE); GeneDX; Genpath (Oncology); GenPath (Womens’ Health) (collectively “BRLI” for the purposes of this NOPP) is required by law to protect the privacy of your protected health information and to notify affected individuals following a breach of unsecured protected health information. BRLI is also required to provide you with a copy of this NOPP which describes BRLI’s health information privacy practices, and to follow the terms of the NOPP that are currently in effect, except that BRLI reserves the right to change its privacy practices and the corresponding policies and procedures and to make these changes effective regarding PHI created or received prior to the effective date of such changes and the revised NOPP shall be distributed by posting the revised NOPP on

our website and distributing to our service locations. BRLI may also need to materially change its policies and procedures as necessary to comply with changes in the law and for other valid reasons, in which case it will promptly revise its policies and this NOPP and distribute the revised NOPP in the manner described below.

You have the right to obtain a paper copy of the NOPP upon request. A copy of BRLI’s current NOPP will always be available in the reception area where you receive care. You will also be able to obtain your own copy by accessing our website at http://www.bioreference.com/hipaa-resources/, calling our office, or asking for one at the time of your visit.

If you have any questions about this NOPP or would like additional information, please contact our Privacy Office at 800-229-5227 Ext 8433.

Please address any written request (such as requests for a copy of this NOPP, access to your record, to restrict a disclosure to a payer, etc.) to:

HIPAA Privacy Office

487 Edward H. Ross Drive

Elmwood Park, NJ, 07407

Fax: (201) 663-6585

PARTICIPANTS

BRLI provides laboratory services to patients jointly with physicians and other healthcare professionals. The privacy practices described in this NOPP will be followed by:
  – Any employee or healthcare professional who may draw or test your specimen at any BRLI location;
  – Any business associates of BRLI (as described below) and their subcontractors.

These facilities and individuals will share protected health information (PHI) with each other, as necessary to carry out the treatment, payment, and healthcare operations described in this NOPP.

What is protected? We are committed to protecting the privacy of information that we gather about you while providing you laboratory services. Such information would include the fact that you have had specific lab tests, information about the condition that you may have, or information about your health care benefits combined with identifying information, including demographics (such as your name, address, date of birth, insurance status) or other unique numbers that could identify who you are (such as your social security number, your phone number, drivers’ license number).

Personal Representatives: If we confirm that a person has the authority under law to make decisions for you relating to your healthcare (“personal representative”) BRLI will allow your personal representative to make choices with respect to your PHI.

Requirement for Written Authorization: We will only make other uses and disclosures of your PHI that are not described in this notice with your written authorization. For example, we will not sell your PHI or use or disclose your PHI for marketing purposes without your written authorization.

If you provide us with written authorization, you may revoke that written authorization at any time, except to the extent that we have already relied upon it. You must revoke your authorization in writing.

Special Protections for HIV, Alcohol and Substance Abuse, Mental Health and Genetic Information: We will comply with all special federal and state privacy protections that apply to HIV-related information, alcohol and substance abuse treatment information, mental health information, and genetic information.

HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR WRITTEN AUTHORIZATION.

For Treatment, Benefits and Services: We may disclose your PHI to doctors, nurses, and other health care personnel who are involved in providing your health care, and in the course of providing services, we may use your PHI to determine care management options. For example, your PHI will be shared among your doctor(s) and healthcare professionals.

We may also make your PHI available to providers by making it accessible through a Health Information Exchange (HIE), an electronic network that makes it possible to share information electronically, but no one will be permitted to access it through the HIE without your consent except in an emergency and not even then if you direct us not to. If your physician allows us to transfer your test results to their electronic health record (EHR) in his/her office, anyone taking care of you at that office will be able to access your lab results directly.

For Payment: We may use/disclose your PHI in order to bill and collect payment for your health care services and/or release portions of your PHI to a private insurer to get paid for services that we delivered to you. For example, we may share your PHI with your health insurance plan so it will pay for your services.

For Health Care Operations: We may use/disclose your PHI in the course of operating our clinical laboratory. For example, we may use your PHI to manage your treatment and services.

Business Associates (BAs). We may disclose the minimum amount of your PHI necessary to contractors, agents and other business associates who need the information to help us with billing or other business activities. For example, we may share your PHI with a billing company that helps us obtain payment from your insurer, an attorney or with a quality assurance consultant in order to obtain their advice regarding our operations. If we do disclose your PHI to a BA, we will have a written contract with them that requires the BA and any of its subcontractors to protect the privacy of your PHI. All BAs and their subcontractors are also now directly bound by federal law to protect your information.

PHI from Alcohol and Other Substance Abuse Records: The confidentiality of alcohol and drug abuse patient records is protected by law. We may not disclose PHI regarding alcohol or drug abuse, the fact that a patient attends an alcohol or drug abuse program, or disclose any information identifying a patient as an alcohol or drug abuser without the patient’s written consent, unless the disclosure is allowed by a court order, is made to communicate with your treatment providers or medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation, or to report a threat of crime, or a committed crime, by a patient against or at our facilities or our personnel.

When Required by Law: We may use or disclose your PHI if we are required by law to do so. We also will notify you of these uses and disclosures if notice is required by law.

For Public Health Activities: We may disclose PHI when we are required to collect information about disease or injury, or to report vital statistics to the public health authority. We are also required to release some PHI about you to your employer if your employer hires us to perform a pre employment test or we discover that you have a disease that your employer must know about in order to comply with employment laws.

For Research Purposes: In certain circumstances, and under supervision of a privacy board, we may disclose PHI to our research staff and their designees in order to assist in medical research.

Victims of Abuse, Neglect or Domestic Violence: We may release your PHI to a public health authority that is authorized to receive reports of abuse, neglect or domestic violence. For example, we may report your PHI to government officials if we reasonably believe that you have been a victim of such abuse, neglect or domestic violence. We will make every effort to obtain your permission before releasing this information, but in some cases we may be required or authorized to act without your permission.

Judicial and Administrative Proceedings: We may disclose your PHI in response to valid court orders, court-ordered warrants, and judicial summonses and subpoenas, grand jury subpoenas and administrative requests. We may also disclose your PHI in response to a discovery requests or other legal process and legal requests, but only if efforts have been made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.

For Health Oversight Activities: We may disclose PHI to an agency responsible for monitoring the health care system for such purposes as reporting or investigation of unusual incidents and inspecting our facility. These government agencies monitor government benefit programs such as Medicare and Medicaid, as well as compliance with government regulatory programs and civil rights laws.

To Avert Threat to Health or Safety: In order to avoid a serious threat to health or safety, we may disclose PHI as necessary to law enforcement or other persons who can reasonably prevent or lessen the threat of harm.

For Specific Government Functions: We may disclose PHI of military personnel and veterans and to correctional facilities in certain situations, to government benefit programs relating to eligibility and enrollment, and for national security and intelligence activities, such as protection of the President.

For Law Enforcement: We may disclose your PHI to comply with court orders, to assist law enforcement officers with identifying or locating a suspect, fugitive, witness, or missing person; if we suspect that death resulted from criminal conduct; or if necessary to report a crime that occurred on our property;

Workers’ Compensation: We may disclose your PHI for workers’ compensation or similar programs that provide benefits for work-related injuries, as authorized by and to the extent necessary to comply with laws regarding workers’ compensation or similar programs providing benefits for work-related injuries or illness.

Coroners, Medical Examiners and Funeral Directors: We may disclose PHI relating to an individual’s death to coroners, medical examiners or funeral directors, and to organ procurement organizations relating to organ, eye, or tissue donations or transplants (Note: Information belonging to patients who are deceased more than 50 years is not considered PHI.)

To Family, Friends or Others Involved in Your Care: If you do not object we may share your PHI with your family members, friends and others if this information is directly related to their involvement in your care, or payment for your care. In some cases, we may need to share your PHI with a disaster relief organization that will help us notify these persons.

Completely De-identified or Partially De-identified Information:

We may use and disclose your health information if we have removed any information that could identify you. We may also use and disclose health information about you for research, public health and specific healthcare operations if most of your identifiers are removed and the person who will receive the information signs an agreement to protect the privacy of the information as required by federal and state law. In that case any direct identifiers would be removed, but your zip code, date of birth, dates of service would not be removed.

YOUR RIGHTS TO ACCESS AND CONTROL YOUR HEALTH INFORMATION

To Request Restrictions on Uses/Disclosures: You have the right to ask that we limit how we use or disclose your PHI. We will consider your request, but are not legally bound to agree to the restriction. To the extent that we do agree to any restrictions on our use/disclosure of your PHI, we will put the agreement in writing and abide by it except in emergency situations. We are required, however, to honor your written request if you direct us not to share specific PHI with your insurance company relating to a service you pay for personally. It is your responsibility to inform other providers who may receive copies of such information that they may not share this information with your insurer.

To Choose How We Contact You: You have the right to ask that we send you information at an alternative address or by an alternative means. We must agree to your request as long as it is reasonably easy for us to do so and we may not ask the reason for the request.

To Inspect and Copy Your PHI: You have the right to inspect and obtain a copy of any of your PHI in either electronic or paper form for as long as we maintain this information in our records. We will provide the records in the specific form and format that you request if it is readily producible in such form or format. To obtain a copy of your PHI, please submit your request in writing. We may charge a fee as permitted by law, for the costs of copying, mailing or other supplies necessary to fulfill your request. We generally require payment before or at the time we provide the copies and will let you know what the amount of such fees in advance.

Under certain very limited circumstances, we may deny your request to inspect or obtain a copy of your information. If we do, we will provide a written statement that explains the reasons for the denial and a description of your right to have that decision reviewed. In such cases where you have the right to have your denial reviewed, we will describe the review process to you in writing. In the event that your request for access to your PHI is denied for any reason, we will describe to you in writing how you can file a complaint with BRLI or with the Secretary of the United States Department of Health and Human Services’ Office of Civil Rights (OCR).

To Request Amendment of Your PHI: If you believe that the PHI in our system is incorrect or incomplete, you may ask us to amend the information for as long as the information is kept in our records. If you wish to amend your PHI please request an amendment in writing including why you think we should make the amendment. Ordinarily we will respond to your request within 60 days. If we need additional time to respond, we will notify you in writing within 60 days to explain the reason for the delay and tell you when you can expect to have a final answer to your request. If we deny part or all of your request, we will provide you with a written notice explaining our reasons for doing so and how you can appeal the decision. .

To Receive an Accounting of Disclosures: You have a right to submit a request in writing asking for information about our disclosures of your PHI, except for disclosures made:

For treatment, payment, and operations; To you or your personal representative; At your written request;
For national security purposes;

For the our directory or to family, friends and other persons involved in your care;
To correctional institutions or law enforcement officers;
Incidental to permissible uses and disclosures of your PHI (for example, when information is overheard by another person passing by);
For research, public health using limited portions of your health information that do not directly identify you; and That occurred prior to the compliance date of this requirement.

We will respond to your written request for such a list within 60 days of receiving it. Your request can relate to disclosures going as far back as six years, but not for disclosures prior to April 14, 2003. There may be a charge for more than one such list each year.

How to Complain About Our Privacy Practices:

If you believe your privacy rights have been violated, you may file a complaint with BRLI or the federal agency that enforces HIPAA by submitting your complaint as described below:

The BRLI Privacy Office

481 Edward H. Ross Dr.

Elmwood Park, N. J. 074070

800 229-5227 Ext. 8433

or
The Office of Civil Rights

The U.S. Department of Health and Human Services 200 Independence Avenue, S.W.
Washington, D.C. 20201
Telephone: 202-619-0257; Toll Free: 1-877-696-6775. www.hhs.gov/ocr/hipaa

You will not be penalized or subject to retaliation for filing a complaint.

(Rev. 7/15)

Back To Top