NOTICE OF PRIVACY PRACTICES
Effective Date: December 11, 2015
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
We are required by law to protect the privacy of health information that may reveal your identity. We are also required by law to provide you with a copy of this Privacy Notice which describes our legal duties and health information privacy practices, as well as the rights you have with respect to your health information. We may change our privacy practices from time to time. If we make any material revisions to this Privacy Notice, we will make available to you a copy of the revised Privacy Notice which will specify the date on which such revised Privacy Notice becomes effective. We will also post a copy of this Privacy Notice on our website at www.truehealthdiag.com. The revised Privacy Notice will apply to all of your health information from and after the date of the Privacy Notice.
How We May Use and Disclose Your Health Information Without Written Authorization
True Health Diagnostics (“True Health”) requires its employees to follow its privacy and security policies and procedures to protect your health information in oral (for example, when discussing your health information with authorized individuals over the telephone or in person), written or electronic form. The following are situations where we do not need your written authorization to use your health information or to share it with others.
Treatment. We may use your health information or share it with others to provide health care treatment to you.
Payment. We may use your health information or share it with others to obtain payment for your health care services. We may ask for your consent to use or disclose your health information for some or all of these payment activities, as may be required under state law.
Health Care Operations. We may also use your health information or share it with others in connection with performing a variety of business activities referred to as our “health care operations.” These health care operations include fraud and abuse detection and compliance programs, efforts to improve the quality, efficiency and cost of care you receive, customer service and resolution of internal grievances.
Appointment Reminders, Treatment Alternatives and Health-Related Benefits and Services. In the course of providing treatment to you, we may use your health information to contact you with a reminder that you have an appointment for treatment or services. We may also use your health information in order to recommend possible treatment alternatives or health-related benefits and services, such as health promotion activities, disease awareness or case management that may be of interest to you.
Business Associates. We may disclose your health information to a “business associate” who needs the information in order to perform a function or service for our business operations. For example, we may share your health information with a billing company that helps us to obtain payment from your insurance company. We will do so only if the business associate signs an agreement to protect the privacy of your health information.
Family Members, Relatives or Close Friends Involved In Your Care. Unless you object, we may share your health information with your family members, relatives or close personal friends identified by you as being involved in your treatment or payment for your medical care. If you are not present to agree or object, we may exercise our professional judgment to determine whether the disclosure is in your best interest. We may also notify a family member, personal representative, or another person responsible for your care about your location and general condition at True Health.
Research. In most cases, we will ask for your written authorization before using your health information or sharing it with others in order to conduct research. However, under some circumstances, we may use and disclose your health information without your written authorization. To do this, we are required to obtain approval through a special process to ensure that research without your written authorization poses minimal risk to your privacy. Under no circumstances, however, would we allow researchers to use your name or identity publicly. We may also release your health information without your written authorization to people who are preparing a future research project, so long as any information identifying you does not leave our facility and all other legal requirements are met. In the unfortunate event of your death, we may share your health information with people who are conducting research using the
information of deceased persons, as long as they agree not to remove from our facility any information identifying you and all other legal requirements are met.
Completely De-Identified and Partially De-Identified Information. We may use and disclose your health information if we have removed any information that has the potential to identify you so that the health information is “completely de-identified.” We may also use and disclose “partially de-identified” health information about you for public health and research purposes, or for business operations, if the person who will receive the information signs an agreement to protect the privacy of the information as required by federal and state law. Partially de-identified health information will not contain any information that would directly identify you (such as your name, street address, Social Security number, phone number, fax number, electronic mail address, Web site address, or license number).
Public Need. We may use your health information, and share it with others, in order to comply with the law or to meet important public needs that are described below:
- if we are required by law to do so;
- if you need emergency treatment or if we are required by law to treat you but are unable to obtain your written consent;
- to authorized public health officials (or a foreign government agency collaborating with such officials) so they may carry out their public health activities;
- to government agencies authorized to conduct audits, investigations, and inspections, as well as civil, administrative or criminal investigations, proceedings, or actions, including those agencies that monitor programs such as Medicare and Medicaid;
- to a public health authority or other authorized government authority if we reasonably believe you are a possible victim of abuse, neglect or domestic violence;
- to a person or company that is regulated by the Food and Drug Administration for: (i) reporting or tracking product defects or problems, (ii) repairing, replacing, or recalling defective or dangerous products, or (iii) monitoring the performance of a product after it has been approved for use by the general public;
- if ordered by a court or administrative tribunal to do so, or pursuant to a subpoena, discovery or other lawful request by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain a court order protecting the information from further disclosure;
- to law enforcement officials to comply with court orders or laws, assist law enforcement officers with identifying or locating a suspect, fugitive, witness, or missing person, and in certain crime-related circumstances;
- to prevent a serious and imminent threat to your health or safety, or the health or safety of another person or the public, which we will only share with someone able to help prevent the threat;
- to the extent necessary to comply with workers’ compensation or other programs established by law that provide benefits for work-related injuries or illness without regard to fraud;
- to appropriate military command authorities for activities they deem necessary to carry out their military mission;
- to authorized federal officials who are conducting national security and intelligence activities or providing protective services to the President or other important officials;
- to the prison officers or law enforcement officers if necessary to provide you with health care, or to maintain safety, security and good order at the place where you are confined;
- in the unfortunate event of your death, to a coroner or medical examiner, for example, to determine the cause of death;
- to funeral directors as necessary to carry out their duties; and
- in the unfortunate event of your death, to organizations that procure or store organs, eyes or other tissues so that these organizations may investigate whether donation or transplantation is possible under law.
Marketing. We may not use your health information or share it with others outside of True Health for marketing purposes without your prior authorization. Marketing is a communication about a product or service that encourages recipients of the communication to purchase or use the product or service. However, we may inform you about products or services during face-to-face communications with you without your authorization, including providing related written materials to you.
Requirement for Written Authorization
We may use your health information for treatment, payment, health care operations or other purposes described in this Privacy Notice. You may also give us written authorization to use your health information or to disclose it to anyone for any purpose. We cannot use or disclose your health information for any reason except those described in this Privacy Notice unless you give us a written authorization to do so. For example, we require your written authorization for uses and disclosures of health information for marketing purposes, and disclosure that constitute a sale of your health information.
You may revoke, or cancel, your authorization in writing at any time. If you would like to revoke your authorization, you may write us a letter revoking your authorization or complete an Authorization Revocation Form, which is available from our Privacy Officer. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect.
Your Rights to Access and Control Your Health Information
Right to Access Your Health Information. You have the right to inspect and obtain a copy of your health information (including your completed laboratory test results or reports), with certain exceptions. If we use or maintain an electronic health record (EHR) for you, you have the right to obtain a copy of your EHR in the form and format you request if the information is readily producible in that format, or, if not, a mutually agreeable alternative readable electronic format. You also have the right to direct us to send a copy of your EHR to a third party you clearly designate.
If you would like to access your health information, please send your written request to the address listed on the last page of this Privacy Notice, or complete an Access Request Form. A written request to obtain a copy of your health information must include: (i) the desired form or format of access; (ii) a description of the health information to which the request applies; and (iii) appropriate contact information. Access Request Forms are available from our Privacy Officer.
We will ordinarily respond to your request within 30 days if the information is located in our facility. If we need additional time to respond, we will let you know as soon as possible. We may charge you a reasonable, cost-based fee to cover copy costs and postage. If you request a copy of your EHR, we will not charge you any more than our labor costs in producing the EHR to you.
We may not give you access to your health information under certain very limited circumstances. If you are denied access, you are entitled to a review by a health care professional, designated by us, who was not involved in the decision to deny access. If access is ultimately denied, you will be entitled to a written explanation of the reasons for the denial.
Right to Amend Your Health Information. If you believe we have health information about you that is incorrect or incomplete, you may request in writing an amendment to your health information. You may either send your written request for amendment to the address listed on the last page of this Privacy Notice, or complete an Amendment Request Form. A written request to amend your health information must include a description of the amendment requested and should include the reasons why you think we should make the amendment. Amendment Request Forms are available from our Privacy Officer.
We will ordinarily respond to your request within 60 days. If we need additional time to respond, we will let you know as soon as possible. If we did not create your health information, if your health information is not part of our records, or if your health information is already accurate and complete, we can deny your request and notify you of our decision in writing. You can submit a statement that you disagree with our decision, which we can rebut. You have the right to request that your original request, our denial, your statement of disagreement, and our rebuttal be included in future disclosures of your health information.
Right to Receive an Accounting of Disclosures. You have the right to receive an accounting of disclosures of your health information made by us and our business associates. You may request such information for the six-year period prior to the date of your request. Accounting of disclosures will not include disclosures:
(i) for payment, treatment or health care operations;
(ii) made to you or your personal representative;
(iii) you authorized in writing;
(iv) made to family and friends involved in your care or payment for your care;
(v) for research, public health or our business operations;
(vi) made to federal officials for national security and intelligence activities;
(vii) made to correctional institutions or law enforcement; and
(viii) incident to a use or disclosure otherwise permitted or required by law.
If you would like to receive an accounting of disclosures, please write to the address listed on the last page of this Privacy Notice, or complete an Accounting Request Form. A written request for an accounting of disclosures must state a time period within the past six years for the disclosures you want us to include. Accounting Request Forms are available from our Privacy Officer. We will ordinarily respond to your request within 60 days. If we need additional time to respond, we will let you know as soon as possible. You will receive one accounting of disclosure annually free of charge, but we may charge you a reasonable, cost-based fee for additional accountings within the same twelve-month period.
Right to Request Additional Privacy Protections. You have the right to request that we place additional restrictions on our use or disclosure of your health information. A written request for additional privacy protections should include (i) the information you want to restrict; (ii) whether you want True Health to restrict our use of the information, how we share it with others, or both; and (iii) to whom the restrictions apply. If we agree to your request, we will put these restrictions in place except in an emergency situation or as required by law. We do not need to agree to the restriction unless (i) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (ii) the health information relates only to a health care item or service that you or someone on your behalf has paid for out of pocket and in full.
Right to Request Confidential Communications. You have the right to request that we communicate with you about your health information by alternative means or via alternative locations. If you wish to receive confidential communications via alternative means or locations, please submit your written request to the address listed on the last page of this Privacy Notice or complete an Alternative Contact Request Form. A written request for confidential communications should include how or where you wish to be contacted, and how payment for your health care is handled if we communicate with you through this alternative method or location. Alternative Contact Request Forms are available from our Privacy Officer.
Right to Notice of Breach of Unencrypted Health Information. We are required by law to maintain the privacy of your health information, and to provide you with this Privacy Notice containing our legal duties and privacy practices with respect to your protected health information. Our policy is to encrypt our electronic files containing your health information so as to protect the information from those who should not have access to it. If, however, for some reason we experience a breach of your unencrypted health information, we will notify you of the breach. If we have more than ten people that we cannot reach because of outdated contact information, we will post a notification either on our Web site (www.truehealthdiag.com) or in a major media outlet in your area.
Right to Obtain a Paper Copy of This Notice. You have the right at any time to obtain a paper copy of this Privacy Notice, even if you receive this Privacy Notice electronically. Please send your written request to the address listed on the last page of this Privacy Notice or visit our Web site at www.truehealthdiag.com.
True Health Diagnostics
Attention: Privacy Officer
737 N. 5th St., Suite 103
Richmond, VA 23219
Complaints. If you are concerned that we may have violated your privacy rights, you may complain to us using the contact information above. You also may submit a written complaint to the U.S. Department of Health and Human Services. If you choose to file a complaint, we will not retaliate or take action against you for your complaint.
Additional Rights. This Privacy Notice explains the rights you have with respect to your health information, including access and amendment rights, under federal law. Some state laws provide even greater rights, including more favorable access and amendment rights, as well as more protection for particularly sensitive information, such as information involving HIV/AIDS, mental health, alcohol and drug abuse, sexually transmitted diseases, and reproductive health. To the extent the law in the state where you reside affords you greater rights than described in this Privacy Notice, we will comply with these laws.