HIPAA Notice of Privacy Practices for Personal Health Information
Effective Date: April 14, 2003, Updated July 13, 2022
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Dear Customer of Health Testing Centers/Testing.com,
We are required to provide you with this Notice of Privacy Practices and to explain our legal duties under the Federal Health Insurance Portability and Accountability Act (HIPAA).
By law, we are required to:
- Maintain the privacy of your Personal Health Information (PHI);
- Provide you this notice of our legal duties and privacy practices with respect to your PHI;
- Let you know promptly if a breach occurs that may have compromised the privacy or security of your information; and
- Follow the terms of this notice, including using and sharing your information only as described in this policy and according to your instructions.
How We Collect Information: We obtain most PHI directly from the Individual. The Information that an Individual gives us when registering for a service generally provides the Information we need. An individual’s clinical information is forwarded directly to the individual and some form of record is either retained in a secure hard copy file or with a laboratory’s archival record for 3 years. In most cases we do not retain the dates and locations where service was provided.
Health Testing Centers/Testing.com uses the services of PWNHealth for physician oversight. You can read their terms and informed consent here.
Health Testing Centers/Testing.com uses the services of Cynergy Wellness Inc. for physician oversight. You can read their terms and informed consent here.
We protect your PHI from inappropriate use or disclosure. Our employees, and those of companies that help us service your health screening, are required to comply with our requirements that protect the confidentiality of your PHI. They may look at your PHI only when there is an appropriate reason to do so, such as to administer the process of returning your health test results back to you.
We will not knowingly disclose or sell your PHI to any other individual or organization for their use in marketing products to your without your prior consent.
We will not forward by mail, fax or electronically your PHI to any healthcare provider without your prior written consent.
We will not make available your test results to your employer or 3rd party carrier without your prior written consent.
We May Use and Disclose PHI about You without Your Authorization unless you Object as described below, together with some examples.
- Appointments and Other Health Information. We may send you reminders for medical care or checkups. We may send you information about future health services that may be of interest to you as a health conscious individual.
- Research. We may use PHI about you for studies and to develop reports. These reports do not identify specific people. For example, we may want to determine how many individuals of a sex in an age range from a defined population have a cholesterol value over 240 mg/dl.
- Future Business. PHI may be disclosed as part of a potential merger or acquisition involving our business in order to make an informed decision regarding any such prospective transaction. Should a merger or acquisition take place, our database of names and addresses may be part of the process.
- Where Required by Law or for Public Health Activities. We may disclose PHI when required by federal, state or local law. Examples of such mandatory disclosures include notifying state or local health authorities regarding particular communicable diseases, or providing PHI to a government agency or regulator with health care oversight responsibilities. We may also release PHI to organ procurement organizations, or to a coroner or medical examiner to assist in identifying a diseased individual or to determine the cause of death.
- For Payment. We may use or disclose PHI about you to get payment or to pay for health care services you receive. For example, we may provide PHI to bill your health plan for health care provided to you.
- To Avert a Serious Threat to Health or Safety. We may disclose PHI about you to law enforcement in order to avoid a serious threat to the health and safety of a person or the public. This may include disclosures relating to assisting with product recalls, reporting adverse reactions to medications, or reporting suspected neglect, abuse, or domestic violence
- For Law Enforcement or Specific Government Functions. We may disclose PHI in response to a request by a law enforcement official made through a court order, subpoena, warrant, summons or similar process. We may disclose PHI about you to federal officials for intelligence, counterintelligence, and other national security activities authorized by law. We may also disclose PHI in relation to workers’ compensation claims.
- When Requested as Part of a Regulatory or Legal Proceeding. If you or your estate is involved in a lawsuit or a dispute, we may disclose PHI about you in response to a court or administrative order. We may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the PHI requested. We may also disclose PHI to any governmental agency or regulator with whom you have filed a complaint or as part of a regulatory agency examination.
- Other Uses of PHI. Other uses and disclosures of PHI not covered by this notice and permitted by the laws that apply to us will be made only with your written authorization or that of your legal representative. If we are authorized to use or disclose PHI about you, you or your legally authorized representative may revoke that authorization, in writing, at any time. We cannot take back any uses or disclosures already made with your authorization.
- Disclosure to Family, Friends, and Others. We may disclose PHI about you to your family or other persons who are involved by consent in your medical care.
Your PHI Privacy Rights
- Right to See and Get Copies of Your PHI. In most cases, you have the right to look at or get electronic or paper copies of your PHI. You must make the request in writing and include dates and location(s) of service. You may be charged a reasonable, cost-based fee for the cost of copying and mailing the PHI to you.
- Right to Request to Correct or Update Your PHI. You may ask us to change or add missing PHI if you think there is a mistake. You must make the request in writing and provide a reason for your request. However, there are conditions under which we may deny this request. If we do deny your request, we will tell you why, in writing, within 60 days.
- Right to Get a List of Disclosures. You have the right to ask us for a list (accounting) of disclosures made after April 14, 2003 and up to six years prior to the date you made the request. You must make the request in writing. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
- Right to Request Limits on Uses or Disclosures of Your PHI. You have the right to ask us to limit how PHI about you is used or disclosed. You must make the request in writing and tell us what PHI you want to limit and to whom you want the limits to apply. In your request, you must you must tell us (1) dates and location(s) of service (2) what information you want to limit; (3) whether you want to limit our use, disclosure, or both; (4) to whom you want the limits to apply (for example , disclosure to your spouse or parent). To make a request, you must make your request in writing to Privacy Coordinator, Health Testing Centers/Testing.com, 3403 NW 9th Avenue, Suite 803, Fort Lauderdale, FL 33309. We will not agree to restrictions on PHI uses or disclosures that are legally required, may affect your care, or which are necessary to administer our business. While we will consider your request, we are not required to agree to it. If we do agree to it, we will comply with your request.
- Right to Revoke Permission. If you are asked to sign an authorization to use or disclose PHI about you, you can cancel that authorization at any time. You must make the request in writing. This will not affect PHI that has already been shared.
- Right To Choose How We Communicate With You. You have the right to ask us to share your PHI with you in a certain way or in a certain place. For example, you may ask us to send PHI about you to your work address instead of your home address. You must make this request in writing. You do not have to explain the basis for your request.
- Right to File a Complaint. You have the right to file a complaint if you do not agree with how we have used or disclosed PHI about you. All complaints must be submitted in writing. Your services will not be affected by any complaints you make. We cannot retaliate against you for filing a complaint or refusing to agree to something that you believe to be unlawful. You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
- Right to Get a Paper Copy of this Notice. You have the right to ask for a paper copy of this notice at any time.
- You May Appoint Someone to Act for You. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
We reserve the right to change the terms of this Notice of Privacy Practices at any time. Any changes will apply to information we already have and any information we receive in the future. A copy of the new notice will be posted on Testing.com and provided to individuals upon request as required by law. You may request a copy of the current notice at any time.