Decipher Website HIPAA Notice of Privacy Practices
Last Updated: May 22, 2020
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Decipher Biosciences, Inc. (“Decipher Biosciences”, “we”, “us”, or “our”) is committed to protecting the privacy of your personal information, laboratory test results and other protected health information. This notice describes the privacy practices of Decipher Biosciences, its employees and other personnel.
Decipher Biosciences is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to maintain the privacy of health information about you (“Protected Health Information” or “PHI”) and to provide you with this Notice of our legal duties and privacy practices with respect to your Protected Health Information.
This Notice describes how we may use and disclose your Protected Health Information to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. This notice also describes your rights with respect to your Protected Health Information. When we use or disclose your Protected Health Information, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).
USES AND DISCLOSURES OF HEALTH INFORMATION
Your Protected Health Information may be used and disclosed for treatment, payment, healthcare operations and other purposes permitted or required by law. We may use and disclose your Protected Health Information for the following purposes:
A. Treatment. Decipher Biosciences may use or disclose your health information to provide and coordinate the treatment and services you receive. For example, we may use your Protected Health Information to perform our testing services and disclose your health information, including laboratory test results, to physicians involved in your care.
B. Payment. Decipher Biosciences may use or disclose your health information to obtain payment for healthcare services we provide. For example, we will submit a claim to you or your health plan/insurer that discloses your information about the services we performed for you to receive payment for the services provided to you.
C. Healthcare Operations. Decipher Biosciences may use and disclose your health information to monitor and support the operation of our laboratory. These activities include, for example, monitoring the quality of our testing services, reviewing the competence or qualifications of laboratory professionals, conducting training programs, performing accreditation, certification, licensing and credentialing activities and other administrative functions, and de-identifying your PHI in connection with our business purposes, including such data for research purposes, making such de-identified data available to certain third parties, and/or to provide and improve our products and services.
D. Personal Representatives. We may disclose Protected Health Information about you to your authorized personal representative, as defined by applicable law, or to an administrator, executor or other authorized person responsible for your estate.
E. Minors – Protected Health Information. As permitted by federal and state law, we may disclose Protected Health Information about minors to their parents or guardians.
F. Persons Involved in Your Care or Payment for Your Care. We may disclose your health information to a person involved in your care or payment for your care, such as a family member or close friend. We may use or disclose your Protected Health Information for disaster relief efforts or to notify a family member or close friend of your location or general condition. If you do not want us to use or disclose your Protected Health Information in these ways, you must notify our Privacy Officer using the contact information at the end of this Notice.
G. Communications About Our Products and Services. We may use and disclose your Protected Health Information to contact you with information about treatment alternatives or other health related benefits, products and services that we believe might be of interest to you. You may contact our Privacy Officer to request that these materials not be sent to you.
H. Business Associates. There are some services provided by Decipher Biosciences through contractual arrangements and we may disclose your Protected Health Information to such companies or individuals, known as “business associates”, who need your information to provide services to us. For example, we may use another company to perform billing services on our behalf. Decipher Biosciences requires our business associates to protect the privacy of your health information.
I. As Required by Law. We must disclose your Protected Health Information when required to do so by any applicable federal, state or local law.
J. Food and Drug Administration (FDA). We may disclose to the FDA, or persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
K. Worker’s Compensation. We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs that provide benefits for work-related injuries or illness without regard to fault.
L. Public Health. As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
M. Law Enforcement. We may disclose your PHI for law enforcement purposes as permitted by law or in response to a valid subpoena or court order.
N. Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
O. Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or by us to tell you about the request or to obtain an order protecting the information requested.
P. Research. We may disclose your PHI to researchers when their research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
Q. Coroners, Medical Examiners, and Funeral Directors. We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties.
R. Organ or Tissue Procurement Organizations. Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking or transplantation of organs for the purpose of tissue donation and transplant.
Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.
S. Correctional Institution. If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of other individuals.
T. To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
U. Military and Veterans. If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
V. Specialized Government Functions. Under certain circumstances, we may disclose your PHI to units of the government with specialized functions such as the U.S. Military or the U.S. Department of State in response to requests as authorized by law.
W. Abuse or Neglect. We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.
X. Workers’ Compensation. We may disclose your Protected Health Information as necessary to comply with requirements of workers’ compensation or similar programs that provide benefits for work-related injuries or illness without regard to fault.
Y. All Other Uses and Disclosures of Protected Health Information. We will ask for your written authorization before using, selling or disclosing your Protected Health Information for any purpose not described above (or as otherwise permitted or required by law). Further, we will not share your PHI with other organizations for their marketing or promotional uses without your express consent. You may revoke your authorization, in writing, at any time, except that a revocation will not affect any use or disclosures we have made in reliance on such
You have the following rights with respect to your Protected Health Information. You may request a copy of our current Notice at any time from the Privacy Officer. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. To exercise any of the rights discussed herein, please contact our Privacy Officer using the contact information provided at the end of this Notice.
1. Access to Protected Health Information.
You or your authorized or designated personal representative have the right to inspect and copy your Protected Health Information, the laboratory test results created by us and billing information maintained by us. You must make your request in writing to the Privacy Officer and you will receive these records within 30 days. We may charge you a fee for the costs of copying, mailing and supplies that are necessary to fulfill your request. We may deny access to certain information for specific reasons, for example, where state law prohibits such patient access.
2. Restrictions on Uses and Disclosures.
You have the right to request restrictions on our use and disclosure of your Protected Health Information. This includes your right to restrict us from disclosing information to health plans concerning tests and/or services which were paid for out-of-pocket directly by you. You also have the right to opt out of any communications associated with fundraising activities that we might undertake. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction.
You have the right to request that we communicate with you about your Protected Health Information by alternative means or to an alternative address. Your request must be in writing and must specify the alternative means or location. We will accommodate reasonable requests for confidential communications.
4. Amend or Update Information.
If you feel the Protected Health Information or billing information we maintain about you is incomplete or contains an error, you may request that we correct or update your information. Your request must be in writing and must explain why the information should be corrected or updated. We may deny your request under certain circumstances. If we deny your request, we will provide you with a written explanation for the denial.
5. Accounting of Disclosures.
You have the right to receive an accounting of the disclosures we have made of your PHI for purposes other than treatment, payment, healthcare operations and certain other activities. The right to receive an accounting is subject to certain exceptions, restrictions and limitations. To request an accounting, you must submit a request in writing to the Privacy Officer. Your request must specify the time period for which you would like an accounting, but this time period may not be longer than six years.
6. Right to Receive a Notice of Certain Breaches.
You have the right to receive notice in the event that we or one of our business associates create, receive, maintain or transmit your PHI in an unsecured manner (such as in paper form or if the PHI is in electronic form but is not secured) and a breach of our safeguards occurs.
QUESTIONS, COMMENTS & COMPLAINTS
If you want more information about our privacy practices, or have general questions or concerns, please contact our Privacy Officer using the contact information listed at the end of this Notice. If you are concerned that we may have violated your privacy rights, you may submit a complaint to our Privacy Officer using the contact information listed below. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request. We support your right to the privacy of your health information. We will not retaliate against you in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
CHANGES TO OUR NOTICE OF PRIVACY PRACTICES
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. If we change this Notice, we may make the new notice terms effective for all Protected Health Information that we maintain, including any information created or received prior to issuing the new Notice.
If we make changes to this Notice, we will promptly post a copy of the updated Notice on our website at: [www.decipherbio.com]. Please review this website periodically to ensure that you are aware of any updates. You also may request a copy of the current Notice by contacting our Privacy Officer using the contact information provided below.
When communicating with us regarding this Notice, our privacy practices or your rights with respect to our use and disclosure of your Protected Health Information, please use the following contact information:
Decipher Biosciences, Inc.
Attention: Privacy Officer
6295 Lusk Boulevard, Suite 200
San Diego, CA 92121-2789