HIPAA Policy

Notice of Privacy Practices for Protected Health Information

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW CAREFULLY.

Rules-Based Medicine, Inc. (RBM) is committed to maintaining the privacy of your Protected Health Information also referred to in this Notice as health information that is provided to us. This document specifies our privacy practices, including how we use and/or disclose your health information in compliance with the Standards for Privacy of Individually Identifiable Health Information, issued pursuant to the Health Insurance Portability and Accountability Act of 1996 (the “HIPAA Privacy Standards”). As a covered entity, we are required to protect and maintain the privacy of all of your health information, to provide you with notice of our legal duties and privacy practices regarding your health information and to abide by the terms of this Notice. This Notice describes our efforts to maintain your trust by following the standards for patient privacy and confidentiality set forth in the HIPAA Privacy Standards.

  1. Your Personal Health Information
    In order to provide you with laboratory services, we receive your health information from your healthcare provider or referring laboratory that asked us to test your sample. We will only use or disclose the minimum amount of your health information we consider necessary to perform a job or complete an activity. The HIPAA Privacy Standards require us to protect any of this health information that will identify you, such as your name, Social Security Number, telephone number, address, etc. We protect this information regardless of the form in which we receive it (e.g., oral, written, or recorded in other media).

  2. Examples of Allowable Uses or Disclosures of Your Personal Health Information
    Some uses and disclosures of medical information may be subject to additional restrictions under federal and state laws and regulations. Under certain circumstances these laws will provide your health information with additional privacy protections beyond what is described in this Notice.

    1. Treatment
      We may use your health information provided by healthcare provider or a referring laboratory to help provide or coordinate medical treatment or services. Requisitions for laboratory services may contain personal identifiable information. The disclosure of this information, as is our disclosure of the laboratory results to the referring laboratory or your healthcare provider is permitted because it is pursuant to your treatment.

    2. Payment
      We may use and disclose your health information for payment purposes including billing, collections, and claims management, and determinations of eligibility and coverage. For example, we may provide information to your health plan to receive payment for the laboratory services provided to you.

    3. Healthcare Operations
      We may use and disclose your health information as part of normal business operations to maintain the high quality of our laboratory services. For instance, we may use or disclose your health information for our quality assurance activities, accreditation and certification, business planning, development, management, and administrative activities. We may also disclose your health information to another covered entity, to allow it to perform its healthcare operations, but only if we both have a relationship with you.

    4. Personal Representative
      We may disclose your health information to someone who has your permission to act on your behalf or who is legally authorized to act on your behalf. We will require this person to provide adequate proof that he or she has such permission or authorization.

    5. Business Associates
      We may use and disclose your health information with third-party “business associates” that perform various activities on our behalf, for example, submitting claims and obtaining payment for our services or assisting us with carrying out our business operations. If we disclose your health information to a business associate, we will have a written contract that requires our business associate to protect the privacy of your health information.

    6. Disclosure Required by Law
      We must disclose your health information if required to do so by federal, state, or local law.

    7. Public Health and Safety
      We may disclose health information to public health or legal authorities and other entities charged with preventing or controlling disease, injury, or disability. Health information may also be disclosed to avert a serious threat to your health or safety or the health or safety of the public or another person, however, such disclosure would only be to someone able to help prevent the threat.

    8. Law Enforcement
      We may disclose your health information for law enforcement purposes including for judicial and administrative proceedings pursuant to legal authority, to report information related to victims of abuse, neglect or domestic violence; and to assist law enforcement officials in their law enforcement duties.

    9. Judicial Proceedings
      We may disclose your health information in response to a court or administrative order. We may also disclose your health information in response to a subpoena or discovery request if we are assured that you have been given notice of the request and have not objected.

    10. Health Oversight Activities
      We may disclose your health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections and licensure surveys. These activities are necessary for the government to monitor healthcare systems, government programs, and compliance with civil rights laws.

    11. Research
      We may disclose your health information to researchers when their research has been approved by an institutional review or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.

    12. Other Special Uses and Disclosures
      Subject to the requirements of applicable law, we may also use or disclose your health information for the purposes of: Organ and Tissue Donation (if you are a donor, to procurement or transplantation organizations); Workers Compensation (to programs that provide benefits for work related injuries or illnesses); Coroners, Medical Examiners and Funeral Directors (to determine cause of death or to carry out funeral director services); Disaster Relief Efforts (to public and private entities authorized to assist in disaster relief efforts); Military and Veterans (if you are an Armed Forces member or foreign military member, as required by appropriate military command authorities); National Security and Intelligence Activities (to authorized Federal Officials for intelligence, counterintelligence or other national security activities); and Protective Services for the President and Others (to authorized Federal Officials to protect the present foreign heads if state of other authorized persons or to conduct special investigations).

    13. De-identified Health Information and Limited Data Sets
      We may create de-identified health information or limited data sets by removing certain identifiers from your health information. We will make use of limited data sets only after the relevant identifying data have been removed and only to organizations with which we have adequate data use agreements which protect the confidentiality of the information.

    14. In All Other Situations We Use and Disclose Your Personal Information only with Your Authorization
      Except as otherwise permitted or required, we do not use or disclose your health information without your written authorization and then we use or disclose it only in a manner consistent with the terms of such authorization. If you revoke your authorization, we will no longer use or disclose your health information for the reasons covered by the authorization; however, we are unable to take back any disclosures we have already made in reliance upon your authorization.

  3. Your Rights With Respect to Your Health Information
    Under the HIPAA Privacy Standards, you have certain rights with respect to your health information. As a clinical and reference laboratory, RBM does not deal directly with patients. Our contact for health information usually is your healthcare provider or referring laboratory. There may be unique circumstances in which RBM responds directly to patients, but these circumstances are limited. To the extent possible and appropriate, you should contact your healthcare provider to exercise the rights listed in this Notice. We will try to accommodate requests from our healthcare provider clients, if legally permissible, and clinically appropriate to respond to your exercise of these rights, which include:

    1. Right To Inspect and Copy Your Health Information
      RBM is subject to the Clinical Laboratory Improvement Amendments of 1988 (“CLIA”), applicable state law provisions may restrict your right to access and copy your test results. For example, some states require physician authorization to release laboratory test results to patients, and other states prohibit a laboratory from releasing test results directly to a patient. Thus, we can only provide you access to, and provide a copy of, your test results, if state law permits us to do so. Because state laws may differ, it may be quicker and easier for you to directly contact your healthcare provider for a copy of your test results.

      You may request the opportunity to inspect or receive a copy of your health information as we have received it from your healthcare provider (e.g., information that was provided to us on your requisition form). In order to inspect and copy your health information, you must submit your request in writing to the Privacy Officer at the address noted below. We may charge you a fee for the costs of copying, mailing and supplies that are necessary to fulfill your request. We may also deny your request to inspect and copy your health information in other certain very limited circumstances.

    2. Right to Receive Your Health Information via Confidential Communications
      You may request confidential communications from us regarding your health information by alternative means or at alternative locations. To make such a request, you must submit your request in writing to the Privacy Officer at the address noted below.

    3. Right to Request Restrictions on Use or Disclosure
      You may request restrictions on our uses and disclosures of health information for treatment, payment and healthcare operations. However, we are not required to agree to your request, except we will agree to a request to restrict health information disclosed to a health plan for payment or healthcare operations (i.e., non-treatment) purposes if the information is about the laboratory test for which you paid us, out-of-pocket, in full. To request a restriction, you must submit your request in writing to the Privacy Officer at the address noted below.

    4. Right to Amend Your Health Information
      You may request an amendment to your protected health information. We may deny your request for amendment in certain limited situations. To request an amendment to your health information, you must submit your request in writing to the Privacy Officer at the address noted below, along with a description of the reason for your request.

    5. Right to Receive an Accounting of Disclosures of Your Health Information
      You may request to receive a written accounting of all of the disclosures we have made of your health information, however, the accounting will not list certain disclosures, such as those made pursuant to treatment, payment, or healthcare operations or those made pursuant to your written authorization. To request an accounting of disclosures, you must submit your request in writing to the Privacy Officer at the address noted below.

    6. Right to Receive this Notice of Privacy Practices
      You may request a copy of our current Notice of Privacy Practices in printed or electronic form by contacting the Privacy Officer at the address noted below.

    7. Right to Complain
      We are committed to complying with the privacy practices described in this Notice of Privacy Practices. If you believe that your privacy rights have been violated, you may file a complaint with us and/or with the Department of Health and Human Services, Office of Civil Rights. To file a complaint with us, please send a letter to the Privacy Officer the address noted below. RBM will not retaliate against you in any way if you file a complaint with us or the Office of Civil Rights.

  4. Revisions to this Notice of Privacy Practices
    We reserve the right to revise or amend this Notice of Privacy Practices, at any time, to reflect changes in our privacy practices. Any such changes will be applicable to and effective for all health information that we maintain including the health information we created or received prior to the effective date of the Notice revision. We will post the most recent version of this Notice on our website at http://www.veripsych.com.

Contacting Us Regarding our Privacy Practices
If you have any questions about our privacy practices or how we use and disclose your health information, please contact us. Send questions, requests, or complaints to:

Rules-Based Medicine, Inc.
Attn: Privacy Officer
3300 Duval Road
Austin, TX 78759
Phone: 1-866-726-6277
Fax: 1-512-835-4687

privacy@rulesbasedmedicine.com

Effective Date of Notice: April 15, 2010