AltheaDx, Inc. Notice of Privacy Practices
Your Information. Your Rights. Our Responsibilities.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
AltheaDx, Inc. (“AltheaDx”) is a provider of laboratory testing services. In providing testing services, AltheaDx receives, creates and discloses personal health information. This information is private and confidential. There are policies and procedures in place to protect the information against unlawful use and disclosure. This notice describes information we collect, how we use that information, and when and to whom we may disclose it.
II. Protected Health Information and Our Obligations
Protected health information or “PHI” (also called “personal health information”), is current, past or future information created or received by AltheaDx from physicians about patients for whom testing is ordered from AltheaDx. It may indicate the physical condition of a patient, the provision of health care to that patient, or payment for the provision of health care to that patient. The term PHI does not generally include publicly available information, or information available or reported in a summarized format.
We are required by law to maintain the privacy and security of your protected health information.
We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
We must follow the duties and privacy practices described in this notice and give you a copy of it (or other notice in effect at the time of the use or disclosure).
We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
III. Information Collected and Created by AltheaDx
AltheaDx collects the information that is minimally necessary to provide testing services and to obtain payment for these services. This may include name, address, telephone number, social security number, date of birth, medical history, diagnosis, treatment, provider identification and treatment information, financial responsibility and payment information.
AltheaDx creates, through its testing services, information to be used by a physician in the diagnosis of disease or condition or in the treatment of a disease or condition.
IV. Protection of PHI
Our use and disclosure of PHI must comply not only with federal privacy regulations but also with applicable California law. Access to PHI is restricted to only those employees of AltheaDx who need it in order to provide services to clients and patients. We maintain physical, technical and procedural safeguards to protect PHI against unauthorized use and disclosure. We have a Compliance Officer who is responsible for developing, educating AltheaDx personnel about, and overseeing the implementation and enforcement of policies and procedures designed to safeguard PHI against inappropriate use and disclosure consistent with the applicable law.
In the following cases we never share your information unless you give us written permission:
- Marketing purposes
- Sale of your information
V. Standard Uses and Disclosures of PHI
How else can we use or share your health information? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.
For more information see:
In the course of providing laboratory services, AltheaDx uses PHI internally and discloses it to health care providers (doctors requesting services, laboratory personnel involved in ordering services and other caregivers), insurers, third party administrators, plan sponsors and other payors (employers, health care provider organizations and others who may be responsible for paying for or administering your health benefits); vendors, consultants, government authorities; and their respective agents. They are required by law to keep PHI confidential. Some examples of what we do with the information we collect and the reasons it might be disclosed to third parties are described below.
We may use or disclose PHI with or without your consent to provide health care services. Examples of these uses and disclosures include:
- Treatment – the fulfillment of requests by physicians to perform laboratory testing services is considered the provision of treatment.
- Payment – AltheaDx uses and discloses PHI to obtain reimbursement for testing services. Examples of these payment activities include: billing, collections activities, determination of eligibility and obtaining authorization for services. We may use or disclose PHI in connection with payment activities with or without your consent.
- Health care operations – AltheaDx uses and discloses PHI for our health care operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the services provided. We may use information to contact you when necessary.
Other Activities Permitted or Required by Law – We may use or disclose PHI for other important activities permitted or required by law, with or without your authorization. These include:
- Required by Law – We may use or disclose PHI to the extent such use or disclosure is required by law and it complies with and is limited to the requirements of that law. We use and disclose PHI for certain law enforcement purposes and in response to official subpoenas, court orders, discovery requests, workers’ compensation law and other legal process. In addition, we use and disclose PHI in connection with health oversight activities (e.g., government audits of our compliance with certain laws and regulations; oversight of government-funded health benefits programs, and, the Department of Health and Human Services if it wants to see if we’re complying with federal privacy law).
- Health Research – We use and disclose PHI in connection with research subject to the oversight of an Institutional Review Board. Sometimes, where permitted under federal law and institutional policy, and approved by an Institutional Review Board or a privacy board, PHI may be used or disclosed. In addition, PHI may be used or disclosed to compile “limited or de-identified data sets” that do not include your name, address, social security number or other direct identifiers. These data sets may, in turn, be used for research purposes.
- Help with public safety issues – We can share information about you for certain situations such as:
- Preventing disease
- Helping with product recalls
- Reporting adverse reactions to medications
- Reporting suspected abuse, neglect, or domestic violence
- Preventing or reducing a serious threat to anyone’s health or safety
- Work with a medical examiner or funeral director – We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
- Respond to organ and tissue donation requests – We can share health information about you with organ procurement organizations.
- Family and Friends – If you choose someone to act for you: under certain circumstances, we may disclose PHI to family members, other relatives, or close personal friends or others that you identify to the extent it is directly relevant to their involvement with your care or payment related to your care.If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.We will make sure the person has this authority and can act for you before we take action.
VI. Requesting Other Disclosures
It is possible to request that we disclose PHI to people in ways not described above. To authorize us to disclose your personal health information to a person or organization or for reasons other than those described in the section above, see the contact information at the bottom of this page. If you make a special authorization and later change your mind about this, you may send a letter to us to let us know that you would like to revoke the special authorization. In any communication with us, please provide your name, address, patient identification number or Social Security number, and a telephone number where we can reach you in case we need to contact you about your request.
VII. Your Rights with Respect to PHI
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Ask us to limit what we use or share: You have a right to ask us in writing to restrict use or disclosure of your PHI related to your treatment, related to your payment or related to routine health care operations. In addition, you may request PHI disclosure restrictions to family members, other relatives or close friends involved in your care. We are not required to agree to such a restriction, but if we do agree, we will honor our agreement except in case of an emergency. Any restriction we agree to is not effective to prevent uses or disclosures of PHI required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with federal privacy regulations adopted under the Health Insurance Portability and Accountability Act of 1996 or for certain activities permitted or required by law (see Section V above).
If you pay for a service out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer.
· We will say “yes” unless a law requires us to share that information.
- Request confidential communications – You may request, in writing, to receive confidential communications containing your PHI from us in ways or at locations that are outside our usual process (for example, home or office phone) or send to a different address. We will make every effort to accommodate reasonable requests.
- You have a right to review and obtain a copy of existing PHI contained in medical and billing records about you maintained by AltheaDx. You must make your request in writing and this right is limited to existing records that are maintained, collected, used or disseminated by AltheaDx. This right does not apply to results of clinical testing – this information is specifically excluded by law; or to information we compile in reasonable anticipation of, or for use in, civil, criminal or administrative actions or proceedings. We may charge a fee for any copies you request.
- Ask us to correct your records: You have a right to request that we amend the records described above for as long as we maintain them. You must make the request in writing for information you feel is incorrect or incomplete and give us a reason for the amendment. We may deny your request if: (i) we determine that we did not create the record, unless the originator of the PHI is no longer available to act on the requested amendment; or (ii) if we believe that the existing records are accurate and complete. Note that an amendment may take several forms; for example we may add an explanatory statement to a record rather than changing it.
· We may say “no” to your request, but we’ll tell you why in writing within 60 days.
- Get a list of those whom we’ve shared information: You have a right to ask for an accounting of disclosures made by AltheaDx to any third party in the six years prior to the date on which the accounting is requested. This right does not apply to certain disclosures, including, but not limited to, disclosures made for the purposes of treatment, payment or health care operations; disclosures made to you or to others involved in your care; disclosures made with your authorization; disclosures made for national security or intelligence purposes or to correctional institutions or law enforcement purposes; or disclosures made prior to April 14, 2003. You must make any request for an accounting in writing and we may charge a fee to fill more than one request in any given year.
- Tell us to share information in a disaster relief situation.
- Get an electronic or paper copy of your medical record: You can ask to see or get an electronic or paper copy of your medical record or other health information we have about you. Ask us how to do this.
We will provide a copy of a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
VIII. Distribution and Updates of This Notice
Get a copy of this privacy notice: This notice is published on the AltheaDx, Inc. web site at: www.idgenetix.com/contact-us/privacypolicy. A copy may be printed from the website or you can ask for a paper copy at any time. We will provide you with a paper copy promptly.
Changes to the Terms of This Notice – We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our website.
IX. Effective Date and Duration of This Notice
X. Communication with AltheaDx
As a convenience, AltheaDx may make available email addresses by which you can communicate with us regarding billing issues. Please be advised that email is not a secure means of communication, therefore AltheaDx cannot guarantee the security of any information that you send to us prior to our receipt of it. This fact may also restrict our use of email in communicating any response to you – we will make every attempt to use alternate means of communicating anything that may be considered sensitive information.
XI. Copy of Notice, Questions or Complaints
File a complaint if you feel your rights are violated. If you have questions about the Notice of Privacy Practices, or believe its terms or any AltheaDx privacy or confidentiality policy has been violated with respect to information about you, please let us know immediately by contacting us at 858-224-7200 and request the Compliance Officer. Please include your name, address, and a telephone number where we can contact you, and a brief description of the complaint. If you prefer, you may lodge an anonymous complaint.Compliance Officer
3030 Bunker Hill Street
San Diego, CA 92109
You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to:The U.S. Department of Health and Human Services Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Or, by calling:
Or, visiting www.hhs.gov/ocr/privacy/hipaa/complaints/
- We will not retaliate against you for filing a complaint.
Please provide as much information as possible so that the complaint can be properly investigated. AltheaDx will not retaliate against a person who files a complaint with us or with the Secretary of the Department of Health and Human Services.
Personal Information Collected by AltheaDx
AltheaDx collects information which you enter on our Website. This information is provided by you on our Contact page or when you communicate with AltheaDx Customer Service or other departments through our Website, Email, telephone, mail or fax.
The types of information we receive may include your name, address, phone number, Email address and other
information to help us assist you.
How Do We Use Your Information?
We may use the information we collect from you when you request information, visit our website, or use certain other site features to allow us to better serve you in responding to your inquiries or requests.
Use of ‘Cookies’
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information.
We may also use trusted third party services that track this information on our behalf.
Your browser allows you to reject cookies and software is available from third parties which will allow you to visit our Web site without providing information such as your IP address used to connect your computer to the Internet; computer and connection information such as your browser type and version; operating system and platform; and URLs which lead you to and around our Web site including the date and time.
Third Party Disclosure
AltheaDx will not sell, trade, or otherwise transfer your personally identifiable information to outside parties. AltheaDx collects information from our visitors and users of our Website and uses the information internally for marketing and administration purposes, to fulfill your requests, or as legally required under law. We will never share your personal information with any unrelated 3rd party except as necessary to fulfill transactions that you initiate or as described in this Policy.
Third Party Links
We do not include or offer third party products or services on our website.
Google’s advertising requirements are described on Google’s Advertising Policies Webpage and support a responsible and positive experience for users.
AltheaDx uses Google AdSense Advertising on our website.
AltheaDx has implemented the following:
- Remarketing with Google AdSense
- Google Display Network Impression Reporting
- Demographics and Interests Reporting
We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you by using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently by using the Google Analytics Opt Out Browser add on.
California Online Privacy Protection Act
In Accordance to CalOPPA AltheaDx Agrees to the Following:
- Users can visit our website anonymously.
after entering our website.
- Users are able to change their personal information by contacting us.
AltheaDx’s Policy for “Do Not Track” Signals
AltheaDx honors do not track signals and does not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Third Party Behavioral Tracking
Third party behavioral tracking is allowed.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and describes penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Market to our mailing list or continue to send emails after the original inquiry.
In Compliance with CANSPAM AltheaDx Agrees to:
- NOT use false, or misleading subjects or email addresses.
- Identify the message as an advertisement in a suitable way.
- Include the physical address of our business headquarters.
- Monitor third party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org and we will promptly remove you from ALL correspondence.
3030 Bunker Hill Street
San Diego, CA 92109