Download Printable Version
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
ATHENA DIAGNOSTICS NOTICE OF PRIVACY PRACTICES
Effective: April 14, 2003
Revised: October 29, 2010
Athena Diagnostics, Inc. is committed to maintaining the privacy of your protected health information (PHI) that is provided to us. This document specifies our privacy practices, including how we use and/or disclose your PHI in compliance with the Standards for Privacy of Individually Identifiable Health Information, issued pursuant to the Health Insurance Portability and Accountability Act of 1996 (the “HIPAA Privacy Standards”) and with the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5) pursuant to Title XIII of Division A and Title IV of Division B, called the “Health Information Technology for Economic and Clinical Health (“HITECH”) Act that provides modifications to the HIPAA Privacy and Security Rule (hereinafter, all references to the “HIPAA Privacy and Security Rule” are deemed to include all amendments to such rule contained in the HITECH Act and any accompanying regulations, and any other subsequently adopted amendments or regulations). As a covered entity, we are required to protect and maintain the privacy and security of all of your health information, to provide you with notice of our legal duties and privacy and security practices regarding PHI, and to abide by the terms of this Notice. As a covered entity, we have a policy in place that includes a procedure for response to any breach in PHI which includes a notice to any patient for which a breach occurred. This Notice describes our efforts to maintain your trust by following the standards for patient privacy and confidentiality set forth in the HIPAA Privacy and Security Standards.
Your Personal Health Information
In order to provide you with laboratory services, we receive your health information from your healthcare provider or another laboratory that asked us to test your sample. The HIPAA Privacy and Security Standards require us to protect any of this health information that will identify you, such as your name, Social Security Number, telephone number, address, etc. We protect this information regardless of the form in which we receive it (e.g., oral, written, or recorded in other media).
Examples of Allowable Uses or Disclosures of Your Personal Health Information
The HIPAA Privacy and Security Standards allow healthcare entities to receive and disclose your information without obtaining your authorization, for treatment, payment, and healthcare operations purposes. Each of these purposes is explained below.
Legitimate Use and Disclosure When Required by Law
Treatment: When we receive a requisition for laboratory services requested by your healthcare provider or a referring laboratory, it contains your name, age, and other identifiable information. The disclosure of this information to us is considered treatment, as is our disclosure of the laboratory results to the referring laboratory or your healthcare provider.
Payment: We may legitimately use and disclose your health information for payment purposes, for example, sending your information to a billing service to file claims for us with health plans or other payors.
Healthcare Operations: We may disclose your information as part of our internal operations to maintain the high quality of our laboratory services. We may use or disclose protected health information, for instance, to assure quality, accreditation and certification, licensing, or credentialing activities.
The HIPAA Privacy and Security Standards specify certain other circumstances where we may legally use or disclose protected health information without your authorization; these situations generally are for public health and safety, legal, and judicial purposes.
Public health: As required by law, we may disclose your health information to public health or legal authorities and other entities charged with preventing or controlling disease, injury, or disability. We may also disclose health information for health oversight activities.
Communication with family: Occasionally, our staff may discuss particular diseases and their inheritance patterns with you or your family members, if you agree. However, we will not release your results or other PHI to you or your family members.
Research: We may disclose information to researchers when an institution’s review board (a committee that reviews the ethics of research projects) has reviewed the proposed study and established protocols to ensure the privacy of the health information used in their research and determined that the researcher does not need to obtain your authorization prior to using your PHI for research purposes. We may also disclose information about descendents to researchers under certain circumstances.
Organ procurement organizations: We may disclose health information consistent with applicable law to organ procurement organizations or other entities for the purposes of tissue donation and transplant.
Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse events with respect to product defects or may post marketing surveillance information to enable product recalls, repairs, or replacement.
Workers compensation: We may disclose health information to the extent authorized by, and necessary to comply with, laws relating to workers compensation or other similar programs established by law.
Correctional institution: If you are an inmate of a correctional institution, we may disclose to the institution or agents thereof health information necessary for the health and safety of other individuals.
Law enforcement: We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena. We may also disclose health information to appropriate agencies if we believe there is the possibility of abuse, neglect, or domestic violence.
Judicial proceedings: We may disclose health information to courts or administrative agencies in response to a court order, or a discovery request. In the case of the latter, we will not disclose the information unless we are satisfied that you have been given notice of the request and have not objected, or the party seeking the information obtains an order protecting the information from further disclosure.
In All Other Situations We Use and Disclose Your Personal Information only with Your Authorization
Except as otherwise permitted or required, we do not use or disclose your personal health information without your written authorization and then we use or disclose it only in a manner consistent with the terms of that authorization. You may revoke the authorization to use or disclose any PHI at any time, by writing to the contact person listed in this Notice, unless we have already acted under that authorization.
Your Rights With Respect to Your Personal Health Information
Under the HIPAA Privacy and Security Standards, you have certain rights with respect to your PHI. As a clinical laboratory, Athena Diagnostics, Inc. does not, as a matter of practice, deal directly with patients. Our contact for health information usually is your healthcare provider or another clinical laboratory. There may be unique circumstances in which Athena Diagnostics, Inc. responds directly to patients, but these circumstances are limited.
To the extent possible and appropriate, you should contact your healthcare provider to exercise the rights listed in this Notice. We will try to accommodate requests from our healthcare provider clients, if legally permissible, and clinically appropriate to respond to your exercise of these rights, which include:
Right To Inspect and Copy Personal Health Information: You have the right to request a copy your personal information as we have received it. However, we are not permitted to disclose your test results directly to you, under Massachusetts law. You may ask your healthcare provider for a copy of your test results, if you wish.
Right To Receive Personal Health Information via Confidential Communications: Upon request from your healthcare provider we will send them your personal information in a confidential manner.
Right To Receive this Notice of Privacy Practices: You can request and receive a free copy of this Notice of Privacy Practices in printed or electronic form by writing or calling the contact person listed in this Notice.
Right To Request Restrictions On Use Or Disclosure: You can request restrictions on certain uses and disclosures of their personal health information; we are not required to agree with the request. If we do agree, we will not violate that restriction except in certain emergency situations. You may ask your healthcare provider to request that Athena Diagnostics restrict the disclosure of your test results, if you wish.
Right To Amend Personal Health Information: You can request that we amend your personal health information or your clinical record. The HIPAA Privacy and Security Standards provide that we can deny the request for amendment under certain specified circumstances. If we do deny your request to amend, we will explain why to you, and explain your rights to seek review of that decision, if required under the HIPAA Privacy and Security Standards. You may ask your healthcare provider to request that Athena Diagnostics amend your test results, if you wish.
Right To Receive An Accounting Of Disclosures of Personal Health Information: You can get a written accounting of all of our disclosures of your personal health information not directly related to treatment, payment, healthcare operations, or disclosed based on a signed authorization or for other legitimate purposes as stated above. You may ask your healthcare provider to request that Athena Diagnostics, Inc. provide an accounting of all disclosures of your test results, if you wish.
Right to Complain: We are committed to complying with the privacy practices described in this Notice of Privacy Practices. If you believe that we have violated any of them, you may file a complaint with us and/or with the Department of Health and Human Services, Office of Civil Rights. To file a complaint with us, please send a letter to the contact person listed in this Notice. Athena Diagnostics, Inc. will not retaliate in any way if you file a complaint with the Office of Civil Rights or with us.
Notice of Breach
If we or one of our business associates acquires, accesses, uses or discloses your PHI in a manner not permitted by HIPAA that compromises the privacy or security of your PHI (a “breach”), we are required to notify you. The notification shall be in writing and may include: (a) a description of what happened, (b) the dates of the breach and its discovery, (c) a description of the type of information involved, (d) steps you should take to protect yourself from harm that may result from the breach, (e) a description of what we are doing to investigate the breach, mitigate harm and protect against further breaches, and (f) contact procedures for you to ask questions or obtain additional information about the breach.
Amendments to this Privacy Practices
We can revise or amend this Notice of Privacy Practices at any time and make the revisions effective for all personal information we receive and maintain, including any we created or received before the effective date of the revision or amendment. We will post the most recent version of this Notice on our website, at http://www.athenadiagnostics.com.
Access to Our Notice of Privacy Practices
You may request a copy of our current Notice of Privacy Practices, by writing to the contact person on this Notice. The current Notice of Privacy Practices is also available at our web site: http://www.athenadiagnostics.com.
Contacting Us Regarding our Privacy Practices
If you have any questions about our privacy practices or your personal health information, please contact us. Send questions, requests, or complaints to:
Quest Diagnostics Incorporated
Attn Privacy Officer
1290 Wall St West
Lyndhurst NJ 07071
Athena Diagnostics, a Quest Diagnostics company.