RxGenomix, LLC (“RxGenomix”) is required by law to maintain the privacy of your protected health information (as defined under the Health Insurance Portability and Accountability Act of 1996 and the regulations thereunder, as in effect from time to time (“HIPAA”)) (“PHI”) and to provide you with a notice of our legal duties and privacy practices with respect to protected health information. (“Protected health information” is referred to in this Notice as “PHI”.) This Notice of Privacy Practices (“the Notice”), describes how we may use and disclose your PHI to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your PHI. Under HIPAA, “PHI” means information about you, including basic demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services, including payment for such services.
You have the following rights with respect to your PHI:
The following categories describe different ways that we use and disclose your protected health information. For each category of uses or disclosures, we try to explain what we mean and provide some examples.
There are some services provided at RxGenomix through contracts with business associates. For example, we may have a contract with a billing service. When we contract for these services, we may disclose your PHI to our business associate(s) so that they can perform the job we have asked them to do and bill RxGenomix, you, or your third-party payor for services rendered. To protect your information, however, we require all business associates to appropriately safeguard your information. Business associates are also directly responsible for compliance with federal security standards and certain provisions of the federal privacy law, to further ensure the protection of your PHI.
Health professionals, such as a physician, pharmacist, nurse practitioner, physician assistant or nurse, using their professional judgment, may disclose to a family member, other relative, close personal friend or any other person you identify, PHI relevant to that person’s involvement in your care or payment related to your care.
Subject to certain limitations imposed by law, we may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may receive payment in exchange for making these communications. You may opt out of receiving communications for which we have been paid. To opt out, contact [email protected].
We may disclose to the FDA or other regulatory agencies having jurisdiction, or persons under the jurisdiction of the FDA or such other regulatory agencies, PHI relative to adverse events with respect to food, medicines, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
We may disclose your PHI for law enforcement purposes as required by law or in response to a valid subpoena or court order.
We will disclose your PHI when required to do so by federal, state, or local law.
We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections, as necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. Subject to applicable state law, we may also disclose health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made, either by us or the requesting party, to tell you about the request or to obtain an order protecting the information requested.
We may disclose your PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
We may use or disclose your PHI to notify or assist in notifying a family member, your personal representative, or another person responsible for your care regarding your location and general condition.
We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Federal law makes provision for your medical information, including PHI, to be released to an appropriate health oversight agency, public health authority or attorney, provided that a member of our workforce or business associate believes in good faith that we have engaged in unlawful conduct or have otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.
We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else or the law enforcement or public official that is to receive the report represents that it is necessary and will not be used against you. In such cases, we will promptly inform you that a report has been or will be made unless there is reason to believe that providing this information will place you in serious harm.
We may use your PHI to provide legally-required notices of unauthorized access, acquisition, or disclosure of your PHI.
We will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). Most disclosures of your PHI for which we receive payment will require your authorization. Uses and disclosures of your PHI for marketing require your authorization and your authorization is required for uses and disclosures of psychotherapy notes. You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
We will retain PHI about you contained in your medical record and billing records in accordance with legal requirements.
If more than one law applies to this Notice, such as state laws that are more restrictive than HIPAA, we will follow the more restrictive law.
If you have questions or would like additional information about RxGenomix’s privacy practices, you may contact our Privacy Officer at [email protected]. If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer or with the United States Secretary of Health and Human Services. There will be no retaliation for filing a complaint.