HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

EFFECTIVE DATE OF NOTICE: February 28, 2024.

Inform Diagnostics, Inc. (“Company” or “we” or “us”) is required by law to provide individuals with notice of its legal duties and privacy practices with respect to your “Protected Health Information” (“PHI”) (defined below). This Notice describes the privacy practices of Inform Diagnostics, its employees, and other personnel with respect to PHI.

I. SUMMARY OF YOUR RIGHTS AND YOUR CHOICES

You have the right to:

  • Get a copy of your paper or electronic medical record
  • Correct your paper or electronic medical record
  • Request confidential communication
  • Ask us to limit the information we share
  • Get a list of those with whom we have shared your information
  • Get a copy of this privacy notice
  • Choose someone to act for you
  • File a complaint if you believe your privacy rights have been violated

You have some choices in the way that we use and share information if we need to:

  • Tell family and friends about your condition
  • Provide disaster relief
  • Market our services and sell your information
  • Raise funds

II. OUR RESPONSIBILITY

Inform Diagnostics and the members of its workforce are committed to protecting the privacy and confidentiality of your personal information, genetic information, and laboratory test results. Inform Diagnostics is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to keep your Protected Health Information confidential. This Notice describes our legal duties and privacy practices and explains your patient privacy rights. When we use or disclose your Protected Health Information, we are required to abide by the terms of this Notice.

III. WHAT IS PROTECTED HEALTH INFORMATION

Protected Health Information is your demographic information, medical history, laboratory results, insurance information, and other health information that is collected, generated, used, and communicated by Inform Diagnostics to produce genetic testing results and bill for our testing services. Examples of PHI include your name, date of birth, medical record number, social security number, insurance beneficiary number, and genetic information.

IV. HOW WE USE AND DISCLOSE YOUR HEALTH INFORMATION

Your PHI may be used and disclosed for treatment, payment, healthcare operations, and other purposes permitted or required by law, as outlined in more detail below.

  1. Treatment: We may use or disclose your PHI for treatment purposes. For example, we may use your Protected Health Information to perform our testing services and disclose your genetic testing results to your physician and other providers involved in your care.
  2. Payment: We may use or disclose your Protected Health Information to obtain payment for healthcare services we provide. For example, we may use and disclose your information to send a bill to your insurance company or health plan to receive payment for the services provided to you.
  3. Health Care Operations: We may use and disclose your Protected Health Information for our healthcare operations. For example, we may use your PHI to monitor the quality of our testing services and review the competence and qualifications of our laboratory professionals.
  4. Persons Involved in Your Care of Payment for Your Care: We may disclose your Protected Health Information to persons involved in your care or payment for your care, such as a family member, relative, or close friend, unless you object or ask us not to.
  5. Personal Representatives: We may disclose Protected Health Information about you to your authorized personal representative, such as a lawyer, administrator, executor, or other authorized person.
  6. Minors’ Protected Health Information: We may disclose Protected Health Information about minors to their parents or legal guardians.
  7. Disclosures to Business Associates: We may disclose your Protected Health Information to other companies or individuals, known as “Business Associates,” who provide services to us. For example, we may use a company to perform billing services on our behalf. Our Business Associates are required to protect the privacy and security of your Protected Health Information and notify us of any improper disclosure of information.
  8. As Required by Law: We must disclose your Protected Health Information when required to do so by any applicable U.S. federal, state, or local law.
  9. Public Health Activities: We may disclose your PHI for public health-related activities. Examples include: reporting diseases to authorized public health authorities, public health investigations, or notifying a manufacturer of a product regulated by the U.S. Food and Drug Administration of a possible problem encountered when using the product in our testing process.
  10. Health Oversight Activities: We may disclose your PHI to a healthcare oversight agency for activities that are authorized by U.S. law, such as audits, investigations, inspections, and licensure activities. For example, we may disclose your PHI to agencies responsible for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.
  11. Research: Under certain circumstances, we may use or disclose your Protected Health Information for research purposes. All research projects at Inform Diagnostics are subject to review by a committee responsible for ensuring the protection of individual research subjects, appropriate patient authorization, and an adequate plan to safeguard PHI. In preparation for research, we may review limited PHI to draft research protocols, to identify prospective research participants, or for similar purposes, provided the information is not removed from our premises.
  12. Judicial and Administrative Proceedings: Under certain circumstances, we may disclose your PHI in the course of a judicial or administrative proceeding in response to a court order, subpoena, or other lawful process.
  13. Law Enforcement: We may disclose your Protected Health Information to the police or other law enforcement officials as required by law or in compliance with a court order, warrant, subpoena, summons, or other legal process for locating a suspect, fugitive, witness, missing person, or victim of a crime.
  14. Threats to Health or Safety: We may disclose Protected Health Information to prevent or reduce the risk of a serious and imminent threat to the health or safety of an individual or the general public.
  15. Victims of Abuse, Neglect, or Violence: If required or authorized by law, we may disclose Protected Health Information to a government agency, such as social services or a protective services agency, if we reasonably believe that an individual adult or child is the victim of abuse, neglect, or domestic violence.
  16. For Appointment Reminders and Information: We reserve the right to contact you, in a manner permitted by law, with appointment reminders or information about treatment alternatives and other health related benefits that may be appropriate for you.
  17. Emergencies: We may disclose medical information about you to a public or private entity assisting in disaster relief, so that your family can be notified about your condition, status, or location. You may object to this disclosure with a written request. However, if you are not available or are unable to agree or object, or in some emergency circumstances, we will use our professional judgment to decide whether this disclosure is in your best interest.
  18. Workers’ Compensation: We may release medical information about you for workers’ compensation or similar programs, including programs that provide benefits for work- related injuries or illness.
  19. Decedents: We may release medical information about you to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about you to funeral directors. We may also release information to any individual known to us as a family member, close personal friend of the family, or any other person identified, who was involved in your care or the payment for your care prior to your death, unless you had indicated otherwise. If otherwise permitted by law, your medical information may be used or disclosed to others without your authorization after 50 years from the date of your death.
  20. For Specialized Government Functions: We may disclose medical information about you to authorized federal officials for intelligence, counter intelligence, and other national security activities.
  21. Information About Inmates / Those in Custody: If you are an inmate or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official responsible for you, as authorized or required by law.
  22. Information About Students or Employees: If you are a student, employee, or member of an organization with which we have a contractual testing arrangement, we may release medical information about you to your organization, as authorized or required by law.
  23. All Other Uses and Disclosures of PHI: We will ask for your written authorization before using or disclosing your Protected Health Information for any purpose not described above. You may revoke your authorization, in writing, at any time, except for disclosures that the company has already acted upon. A revocation of authorization must be submitted to the Privacy Officer at the address listed below.

V. YOUR CHOICES

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions. In these cases, you have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care.
  • Share information in a disaster relief situation.
  • Include your information in a hospital directory.

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In these cases, we never share your personal health information unless you give us written permission:

  • Marketing purposes.
  • Sale of your information.

In the case of fundraising:

  • We may contact you for fundraising efforts, but you can tell us not to contact you again.

VI. YOUR RIGHTS REGARDING YOUR MEDICAL INFORMATION

You have the following rights with respect to your Protected Health Information. To exercise any of these rights, please contact our Privacy Officer using the contact information provided at the end of this Notice.

  1. Access to PHI: You, or your authorized or designated personal representative, have the right to inspect and copy the Protected Health Information maintained by us. We may deny access to certain information for specific reasons, for example, where Federal and state laws regulating laboratories prohibit us from disclosing genetic testing results directly to a patient.
  2. Restrictions on Uses and Disclosures: You have the right to request restrictions on our use and disclosure of your PHI. You also have the right to request a restriction on the PHI we disclose about you to someone who is involved in your care or payment for your care, such as a family member or friend. Except as described in this section, we are not required to agree to your request. We must agree to your request if the disclosure has been made to a health plan for the purpose of payment or health care operations and the disclosure relates to an expense for which you have been paid out of pocket. To request restrictions, you must send a written request to privacy@fulgentgenetics.com.
  3. Confidential Communications: You have the right to request that we communicate with you about your Protected Health Information by alternative means or to an alternative address. Your request must be in writing and must specify the alternative means or location. We will accommodate reasonable requests for confidential communications.
  4. Correct or Update Information: If you believe the Protected Health Information we maintain about you contains an error, you may request that we correct or update your information. Your request must be in writing and must explain why the information should be corrected or updated. We may deny your request under certain circumstances and provide a written explanation.
  5. Accounting of Disclosures: You may request a list, or accounting, of certain disclosures of your PHI made by us or our business associates for purposes other than treatment, payment, healthcare operations, and certain other activities. The request must be in writing, and the list will include disclosures made within the prior six years.
  6. Copy of Notice: Upon request, you may obtain a paper or electronic copy of this Notice.
  7. Choose Someone to Act for You: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
  8. File a Complaint:  You can complain if you feel we have violated your rights by contacting us using the information below. You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to: 200 Independence Avenue, S.W., Washington, D.C. 20201; by visiting www.hhs.gov/ocr/privacy/hipaa/complaints/; or by calling 1-877-696-6775. We will not retaliate against you for filing a complaint.

VII. BREACH NOTIFICATIONS

We are required to notify you following the discovery a breach of unsecured Protected Health Information, unless there is a demonstration, based on a risk assessment, that there is a “low probability” that the Protected Health Information has been compromised. You will be notified in a timely fashion, no later than 60 days after discovery of the breach. We are prohibited from requiring an individual to waive any right under the Breach Notification Rule as a condition of the provision of treatment, payment, enrollment in a health plan, or eligibility for benefits.

VIII. QUESTIONS AND COMPLAINTS

If you have questions or concerns about our privacy practices or would like a more detailed explanation about your privacy rights, please contact our Privacy Office using the contact information below. If you believe that we may have violated your privacy rights, you may submit a complaint to our Privacy Office. You also may submit a written complaint to the U.S. Department of Health and Human Services at the address above.

IX. CHANGES TO OUR NOTICE OF PRIVACY PRACTICES

We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. We will promptly post any changes to this Notice on our website at https://www.informdx.com. Please review this website periodically to ensure that you are aware of any updates.

X. CONTACT INFORMATION

When communicating with us regarding this Notice, our privacy practices, or your privacy rights, please contact the Privacy Officer using the following contact information:

Inform Diagnostics, Inc.

Attention: Privacy Officer

1111 S. Freeport Pkwy.

Coppell, TX 75019

privacy@fulgentgenetics.com