HIPAA Notice of Privacy Practices

THIS NOTICE OF PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW YOUR IDENTIFIABLE HEALTH INFORMATION CALLED “PROTECTED HEALTH INFORMATION” (“PHI”) MAY BE USED AND DISCLOSED BY GENVIEW AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY

This Notice applies to Genview Diagnosis, Inc. and may also apply to its parents and subsidiaries (collectively referred to as "Genview" in this Notice). Genview is committed to and is also required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to protect and maintain the privacy and security of your PHI, which includes, among other information, your test orders, results and billing information. PHI includes information in oral, written and electronic form. Genview is required to provide you with this Notice which contains our legal duties and privacy practices regarding PHI. It also contains your rights with respect to your PHI. We at Genview take our commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.

How We May Use or Disclose Your Health Information

Genview may use your PHI for your treatment, to facilitate Genview’s payment for the services we provide to you, and to support the healthcare operations of our lab, as well as for other purposes required by law. Here is a closer look at the ways we may use or disclose your PHI without the need to obtain your authorization:

• (1) Treatment, Payment and HealthCare Operations. As you know, we at Genview provide a variety of testing services based on the order of a physician or other person authorized by law to write an order (a “Practitioner”). We use your PHI throughout our testing process for treatment purposes, including providing the test results to your Practitioner. We also use your PHI for payment purpose, including to bill and collect payment for the services we provide to you. Payment purposes also include determinations of eligibility with your insurer, risk adjustment activities, claims management, and utilization review activities. Finally, we may use and disclose your PHI in connection with our laboratory operations, including for quality assurance purposes, in connection with internal and external audits, and activities of accrediting organizations such as CLIA and COLA, who inspect and certify the quality of our labs.
• (2) Business Associates. We may disclose your PHI to individuals or entities called “Business Associates” who help us provide our services. Business Associates include entities such as billing companies, couriers, and record storage providers. All of our business associates are required to maintain the privacy and confidentiality of your PHI. In addition, Business Associates have their own obligations under HIPAA to properly maintain and protect PHI.
• (3) Individuals Involved in Your Care. We may disclose PHI to a family member, friend, caregiver or other individual to the extent they are involved in your healthcare or payment for your healthcare, if you tell us that this is acceptable to you or you do not object; or if in our professional judgment, we believe that you do not object. In many states these individuals may be known as a “proxy” or a “surrogate.”
• (4) As Required by Law. We may use or disclose PHI to the extent required by federal or state law and in a manner limited to the specific requirement of the law. For example, we may provide PHI pursuant to an order of a court or governmental agency or to report information related to victims of abuse, neglect or domestic violence. We may also provide PHI to assist law enforcement officials in performing their duties, or to prevent or 2lessen a serious and imminent threat to your health or safety or the health or safety of another person or the public.
  • Reproductive Rights: We cannot use or disclose PHI in connection with either of the following activities: (i) to conduct a criminal, civil, or administrative investigation into or impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care, where such health care is lawful under the circumstances in which it is provided, or (ii) the identification of any person for the purpose of conducting such investigation or imposing such liability IF we have reasonably determined that:
    • (1) The reproductive health care is lawful under the law of the state in which such health care is provided under the circumstances in which it is provided, or (2) the reproductive health care is protected, required, or authorized by Federal law, including the U.S. Constitution, regardless of the state in which such health care is provided, or (3) the reproductive health care was provided by a person other than Genview and the presumption that the reproductive health care was lawful applies.
  • If we receive a request for PHI for one of the noted purposes, we may require a signed attestation that the use or disclosure is not for a prohibited purpose.
• (5) Public Health Activities. Genview may disclose your PHI to a public health authority or for public health activities, such as notifying a person about exposure to a communicable disease, or participating in a public health investigation.
• (6) Law Enforcement Activities and Legal Proceedings: We may use and disclose your PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI as part of a legal proceeding as required to comply with a court or administrative order or in certain cases in response to a subpoena. Discovery request or other legal proceeding.
• (7) Research: If we conduct or participate in research, we may use or disclose PHI in connection with research projects where the research has been approved through a process that protects the confidentiality of your PHI.
• (8) De-identified PHI and Limited Data Sets: If PHI is “de-identified” it means that all information that can be used to identify you, including your name, date of birth, social security number and more, has been removed. If Genview has removed this information and there is no reasonable basis to believe that the health information could be used to identify you, it is no longer considered “PHI” and we can use this information for any lawful purpose. In addition, Genview may disclose limited health information which is contained in a “limited data set,” which is a data set that does not contain any information that can directly identify you. For example, a limited data set may include your city, county and zip code, but not your name or street address.
• (9) Governmental, Regulatory and Certain Other Entities: As permitted by HIPAA, we may disclose your PHI to: Social Services Agencies, Public Health Authorities, The Food and Drug Administration, Health Oversight Agencies, Military Command Authorities, National Security and Intelligence Organizations, Correctional Institutions, Organ and Tissue Donation Organizations, Coroners, Medical Examiners and Funeral Directors, Workers Compensation Agents, and Disaster Relief Organizations.
• (10) Incidental Uses and Disclosures: Sometimes, your PHI may be used or disclosed in the course of our primary uses and disclosures, such as for treatment, payment or healthcare operations. For example, we may call your name in the waiting area, or use it in a telephone conversation with a provider. We are permitted to make such incidental uses and disclosures as long as we take reasonable steps to minimize them, and have in place appropriate safeguards to protect them.

As you can see, we have not listed every possible use or disclosure above; rather, we have listed categories of uses and disclosures. If our use or disclosure of PHI does not fall into one of these categories, we must obtain your authorization. For example, if we would like to sell your PHI, we would need to obtain your written authorization to do so. In addition, in most circumstances, we are required by law to receive your written authorization before we use or disclose your health information for marketing purposes, although we may provide you with general information about our health-related services. Importantly, you have the right to revoke your authorization at any time in writing. However, if you do so, your revocation will not apply to any use or disclosure we made prior to our receipt of your revocation, but it will prevent future uses and disclosure.

State Law

Genview operates in a number of states. With respect to all of the above categories of purposes, when state law is more restrictive than HIPAA (federal law), we are required to follow the more restrictive state law.

Your Rights as a Patient

As a patient of Genview, you have a number of rights:

• (1) Right of Access: Under HIPAA, subject to certain exceptions, you have the right to access your PHI. You may request and receive a copy of your PHI that we maintain. If we maintain your PHI in electronic format, and can readily produce a readable electronic copy of your PHI,  you have the right to receive a copy in this format.  To receive a copy, you may contact Jason Zhang at jason.zhang@genviewdx.com.  If your request for test information is denied, you may request that the denial be reviewed. We reserve the right to charge a reasonable fee for the cost of producing and mailing the copies of such information.
• (2) Amend Health Information: If you think the information contained if your record is incorrect or incomplete, you may request that Genview make a change called an “amendment” to your PHI by making a written request. However, we may deny the request in some cases including if we determine the PHI is accurate, or if Genview did not create the information. If we deny your request to change your PHI, we will provide you with a written explanation of the reason for the denial and let you know about further actions you may take. In addition, if we grant your request, we cannot remove or delete any PHI from your record.
• (3) Accounting of Disclosures: You have the right to receive a list of certain disclosures of your PHI made by Genview in the past six years from the date of your written request. Under the law, this does not include disclosures made for treatment, payment, or healthcare operations or certain other purposes. In addition, we will require you to provide us with the specific information we need to fulfill your request. If you request this accounting more than once in a 12-month period, we may charge you a reasonable fee.
• (4) Request Restrictions: You may request in writing that we agree to restrictions on certain of our uses and disclosures of your PHI. We are not required to agree to your request, except for requests to limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket and in full and then only when the uses or disclosures are not required by law.
• (5) Request Confidential Communications: You have the right to request in writing that we send your health information by alternative means or to an alternative address, and we will accommodate reasonable requests.
• (6) Copy of this Notice You have the right to obtain a paper copy of this Notice upon request.
• (7) Right to Breach Notification: You have the right to receive notice of any breach of your unsecured PHI. Generally, a breach occurs if an unauthorized acquisition, access, use or disclosure of PHI compromises the security or privacy of your PHI. This is determined by a  risk assessment conducted by Genview. If we determine that that a breach of your PHI has occurred, we will tell you what happened and provide you with ways to mitigate your risk.

How to Exercise Your Rights

You may write or send an email to us with your specific request. Please refer to the Contact Information below. Genview will consider your request and provide you a response.

Complaints/Questions/Contact Information

If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. You may contact OCR’s hotline by telephone or may send the information to their internet address. Genview will not retaliate against any individual for filing a complaint.  To file a complaint with us, or should you have any questions about this Notice, send an email to us at jason.zhang@genviewdx.com or write to us at the following address:

Jason Zhang Ph.D., HCLD (ABB), MB (ASCP)
Vice President of Laboratory Quality
CLIA Clinical Laboratory Director
Compliance Officer
5252 Hollister St Suite 520 | Houston, TX 77040

Note

We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.

‍