AltheaDx, Inc. Notice of Privacy Practices

Your Information. Your Rights. Our Responsibilities.

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

I. Background

AltheaDx, Inc. (“AltheaDx”) is a provider of laboratory testing services. In providing testing services, AltheaDx receives, creates and discloses personal health information. This information is private and confidential. There are policies and procedures in place to protect the information against unlawful use and disclosure. This notice describes information we collect, how we use that information, and when and to whom we may disclose it.

II. Protected Health Information and Our Obligations

Protected health information or “PHI” (also called “personal health information”), is current, past or future information created or received by AltheaDx from physicians about patients for whom testing is ordered from AltheaDx. It may indicate the physical condition of a patient, the provision of health care to that patient, or payment for the provision of health care to that patient. The term PHI does not generally include publicly available information, or information available or reported in a summarized format.

We are required by law to maintain the privacy and security of your protected health information.

We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

We must follow the duties and privacy practices described in this notice and give you a copy of it (or other notice in effect at the time of the use or disclosure).

We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

III. Information Collected and Created by AltheaDx

AltheaDx collects the information that is minimally necessary to provide testing services and to obtain payment for these services. This may include name, address, telephone number, social security number, date of birth, medical history, diagnosis, treatment, provider identification and treatment information, financial responsibility and payment information.

AltheaDx creates, through its testing services, information to be used by a physician in the diagnosis of disease or condition or in the treatment of a disease or condition.

IV. Protection of PHI

Our use and disclosure of PHI must comply not only with federal privacy regulations but also with applicable California law. Access to PHI is restricted to only those employees of AltheaDx who need it in order to provide services to clients and patients. We maintain physical, technical and procedural safeguards to protect PHI against unauthorized use and disclosure. We have a Compliance Officer who is responsible for developing, educating AltheaDx personnel about, and overseeing the implementation and enforcement of policies and procedures designed to safeguard PHI against inappropriate use and disclosure consistent with the applicable law.

In the following cases we never share your information unless you give us written permission:

Marketing purposes
Sale of your information

V. Standard Uses and Disclosures of PHI

How else can we use or share your health information? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.

For more information see:

http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

In the course of providing laboratory services, AltheaDx uses PHI internally and discloses it to health care providers (doctors requesting services, laboratory personnel involved in ordering services and other caregivers), insurers, third party administrators, plan sponsors and other payors (employers, health care provider organizations and others who may be responsible for paying for or administering your health benefits); vendors, consultants, government authorities; and their respective agents. They are required by law to keep PHI confidential. Some examples of what we do with the information we collect and the reasons it might be disclosed to third parties are described below.

We may use or disclose PHI with or without your consent to provide health care services. Examples of these uses and disclosures include:

Treatment – the fulfillment of requests by physicians to perform laboratory testing services is considered the provision of treatment.
Payment – AltheaDx uses and discloses PHI to obtain reimbursement for testing services. Examples of these payment activities include: billing, collections activities, determination of eligibility and obtaining authorization for services. We may use or disclose PHI in connection with payment activities with or without your consent.
Health care operations – AltheaDx uses and discloses PHI for our health care operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the services provided. We may use information to contact you when necessary.

Other Activities Permitted or Required by Law – We may use or disclose PHI for other important activities permitted or required by law, with or without your authorization. These include:

Required by Law – We may use or disclose PHI to the extent such use or disclosure is required by law and it complies with and is limited to the requirements of that law. We use and disclose PHI for certain law enforcement purposes and in response to official subpoenas, court orders, discovery requests, workers’ compensation law and other legal process. In addition, we use and disclose PHI in connection with health oversight activities (e.g., government audits of our compliance with certain laws and regulations; oversight of government-funded health benefits programs, and, the Department of Health and Human Services if it wants to see if we’re complying with federal privacy law).
Health Research – We use and disclose PHI in connection with research subject to the oversight of an Institutional Review Board. Sometimes, where permitted under federal law and institutional policy, and approved by an Institutional Review Board or a privacy board, PHI may be used or disclosed. In addition, PHI may be used or disclosed to compile “limited or de-identified data sets” that do not include your name, address, social security number or other direct identifiers. These data sets may, in turn, be used for research purposes.
Help with public safety issues – We can share information about you for certain situations such as:
- Preventing disease
- Helping with product recalls
- Reporting adverse reactions to medications
- Reporting suspected abuse, neglect, or domestic violence
- Preventing or reducing a serious threat to anyone’s health or safety
Work with a medical examiner or funeral director – We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
Respond to organ and tissue donation requests – We can share health information about you with organ procurement organizations.
Family and Friends – If you choose someone to act for you: under certain circumstances, we may disclose PHI to family members, other relatives, or close personal friends or others that you identify to the extent it is directly relevant to their involvement with your care or payment related to your care.If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.We will make sure the person has this authority and can act for you before we take action.

VI. Requesting Other Disclosures

It is possible to request that we disclose PHI to people in ways not described above. To authorize us to disclose your personal health information to a person or organization or for reasons other than those described in the section above, see the contact information at the bottom of this page. If you make a special authorization and later change your mind about this, you may send a letter to us to let us know that you would like to revoke the special authorization. In any communication with us, please provide your name, address, patient identification number or Social Security number, and a telephone number where we can reach you in case we need to contact you about your request.

VII. Your Rights with Respect to PHI

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Ask us to limit what we use or share: You have a right to ask us in writing to restrict use or disclosure of your PHI related to your treatment, related to your payment or related to routine health care operations. In addition, you may request PHI disclosure restrictions to family members, other relatives or close friends involved in your care. We are not required to agree to such a restriction, but if we do agree, we will honor our agreement except in case of an emergency. Any restriction we agree to is not effective to prevent uses or disclosures of PHI required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with federal privacy regulations adopted under the Health Insurance Portability and Accountability Act of 1996 or for certain activities permitted or required by law (see Section V above).

If you pay for a service out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer.

· We will say “yes” unless a law requires us to share that information.

Request confidential communications – You may request, in writing, to receive confidential communications containing your PHI from us in ways or at locations that are outside our usual process (for example, home or office phone) or send to a different address. We will make every effort to accommodate reasonable requests.
You have a right to review and obtain a copy of existing PHI contained in medical and billing records about you maintained by AltheaDx. You must make your request in writing and this right is limited to existing records that are maintained, collected, used or disseminated by AltheaDx. This right does not apply to results of clinical testing – this information is specifically excluded by law; or to information we compile in reasonable anticipation of, or for use in, civil, criminal or administrative actions or proceedings. We may charge a fee for any copies you request.
Ask us to correct your records: You have a right to request that we amend the records described above for as long as we maintain them. You must make the request in writing for information you feel is incorrect or incomplete and give us a reason for the amendment. We may deny your request if: (i) we determine that we did not create the record, unless the originator of the PHI is no longer available to act on the requested amendment; or (ii) if we believe that the existing records are accurate and complete. Note that an amendment may take several forms; for example we may add an explanatory statement to a record rather than changing it.

· We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Get a list of those whom we’ve shared information: You have a right to ask for an accounting of disclosures made by AltheaDx to any third party in the six years prior to the date on which the accounting is requested. This right does not apply to certain disclosures, including, but not limited to, disclosures made for the purposes of treatment, payment or health care operations; disclosures made to you or to others involved in your care; disclosures made with your authorization; disclosures made for national security or intelligence purposes or to correctional institutions or law enforcement purposes; or disclosures made prior to April 14, 2003. You must make any request for an accounting in writing and we may charge a fee to fill more than one request in any given year.
Tell us to share information in a disaster relief situation.
Get an electronic or paper copy of your medical record: You can ask to see or get an electronic or paper copy of your medical record or other health information we have about you. Ask us how to do this.

We will provide a copy of a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

VIII. Distribution and Updates of This Notice

Get a copy of this privacy notice: This notice is published on the AltheaDx, Inc. web site at: www.idgenetix.com/contact-us/privacypolicy. A copy may be printed from the website or you can ask for a paper copy at any time. We will provide you with a paper copy promptly.

Changes to the Terms of This Notice – We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our website.

IX. Effective Date and Duration of This Notice

This notice describes the privacy policy of AltheaDx effective 05/05/2014. We may change the terms of this notice at any time. If we change this notice, we may make the new notice terms effective for all PHI that we maintain, including any information created or received prior to issuing the new notice. If we change this notice, we will post the new notice on our Internet site at www.idgenetix.com/contact-us/privacypolicy.

X. Communication with AltheaDx

As a convenience, AltheaDx may make available email addresses by which you can communicate with us regarding billing issues. Please be advised that email is not a secure means of communication, therefore AltheaDx cannot guarantee the security of any information that you send to us prior to our receipt of it. This fact may also restrict our use of email in communicating any response to you – we will make every attempt to use alternate means of communicating anything that may be considered sensitive information.

XI. Copy of Notice, Questions or Complaints

File a complaint if you feel your rights are violated. If you have questions about the Notice of Privacy Practices, or believe its terms or any AltheaDx privacy or confidentiality policy has been violated with respect to information about you, please let us know immediately by contacting us at 858-224-7200 and request the Compliance Officer. Please include your name, address, and a telephone number where we can contact you, and a brief description of the complaint. If you prefer, you may lodge an anonymous complaint.Compliance Officer
AltheaDx, Inc.
3030 Bunker Hill Street
Suite 300
San Diego, CA 92109
United States

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to:The U.S. Department of Health and Human Services Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201

Or, by calling:

1-877-696-6775

Or, visiting www.hhs.gov/ocr/privacy/hipaa/complaints/

We will not retaliate against you for filing a complaint.

Please provide as much information as possible so that the complaint can be properly investigated. AltheaDx will not retaliate against a person who files a complaint with us or with the Secretary of the Department of Health and Human Services.

Visitor Privacy Policy

AltheaDx.com

PDF Visitor Privacy Policy

AltheaDx respects the rights of visitors to our public website. Our visitor privacy policy describes how Personally Identifiable Information (PII) received from visitors to the AltheaDx public website is protected and how it is used.

PII, as defined in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our visitor privacy policy carefully to obtain a clear understanding of how AltheaDx collects, uses, protects or otherwise handles your Personally Identifiable Information in accordance with our website.

Personal Information Collected by AltheaDx

AltheaDx collects information which you enter on our Website. This information is provided by you on our Contact page or when you communicate with AltheaDx Customer Service or other departments through our Website, Email, telephone, mail or fax.

The types of information we receive may include your name, address, phone number, Email address and other
information to help us assist you.

How Do We Use Your Information?

We may use the information we collect from you when you request information, visit our website, or use certain other site features to allow us to better serve you in responding to your inquiries or requests.

Use of ‘Cookies’

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information.

Cookies are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We may use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We may also use trusted third party services that track this information on our behalf.

Your browser allows you to reject cookies and software is available from third parties which will allow you to visit our Web site without providing information such as your IP address used to connect your computer to the Internet; computer and connection information such as your browser type and version; operating system and platform; and URLs which lead you to and around our Web site including the date and time.

Third Party Disclosure

AltheaDx will not sell, trade, or otherwise transfer your personally identifiable information to outside parties. AltheaDx collects information from our visitors and users of our Website and uses the information internally for marketing and administration purposes, to fulfill your requests, or as legally required under law. We will never share your personal information with any unrelated 3rd party except as necessary to fulfill transactions that you initiate or as described in this Policy.

Third Party Links

We do not include or offer third party products or services on our website.

Google

Google’s advertising requirements are described on Google’s Advertising Policies Webpage and support a responsible and positive experience for users.
https://support.google.com/adwordspolicy/answer/1316548?hl=en

AltheaDx uses Google AdSense Advertising on our website.

Google, as a third party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on their visit to our site and other sites on the Internet. Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.

AltheaDx has implemented the following:

Remarketing with Google AdSense
Google Display Network Impression Reporting
Demographics and Interests Reporting

We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.

Opting Out:

Users can set preferences for how Google advertises to you by using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently by using the Google Analytics Opt Out Browser add on.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law requires a person or company in the United States that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected, those individuals with whom it is being shared, and our intent to comply with this policy. For more information refer to: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

In Accordance to CalOPPA AltheaDx Agrees to the Following:

Users can visit our website anonymously.
Our visitor privacy policy will be available on our home page, or as a minimum on the first significant page
after entering our website.
Our Visitor Privacy Policy link includes the word ‘Privacy’, and can be easily be found as specified above.
Users will be notified of any privacy policy changes on our Privacy Policy page.
Users are able to change their personal information by contacting us.

AltheaDx’s Policy for “Do Not Track” Signals

AltheaDx honors do not track signals and does not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Third Party Behavioral Tracking

Third party behavioral tracking is allowed.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and describes penalties for violations.

We collect your email address in order to:

Send information, respond to inquiries, and/or other requests or questions.
Market to our mailing list or continue to send emails after the original inquiry.

In Compliance with CANSPAM AltheaDx Agrees to:

NOT use false, or misleading subjects or email addresses.
Identify the message as an advertisement in a suitable way.
Include the physical address of our business headquarters.
Monitor third party email marketing services for compliance, if one is used.
Honor opt-out/unsubscribe requests quickly.
Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can email us at support@idgenetix.com and we will promptly remove you from ALL correspondence.

Changes to this Privacy Policy and Notices

This Privacy Policy will be updated as necessary and change over time.

Contacting Us

If there are any questions regarding this visitor privacy policy, you may contact us using the information below.AltheaDx, Inc.
3030 Bunker Hill Street
Suite 300
San Diego, CA 92109
United States
support@idgenetix.com
1-855-697-4943