HIPAA Policy Updated: July 27, 2021
Psomagen, Inc. HIPAA Policy
Psomagen’s Notice of Privacy Practices
PLEASE READ CAREFULLY: THIS NOTICE SERVES AS A DESCRIPTION FOR:
- HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED
- HOW YOU CAN GET ACCESS TO THIS INFORMATION
This Notice of Privacy Practices applies to Psomagen Incorporated and its subsidiaries, affiliates, and business associates (collectively referred to as “Psomagen” in this Notice), except to the extent that the subsidiary, affiliate, department, or business associate of Psomagen performs services or activities that do not involve standard electronic transactions for which the United States Department of Health and Human Services (“HHS”) has adopted standards.
How Psomagen Protects Your Protected Health Information (PHI)
According to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Psomagen is required by law to maintain the privacy of health information that identifies you, known as Protected Health Information (“PHI”), and to provide you with notice of our legal duties and privacy practices regarding PHI. Psomagen is committed to protecting your PHI and will make reasonable efforts to ensure the confidentiality of your PHI, as required by statute and regulation. We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.
Disclosure of PHI
In accordance with HIPAA, the categories listed below explain the types of uses and disclosures of PHI that Psomagen may make. Some of the uses and disclosures described in the following may be limited or restricted by state laws or other legal requirements, such as the Clinical Laboratory Improvement Amendments of 1988 (CLIA). Please contact our Privacy Officer, using the contact information provided at the end of this notice, for specific information regarding your state.
- Treatment — Psomagen may use or disclose PHI for treatment purposes, including disclosure to physicians, nurses, medical students, pharmacies, and other health care professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results.
- Payment — Psomagen may use or disclose PHI to bill and collect payment for laboratory services we provide. For example, Psomagen may provide PHI to your health plan to receive payment for the health care services provided to you.
- Healthcare Operations — Psomagen may use or disclose PHI for health care operations purposes. These uses and disclosures are necessary, for example, to evaluate the quality of our laboratory testing, the accuracy of results, accreditation functions, and for Psomagen’s operation and management purposes. Psomagen may also disclose PHI to other health care providers or health plans involved in your care for their health care operations. For example, Psomagen may provide PHI to manage disease or to coordinate health care or health benefits.
- Reminders and Health-Related Benefits and Services — Psomagen may use and disclose PHI to contact you as a reminder that you have lab results readily available and may use and disclose PHI to tell you about health-related benefits and services that may be of interest to you. For example, Psomagen may contact you about new testing services available at Psomagen based on services ordered by your physician.
- Disclosure of PHI to You — Psomagen may disclose PHI to you or as directed by you to a third party. Your right to see and receive a copy of your PHI is listed below under patient rights regarding PHI.
- Emergency Circumstances and Notifications — If you are present and capable, Psomagen will obtain your consent to use and/or disclose PHI about you during an emergency event to notify, assist in the notification of a family member, your representative, or another person responsible for your care regarding your location, general condition, or death. Otherwise, Psomagen may exercise its professional judgment based on the circumstances and use and disclose PHI for your safety.
- Individuals Involved In Your Care or Payment For Your Care — Psomagen may disclose PHI to a person involved in your care or helps pay for your care, such as a family member or friend. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort. In addition, as allowed by federal and state law, we may disclose the PHI of minors to their parents or legal guardians.
- Business Associates — Psomagen may disclose PHI to its business associates to perform certain business functions or provide certain business services to Psomagen. For example, we use PWNHealth to evaluate your COVID-19 test results. All of our business associates are required to maintain the privacy and confidentiality of your PHI. In addition, at the request of your health care providers or health plan, Psomagen may disclose PHI to their business associates for purposes of performing certain business functions or health care services on their behalf. For example, we may disclose PHI to a business associate of Medicare for purposes of medical necessity review and audit.
- Disclosure for Judicial and Administrative Proceedings — Under certain circumstances, Psomagen may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other legal proceedings.
- Law Enforcement — Psomagen may disclose PHI for law enforcement purposes, including to respond to a court order, warrant, subpoena or summons, or similar process authorized by law. We may also disclose PHI when the information is needed: 1) for identification or location of a suspect, fugitive, material witness, or missing person, 2) about a victim of a crime, 3) about an individual who has died, 4) in relation to criminal conduct on Psomagen premises, or 5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.
- As Required By Law — Psomagen must disclose your PHI if required to do so by federal, state, or local law.
- Public Health — Psomagen may disclose PHI for public health activities. These activities generally include 1) disclosures to a public health authority to report, prevent or control disease, injury, or disability; 2) disclosures to report births and deaths, or to report child abuse or neglect; 3) disclosures to a person subject to the jurisdiction of the Food and Drug Administration (FDA) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity, including reporting reactions to medications or problems with products or notifying people of recalls of products they may be using; 4) disclosures to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition, and 5) disclosures to an employer about an employee to conduct medical surveillance in certain limited circumstances concerning work-place illness or injury.
- Disclosure About Victims of Abuse, Neglect, or Domestic Violence — Psomagen may disclose PHI about an individual to a government authority, including social services, if we reasonably believe that an individual is a victim of abuse, neglect, or domestic violence.
- Health Oversight Activities — Psomagen may disclose PHI to a health care oversight agency for activities authorized by law such as audits, civil, administrative, or criminal investigations and proceedings/actions, inspections, licensure/disciplinary actions, or other activities necessary for appropriate oversight of the health care system, government benefit programs, and compliance with regulatory requirements and civil rights laws.
- Coroners, Medical Examiners, and Funeral Directors — Psomagen may disclose PHI to a coroner, medical examiner, or funeral director to identify a deceased person, determining the cause of death, or performing some other duty authorized by law.
- Personal Representative — Psomagen may disclose PHI to your representative, as established under applicable law, or to an administrator, executor, or other authorized individual associated with your estate.
- Correctional Institution — Psomagen may disclose the PHI of an inmate or other individual when requested by a correctional institution or law enforcement official for health, safety, and security purposes.
- Serious Threat to Health or Safety — Psomagen is allowed to disclose PHI when it has a good faith belief that the disclosure (1) is necessary to prevent or lessen a serious and/or imminent threat to the health or safety of the patient or others and (2) is to a person or persons reasonably able to prevent or lessen the threat.
- Research — Psomagen may use and disclose PHI for research purposes. For example, limited data or records may be viewed by researchers to identify patients who may qualify for their research project or other similar purposes, so long as the researchers do not remove or copy any of the PHI. Before we use or disclose PHI for any other research activity, one of the following will happen: 1) a special committee will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard PHI; 2) if the PHI relates to deceased individuals, the researchers give us assurances that the PHI is necessary for the research and will be used only as part of the research; or 3) Psomagen will provide the researcher only with information that does not identify you directly.
- Government Functions — In certain situations, Psomagen may disclose the PHI of military personnel and veterans, including Armed Forces personnel, as required by military command authorities. Additionally, we may disclose PHI to authorized officials for national security purposes, such as protecting the President of the United States, conducting intelligence, counter-intelligence, other national security activities, and when requested by foreign military authorities. Disclosures will be made only in compliance with U.S. Law.
- De-identified Information and Limited Data Sets — Psomagen may use and disclose health information that has been “de-identified” by removing certain identifiers, making it unlikely that you could be identified. Psomagen also may disclose limited health information contained in a “limited data set.” The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county, and zip code but not your name or street address.
Other Uses and Disclosures of PHI
Psomagen shall ask for your authorization before using or disclosing PHI for all other uses and disclosures for purposes not described above. If you signed an authorization form, you may revoke it, in writing, at any time, except to the extent that action has been taken in reliance on your authorization.
Psomagen’s Safeguards and Protection
Psomagen will obtain your permission before disclosing the information to other health care providers who are not involved in your treatment program or care.
Psomagen’s Notification In the Event of Information Breach
Psomagen is required to provide our clients and customers notification if it discovers a breach of unsecured PHI unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised. You will be notified without unreasonable delay and no later than 60 days after the discovery of the breach. Such notification will include information about what happened and what can be done to mitigate the harm.
Your Rights Regarding PHI
HIPAA establishes the following patient rights with respect to PHI, subject to certain exceptions:
- Right to Receive a Copy of the Psomagen Notice of Privacy Practices — You have a right to receive a copy of the Psomagen Notice of Privacy Practices at any time by contacting us at firstname.lastname@example.org, or by sending a written request to:
HIPAA Privacy Officer, Psomagen Inc.
1330 Piccard Drive, Suite 103
Rockville, MD 20850
This Notice will also be posted on the Psomagen site at www.psomagen.com.
- Right to Request Limits on Uses and Disclosures of your PHI — You have the right to request that we limit: 1) how we use and disclose your PHI for treatment, payment, and health care operations activities; or 2) our disclosure of PHI to individuals involved in your care or payment for your care. Psomagen will consider your request but is not required to agree to it unless the requested restriction involves a disclosure that is not required by law to a health plan for payment or health care operations purposes and not for treatment, and you have paid for the service in full out of pocket. If we agree to a restriction on other types of disclosures, we will state the agreed restrictions in writing and will abide by them, except in emergencies when the disclosure is for purposes of treatment.
- Right to Request Confidential Communications — You have the right to request that Psomagen communicates with you about your PHI at an alternative address or by an alternative means. Psomagen will accommodate reasonable requests.
- Right to See and Receive Copies of Your PHI — You and your personal representative have the right to access PHI consisting of your laboratory test results or reports ordered by your physician. Within 30 days after receiving your request, you will receive a copy of the completed laboratory report from Psomagen unless an exception applies. Exceptions include (1) a determination by a licensed health care professional that the access requested is reasonably likely to endanger the life or safety of you or another person, and (2) our inability to provide access to the PHI within 30 days, in which case we may extend the response time for an additional 30 days if we provide you with a written statement of the reasons for the delay and the date by which access will be provided. You have the right to access and receive your PHI in an electronic format if it is readily producible in such a format. You also have the right to direct Psomagen to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI. To request a copy of your PHI, contact the Privacy Officer by email at email@example.com
- Right to Receive an Accounting of Disclosures — You have a right to receive a list of certain instances in which Psomagen disclosed your PHI. This list will not include certain disclosures of PHI, such as (but not limited to) those made based on your written authorization or those made prior to the date on which Psomagen was required to comply. If you request an accounting of disclosures of PHI that were made for purposes other than treatment, payment, or health care operations, the list will include disclosures made in the past six years, unless you request a shorter period of disclosures. If you request an accounting of disclosures of PHI that were made for purposes of treatment, payment, or health care operations, the list will include only those disclosures made in the past three years for which an accounting is required by law, unless you request a shorter period of disclosures.
- Right to Correct or Update Your PHI — If you believe that your PHI contains a mistake, you may request, in writing, that Psomagen correct the information. If your request is denied, we will provide an explanation of the reasoning for our denial.
How to Exercise Your Rights
To exercise any of your rights described in this notice, you must send a written request to: Psomagen Privacy Officer, Psomagen Inc., 1330 Piccard Drive, Suite 103, Rockville, MD 20850.
How to Contact Us or File a Complaint
If you have questions or comments regarding the Psomagen Notice of Privacy Practices or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact: firstname.lastname@example.org and request assistance from the HIPAA Privacy Officer or please write a written request to: Psomagen Inc., ATTN: HIPAA Privacy Officer, 1330 Piccard Drive, Suite 103, Rockville, MD 20850.
Changes to Psomagen Notice of HIPAA Privacy Practices
Psomagen reserves the right to make changes to this notice and to our Privacy Statement from time to time. Changes adopted will apply to any PHI we maintain about you. Psomagen is required to abide by the terms of our notice currently in effect. When changes are made, we will promptly update this notice and post the information on the Psomagen website at www.psomagen.com. Please review this site periodically to ensure that you are aware of any such updates.
Psomagen works diligently to provide exceptional, quality service to all of its clients and is committed to implementing the Health Insurance Portability and Accountability Act of 1996 (HIPAA). For questions or concerns regarding HIPAA and your privacy rights, please contact us at the following address:
1330 Piccard Drive, Suite 103
Rockville, MD 20850
Effective Date of Notice: 07/27/2021