Notice of Health Information Privacy Practices
This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Path Labs, LLC. dba PathLogic, and its subsidiaries and affiliates, is required by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), to maintain the privacy and security of your protected health information and to provide you with a notice of PathLogic’s legal duties and privacy practices with respect to protected health information that PathLogic may collect and maintain about you. This Notice of Health Information Privacy Practices (“Notice”) describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your protected health information (“PHI”) when in the hands of PathLogic and its business associates, which are vendors that may assist us in providing services to you. PHI is any information that identifies you or may be used to identify you (e.g., basic demographic information); that is created or received by a health care provider, health plan, employer or health care clearinghouse; and that relates to your past, present or future physical or mental health or condition and related health care services, or provision of or payment for health care.
We are required by law to abide by the terms of this Notice. We will not use or disclose your PHI without your prior written authorization, except as permitted or required by law and described in this Notice. Please note that if other federal, state, or local laws, rules or regulations restrict or limit the use and disclosure of your PHI in ways that are permitted under this Notice, PathLogic will only use or disclose your PHI in compliance with the stricter law, rule or regulation.
What PHI We Collect
We attempt to collect the minimal amount of information necessary for PathLogic to provide our services to you and to obtain payment for those services. This may include your name, address, telephone number, social security number, date of birth, medical history, diagnosis, treatment, provider identification, financial responsibility, health insurance coverage (including group numbers and member identification numbers), and payment information.
How We May Use and Disclose Protected Health Information About You WITHOUT YOUR CONSENT
With the exception of information that may qualify for special protection under state and/or federal law, the following categories describe different ways that we use and disclose your PHI. Not every possible use or disclosure in a category is listed below. However, all of the ways in which we are permitted to use and disclose PHI will fall within one of the categories below. Also, PathLogic must limit its uses, disclosures, or requests for your PHI to the “minimum necessary” to accomplish the intended purpose of such use, disclosure, or request, except as permitted by law. Please note that, for purposes of this Notice, any references to “we” or “PathLogic” include all business associates we may engage.
- Treatment: We may use or disclose your PHI to provide and coordinate the treatment and services you receive. For example, we may use your PHI to perform diagnostic tests, or provide your test results to your physician or other authorized health care provider.
- Payment: We may use and disclose your PHI to others for purposes of receiving payment for treatment and services that you receive. For example, we will submit a claim to you, your health care provider, or your health plan/insurer that includes information that identifies you and the type of services we performed for you.
- Health Care Operations: PathLogic may use or disclose your PHI in order to support the health care operations of its business and monitor the quality of the care we provide. For example, we may use information in your health record to evaluate the services we provide or to train PathLogic’s staff. In addition, “health care operations” include conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines; patient safety activities; population-based activities relating to protocol development, case management and care coordination, contacting of health care providers and patients with information about treatment alternatives, and related functions that do not include treatment; submitting claims for stop-loss coverage; conducting or arranging for medical review, legal services, and audit services; wellness and disease management programs; and business planning, development, management and general administration of the clinical lab.
- To Communicate with Individuals Involved in Your Care or Payment for Your Care: We may disclose to a family member, other relative, close personal friend or any other person you identify, PHI that is directly relevant to that person's involvement in your care or payment related to your care. We may disclose the relevant PHI to these persons if you are present for the disclosure and either do not object or we can reasonably infer from the circumstances that you do not object to the disclosure. If you are not present or are incapacitated, we can make the disclosure if, in the exercise of professional judgment, we believe the disclosure is in your best interests.
- Business Associates: There are some services provided by PathLogic through contracts with business associates (e.g., billing services), and we may disclose your PHI to PathLogic’s business associate so that they can perform the job we have asked them to do. To protect your information, however, we require the business associate to enter into a Business Associate Agreement, which specifies the ways in which the business associate may use and disclose your PHI and must appropriately safeguard your information.
- Government Agencies: We may disclose to certain government agencies (e.g., FDA, CMS, OIG, CLIA accreditation organizations, etc.), or persons under the jurisdiction of the of such agencies, PHI relative to adverse events with respect to products and/or services we provide, or information to enable product recalls, repairs, or replacements.
- Worker's Compensation: We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker's compensation or other similar programs established by law. These programs provide benefits for work-related injuries or illness without regard to fault.
- Public Health: As permitted by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability; to report the abuse or neglect of children, elders, dependent adults, or others; or to a person who may have been exposed to a communicable disease or otherwise be at risk of contracting of spreading the disease or condition.
- Law Enforcement: We may disclose your PHI for law enforcement purposes as permitted by law, such as in response to a valid subpoena or court order.
- As Otherwise Required by Law: We may disclose your PHI when required to do so by federal, state, or local law.
- Health Oversight Activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities may include audits, investigations, and inspections necessary for licensure and for the government to monitor the health care system, government programs, and compliance with laws.
- Judicial and Administrative Proceedings: We may disclose your PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or other lawful process, but only if efforts have been made, either by the requesting party, or us to tell you about the request or to obtain an order protecting the information requested.
- Research: We may use or disclose your PHI for research if approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information. We may also disclose information about decedents to researchers under certain circumstances.
- Coroners, Medical Examiners, and Funeral Directors: We may disclose your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose your PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
- Organ or Tissue Procurement Organizations: As compliant with applicable law, we may use or disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of facilitating organ, eye, or tissue donation and transplantation.
- Notification: We may, under certain circumstances, use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition. We may disclose to a family member, relative, or close personal friend, PHI that is directly relevant to that person’s involvement with your care or payment for care. We may also make these disclosures to persons who are not family members, relatives, or close personal friends of the individual, as long as we have reasonable assurance that you have identified the person as being involved in your care or payment. We may disclose the relevant PHI to these persons if you are present for the disclosure and either do not object or we can reasonably infer from the circumstances that you do not object to the disclosure. If you are not present or are incapacitated, we can make the disclosure if, in the exercise of professional judgment, we believe the disclosure is in your best interests.
- Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of other individuals.
- To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI, if in good faith, we believe the use or disclosure: (i) is necessary to prevent or lessen a serious and imminent threat to your health and safety or the health and safety of the public or another person, and is to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat; or (ii) is necessary for law enforcement authorities to identify or apprehend an individual based on statements made by the individual admitting to participation in a violent crime, or where the individual has escaped from a correctional institution or from lawful custody.
- Military and Veterans: If you are a member of the armed forces, we may use and disclose PHI about you for activities deemed necessary by appropriate military command authorities to assure the proper execution of a military mission. For the same reason, we may also release PHI about foreign military personnel to the appropriate foreign military authority.
- Disaster Relief: In the event of a disaster, we may provide your PHI to disaster relief organizations.
- National Security, Intelligence Activities, and Protective Services for the President and Others: We may disclose PHI about you to authorized federal officials for the conduct of lawful intelligence, counterintelligence, protective services to the President, and other national security activities authorized by law.
- Victims of Abuse or Neglect: We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse, neglect, or domestic violence. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is expressly allowed by law and we believe it is necessary to prevent serious harm to you or someone else.
- Treatment Alternatives, Appointment Reminders, and Health-Related Benefits and Services: We may use and disclose your PHI to tell you about possible treatment options or alternatives, appointment reminders, and health-related benefits and services that may be of interest to you.
Use and Disclosure of PHI (WITH YOUR CONSENT)
PathLogic will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for in this Notice (or as otherwise permitted or required by law). Examples include any uses and disclosures of your PHI for marketing purposes, and disclosures that constitute a sale of PHI require your written authorization. You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
Special Protections for Sensitive PHI/Information
For certain types of PHI we may be required to protect your privacy in ways more strict than we have discussed in this Notice. PathLogic must abide by the following rules for to use or disclose certain types of your PHI:
- HIV Test Information. We may not disclose the result of any HIV test or that you have been the subject of an HIV test unless required by law or the disclosure is to you or other persons under limited circumstances or you have given us written permission to disclose.
- Genetic Information. We may not use or disclose your genetic information unless the use or disclosure is made as required by law or you provide us with written permission to disclose such information.
- Mental Health Information Records. We may not disclose your mental health information records except to you and anyone else authorized by law to inspect and copy your mental health information records or you provide us with written permission to disclose.
- Alcoholism or Drug Abuse Information. We may not disclose any alcoholism or drug abuse information related to your treatment in an alcohol or drug abuse program unless the disclosure is allowed or required by law or you provide us with written permission to disclose.
Rights Regarding Your Health Information/PHI
- Obtain a paper copy of the Noticeupon request. You may request a paper copy of PathLogic’s current Notice at any time from our Customer Care Department. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. All requests for a paper copy of the Notice must be submitted in writing or electronically to PathLogic.
- Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on how we use or disclosure of your PHI for treatment, payment, health care operations, and communications to those involved in your care by sending a written request to PathLogic’s Customer Care Department. We are not required to agree to all requested restrictions. If, however, we do agree to your request, we will comply with it. For example, we must agree to your request to restrict disclosures of your PHI to your health plan if the disclosure is for payment or health care operation purposes and the PHI pertains solely to a health care item or service for which you, or someone on your behalf, has paid in full out of pocket. All requests for restrictions on the use or disclosure of your PHI must be submitted in writing or electronically to PathLogic.
- Inspect and obtain a copy of PHI. You have the right to access and copy your PHI. To exercise this right, you must send a written request to the Customer Care Department. We may charge you a fee for the costs of copying, mailing and other supplies that are necessary to fulfill your request. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you will receive a written denial and information regarding how your denial may be reviewed. All requests to inspect or obtain a copy of your PHI must be submitted in writing or electronically to PathLogic.
- Request an amendment of PHI. If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send a written request to the Customer Care Department. You must include a reason that supports your request. In certain cases, we may deny your request for amendment. You will be notified in writing if your request is denied. If you request is denied, you have the right to submit a written statement disagreeing with the denial, which, at your request, may be appended or linked to the PHI in question. All requests for an amendment of your PHI must be submitted in writing or electronically to PathLogic.
- Receive an accounting of disclosures of PHI. You have the right to receive an accounting of the disclosures PathLogic or its business associates have made of your PHI for most purposes other than treatment, payment, health care operations, and certain other limited purposes. The right to receive an accounting of disclosures is subject to certain exceptions, restrictions, and limitations. To request an accounting, you must submit your request in writing to the Customer Care Department. Your request must specify the time period for which you would like an accounting, but this time period may not be longer than six years prior to your request. The first accounting you request within a 12-month period will be at no cost. For additional accountings within a 12-month period, we may charge you for the costs of providing the accounting of disclosures. Before providing you with the accounting, we will notify you of the costs involved, and you may choose to withdraw or modify your request at that time before any costs are incurred. All requests for an accounting of the disclosures of your PHI must be submitted in writing or electronically to PathLogic.
- Request communications of PHI by alternative means or at alternative locations. You have a right to request to receive communications of PHI by alternate means or at alternate locations. For instance, you may request that we contact you about medical matters only in writing or at a different residence or post office box. To request confidential communication of your PHI, you must submit a request in writing to the Customer Care Department. Your request must state how or where you would like to be contacted. All requests for communication of PHI by alternative means or at alternative locations must be submitted in writing or electronically to PathLogic.
- Right to Receive Notification in the Event of a Breach. You have a right to receive notification if there is a breach of your Unsecured PHI, except in those instances where we determine that there is a low probability that the PHI has been compromised. After learning of such a breach, we must provide notice to you without unreasonable delay and in no event later than sixty (60) calendar days after PathLogic’s discovery of the breach, unless a law enforcement official requires us to delay the breach notification.
Security of Your PHI
Access to PHI is restricted to only those employees, agents or contractors of PathLogic who require it to provide services to you or your healthcare provider(s) or obtain payment from those financially responsible for payment. PathLogic maintains physical, technical, and procedural safeguards protecting PHI against unauthorized use and disclosure. PathLogic’s management is responsible for overseeing the proper and effective implementation of all required rules and regulations, as well as policies and procedures concerning the use and disclosure of PHI, including ensuring proper educating/training, investigating all issues, complaints and concerns, auditing and monitoring compliance by PathLogic and its employees, agents and contractors. Please note that any e-mail communication you initiate with PathLogic regarding your PHI is not secured in accordance with the HIPAA security standards. As a general rule, PathLogic will not communicate with you through e-mail unless the e-mail can be properly encrypted or with your permission/consent.
For More Information or to Report a Problem
If you have questions or would like additional information about PathLogic’s privacy practices, you may contact:
- Attn: Customer Care Department
- 1166 National Drive, Suite 80
- Sacramento, CA 95834
To file a complaint with PathLogic, you must submit a written complaint to the Customer Care Department at the address listed above. Any submission must be marked “Confidential.” There will be no retaliation for filing a complaint. Please include your name, address, and telephone number where we can contact you (unless you chose to remain anonymous) and a brief description of your concern, issue, or complaint.
If you believe your privacy rights have been violated, you can file a complaint with the Customer Care Department or with the Office for Civil Rights, Department of Health and Human Services at:
- The U.S. Department of Health and Human Services
- 200 Independence Avenue, S.W.
- Washington, D.C. 20201
Toll Free: 1-877-696-6775
Changes to this Notice
PathLogic reserves the right to change its practices and the terms of this Notice as and, to the extent permitted by law, to make the new Notice effective for all PHI we maintain without prior notice to you.
Obtaining a Copy of this Notice.
You are permitted to print or make a copy of this Notice for your records. If you do not have the ability to print or make a copy, you may request one by contacting the PathLogic Customer Care Department at the address listed above.
This Notice is effective as of August 1, 2017.