Notice of Privacy Practices
The Notice of Privacy Practices was last updated on April 24, 2019
EXOSOME DIAGNOSTICS, INC. NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
For purposes of your treatment, Exosome Diagnostics, Inc. (“Exosome Dx”) and its staff may use and disclose information about your medical history and your current health. This notice explains how that information may be used and shared with others. It also explains your privacy rights regarding this kind of information. The terms of this notice apply to health information created or received by ExosomeDx. We are required by law to: make sure that medical information that identifies you is kept private; give you this notice of our legal duties and privacy practices with respect to medical information about you; follow the terms of the notice that is currently in effect; and notify you in the event there is a breach of any unsecured protected health information about you.
Your medical information may be used and disclosed for the following purposes:
Treatment: We may use your information to provide, coordinate, and manage your treatment. For example, ExosomeDx will use your medical information to perform our testing services and disclose your medical information to physicians involved in caring for and treating you.
Payment: We may use and disclose medical information about you so that the treatment and services you receive may be billed to and payment may be collected from you, an insurance company, or another third party. For example, we may need to give your health plan information about the services performed by ExosomeDx for you so your health plan will pay us or reimburse you for the treatment. We may also tell your health plan about services you are going to receive to obtain prior approval, to determine whether your plan will cover the services or for purposes of an independent review of a denial of a claim based on lack of medical necessity.
Health Care Operations: We may use and disclose medical information about you to monitor and support ExosomeDx’s laboratory operations and to make sure that all of our patients receive quality care. For example, we may use medical information to review and monitor the quality of our services, to evaluate the performance of our laboratory professionals and their qualifications, and conduct training as well as performing accreditation, certification, licensing and credentialing activities and other administrative functions.
Personal Representatives. Exosome Dx will only disclose medical information to your authorized personal representative, as defined by and to the extent permitted by law.
Minors: As permitted by applicable law, we may disclose information about minors to their parents or guardians.
Research: Federal law permits ExosomeDx to use and disclose medical information about you for research purposes, either with your specific, written authorization or when the study has been reviewed for privacy protection by an Institutional Review Board or Privacy Board before the research begins. In some cases, researchers may be permitted to use information in a limited way to determine whether the study or the potential participants are appropriate.
As Required by Law: We will disclose medical information about you when we are required to do so by federal, state or local law.
To Business Associates: Some services are provided by or to ExosomeDx through contracts with business associates, such as Exosome Dx’s consultants and accreditation organizations. We may disclose information about you to our business associates so that they can perform the functions we have contracted with them to do. To protect the information that is disclosed, we require each of our business associates to sign an agreement to appropriately safeguard the information and not to redisclose the information unless specifically permitted by law.
Your medical information may be released in the following special situations:
Organ and Tissue Donation: We may release your medical information to organizations that handle organ procurement or organ, eye or tissue transplantation, or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation. The information that ExosomeDx may disclose is limited to the information necessary to make a transplant possible.
Military and Veterans: If you are a member of the armed forces, we will release medical information about you as requested by military command authorities if we are required to do so by law. We may also release medical information about foreign military personnel to the appropriate foreign military authority as required by law.
Workers’ Compensation: We may release medical information about you for workers’ compensation or similar programs as authorized by you or required by law. These programs provide benefits for work-related injuries or illness.
Abuse or Neglect: We may disclose medical information about you to a government authority if we reasonably believe you are a victim or abuse or neglect.
Public Health: We may disclose medical information to public health authorities about you for public health activities. These disclosures generally assist authorities charged with preventing or controlling disease, injury or disability.
Health Oversight Activities: Exosome Dx may disclose medical information to a health oversight agency for health oversight activities that are authorized by law. These oversight activities include, for example, government audits, investigations, inspections, and licensure activities and are generally necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Lawsuits and Disputes; Law Enforcement: We may disclose medical information about you in response to a valid court order or statutory authorization, or if asked to do so by a law enforcement official in response to a valid court order, grand jury subpoena, or warrant.
Coroners, Medical Examiners, and Funeral Directors: We will release medical information to a coroner or medical examiner in the case of certain types of death, and we must disclose health records upon the request of the coroner or medical examiner. This may be necessary, for example, to identify you or determine the cause of death. We may also release the fact of death and certain demographic information about you to funeral directors as necessary to carry out their duties.
National Security and Intelligence Activities: We will release medical information about you to authorized federal officials for intelligence, counter-intelligence, and other national security activities only as required by law.
Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we will release medical information about you to the correctional institution or law enforcement official only as permitted by law.
You have the following rights regarding medical information we maintain about you:
Right to Inspect and Copy: You have the right to inspect and receive a copy of your medical information relates to decisions about your care. Usually, this includes medical and billing records maintained by Exosome Dx.
If you wish to inspect and copy medical information, you must submit your request in writing to Exosome Dx’s Privacy Officer. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request, to the extent permitted by state and federal law. If we maintain your health information electronically as part of a designated record set, you have the right to receive a copy of your health information in electronic format upon your request. You may also direct us to transmit your health information (whether in hard copy or electronic form) directly to an authorized representative clearly and specifically designated by you in writing.
We may deny your request to inspect and copy your information in certain very limited circumstances. For example, we may deny access if your physician believes it will be harmful to your health or could cause a threat to others. In these cases, we may supply the information to a third party who may release the information to you. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by ExosomeDx will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Request Amendment: If you believe that medical information we have about you is incorrect or incomplete, you have the right to ask us to change the information. You have the right to request an amendment for as long as the information is kept by or for ExosomeDx.
To request a change to your information, your request must be made in writing and submitted to ExosomeDx’s Privacy Officer. In addition, you must provide a reason that supports your request.
ExosomeDx may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- Was not created by ExosomeDx, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the medical information kept by or for Exosome Dx;
- Is not part of the information which you would be permitted to inspect and copy; or
- Is accurate and complete.
Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures.” This is a list of the disclosures Exosome Dx has made of your PHI. This list will not include disclosures for treatment, payment, and health care operations; disclosures that you have authorized or that have been made to you; disclosures for national security or intelligence purposes; disclosures to correctional institutions or law enforcement with custody of you; disclosures that took place before April 14, 2003; and certain other disclosures.
To request this list of disclosures, you must submit your request in writing to ExosomeDx’s Privacy Officer. Your request must state a time period for which you would like the accounting but may not go back further than 6 years from the date of the request. You may receive one free accounting in any 12-month period. We will charge you for additional requests.
Right to Request Restrictions: You have the right to request a restriction or limitation on the medical information we use or disclose about you. If you pay out-of-pocket in full for an item or service, you may request that we not disclose information pertaining solely to such item or service to your health plan for purposes of payment or health care operations. We are required to agree with such a request, unless you request a restriction on the information we disclose to a health maintenance organization (“HMO”) and the law prohibits us from accepting payment from you above the cost-sharing amount for the item or service that is the subject of the requested restriction. However, we are not required to agree to any other request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment or you request that we remove the restriction.
To request restrictions, you must make your request in writing to our Privacy Officer. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply, for example, if you want to prohibit disclosures to your spouse.
Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we contact you only at work or only by mail.
To request confidential communications, you must make your request in writing to our Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted, and we may require you to provide information about how payment will be handled.
Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this notice. You may ask us to give you a copy of this notice any time. This notice is on our website, www.epi.exosomedx.com.
Changes to This Notice
The effective date of this notice is April 24, 2019. We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you, as well as any information we receive in the future. If the terms of this notice are changed, ExosomeDx will post the revised notice on our website, www.epi.exosomedx.com.
Complaints or Questions
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with Exosome Dx, or to ask a question about this Notice, email firstname.lastname@example.org. All complaints must be submitted in writing Attn: Exosome Privacy Officer 266 Second Avenue Suite 200, Waltham MA 02451. You will not be penalized for filing a complaint.
Other Uses and Disclosures of Protected Health Information
We are required to obtain a written authorization from you for most uses and disclosures of psychotherapy notes, uses and disclosures of protected health information for marketing purposes and disclosures that constitute a sale of protected health information. Except as described in this Notice, Exosome Dx will not use or disclose your protected health information without a specific written authorization from you. If you provide us with a written authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization, except to the extent we have already relied on your authorization. We are unable to take back any disclosures we have already made with your permission, and we are required to retain our records of the care that we provided to you.