Notice of privacy practices
Erso Diagnostics “Erso” is required by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), to maintain the privacy and security of your protected health information (PHI) and to provide you with a notice of our duties and practices with respect to PHI that we may collect and maintain about you. Such protection extends to any PHI whether in oral, written, or electronic format.
This Notice of Health Information Privacy Practices (“Notice”) describes how we may use and disclose your protected health information to carry out treatment, payment, or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your protected health information (“PHI”) when in the hands of Erso and its business associates (BA), which are vendors that may assist us in providing our various services to you. PHI is defined as any information that identifies you or may be used to identify you that is created or received by a health care provider, health plan, employer, or health care clearinghouse; and that relates to your past, present or future physical or mental health or condition and related health care services, or provision of or payment for health care.
We are required by state and federal laws to abide by the terms of this Notice. Erso will never use or disclose your PHI without your prior written authorization, except as permitted or required by law and described in this Notice. Please note that if other laws, rules or regulations restrict or limit the use and disclosure of your PHI in ways that are permitted under this Notice, we will only use or disclose your PHI in compliance with the more stringent law, rule, or regulation. We strongly urge you to read this Notice carefully and thoroughly so that you will understand both our commitment to protecting the privacy of your PHI and how you can participate in the protection of this information.
This Notice of Health Information Privacy Practices (“Notice”) describes how we may use and disclose your protected health information to carry out treatment, payment, or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your protected health information (“PHI”) when in the hands of Erso and its business associates (BA), which are vendors that may assist us in providing our various services to you. PHI is defined as any information that identifies you or may be used to identify you that is created or received by a health care provider, health plan, employer, or health care clearinghouse; and that relates to your past, present or future physical or mental health or condition and related health care services, or provision of or payment for health care.
We are required by state and federal laws to abide by the terms of this Notice. Erso will never use or disclose your PHI without your prior written authorization, except as permitted or required by law and described in this Notice. Please note that if other laws, rules or regulations restrict or limit the use and disclosure of your PHI in ways that are permitted under this Notice, we will only use or disclose your PHI in compliance with the more stringent law, rule, or regulation. We strongly urge you to read this Notice carefully and thoroughly so that you will understand both our commitment to protecting the privacy of your PHI and how you can participate in the protection of this information.
The PHI we collect
We attempt to collect the minimal amount of information necessary for Erso to provide our services to you and to obtain payment for those services. This may include, but is not limited to, your name, address, phone number(s), birthdate, social security number, medical history, current and prior diagnoses, treatment, provider identification, financial responsibility, health insurance coverage, and payment information
We attempt to collect the minimal amount of information necessary for Erso to provide our services to you and to obtain payment for those services. This may include, but is not limited to, your name, address, phone number(s), birthdate, social security number, medical history, current and prior diagnoses, treatment, provider identification, financial responsibility, health insurance coverage, and payment information
How we may use and disclose Protected Health Information without your consent
With the exception of information that may qualify for special protection under state and/or federal law, the following categories describe different ways that we use and disclose your PHI. Not every possible use or disclosure in a category is listed below. However, all of the ways in which we are permitted to use and disclose PHI will fall within one of the categories below. Also, under the terms of the “Minimum Necessary Rule“, Erso must limit our uses, disclosures, or requests for your PHI to the minimum amount of PHI necessary to accomplish the intended purpose of such use, disclosure, or request, except as permitted by law. Please note that, for purposes of this Notice, any references to Erso are also inclusive of the BA(s) that we may engage.
With the exception of information that may qualify for special protection under state and/or federal law, the following categories describe different ways that we use and disclose your PHI. Not every possible use or disclosure in a category is listed below. However, all of the ways in which we are permitted to use and disclose PHI will fall within one of the categories below. Also, under the terms of the “Minimum Necessary Rule“, Erso must limit our uses, disclosures, or requests for your PHI to the minimum amount of PHI necessary to accomplish the intended purpose of such use, disclosure, or request, except as permitted by law. Please note that, for purposes of this Notice, any references to Erso are also inclusive of the BA(s) that we may engage.
Payment
We may use and disclose your PHI to others for purposes of receiving payment for treatment and services that you receive. For example, we will submit a claim to you, your health care provider, or your health plan/insurer that includes information that identifies you and the type of services we performed for you.
Treatment: We may use or disclose your PHI to provide and coordinate the treatment and services you receive. For example, we may use your PHI to perform diagnostic tests or provide your test results to your physician or other authorized health care provider. We may also disclose your PHI to another testing laboratory if we are unable to perform the testing ourselves and as such need to refer your specimen to that laboratory to perform the requested testing.
We may use and disclose your PHI to others for purposes of receiving payment for treatment and services that you receive. For example, we will submit a claim to you, your health care provider, or your health plan/insurer that includes information that identifies you and the type of services we performed for you.
Treatment: We may use or disclose your PHI to provide and coordinate the treatment and services you receive. For example, we may use your PHI to perform diagnostic tests or provide your test results to your physician or other authorized health care provider. We may also disclose your PHI to another testing laboratory if we are unable to perform the testing ourselves and as such need to refer your specimen to that laboratory to perform the requested testing.
Health care operations
Erso may use or disclose your PHI in order to support the health care operations of its business and monitor the quality of the care we provide. For example, we may use information in your health record to evaluate the services we provide or to train our teams. In addition, “health care operations” include conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines; patient safety activities; population-based activities relating to protocol development, contacting of health care providers and patients with information about treatment alternatives, and related functions that do not include treatment; submitting claims for stop-loss coverage; conducting or arranging for medical review, legal services, and audit services; wellness and disease management programs; and business planning, development, management and general administration of the clinical lab.
Erso may use or disclose your PHI in order to support the health care operations of its business and monitor the quality of the care we provide. For example, we may use information in your health record to evaluate the services we provide or to train our teams. In addition, “health care operations” include conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines; patient safety activities; population-based activities relating to protocol development, contacting of health care providers and patients with information about treatment alternatives, and related functions that do not include treatment; submitting claims for stop-loss coverage; conducting or arranging for medical review, legal services, and audit services; wellness and disease management programs; and business planning, development, management and general administration of the clinical lab.
If we need to communicate with individuals involved in your care or payment for your care
We may disclose to a family member, another relative, close personal friend, or any other person you identify, PHI that is directly relevant to that person's involvement in your care or payment related to your care. We may disclose the relevant PHI to these persons if you do not object or we can reasonably infer from the circumstances that you do not object to the disclosure. If you are incapacitated, we can make the disclosure if, in the exercise of professional judgment, we believe the disclosure is in your best interests. To the extent permitted under federal and state law, we may disclose PHI of minors to their parents or legal guardians.
We may disclose to a family member, another relative, close personal friend, or any other person you identify, PHI that is directly relevant to that person's involvement in your care or payment related to your care. We may disclose the relevant PHI to these persons if you do not object or we can reasonably infer from the circumstances that you do not object to the disclosure. If you are incapacitated, we can make the disclosure if, in the exercise of professional judgment, we believe the disclosure is in your best interests. To the extent permitted under federal and state law, we may disclose PHI of minors to their parents or legal guardians.
Business Associates (BAs)
There are some services provided by Erso through contracts with business associates (e.g., billing services), and we may disclose your PHI to Erso’ business associates so that they can perform the job we have asked them to do. To protect your information, however, we require the business associate to enter into a Business Associate Agreement, which specifies the ways in which the business associate may use and disclose your PHI and must appropriately safeguard your information. Our standard form BAA (Business Associate Agreement) is available by contacting our Compliance Office.
There are some services provided by Erso through contracts with business associates (e.g., billing services), and we may disclose your PHI to Erso’ business associates so that they can perform the job we have asked them to do. To protect your information, however, we require the business associate to enter into a Business Associate Agreement, which specifies the ways in which the business associate may use and disclose your PHI and must appropriately safeguard your information. Our standard form BAA (Business Associate Agreement) is available by contacting our Compliance Office.
Worker's compensation/no-fault claims
We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker's compensation or other similar programs established by law. These programs provide benefits for work-related injuries or illness without regard to fault.
We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker's compensation or other similar programs established by law. These programs provide benefits for work-related injuries or illness without regard to fault.
Government agencies
We may disclose to certain government agencies (e.g., FDA, CMS, OIG, CLIA accreditation organizations, etc.), or persons under the jurisdiction of the of such agencies, PHI relative to adverse events with respect to products and/or services we provide, or information to enable product recalls, repairs, or replacements.
Public health: As permitted by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability; to report the abuse or neglect of children, elders, dependent adults, or others; or to a person who may have been exposed to a communicable disease or otherwise be at risk of contracting of spreading the disease or condition.
We may disclose to certain government agencies (e.g., FDA, CMS, OIG, CLIA accreditation organizations, etc.), or persons under the jurisdiction of the of such agencies, PHI relative to adverse events with respect to products and/or services we provide, or information to enable product recalls, repairs, or replacements.
Public health: As permitted by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability; to report the abuse or neglect of children, elders, dependent adults, or others; or to a person who may have been exposed to a communicable disease or otherwise be at risk of contracting of spreading the disease or condition.
Law enforcement or as otherwise required by law
We may disclose your PHI when required to do so by federal, state, or local law or for law enforcement purposes as permitted by law, such as in response to a valid subpoena or court order and to assist in locating suspects, fugitives or witnesses, victims of crime, or in the identification of a deceased person.
Health oversight activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities may include audits, investigations, and inspections necessary for licensure and for the government to monitor the health care system, government programs, and compliance with laws.
We may disclose your PHI when required to do so by federal, state, or local law or for law enforcement purposes as permitted by law, such as in response to a valid subpoena or court order and to assist in locating suspects, fugitives or witnesses, victims of crime, or in the identification of a deceased person.
Health oversight activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities may include audits, investigations, and inspections necessary for licensure and for the government to monitor the health care system, government programs, and compliance with laws.
Judicial and administrative proceedings
We may disclose your PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or another lawful process, but only if efforts have been made, either by the requesting party, or us to tell you about the request or to obtain an order protecting the information requested.
We may disclose your PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or another lawful process, but only if efforts have been made, either by the requesting party, or us to tell you about the request or to obtain an order protecting the information requested.
For safety and/or security purposes
We may use and disclose your PHI, if, in good faith, we believe the use or disclosure:
We may use and disclose your PHI, if, in good faith, we believe the use or disclosure:
- (A) is necessary to prevent or lessen a serious and imminent threat to your health and safety or the health and safety of the public or another person, and is to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat;
- or (B) is necessary for law enforcement authorities to identify or apprehend an individual based on statements made by the individual admitting to participation in a violent crime, or where the individual has escaped from a correctional institution or from lawful custody,
- or (C) is necessary for national security, intelligence, or protective services activities.
Use and disclosure of PHI (WITH YOUR CONSENT)
Erso will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for in this Notice (or as otherwise permitted or required by law). Such examples include any uses and disclosures of your PHI for marketing purposes, and disclosures that constitute a sale of PHI require your written authorization. You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
Erso will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for in this Notice (or as otherwise permitted or required by law). Such examples include any uses and disclosures of your PHI for marketing purposes, and disclosures that constitute a sale of PHI require your written authorization. You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
Your rights regarding your health information/PHI
You may request a paper copy of Erso’ current Notice at any time from the Erso’ Privacy/Compliance Office. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. All requests for a paper copy of the Notice must be submitted in writing or electronically to Erso at the contact information listed below
You may request a paper copy of Erso’ current Notice at any time from the Erso’ Privacy/Compliance Office. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. All requests for a paper copy of the Notice must be submitted in writing or electronically to Erso at the contact information listed below
You have the right to access your Protected Health Information.
You (or your designated representative) have the right to access and receive a copy of your PHI that may be used to make decisions about your care or payment for your care. If we maintain the information you have requested in an electronic format you may ask for it to be provided to you electronically, and also ask us to electronically send copies to another person. To exercise this right, you must send a written request to Erso. You may use Erso records request form under the “Client Services” tab under the “Consents and Notices” section.
We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you will receive a written denial and information regarding how your denial may be reviewed.
You (or your designated representative) have the right to access and receive a copy of your PHI that may be used to make decisions about your care or payment for your care. If we maintain the information you have requested in an electronic format you may ask for it to be provided to you electronically, and also ask us to electronically send copies to another person. To exercise this right, you must send a written request to Erso. You may use Erso records request form under the “Client Services” tab under the “Consents and Notices” section.
We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you will receive a written denial and information regarding how your denial may be reviewed.
You may request an amendment or correction of the PHI that we have obtained.
You have a right to request that PHI that we maintain about you be amended or corrected. To request an amendment, you must send a signed written request to Neo Genomics at the contact information listed below. You must include a reason that supports your request. We may process your request in accordance with our policy, but original information will not be removed. In certain cases, we may deny your request for an amendment for various reasons, including if we did not create the information or if we believe the current information is accurate and complete. You will be notified in writing if your request is denied. If your request is denied, you have the right to submit a written statement disagreeing with the denial, which, at your request, maybe appended or linked to the PHI in question. All requests for any revision of your PHI must be submitted in writing to Erso’ Compliance Manager
You have a right to request that PHI that we maintain about you be amended or corrected. To request an amendment, you must send a signed written request to Neo Genomics at the contact information listed below. You must include a reason that supports your request. We may process your request in accordance with our policy, but original information will not be removed. In certain cases, we may deny your request for an amendment for various reasons, including if we did not create the information or if we believe the current information is accurate and complete. You will be notified in writing if your request is denied. If your request is denied, you have the right to submit a written statement disagreeing with the denial, which, at your request, maybe appended or linked to the PHI in question. All requests for any revision of your PHI must be submitted in writing to Erso’ Compliance Manager
You may request a restriction on certain uses and disclosures of PHI.
You have the right to request additional restrictions on how we use or disclose your PHI for treatment, payment, health care operations, and communications to those involved in your care by sending a written request to Erso’ Compliance Manager. All such requests will be considered, but we are not required to agree to it unless the requested restriction involves a disclosure that is not required by law to a health plan for payment or health care operations purposes and not for treatment, and you, or someone on your behalf, have paid for the service in full out of pocket. If we agree to a restriction on other types of disclosures, we will abide by them, except in emergency situations when the disclosure is for the purposed of treatment. All requests for restrictions on the use or disclosure of your PHI must be submitted in writing to Erso at the contact information listed below. In the event we have terminated an agreed-to restriction, based upon our belief that such termination is proper, we will notify you of such termination.
You have the right to request additional restrictions on how we use or disclose your PHI for treatment, payment, health care operations, and communications to those involved in your care by sending a written request to Erso’ Compliance Manager. All such requests will be considered, but we are not required to agree to it unless the requested restriction involves a disclosure that is not required by law to a health plan for payment or health care operations purposes and not for treatment, and you, or someone on your behalf, have paid for the service in full out of pocket. If we agree to a restriction on other types of disclosures, we will abide by them, except in emergency situations when the disclosure is for the purposed of treatment. All requests for restrictions on the use or disclosure of your PHI must be submitted in writing to Erso at the contact information listed below. In the event we have terminated an agreed-to restriction, based upon our belief that such termination is proper, we will notify you of such termination.
You may request confidential communications of your PHI by alternative means or to alternative locations.
You have a right to request to receive communications of PHI by alternate means or at alternate locations. For instance, you may request that we contact you about medical matters only in writing or at a different residence or post office box. To request confidential communication of your PHI, you must submit a request in writing to Erso’ Compliance Office. Your request must state how or where you would like to be contacted. All requests for communication of PHI by alternative means or at alternative locations must be submitted in writing to Erso.
You have a right to request to receive communications of PHI by alternate means or at alternate locations. For instance, you may request that we contact you about medical matters only in writing or at a different residence or post office box. To request confidential communication of your PHI, you must submit a request in writing to Erso’ Compliance Office. Your request must state how or where you would like to be contacted. All requests for communication of PHI by alternative means or at alternative locations must be submitted in writing to Erso.
You may request an accounting of disclosures your PHI.
You have the right to receive an accounting of the disclosures Erso or its business associates have made of your PHI for most purposes other than treatment, payment, health care operations, and certain other limited purposes. The right to receive an accounting of disclosures is subject to certain exceptions, restrictions, and limitations. To request an accounting, you must submit your request in writing to Erso’ Privacy/Compliance Office. Your request must specify the time period for which you would like an accounting, but this time period may not be longer than six years prior to your request. All requests for an accounting of the disclosures of your PHI must be submitted in writing to Erso at the contact information listed below.
You have the right to receive an accounting of the disclosures Erso or its business associates have made of your PHI for most purposes other than treatment, payment, health care operations, and certain other limited purposes. The right to receive an accounting of disclosures is subject to certain exceptions, restrictions, and limitations. To request an accounting, you must submit your request in writing to Erso’ Privacy/Compliance Office. Your request must specify the time period for which you would like an accounting, but this time period may not be longer than six years prior to your request. All requests for an accounting of the disclosures of your PHI must be submitted in writing to Erso at the contact information listed below.
Security of your PHI
Access to PHI is restricted to only those employees, agents, or contractors of Erso who require it to provide services to you or your healthcare provider(s) or obtain payment from those financially responsible for payment. Erso maintains physical, technical, and procedural safeguards protecting PHI against unauthorized use and disclosure. Erso’ Privacy/Compliance Office is responsible for overseeing the proper and effective implementation of all required rules and regulations, as well as policies and procedures concerning the use and disclosure of PHI, including ensuring proper educating/training, investigating all issues, complaints, and concerns, audit and monitoring compliance by Erso and its employees, agents and contractors. Please note that any e-mail communication you initiate with Erso regarding your PHI is not secured in accordance with the HIPAA security standards. As a general rule, Erso will not communicate with you through e-mail unless the e-mail can be properly encrypted or with your permission/consent.
Access to PHI is restricted to only those employees, agents, or contractors of Erso who require it to provide services to you or your healthcare provider(s) or obtain payment from those financially responsible for payment. Erso maintains physical, technical, and procedural safeguards protecting PHI against unauthorized use and disclosure. Erso’ Privacy/Compliance Office is responsible for overseeing the proper and effective implementation of all required rules and regulations, as well as policies and procedures concerning the use and disclosure of PHI, including ensuring proper educating/training, investigating all issues, complaints, and concerns, audit and monitoring compliance by Erso and its employees, agents and contractors. Please note that any e-mail communication you initiate with Erso regarding your PHI is not secured in accordance with the HIPAA security standards. As a general rule, Erso will not communicate with you through e-mail unless the e-mail can be properly encrypted or with your permission/consent.
Right to receive notification in the event of a data breach
You have a right to receive notification if there is a breach of your unsecured PHI, except in those instances where we determine that there is a low probability that the PHI has been compromised. After learning of such a breach, we must provide notice to you without unreasonable delay and in no event later than sixty (60) calendar days after Erso’ discovery of the breach, unless a law enforcement official requires us to delay the breach notification.
You have a right to receive notification if there is a breach of your unsecured PHI, except in those instances where we determine that there is a low probability that the PHI has been compromised. After learning of such a breach, we must provide notice to you without unreasonable delay and in no event later than sixty (60) calendar days after Erso’ discovery of the breach, unless a law enforcement official requires us to delay the breach notification.
Note
We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.
We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.
Complaints/Objections
To file a complaint with Erso, you must submit a written complaint to Erso’ Privacy/Compliance Office at the address listed below. Any submission must be marked “Confidential,” and should include your name, address, and telephone number where we can contact you (unless you chose to remain anonymous) and a brief description of your concern, issue, or complaint. Filing a complaint will not affect your rights to your personal data or services provided by Erso.
To file a complaint with Erso, you must submit a written complaint to Erso’ Privacy/Compliance Office at the address listed below. Any submission must be marked “Confidential,” and should include your name, address, and telephone number where we can contact you (unless you chose to remain anonymous) and a brief description of your concern, issue, or complaint. Filing a complaint will not affect your rights to your personal data or services provided by Erso.