Privacy Policy

HIPAA NOTICE OF PRIVACY PRACTICES

This Notice of Privacy Practices is NOT an authorization. It describes how Prime Diagnostics may use and disclose your Protected Health Information to carry out treatment, payment, or healthcare operations, and for other purposes that are permitted or required by law. It also describes your rights to access and control your Protected Health Information. “Protected Health Information” is information that identifies you individually, including demographic information that relates your past, present, or future physical or mental health condition and related health care services.


  1. USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION

We may use and disclose your Protected Health Information in the following situations:

Treatment: Prime Diagnostics may use or disclose your Protected Health Information to provide medical treatment and/or services in order to manage and coordinate your medical care.

Payment: Your Protected Health Information will be used to obtain payment for your health care services. For example, we will provide your health care plan with the information it requires prior to paying us for the services we have provided to you. This use and disclosure may also include certain activities that your health plan requires prior to approving a service, such as determining benefits eligibility and prior authorization, etc.

Health Care Operations: Prime Diagnostics may use and disclose your Protected Health Information to manage, operate, and support the business activities of our practice. These activities include, but are not limited to, quality assessment, employee review, licensing, fundraising, and conducting or arranging for other business activities. Prime Diagnostics may use or disclose your Protected Health Information, as necessary, to contact you to remind you of your appointment, and inform you about treatment alternatives or other health-related benefits and services that may be of interest to you.

Minors: Protected Health Information of minors will be disclosed to their parents or legal guardians, unless prohibited by law.

Required by Law: Prime Diagnostics will use or disclose your Protected Health Information when required to do so by local, state, federal, and international law.

Abuse, Neglect, and Domestic Violence: Your Protected Health Information will be disclosed to the appropriate government agency if there is belief that a patient has been or is currently the victim of abuse, neglect, or domestic violence and the patient agrees or it is required by law to do so. In addition, your information may also be disclosed when necessary to prevent a serious threat to your health or safety or the health and safety of others to someone who may be able to help prevent the threat.

Judicial and Administrative Proceedings: As sometimes required by law, we may disclose your Protected Health Information for the purpose of litigation to include: disputes and lawsuits; in response to a court or administrative order; response to a subpoena; request for discovery; or other legal processes. However, disclosure will only be made if efforts have been made to inform you of the request or obtain an order protecting the information requested. Your information may also be disclosed if required for our legal defense in the event of a lawsuit.

Law Enforcement: Prime Diagnostics will disclose your Protected Health Information for law enforcement purposes when all applicable legal requirements have been met. This includes, but is not limited to, law enforcement due to identifying or locating a suspect, fugitive, material witness or missing person, complying with a court order or warrant, and grand jury subpoena.

Worker’s Compensation: Prime Diagnostics will disclose only the Protected Health Information necessary for Worker’s Compensation in compliance with Worker’s Compensation laws. This information may be reported to your employer and/or your employer’s representative regarding an occupational injury or illness.

Practice Ownership Change: If our medical practice is sold, acquired, or merged with another entity, your protected health information will become the property of the new owner. However, you will still have the right to request copies of your records and have copies transferred to another physician.

Breach Notification Purposes: If for any reason there is an unsecured breach of your Protected Health Information, we will utilize the contact information you have provided us with to notify you of the breach, as required by law. In addition, your Protected Health Information may be disclosed as a part of the breach notification and reporting process.


  1. USES AND DISCLOSURES IN WHICH YOU HAVE THE RIGHT TO OBJECT AND OPT OUT

Communication with family and/or individuals involved in your care or payment of your care: Unless you object, disclosure of your Protected Health Information may be made to a family member, friend, or other individual involved in your care or payment of your care in which you have identified.

Disaster: In the event of a disaster, your Protected Health Information may be disclosed to disaster relief organizations to coordinate your care and/or to notify family members or friends of your location and condition. Whenever possible, we will provide you with an opportunity to agree or object.

Fundraising: As necessary, we may disclose your Protected Health Information to contact you regarding fundraising events and efforts. You have the right to object or opt out of these types of communications. Please let our office know if you would NOT like to receive such communications.


  1. USES AND DISCLOSURES THAT REQUIRE YOUR WRITTEN AUTHORIZATION

Prime Diagnostics will not disclose or use your Protected Health Information in the situations listed below without first obtaining written authorization to do so. In addition to the uses and disclosures listed below, other uses not covered in this Notice will be made only with your written authorization. If you provide us with authorization, you may revoke it at any time by submitting a request in writing:

Disclosure of Psychotherapy Notes: Unless we obtain your written authorization, in most circumstances we will not disclose your psychotherapy

notes. Some circumstances in which we will disclose your psychotherapy notes include the following: for your continued treatment; training of medical students and staff; to defend ourselves during litigation; if the law requires; health oversight activities regarding your psychotherapist; to avert a serious or imminent threat to yourself or others; and to the coroner or medical examiner upon your death.

Disclosures for marketing purposes and sale of your Protected Health Information.


  1. PROTECTED HEALTH INFORMATION AND YOUR RIGHTS

The following are statements of your rights, subject to certain limitations, with respect to your Protected Health Information:

You have the right to inspect and copy your Protected Health Information (reasonable fees may apply): Pursuant to your written request, you have the right to inspect and copy your Protected Health Information in paper or electronic format. Under federal law, you may not inspect or copy the following types of records: psychotherapy notes, information compiled as it relates to civil, criminal, or administrative action or proceeding; information restricted by law; information related to medical research in which you have agreed to participate; information obtained under a promise of confidentiality; and information whose disclosure may result in harm or injury to yourself or others. Prime Diagnostics has up to 30 days to provide the Protected Health Information and may charge a fee for the associated costs.

You have a right to a summary or explanation of your Protected Health Information: You have the right to request only a summary of your Protected Health Information if you do not desire to obtain a copy of your entire record. You also have the option to request an explanation of the information when you request your entire record.

You have the right to obtain an electronic copy of medical records: You have the right to request an electronic copy of your medical record for yourself or to be sent to another individual or organization when your Protected Health Information is maintained in an electronic format. We will make every attempt to provide the records in the format you request; however, in the case that the information is not readily accessible or producible in the format you request, we will provide the record in a standard electronic format or a legible hard copy

form. Record requests may be subject to a reasonable, cost-based fee for the work required in transmitting the electronic medical records.

You have the right to receive a notice of breach: In the event of a breach of your unsecured Protected Health Information, you have the right to be notified of such breach.

You have the right to request Amendments: At any time if you believe the Protected Health Information we have on file for you is inaccurate or incomplete, you may request that we amend the information. Your request for an amendment must be submitted in writing and detail what information is inaccurate and why. Please note that a request for an amendment does not necessarily indicate the information will be amended.

You have a right to receive an accounting of certain disclosures: You have the right to receive an accounting of disclosures of your Protected Health Information. An “accounting” being a list of the disclosures that we have made of your information. The request can be made for paper and/or electronic disclosures and will not include disclosures made for the purposes of: treatment; payment; healthcare operations; notification and communication with family and/or friends; and those required by law.

You have the right to request restrictions of your Protected Health Information: You have a right to restrict and/or limit the information we disclose to others, such as family members, friends, and individuals involved in your care or payment for your care. You also have the right to limit or restrict the information we use or disclose for treatment, payment, and/or healthcare operations. Your request must be submitted in writing and include the specific restriction requested, whom you want the restriction to apply, and why you would like to impose the restriction. Please note that our practice/your physician is not required to agree to your request for restriction with the exception of a restriction requested to not disclose information to your health plan for care and services in which you have paid in full out-of-pocket.

You have a right to request to receive confidential communications: You have a right to request confidential communications from us by alternative means or at an alternative location. For example, you may designate we send mail only to an address specified by you which may or may not be your home address. You may indicate we should only call you on your work phone or

specify which telephone numbers we are allowed or not allowed to leave messages on. You do not have to disclose the reason for your request; however, you must submit a request with specific instructions in writing.

CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

This Supplemental Privacy Notice for California Residents supplements the information in our Notice of Privacy Practices above, and except as provided herein, applies solely to California residents. It applies to personal information we collect on or through the Service and through other means.

Summary of Information We Collect

California law requires Prime Diagnostics to disclose information regarding the categories of personal information that we have collected about California consumers (as that term is defined in the California Consumer Privacy Act (“CCPA”)), the categories of sources from which the information was collected, the business or commercial purposes (as those terms are defined by applicable law) for which the information was collected, and the categories of parties with whom we share personal information.

Prime Diagnostics may collect the below categories of information for the following business or commercial purposes (as those terms are defined in applicable law):

  • Providing the Service;
  • Detecting, protecting against, and prosecuting privacy and security incidents and fraudulent or illegal activity;
  • Bug detection, error reporting, and activities to maintain the quality or safety of our Service;
  • Investigating compliance with, enforcing, and/or complying with the law;
  • Other uses that advance our commercial or economic interests, such as third party advertising and communicating with you about relevant offers from us or third party partners.

Rights

If you are a California resident, you may have certain rights. California law may permit you to request that we:

  • Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
  • Provide access to and/or a copy of certain information we hold about you.
  • Delete certain information we have about you.

You may have the right to receive information about the financial incentives that we offer to you, if any. You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights.

GENERAL DATA PROTECTION REGULATIONS (GDPR)

This GDPR clause ensures Prime Diagnostics: –

  • Complies with data protection law and follows good practice;
  • Protects the rights of users;
  • Is open about how we store and process individuals’ data;
  • Protect ourselves from data protection risks such as breaches of confidentiality, failure to offer choice and reputational damage.

Under the GDPR, the data protection principles set out the main responsibilities for us. Article 5 of the GDPR requires that personal data shall be:-

  • Processed lawfully, fairly and in a transparent manner in relation to individuals;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
    • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

CHANGES TO THIS NOTICE

Prime Diagnostics reserves the right to change this notice at any time. If we decide to change this notice, we will post those changes on the site.