NOTICE OF PRIVACY PRACTICES
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
An additional privacy statement for German residents is set forth below.
Molecular Health is committed to obtaining, maintaining, using and disclosing patient protected health information in a manner that protects patient privacy. We urge you to read this Notice of Privacy Practices (“Notice”) carefully in order to understand both our commitment to the privacy of your protected health information and your rights.
Molecular Health is required by law to maintain the privacy of your protected health information and to provide you with a notice of our legal duties and privacy practices with respect to protected health information. This Notice describes how we may use and disclose your protected health information to carry out treatment, payment or healthcare operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your protected health information. “Protected health information” or “PHI” is information about you, including basic demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related healthcare services.
We are required to follow the terms of this Notice. We will not use or disclose your protected health information without your written permission, except as described in this Notice. We reserve the right to change our practices and this Notice as and to the extent permitted by law and to make a new Notice for all protected health information we maintain. Upon your request, we will provide you with a revised Notice.
EXAMPLES OF HOW WE USE AND DISCLOSE PROTECTED HEALTH INFORMATION ABOUT YOU
Your PHI may be used and disclosed for treatment, payment, healthcare operations, and other purposes permitted or required by law. If we wish to use or disclose your PHI for other purposes, we would have to obtain your written permission. Molecular Health may, however, use or disclose your PHI without specific authorization or permission for certain purposes, including:
- Treatment: Molecular Health may use your health information to provide and coordinate the treatment and services you receive. For example, we may use your information to perform diagnostic tests, or provide your test results to your physician.
- Payment: Molecular Health may use and disclose your health information to others for purposes of receiving payment for treatment and services that you receive. For example, we will submit a claim to you or your health plan/insurer that includes information that identifies you and the type of services we performed for you.
- Healthcare Operations: Molecular Health may use or disclose your PHI in order to support the operations of our laboratories and monitor the quality of the services we provide. For example, we may use information in your health record to evaluate the services our laboratories provide or to train our staff.
- To Communicate with Individuals Involved in Your Care or Payment for Your Care: We may disclose to a family member, other relative, close personal friend or any other person you identify PHI directly relevant to that person’s involvement in your care or payment related to your care.
- Minors’ Protected Health Information: As permitted by federal and state law, we may disclose PHI about minors to their parents or guardians.
- Business Associates: There are some services provided by Molecular Health through contracts with business associates (e.g., billing services and lab information system providers), and we may disclose your PHI to our business associate so that they can perform the job we have asked them to do. To protect your information, however, we require the business associate to appropriately safeguard your information. These business associates do not have the right to use information beyond what is necessary for them to provide services to us, and are contractually obligated to maintain confidentiality of information.
- Worker’s Compensation: We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to the worker’s compensation or other similar programs established by law.
- Public Health: As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
- Law Enforcement: We may disclose your PHI for law enforcement purposes as permitted by law or in response to a valid subpoena or court order.
- As Required by Law: We will disclose your PHI when required to do so by federal, state, or local law.
- Health Oversight Activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections necessary for licensure and for the government to monitor the healthcare system, government programs, and compliance with civil rights laws.
- Judicial and Administrative Proceedings: If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or by us to tell you about the request or to obtain an order protecting the information requested.
- Research: We may disclose your PHI to researchers when the research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
- Coroners, Medical Examiners, and Funeral Directors: We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
- Organ or Tissue Procurement Organizations: Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
- Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.
- Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of other individuals.
- To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
- Military and Veterans: If you are a member of the armed forces, we may release PHI about you as required by military authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
- Specialized Government Functions: Under certain circumstances, we may disclose your PHI to units of the government with specialized functions such as the US Military or the US Department of State in response to requests as authorized by law.
- Victims of Abuse or Neglect: We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.
OTHER USES AND DISCLOSURES OF PHI
We will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
YOUR HEALTH INFORMATION RIGHTS
Obtain a paper copy of the Notice upon request. You may request a copy of our current Notice at any time from the Privacy Officer. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy.
Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use or disclosure of your PHI by sending a written request to Molecular Health’s Privacy Officer. We are not required to agree to those restrictions.
Right to see and receive copies of your PHI. You and your personal representative have the right to access PHI consisting of your laboratory test results or reports ordered by your physician. Within 30 days after our receipt of your request, you will receive a copy of the completed laboratory report from Molecular Health unless an exception applies. You have the right to access and receive your PHI in an electronic format if it is readily producible in such a format. You also have the right to direct Molecular Health to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI. To request a copy of your PHI, contact the Privacy Officer at (346) 221-1995 or by email at firstname.lastname@example.org .
Request an amendment of PHI. If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send a written request to the Privacy Officer. You must include a reason that supports your request. In certain cases, we may deny your request for amendment. For example, in circumstances under which the patient would be denied access to his/her PHI, we may deny a request for amendment.
Receive an accounting of disclosures of PHI. You have the right to receive an accounting of the disclosures we have made of your PHI for purposes other than treatment, payment, healthcare operations, and certain other activities. The right to receive an accounting is subject to certain exceptions, restrictions, and limitations. To request an accounting, you must submit a request in writing to the Privacy Officer. Your request must specify the time period for which you would like an accounting, but this time period may not be longer than six years.
Request communications of PHI by alternative means or at alternative locations. You have a right to request to receive communications of PHI by alternate means or at alternate locations. For instance, you may request that we contact you about medical matters only in writing or at a different residence or post office box. To request confidential information communication of your PHI, you must submit a request in writing to the Privacy Officer. Your request must state how or where you would like to be contacted. We will accommodate all reasonable requests.
FOR MORE INFORMATION OR TO REPORT A PROBLEM
If you have questions or would like additional information about our privacy practices, you may contact:
Molecular Health, Inc.
Doreen Ng, Privacy Officer
70 Fargo St., Suite 900
Boston, MA 02210
If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer or with the United States Secretary of Health and Human Services. There will be no retaliation for filing a complaint.
ADDITIONAL PRIVACY STATEMENT FOR GERMAN RESIDENTS
Any personal information collected during visits to the Molecular Health website is processed in accordance with the provisions of German law. Our website may contain links to other providers’ websites that are not covered by this privacy statement. Molecular Health respects your personal privacy.
COLLECTION AND PROCESSING OF PERSONAL DATA
Molecular Health stores your first and last name, country and e-mail address if you, yourself, provide this information to Molecular Health, including if you contact us by email, or complete any form on the Molecular Health website and submit that form to us.
Furthermore Molecular Health analyses traffic on its website in order to understand our customers’ requirements and, based on these, to continually improve our website. For this reason we store the IP address of a visitor’s Internet Service Provider as standard. Aggregate data is evaluated for statistical purposes only after anonymization of IP addresses.
Data from individual uses of our website is stored for error analysis. This information is used solely for correcting errors and is routinely deleted after thirty (30) days.
LIMITATIONS ON USE AND DISCLOSURE OF PERSONAL DATA
Molecular Health will process and use your personal data only in connection with services related to our websites. This enables us to offer you a customized service and/or can also save you from having to enter the same information repeatedly. We only utilize as much information as is necessary.
We will not share your personal data with third parties other than our affiliates. However, it may be possible for our contractors or service providers who are engaged by us to maintain or improve our websites and products or services to access personal data in the course of the provision of service.
If any government agencies or authorities ask us to collect or share personal data, we will do so only in compliance with the law. We require our employees, suppliers and partners to maintain confidentiality and data secrecy in accordance with Article 5 of the German Federal Data Protection Act.
ACCESSING PERSONAL DATA
If you request, Molecular Health will confirm whether we store personal data about you and what this data is. Despite our best efforts to ensure that this stored data is accurate and up-to-date, it may be incorrect. If our information about you is incorrect, we will correct this information upon your request.
Molecular Health uses technical and organizational security measures to protect the data we hold about you against accidental or deliberate manipulation, loss, deletion or unauthorized access. Our security measures are being improved continuously as new technology develops. The processing and transmission of data is encrypted by the SSL (Secure Sockets Layer) protocol.
Enforcement of and compliance with this privacy statement
Molecular Health is committed to complying with the provisions of its data protection policy as described above.
Should you have any questions regarding the handling of your personal information, please contact our Data Protection Manager:
Dellbrücker Straße 116
51469 Bergisch Gladbach
Together with data protection staff, this manager is also your point of contact for requests for information, suggestions or complaints.