Notice of Information Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVEW IT CAREFULLY.

Dart Medical Laboratory. (“Dart”) wants you to be assured that keeping your information secure and confidential is our primary concern and obligation. At Dart, we are committed to keeping your laboratory test results confidential. Not only that, we make sure that other protected health information that we collect from you or create for you as part of our diagnostic testing activities is kept highly confidential and secure; unavailable to any third party without your express permission.

As required by law, this Notice has been published to explain the information that we collect and how we retain, use and disclose it to be utilized in provision of diagnostic services and we will abide by the statements made herein. Except as permitted by law and as explained in this Notice, we do not disclose any information about our past, present or future patients to anyone. The usage of the term “Protected Health Information” or “PHI” by us refers to individually identifiable information concerning the provision of, or payment for, health care to you.

What information do we collect?
In providing diagnostic testing services, we may collect Protected Health Information from the following sources (including but not limited to):

• Information from healthcare providers who are currently treating you or have treated you at any time in the past. This information may include your health status and/or the tests to be performed.
• Information from insurance companies that are currently insuring you or have insured you at any time in the past. This information may include your claims history.
• Information we may obtain while providing diagnostic services to you. This information may be obtained from our affiliates or others, such as other laboratories.

How do we protect Protected Health Information?
Our employees are required to maintain your Protected Health Information in the strictest confidence, and they understand the confidentiality requirements. Any employee negligent in this regard is bound to face disciplinary action. We also maintain physical, electronic, and procedural safeguards to guard your Protected Health Information. Finally, in those situations where we rely on a third party to perform business, professional or insurance services or functions for us, that third party must agree to protect the privacy of your Protected Health Information and use it only as required to perform those functions it performs for us and as otherwise permitted by law. In these ways, Dart confirms the confidentiality promised to you.

When we must seek your authorization before disclosing Protected Health Information
There may be circumstances where Dart will seek your authorization before we make a disclosure of your Protected Health Information – to make sure we have your express permission to make that disclosure. For example, in case you ask someone who is not your personal representative to contact us on your behalf to discuss your test results or your payment history, we will seek authorization from you before divulging any of your Personal Health Information, unless otherwise permitted or described below.

If you authorize us to disclose your Protected Health Insurance, you are permitted to revoke that authorization at any time in writing. We will honor your revocation of authorization once processed, except to the extent that we may have taken action in reliance upon your original authorization.

Uses and Disclosures of Protected Health Information that do not require authorization
We are generally permitted to make disclosures of your Protected Health Information without your authorization for purposes of treatment, payment and health care operations. Below we provide examples of those purposes although not every use or disclosure falling in these categories is listed.

Please note that we may limit certain information we disclose in accordance with laws regarding the special nature of the information (e.g. HIV/AIDS, substance abuse, or genetic information). Also, as New York State permits minors of a certain age to seek particular treatment services without parental consent, information that would normally be provided to our customers may be impacted as Dart protects the privacy of that minors’ information in accordance with those state laws.

• Treatment activities. As a health care provider that provides laboratory testing for ordering physicians, Dart uses your PHI as part of our testing process and discloses your PHI to physicians and other authorized health care providers, such as a nursing home or hospital, who need access to your laboratory results to treat you. In addition to your treating physician, we may provide a specialist consulting physician, with information about your results to further validate the results before release to your physician. Occasionally, we may contact you to arrange for a redraw of your specimens.
• Payment activities. We will use your PHI in our billing department and disclose your PHI to insurance companies, hospitals, physicians, and health plans for payment purposes, or to third parties to assist us in creating bills, claim forms, or getting paid for our services. For example, we may send your name, date of service, test performed, diagnosis code, and other information to a health plan so that the plan will pay us for the services we provided. In some cases, we may have to contact you to obtain billing information or for other billing purposes. When required, we may use an outside collection agency to obtain payment.
• Health Care Operations activities. We may use or disclose your PHI in the course of activities necessary to support our health care operations, such as performing quality checks on our testing, for teaching purposes, or for developing normal reference ranges for tests that we perform.
• Treatment, Payment and Health Care Operations of Other Covered Entities. We may disclose your PHI for another covered entity’s treatment and payment purposes. For example, we may disclose your PHI to your health care provider for their ongoing treatment of you or we may disclose your PHI when it would facilitate payment for services between multiple health plans with respect to coordination of benefits. In addition, we are permitted to disclose PHI to other covered entities so that they can conduct certain of their health care operations or for purposes, such as fraud and abuse detection or compliance. We will only disclose PHI to other covered entities for these health care operations purposes if that covered entity has or has had a relationship with you.
• Additional reasons for disclosure. We may also use or disclose Protected Health Information to:
• A governmental agency or its agents as required by state or federal law;
• military authorities if you are or were previously a member of the armed forces;
• further public safety or, when requested by federal officials, for national security or intelligence activities or for the protection of public officials;
• Appropriate bodies for public health activities, including the reporting of child abuse or neglect, reporting adverse events, product defects, or for Food and Drug Administration reporting;
• A health oversight agency for activities such as audits, investigations, licensure or for disciplinary actions or civil, administrative or criminal proceedings. These disclosures are necessary for the government to oversee the health care system, government benefits programs for compliance with standards, and compliance with civil rights laws;
• Appropriate bodies in response to a subpoena or court order; or in response to litigation that directly involves us;
• the correctional institution or the law enforcement agency if you are an inmate or are in the custody of law enforcement; and
• Prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
• Organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
• Comply with laws relating to workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.
• A court or administrative tribunal in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
• A coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. The Plan may also release health information to funeral directors as necessary to carry out their duties.

You should understand that, except in the circumstances described above, we will not disclose your Protected Health Information without a written authorization from you. Except for disclosures of Protected Health Information made directly to you, for your treatment, or pursuant to your authorization, the federal rules that govern the privacy of PHI generally require us to use and disclose only the minimum PHI necessary to accomplish the purpose of the disclosure.

Legal Rights Related to Protected Health Information

• The federal privacy rule, entitles you to request restrictions on our uses and disclosures of Protected Health Information for treatment, payment or health care operations purposes described above. We will consider each request but are not required to agree to any restrictions.
• The federal privacy rule entitles you to request to receive confidential communications of Protected Health Information if disclosing this information by the usual means could endanger you. Dart will accommodate all reasonable requests, subject to the restrictions and capabilities of our information processing systems.
• The federal privacy rule entitles you to request to receive an accounting of certain disclosures of your PHI made by Dart, such as disclosure to health oversight agencies. These do not include disclosures made for purposes of treatment, payment or health care operations.
• You have a right to request, in writing, to inspect and obtain a copy of Protected Health Information that we maintain about you that is included in what is called a “designated record set.” Additionally, when requesting information, you must reasonably describe the information you seek in your written request; and the information must be reasonably locatable and retrievable by us. We may charge you a fee to cover the cost of providing copies of this requested Protected Health Information. Please note, however, both federal and state law in most circumstances prohibits our laboratory from disclosing laboratory test results directly to you subject to limited exception. If your request for PHI is for a laboratory test result and does not fit within such exceptions, we will refer you to the provider that requested that we perform the test in order to obtain a copy of your test results.
• You have the right to amend your Protected Health Information included in the designated record set. We may deny your request pursuant to those rules if we determine that our records are accurate and complete, if we determine that the information was not created by us, the information is not contained in our designated record set, or if access is otherwise restricted by law.

If you wish to exercise any of the legal rights described above, you must do so in writing. To obtain further information about these rights, or if you would like to make such a request, contact the Privacy Officer at 718-934-1918.

Keeping up-to-date with our Privacy Policy
We will provide you with notice of our privacy policy annually for as long as you maintain an ongoing customer relationship with us. Our policies may change as we periodically review and revise them, and as we complete our implementation of the federal rules on privacy of health information. For these enrollees, we will provide a new Notice if the changes are significant.

It may be necessary to use or disclose your Protected Health Information for the purposes described above even after our relationship with you has terminated. Thus, we do not necessarily destroy your Protected Health Information upon the termination of our relationship.

Complaints
You may file a complaint with Dart if you feel that your privacy rights have been violated. All complaints must be submitted in writing. To file a complaint, contact Dart’s Privacy Officer at 718-934-1918. You may also complain to the U.S. Secretary of Health and Human Services, who is responsible for overseeing compliance with federal privacy law. You will not be retaliated against for filing a complaint. If you would like to file a complain with the U.S. Department of Health and Human Services your complaint should be directed to: Michael Carter, Regional Manager, Office for Civil Rights, DHHS Region II, U.S. Department of Health and Human Services, Jacob Javits Federal Building, 26 Federal Plaza – Suite 3312, New York, NY 10278

If you have any questions or comments about this Notice, or to request a paper copy of it, you can call the Privacy Officer at 718-934-1918.