NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW CAREFULLY.
Boston Heart Diagnostics Corporation (“Boston Heart”) is committed to protecting the privacy of your identifiable health information. This information is known as “protected health information” or “PHI”. PHI includes laboratory test orders and test results as well as invoices for the healthcare services that we provide.
Our Responsibilities
Boston Heart is required by law to maintain the privacy of your PHI. We are also required to provide you with this Notice of our legal duties and privacy practices upon request. It describes our legal duties, privacy practices and your patient rights as determined by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. We are required to follow the terms of this Notice currently in effect. The HIPAA Privacy Standards require us to safeguard your protected health information regardless of the form in which we receive it (e.g., oral, written, or recorded in other media). We are required to notify affected individuals in the event of a breach involving unsecured protected health information. PHI is stored electronically and is subject to electronic disclosure.
How We May Use or Disclose Your Health Information
We use your PHI for treatment, payment or healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your health information will fall into one of the categories listed below.
We need your written authorization to use or disclose your health information for any purpose not covered by one of the categories below. Subject to compliance with limited exceptions, we will not use or disclose your PHI for marketing purposes or sell your PHI, unless you have signed an authorization. You may revoke any authorization you sign at any time. If you revoke your authorization, we will no longer use or disclose your health information for the reasons stated in your authorization except to the extent we have already taken action based on your authorization.
The law permits us to use and disclose your health information for the following purposes:
Treatment
Boston Heart provides laboratory testing for physicians and other healthcare professionals, and we use your information in our testing process. We disclose your health information to authorized healthcare professionals who order tests or need access to your test results for treatment purposes. Examples of other treatment related purposes include disclosure to a pathologist to help interpret your test results or use of your information to contact you to obtain another specimen, if necessary.
Lifestyle Program
We also disclose PHI about individuals who participate in our Lifestyle Program to our Boston Heart Lifestyle Coaches, so that they may provide counseling services to those individuals. Lifestyle Program participants may also provide PHI about themselves in the course of counseling or by completing voluntary online surveys about their diet and lifestyle. That information, as well as any PHI created by a Lifestyle Coach, such as progress notes, may be disclosed to the individual’s healthcare provider.
Payment
Boston Heart will use and disclose your PHI for purposes of billing and payment. For example, we may disclose your PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to obtain payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.
Healthcare Operations
Boston Heart may use and disclose your PHI for activities necessary to support our healthcare operations, such as performing quality checks on our testing, internal audits, arranging for legal services or developing reference ranges for our tests.
Business Associates
We may provide your PHI to other companies or individuals that need the information to provide services to us. These other entities, known as “business associates,” are required to maintain the privacy and security of PHI. For example, we may provide information to companies that assist us with billing for our services. We may also use an outside collection agency to obtain payment when necessary.
As Required by Law
We may use and disclose your PHI as required by law.
Law Enforcement Activities and Legal Proceedings
We may disclose your PHI as required to comply with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process in the course of a judicial or administrative proceeding, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information. The HIPAA Privacy Standards specify certain other circumstances where we may legally use or disclose your protected health information without your authorization; such situations include, but are not limited to, public health and safety or law enforcement purposes. Boston Heart has policies in place that are intended to ensure, to the extent possible, that PHI is not intentionally or unintentionally used or disclosed in a manner that would violate the HIPAA Privacy Standards or any other federal or state regulation governing confidentiality and privacy of health information.
Research
We may disclose PHI for research purposes when an Institutional Review Board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of your PHI and determined that the researcher does not need to obtain your authorization prior to using your PHI for research purposes. We may also disclose information about decedents to researchers under certain circumstances.
Other Uses and Disclosures
As permitted by HIPAA, we may disclose your PHI to:
• Public Health Authorities
• The Food and Drug Administration
• Health Oversight Agencies
• Military Command Authorities
• National Security and Intelligence Organizations
• Correctional Institutions
• Organ and Tissue Donation Organizations
• Coroners, Medical Examiners and Funeral Directors
• Workers Compensation Agents
We may also disclose relevant PHI to a family member, friend, or anyone else you designate in order for the person to be involved in your care or payment related to your care or if, in our professional judgment, the disclosure is in your best interest, but you are not present, or you cannot agree or object because you are incapacitated or there is an emergency. We may disclose PHI to those assisting in disaster relief efforts, so that others can be notified about your condition, status and location. We may also use or disclose the health information of an individual who has been deceased for more than 50 years.
Note Regarding State Law
For all the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.
Your Patient Rights
Receive Test Information
You have the right to access your PHI that we have created. You may receive your test results online by visiting our website at yourheartmatters.com. If you are unable to access your results online, you may also call the Boston Heart Customer Care Team at (877) 425-1252. If your request for test information is denied, you may request that the denial be reviewed.
Amend Health Information
You may request amendments to your PHI by making a written request. However, we may deny the request in some cases (such as if we determine the PHI is accurate). If we deny your request to change your PHI, we will provide you with a written explanation of the reason for denial and additional information regarding further actions that you may take.
Accounting of Disclosures
You have the right to receive a list of certain disclosures of your PHI made by Boston Heart in the past six years from the date of your written request. Under the law, this does not include disclosures made for purposes of treatment, payment or healthcare operations or certain other purposes.
Request Restrictions
You may request that we agree to the restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except for requests that limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket and in full and when the uses or disclosures are not required by law.
Request Confidential Communications
You have the right to request that we send your health information by alternative means or to an alternative address and we will accommodate reasonable requests.
Copy of this Notice
You have the right to obtain a paper copy of this Notice upon request.
How to Exercise Your Rights
You may write or send an email to us with your specific request. Boston Heart will consider your request and provide you a response.
Right to Receive Notice of a Privacy or Security Breach
In the event that we discover that the privacy or security of your PHI has been, or is reasonably believed to have been, compromised, we will notify you promptly, and in no case later than 60 days after our discovery of the breach, unless we are required by a law enforcement agency to delay giving you notice. We will send you the notice by first-class mail to your last known address and/or by email, if you have agreed to receive notices from us by email. If we do not have enough information about you to send an individual notice, we will provide substitute notice, as permitted by federal regulation.
Complaints/Questions
If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. Boston Heart will not retaliate against any individual for filing a complaint.
To file a complaint with us, or should you have any questions about this Notice, send an email to us at compliance@bostonheart.eurofinsus.com, or write to us at the following address:
Boston Heart Diagnostics
Attn: Privacy Officer
200 Crossing Boulevard, Suite 100
Framingham, MA 01702
You may also contact the Privacy Officer at (256) 836-7366.
Note
We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.