Notice of Privacy Practices

GOLDFINCH LABORATORY

HIPAA NOTICE OF PRIVACY PRACTICES

Effective 2/1/2023

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

“Protected Health Information” is information that identifies you individually, including demographic information, that relates to your past, present or future physical or mental health condition and related health care services. We are required by law to protect the privacy and security of your protected health information (PHI), to provide you with notice regarding our legal duties and privacy practices, and to notify you in the event of a breach of your unsecured protected health information.

USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION

Authorization and Consent: Except as stated below, we will not use or disclose your protected health information for any purpose other than treatment, payment or health care operations unless you have signed a form authorizing such use or disclosure. You have the right to revoke such authorization in writing; however, such revocation shall not be effective to the extent that we have taken any action in reliance on the authorization.

Uses and Disclosures for Treatment: We will make uses and disclosures of your protected health information as necessary for your medical treatment and/or services in order to manage and coordinate your medical care, sharing it with other professionals who are treating you.

Uses and Disclosures for Payment: We will make uses and disclosures of your protected health information as necessary for payment of your health care services. We may forward information regarding your medical procedures to your insurance company to arrange payment for the services provided to you. We may also use your information to prepare a bill to send to you or to the person responsible for your payment.

Uses and Disclosures for Healthcare Operations: We will make uses and disclosures of your protected health information as necessary, and as permitted by law, for our healthcare operations, which may include quality assessment, professional peer review, business management, accreditation and licensing, etc.

Individuals Involved In Your Care: Unless you object, we may disclose your protected health information to designated family, friends and others who are involved in your care or in payment of your care which you have identified. If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited protected health information with such individuals without your approval.

Business Associates: We may disclose your PHI to our business associates who provide us with services necessary to operate and function as a medical practice. We will only provide the minimum necessary for the associate(s) to perform their functions as it relates to our business operations. All our business associates are obligated legally to comply with the same HIPAA privacy and security rules in which we are obligated. Additionally, all of our business associates are under contract with us and committed to protect the privacy and security of your Protected Health Information.

Research: In limited circumstances, we may use and disclose your protected health information for research purposes when the research has been approved by an Institutional Review or Privacy Board and in compliance with laws governing research, limiting their use and disclosure of your information.

Fundraising: We may use your information to contact you for fundraising purposes. You have the right to object or opt out of these types of communications.

Other Uses and Disclosures: We are permitted and/or required by law to make certain other uses and disclosures of your protected health information without your consent or authorization for the following:

  • Any purpose required by law. We will use or disclose you Protected Health Information when required to do so by local, state, federal and international law.

  • Public health activities such as required reporting of immunizations, disease, injury, birth and death, or in connection with public health investigations.

  • To the Food and Drug Administration to report adverse events, product defects, or to participate in product recalls.

  • To your employer when we have provided health care to you at the request of youremployer.

  • To a government oversight agency conducting audits, investigations, civil or criminal proceedings.

  • Court or administrative ordered subpoena or discovery request.

  • To law enforcement officials as required by law if we believe you have been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law. In addition, your information may also be disclosed when necessary to prevent a serious threat to your health or safety.

  • To coroners and/or funeral directors consistent with law.

  • If necessary to arrange an organ or tissue donation from you or a transplant for you.

  • If you are a member of the military, we may also release your Protected Health Information for national security or intelligence activities.

  • To workers' compensation agencies for workers' compensation benefit determination.

DISCLOSURES REQUIRING AUTHORIZATION

Psychotherapy Notes: We must obtain your specific written authorization prior to disclosing any psychotherapy notes unless otherwise permitted by law. However, there are certain purposes for which we may disclose psychotherapy notes, without obtaining your written authorization, including the following: (1) to carry out certain treatment, payment or healthcare operations (e.g., use for the purposes of your treatment, for our own training, and to defend ourselves in a legal or other proceeding brought by you), (2) to the Secretary of the Department of Health and Human Services to determine our compliance with the law, (3) as required by law, (4) for health oversight

activities authorized by law, (5) to medical examiners or coroners as permitted by state law, or (6) for the purposes of preventing or lessening a serious or imminent threat to the health or safety of a person or the public.

Genetic Information: We must obtain your specific written authorization prior to using or disclosing your genetic information for treatment, payment or health care operations purposes. We may use or disclose your genetic information, or the genetic information of your child, without your written authorization only where it would be permitted by law.

Marketing Purposes and Sale of Your Protected Health Information: We must obtain your authorization for any use or disclosure for marketing and prior to receiving direct or indirect remuneration in exchange for your health information.

RIGHTS THAT YOU HAVE REGARDING YOUR PROTECTED HEALTH INFORMATION

Access to Your Protected Health Information: You have the right to copy and/or inspect much of the protected health information that we retain on your behalf. For protected health information that we maintain in any electronic designated record set, you may request a copy of such health information in a reasonable electronic format, if readily producible. Requests for access must be made in writing and signed by you or your legal representative. You may obtain a "Patient Access to Health Information Form" from our Office Manager. You may be charged a fee for associated costs.

Amendments to Your Protected Health Information: At any time if you believe the Protected Health Information we have on file for you is inaccurate or incomplete, you may request that we amend the information. Your request for amendment must be submitted in writing, signed by you or legal representative, and must state the reasons for the amendment/correction request. We are not obligated to make requested amendments, but we will give each request careful consideration. You may request an "Amendment Request Form" from our Office Manager.

Accounting for Disclosures of Your Protected Health Information: You have the right to receive an accounting of certain disclosures made by us of your protected health information. Requests must be made in writing and signed by you or your legal representative. You may request an "Accounting Request Form" from our Office Manager.

Restrictions on Use and Disclosure of Your Protected Health Information: You have the right to request restrictions and/or limit the information we disclose to others, such as family members, friends, and individuals involved in your care or payment for your care. You also have the right to limit or restrict the information we use or disclose for treatment, payment and/or health care operations. Your request must be submitted in writing and include the specific restriction requested, whom you want the restriction to apply, and why you would like to impose the restriction. We are not required to agree to the restriction requests, but will attempt to accommodate reasonable requests when appropriate. You do, however, have the right to restrict disclosure of your protected health information to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the protected health information pertains solely to a health care item or service for which you, or someone other than the health plan on your behalf, has paid Goldfinch Laboratory in full. You also have the right to withdraw any restriction by communicating your desire to do so in writing to the Office Manager at Goldfinch Laboratory.

Right to Notice of Breach: We take very seriously the confidentiality of our patients’ information, and we are required by law to protect the privacy and security of your protected health information through appropriate safeguards. We will notify you in the event a breach occurs involving or potentially involving your unsecured health information and inform you of what steps you may need to take to protect yourself.

Paper Copy of this Notice: You have a right, even if you have agreed to receive notices electronically, to obtain a paper copy of this Notice. To do so, please submit a request to the Office Manager at Goldfinch Laboratory.

CHANGES TO THIS NOTICE

We are required to abide by the terms of this notice for as long as it remains in effect. We reserve the right to change the terms of this notice as necessary and to make a new Notice of Privacy Practices effective for all protected health information maintained by Goldfinch Laboratory. The new notice will be available upon request, in our office, and on our website.

COMPLAINTS

If at any time you believe your privacy rights have been violated and you would like to register a complaint, you may do so with us or with the United States Department of Health and Human Services. We will not retaliate against you for filing a complaint. If you wish to file a complaint with us, please submit it in writing to our Compliance/Privacy Officer at the address below:

Jared Abbott, MD
Compliance Officer
Goldfinch Laboratory
4637 121st Street
Urbandale, IA 50323

If you wish to file a complaint with the Secretary of the United States Department of Health and Human Resources, please go to the website of the Office for Civil Rights (www.hhs.gov/ocr/hipaa/), call toll free 877-696-6775, or mail to:

Secretary of the US Department of Health and Human Services
200 Independence Ave S.W.
Washington, D.C. 20201