EFFECTIVE DATE: December 13, 2020
THIS NOTICE OF PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY USB HOME CARE LLC, AND ITS AUTHORIZED AGENTS (COLLECTIVELY, “USB”) AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Our commitment to protecting health information about you
USB is committed to protecting the privacy of your health information and to guaranteeing your rights under the Health Insurance Portability and Accountability Act (“HIPAA”).
In this Notice, we describe the ways that we may use and disclose health information about you that we collect about you, including when you [create an account, register a testing kit and receive related results], use our website located at usbiotek.com, secure.usbiotek.com, and other websites controlled by USB (collectively, our “Services”). HIPAA requires that we protect the privacy of health information that identifies you, or where there is a reasonable basis to believe the information can be used to identify you. This information is called Protected Health Information (“PHI”).
USB is NOT a healthcare provider or a “covered entity,” as defined under HIPAA, but is a technology platform that enables patients to purchase, register, and view laboratory tests through our Services. As such, USB is business associate, as defined under HIPAA (“Business Associate”), to these Providers and will collect, use, and disclosure PHI in accordance with the Notice of Privacy Practices used by these Providers (“Provider’s Notice”). USB shall ensure that you have access and receive these Notice of Privacy Practices in accordance with the terms of this Notice and any service agreement between you and USB.
This Notice describes your rights and our obligations regarding the use and disclosure of PHI. We are required by law to:
As permitted by the HIPAA Privacy Rule, we reserve the right to make changes to this Notice and to make such changes effective for all PHI we may already have about you. Similarly the Provider’s Notice may also be changed by the Provider. If and when this Notice or the Provider’s Notice is changed, we will post an updated copy on our Services or require the Provider to provide you notice of any change. We will also provide a copy of the revised Notice to you upon request. You may request a copy of the Notice using the contact information provided below, and will be asked to acknowledge and confirm that you received this Notice. Our services are not conditioned upon your acknowledgement of this Notice.
Uses and disclosures for treatment, payment and healthcare operations.
The following categories describe the different ways we may use and disclose PHI for treatment, payment or healthcare operations without your consent or authorization. The examples included in each category do not list every type of use or disclosure that may fall within that category. Please contact our Privacy Officer, using the contact information provided at the end of this Notice, for specific information relating to your state.
Treatment: We may use and disclose PHI about you for treatment purposes, including disclosure to our Providers and other health care professionals who provide you with services and/or are involved in the coordination of your care. For example, we may use and disclose PHI when you need a prescription, lab work, or other healthcare services to be provided by one of our partners. In addition, we may use and disclose PHI about you when referring you to a healthcare provider other than our Providers. For example, if you are referred to a physician not associated with our Providers, we may disclose PHI to your new physician regarding whether you are allergic to any medications. In emergencies, we may use and disclose PHI to allow our Providers to provide the treatment you need. We may also disclose PHI about you for the treatment activities of another healthcare provider. For example, we may send a report about you to a physician or other healthcare provider that we refer you to so that the other provider may treat you.
Payment: We may use and disclose PHI so that we can bill and collect payment for the treatment and services provided to you by our partners. Before your receipt of treatment or services via our Services, we may share details with your health plan concerning the services you are scheduled to receive. For example, we may ask for payment approval from your health plan before you are provided care or services via our Services. We may use and disclose PHI to find out if your health plan will cover the cost of care and services provided to you. We may use and disclose PHI to confirm you are receiving the appropriate amount of care to obtain payment for services. We may use and disclose PHI for billing, claims management and collection activities. We may disclose PHI to insurance companies providing you with additional coverage. We may disclose limited PHI to consumer reporting agencies relating to collection of payments owed to us. We may also disclose PHI to another healthcare provider or to a company or health plan required to comply with HIPAA for the payment activities of that healthcare provider, company or health plan. For example, we may allow a health insurance company to review PHI for the insurance company’s activities to determine the insurance benefits to be paid for your care.
Healthcare Operations: We may use and disclose PHI in performing business activities that are called healthcare operations. Healthcare operations include doing things that allow us to improve the quality of care provided to you by our partners and to reduce healthcare costs. We may use and disclose PHI about you in the following healthcare operations:
If a Provider or another healthcare provider, company or health plan that is required to comply with HIPAA has or once had a relationship with you, we may disclose PHI about you for certain healthcare operations of that Provider, other healthcare provider, or company. For example, such healthcare operations may include: reviewing and improving the quality, efficiency and cost of care provided to you by our Providers; reviewing and evaluating the skills, qualifications and performance of healthcare providers; providing training programs for students, trainees, healthcare providers or non-healthcare professionals; cooperating with outside organizations that evaluate, certify or license healthcare providers or staff in a particular field or specialty; and assisting with legal compliance activities of that healthcare provider or company.
Communication from Our Office: We may contact you to remind you of appointments, suggestions about follow up care, and to provide you with information about treatment alternatives or other health- related benefits and services that may be of interest to you. If appropriate, we may make these communications via email. However, as noted below, you have the right under HIPAA to request that communications regarding PHI be delivered in another manner or at another location.
Other uses and disclosures of your medical information we can make without your written authorization for which you have the opportunity to agree or object.
Individuals Involved in Your Care or Payment for Your Care: We may use and disclose PHI about you in some situations where you have the opportunity to agree or object to certain uses and disclosures of PHI about you. If you do not object, we may make these types of uses and disclosures of PHI.
Appointment Reminders: We may use and disclose medical information in order to provide you with a reminder that you have an appointment for testing or consultation.
Treatment Alternatives: We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
Health Related Benefits and Services: We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.
Other uses and disclosures we can make without your written authorization or opportunity to agree or object
We may use and disclose PHI about you in the following circumstances without your authorization or opportunity to agree or object, provided that we comply with certain conditions that may apply.
Business Associates: We may disclose PHI to our business associates to perform certain business functions or provide certain business services to us. For example, we may use a physician practice management company to provide billing, management, scheduling and compliance services on our behalf. All of our business associates are required to maintain the privacy and confidentiality of your PHI. Additionally, at the request of your healthcare providers or health insurance plan, we may disclose PHI to their business associates performing certain healthcare or business functions on their behalf. For example, we may disclose PHI to a health plan’s business associate for purposes of quality assurance and medical necessity reviews.
Required by Law: We may use and disclose PHI as required by federal, state or local law to the extent that the use or disclosure complies with the law and is limited to the requirements of the law.
Public Health Activities: We may use and disclose PHI to public health authorities or other authorized persons to carry out certain activities related to public health, including the following activities:
Abuse, Neglect or Domestic Violence: We may disclose PHI in certain cases to proper government authorities if we reasonably believe that a patient has been a victim of domestic violence, abuse or neglect.
Military and Veterans: If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
National Security, Intelligence Activities, and Protective Services for the President and Others: We may release PHI about you to federal officials for intelligence, counterintelligence, protection to the President, and other national security activities authorized by law.
Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of other individuals.
Health Oversight Activities: We may disclose PHI to a health oversight agency for oversight activities including, for example, audits, investigations, inspections, licensure and disciplinary activities and other activities conducted by health oversight agencies to monitor the healthcare system, government healthcare programs and compliance with certain laws.
Lawsuits and Other Legal Proceedings: We may use or disclose PHI when required by a court or administrative tribunal order. We may also disclose PHI in response to subpoenas, discovery requests or other required legal process when efforts have been made to advise you of the request or to obtain an order protecting the information requested.
Law Enforcement: Under certain conditions, we may disclose PHI to law enforcement officials for these purposes where the disclosure is:
To Avert a Serious Threat to Health or Safety: We may use and disclose PHI about you in limited circumstances when necessary to prevent a threat to the health or safety of a person or to the public. This disclosure can only be made to a person who is able to help prevent the threat.
Workers’ Compensation: We may disclose PHI as authorized by workers’ compensation laws or other similar programs that provide benefits for work-related injuries or illness.
Disclosures Required by HIPAA Privacy Rule: We are required to disclose PHI to the Secretary of the United States Department of Health and Human Services when requested by the Secretary to review our compliance with HIPAA. We are also required in certain cases to disclose PHI to you upon your request to access PHI or for an accounting of certain disclosures of PHI about you (these requests are described in the “Right to Receive Accounting Disclosure” section of this Notice).
Incidental Disclosures: We may use or disclose PHI incident to a use or disclosure permitted by HIPAA so long as we have reasonably safeguarded against such incidental uses and disclosures and have limited them to the minimum necessary information.
Limited Data Set Disclosures: We may use or disclose a limited data set (PHI that has certain identifying information removed) for the purposes of research, public health or healthcare operations. A limited data set does not contain any information that can directly identify you, and may include, for example, your city and zip code, but not your name or street address. This information may only be disclosed for research, public health and healthcare operations purposes. The person receiving the information must sign an agreement to protect the information.
Other uses and disclosures of protected health information require your authorization
We will not use or disclose your health information for any purpose other than those identified in the previous sections without your specific, written authorization (“Authorization”). If you give us Authorization to use or disclose health information about you, you may revoke that Authorization, in writing, at any time. If you revoke your Authorization, we will no longer use or disclose information about you for the reasons covered by your written Authorization, but we cannot take back any uses or disclosures already made with your permission.
Most uses and disclosures for marketing purposes, including subsidized treatment communications, fall within this category and require your written authorization before we may use your medical information for these purposes. Additionally, with certain limited exceptions, we are not allowed to sell or receive anything of value in exchange for your medical information without your written authorization.
Your rights regarding protected health information about you
Under federal law, you have these rights regarding PHI about you:
Right to Request Restrictions: You have the right to request additional restrictions on the PHI that we may use or disclose for treatment, payment and healthcare operations. You may also request additional restrictions on our disclosure of PHI to certain individuals involved in your care that otherwise are permitted by the Privacy Rule. We are not required to agree to your request unless you are asking us to restrict the use and disclosure of your PHI to a health plan for payment or healthcare operation purposes and such information you wish to restrict pertains solely to a healthcare item or service for which you have paid us “out-of-pocket” in full. If we do agree to your request, we are required to comply with our agreement except in certain cases, including where the information is needed to treat you in the case of an emergency. To request restrictions, you must make your request in writing to our Privacy Officer. In your request, please include (1) the information that you want to restrict; (2) how you want to restrict the information (for example, restricting use to this office, only restricting disclosure to persons outside this office, or restricting both); and (3) to whom you want those restrictions to apply.
Right to Receive Confidential Communications: When patients request services through our Services, we routinely obtain their consent to receive certain communications from us by email. However, you have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. For example, you may request that we contact you by regular mail rather than email. You must make your request in writing. You must specify how you would like to be contacted (for example, by regular mail to your post office box and not your home). We are required to accommodate only reasonable requests.
Right to Inspect and Copy: You have the right to request the opportunity to inspect and receive a copy of PHI about you in certain records that we maintain. This includes your medical and billing records but does not include psychotherapy notes or information gathered or prepared for a civil, criminal or administrative proceeding. We may deny your request to inspect and copy PHI only in limited circumstances. To inspect and copy PHI, please contact our Privacy Officer. If you request a copy of PHI about you, we may charge you a reasonable fee for the copying, postage, labor and supplies used in meeting your request.
Right to Amend: You have the right to request that we amend PHI about you as long as such information is kept by or for our office. To make this type of request, you must submit your request in writing to our Privacy Officer. You must also give us a reason for your request. We may deny your request in certain cases, including if it is not in writing or if you do not give us a reason for the request.
Right to Receive Notice of a Breach: You have the right to be notified if your unsecured PHI has been breached.
Right to Receive an Accounting of Disclosures: You have the right to request a list of certain disclosures that we have made of PHI about you. This is a list of disclosures made by us during a specified period of up to six years, other than disclosures made for treatment, payment and healthcare operations; for use in or related to a facility directory; to family members or friends involved in your care; to you directly; pursuant to an authorization of you or your personal representative; for certain notification purposes (including national security, intelligence, correctional and law enforcement purposes); as incidental disclosures that occur as a result of otherwise permitted disclosures; as part of a limited data set of information that does not directly identify you; six (6) years prior to the date of the request; and before April 14, 2003. To make a request, please contact our Privacy Officer using the contact information listed below. The first list that you request in a 12-month period will be free, but we may charge you for our reasonable costs of providing additional lists in the same 12-month period. We will tell you about these costs, and you may choose to cancel your request at any time before costs are incurred.
Right to a Paper Copy of this Notice: You have a right to receive a paper copy of this Notice at any time, even if you have previously agreed to receive this Notice electronically. To obtain a paper copy of this Notice, please contact our Privacy Officer using the contact information provided below.
Please contact us at email@example.com to make any of the requests described above.
If you believe your privacy rights have been violated, you may file a complaint with us or the Secretary of the United States Department of Health and Human Services. To file a complaint with our office, please contact our Privacy Officer at the address and number listed below. We will not retaliate or take action against you for filing a complaint about our privacy practices.
We take your privacy seriously. If you have questions, concerns, or feedback regarding the privacy of your personal and health information, you may contact our Privacy Officer at:
16020 Linden Ave N, Shoreline, WA 98133 USA
Last Updated: December 13, 2020