THIS NOTICE DESCRIBES HOW PERSONAL HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Millennium provides clinical laboratory diagnostic testing services. In providing these testing services, Millennium receives, creates and discloses personal health information. This information is private and confidential. Millennium has policies and procedures in place to protect the information against unlawful use and disclosure. This notice describes information we collect, how we use that information, and when and to whom we may disclose it.
II. Protected Health Information and Our Obligations
Protected health information or “PHI” (also called “personal health information”), is current, past or future information created or received by Millennium from physicians, patients, health plans or other sources. It is personal or medical information that relates to the physical condition of a patient, the provision of health care to that patient, or payment for the provision of health care to that patient. The term PHI does not generally include publicly available information, or information available or reported in a summarized or grouped manner.
Certain laws require Millennium to maintain the privacy of PHI and to make available this notice of our legal duties and privacy practices with respect to PHI. When we use or disclose PHI, we are required to abide by the terms of this notice (or other notice in effect at the time of the use or disclosure).
III. Information Collected and Created by Millennium
Millennium collects information that is minimally necessary to provide testing services and to obtain payment for these services. This may include patient name, address, telephone number, social security number, date of birth, medical history, diagnosis, treatment, provider identification and treatment information, financial responsibility and payment information.
Millennium creates, through its testing services, information to be used by a physician in his/her clinical decision making regarding treatment of the patient.
IV. Protection of PHI
Access to PHI is restricted to only those employees of Millennium who need it in order to provide services to clients and patients. We maintain physical, technical and procedural safeguards to protect PHI against unauthorized use and disclosure. We have a Privacy Officer who is responsible for developing policies and procedures designed to safeguard PHI against inappropriate use and disclosure consistent with the applicable law. The Privacy Officer oversees the implementation and enforcement of such policies and procedures. We also educate and train Millennium personnel about privacy laws and compliance.
V. Standard Uses and Disclosures of PHI
In the course of providing laboratory services, Millennium uses PHI internally and discloses it to health care providers (doctors requesting services, laboratory personnel involved in ordering services and other caregivers), insurers, third party administrators, plan sponsors and other payors (employers, health care provider organizations and others who may be responsible for paying for or administering your health benefits); vendors, consultants, government authorities; and their respective agents. All of these individuals are also required by law to keep PHI confidential. Some examples of what we do with the information we collect and the reasons it might be disclosed to third parties are described below.
We may use or disclose PHI with or without your consent to provide health care services. Examples of these uses and disclosures include:
- Treatment – the fulfillment of requests by physicians to perform laboratory testing services is considered the provision of treatment
- Payment – Millennium uses and discloses PHI to obtain reimbursement for testing services. Examples of these payment activities include: billing, collections activities, determination of eligibility and obtaining authorization for services. We may use or disclose PHI in connection with payment activities with or without your consent.
- Health care operations – Millennium uses and discloses PHI for our health care operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the services we provide.
Other Activities Permitted or Required by Law
We may use or disclose PHI for other important activities permitted or required by law, with or without your authorization. These include:
- Required by Law – We may use or disclose PHI to the extent such use or disclosure is required by law and it complies with and is limited to the requirements of that law. We use and disclose PHI for certain law enforcement purposes and in response to official subpoenas, court orders, discovery requests and other legal process. In addition, we use and disclose PHI in connection with health oversight activities (e.g., government audits of our compliance with certain laws and regulations; oversight of government-funded health benefits programs) and for certain public health and safety concerns.
- Research – We use and disclose PHI in connection with research performed by Millennium and by researchers outside of Millennium. This research generally is subject to the oversight of an Institutional Review Board. In most cases, while PHI may be used to help prepare a research project or to contact you to ask whether you want to participate in a study, it will not be further disclosed for research without your authorization. Sometimes, however, where permitted under federal law and institutional policy, and approved by an Institutional Review Board or a privacy board, PHI may be used or disclosed. In addition, PHI may be used or disclosed to compile “de-identified data sets” that do not include your name, address, social security number or other direct identifiers. These data sets may, in turn, be used for research purposes.
- Family and Friends – Under certain circumstances, we may disclose PHI to family members, other relatives, or close personal friends or others that you identify and authorize to receive your PHI, to the extent it is directly relevant to their involvement with your care or payment related to your care.
Our use and disclosure of PHI must comply not only with federal privacy regulations but also with applicable California law.
VI. Requesting Other Disclosures
It is possible to request that we disclose PHI to people in ways not described above. To authorize us to disclose your personal health information to a person or organization or for reasons other than those described in the section above, see the contact information at the bottom of this page. If you make a special authorization and later change your mind about this, you may send a letter to us to let us know that you would like to revoke the special authorization. In any communication with us, please provide your name, address, patient identification number or Social Security number, and a telephone number where we can reach you in case we need to contact you about your request.
VII. Your Rights with Respect to PHI
- You have a right to ask us in writing to restrict use or disclosure of your PHI related to your treatment, related to your payment or related to routine health care operations. In addition, you may request PHI disclosure restrictions to family members, other relatives or close friends involved in your care. We are not required to agree to such a restriction, but if we do agree, we will honor our agreement except in case of an emergency. Any restriction we agree to is not effective to prevent uses or disclosures of PHI required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with federal privacy regulations adopted under the Health Insurance Portability and Accountability Act of 1996 or for certain activities permitted or required by law (see Section V above).
- You may request, in writing, to receive confidential communications containing your PHI from us in ways or at locations that are outside our usual process. We will make every effort to accommodate reasonable requests.
- You have a right to review and obtain a copy of existing PHI contained in medical and billing records about you maintained by Millennium. You must make your request in writing and this right is limited to existing records that are maintained, collected, used or disseminated by Millennium. This right does not apply to results of clinical testing (which must be provided to you by your doctor, not Millennium, pursuant to applicable federal law); information that is specifically excluded by law; or to information we compile in reasonable anticipation of, or for use in, civil, criminal or administrative actions or proceedings; or to such other information that may be prohibited to be disclosed by law. We may charge a fee for any copies you request.
- You have a right to request that we amend the records described above for as long as we maintain them. You must make the request in writing and give us a reason for the amendment. We may deny your request if: (i) we determine that we did not create the record, unless the originator of the PHI is no longer available to act on the requested amendment; or (ii) if we believe that the existing records are accurate and complete. Note that an amendment may take several forms; for example we may add an explanatory statement to a record rather than changing it.
- You have a right to receive an accounting of disclosures made by Millennium to any third party in the six years prior to the date on which the accounting is requested. This right does not apply to certain disclosures, including, but not limited to, disclosures made for the purposes of treatment, payment or health care operations; disclosures made to you or to others involved in your care; disclosures made with your authorization; disclosures made for national security or intelligence purposes or to correctional institutions or law enforcement purposes; or disclosures made prior to April 14, 2003. You must make any request for an accounting in writing and we may charge a fee to fill more than one request in any given year.
VIII. Distribution and Updates of This Notice
This notice is published on the Millennium web site at www.millenniumlabs.com\PrivacyNotice and is made available in printed form upon request.
IX. Effective Date and Duration of This Notice
We may change the terms of this notice at any time. If we change this notice, we may make the new notice terms effective for all PHI that we maintain, including any information created or received prior to issuing the new notice. If we change this notice, we will post the new notice on our Internet site at www.millenniumlabs.com.
X. Communication with Millennium
As a convenience, Millennium may make available email addresses by which you can communicate with us regarding billing issues. Please be advised that email is not a secure means of communication, therefore Millennium cannot guarantee the security of any information that you send to us prior to our receipt of it. This fact may also restrict our use of email in communicating any response to you – we will make every attempt to use alternate means of communicating anything that may be considered sensitive information.
XI. Copy of Notice, Questions or Complaints
If you would like a paper copy of this notice, have questions about it, or believe its terms or any Millennium privacy or confidentiality policy has been violated with respect to information about you, please let us know immediately by contacting us toll-free at 1-877-451-3534 and request the Compliance/Privacy Office. Please include your name, address, and a telephone number where we can contact you, and a brief description of the complaint. If you prefer, you may lodge an anonymous complaint.
Millennium Laboratories Inc.
16981 Via Tazon
San Diego, CA 92127
Or call our Ethics Hotline at 1-866-677-3847
You also may contact the Secretary of the Department of Health and Human Services at:The U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free: 1-877-696-6775
Please provide as much information as possible so that the complaint can be properly investigated. Millennium will not retaliate against a person who files a complaint with us or with the Secretary of the Department of Health and Human Services.