THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Millennium provides clinical laboratory diagnostic testing services. In providing these testing services, Millennium receives, creates and discloses personal health information. This information is private and confidential. Millennium has policies and procedures in place to protect the information against unlawful use and disclosure. This notice describes information we collect, how we use that information, and when and to whom we may disclose it.
II. Protected Health Information and Our Obligations
Protected health information or “PHI” (also called “personal health information”), is current, past or future information created or received by Millennium from physicians, patients, health plans or other sources. It is personal or medical information that relates to the physical condition of a patient, the provision of health care to that patient, or payment for the provision of health care to that patient. The term PHI does not generally include publicly available information, or information available or reported in a summarized or grouped manner.
Certain laws require Millennium to maintain the privacy of PHI and to make available this notice of our legal duties and privacy practices with respect to PHI. When we use or disclose PHI, we are required to abide by the terms of this notice (or other notice in effect at the time of the use or disclosure). We are required by law to let you know if a breach occurs that may have compromised the privacy or security of your information.
III. Standard Uses and Disclosures of PHI
In the course of providing laboratory services, Millennium typically uses or shares your health information in the following ways:
We may use or disclose PHI to provide health care services. Examples of these uses and disclosures include:
- Treatment – Millennium uses and discloses PHI to provide you with treatment and coordinate with other professionals involved in your treatment. For example, the fulfillment of requests by physicians to perform laboratory testing services is considered the provision of treatment.
- Payment – Millennium uses and discloses PHI to obtain reimbursement for testing services. Examples of these payment activities include billing, collections activities, determination of eligibility and obtaining authorization for services.
- Health care operations – Millennium uses and discloses PHI for our health care operations, For example, these include internal administration and planning and various activities that improve the quality and cost effectiveness of the services we provide.
Other Activities Permitted or Required by Law
We may use or disclose PHI for other important activities permitted or required by law. These include:
- To You or Your Personal Representative – We may disclose PHI to you or someone who has the legal right to act for you (i.e. your personal representative) in order to administer your rights as described in this notice.
- Secretary of the U.S. Department of Health and Human Services – We are required to disclose PHI to the Secretary of the U.S. Department of Health and Human Services or an employee of the Department, if necessary, to ensure that we are complying with federal privacy law and to make sure the privacy of your PHI is protected.
- Required by Law and Law Enforcement – We may use or disclose PHI to the extent such use or disclosure is required by law and it complies with and is limited to the requirements of that law.
- Research – We use and disclose PHI in connection with research performed by Millennium and by researchers outside of Millennium. This research generally is subject to the oversight of an Institutional Review Board. In most cases, while PHI may be used to help prepare a research project or to contact you to ask whether you want to participate in a study, it will not be further disclosed for research without your authorization. Sometimes, however, where permitted under federal law and institutional policy, and approved by an Institutional Review Board or a privacy board, PHI may be used or disclosed. In addition, PHI may be used or disclosed to compile “de-identified data sets” that do not include your name, address, social security number or other direct identifiers. These data sets may, in turn, be used for research purposes.
- Family and Friends – Under certain circumstances, we may disclose PHI to family members, other relatives, or close personal friends or others, to the extent it is directly relevant to their involvement with your care or payment related to your care. We will do so only if you have agreed to their receipt of such information, failed to object when given the opportunity, or in limited circumstances when you are incapacitated or in an emergency. We may also notify such individuals about your location or general condition or disclose such information to an entity assisting in a disaster relief effort.
- Public Health Activities – We may disclose PHI for public heath activities to public health authorities or other appropriate government authorities authorized by law to receive such information. These activities include preventing or controlling disease, injury or disability, reporting births and deaths, reporting child abuse or neglect, or reporting reactions to medication problems with medical products.
- Health Oversight — We may use and disclose PHI in connection with health oversight activities such as government audits of our compliance with certain laws and regulations; and oversight of government-funded health benefits programs)
- Health or Safety – We may disclose PHI when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person.
- Abuse, Neglect, Domestic Violence – We may disclose PHI to government authorities that are authorized to receive such information for purposes of reporting abuse, neglect or domestic violence.
- Business Associates – We may disclose PHI to our vendors (known as business associates) as part of a contracted agreement to perform services for Millennium. Our business associates are required, under contract with us and by law, to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract or as permitted by federal law.
- Lawsuits and Disputes – We may disclose PHI in response to a subpoena, administrative order, discovery request, or other lawful due process.
- Workers’ Compensation – We may use or disclose PHI to the extent authorized by, and to the extent necessary, to comply with Workers’ Compensation laws and other similar programs.
- Coroners, Medical Examiners, Funeral Directors – We may disclose PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or to determine the cause of death. We may also release your health information to a funeral director, as necessary, to carry out his/her duty.
- Correctional Institutions – If you are an inmate of a correctional institution or under custody of a law enforcement official, we may disclose PHI to the correctional institution or law enforcement official if necessary for certain limited purposes.
- Military and Veterans – If you are or become a member of the U.S. armed forces, we may disclose PHI about you as deemed necessary by military command authorities.
- Organ Donation – We may disclose PHI to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank to facilitate organ or tissue donation and transplantation.
- Other Government, Military, Intelligence Functions – We may disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law and to enable them to provide protection to the members of the U.S. government or foreign heads of state, or to conduct special investigations.
We will not make any of the following uses or disclosures of PHI without first obtaining your written permission except as permitted by law: (1) marketing communications, (2) disclosures of health information in exchange for payment or other benefit (i.e., sale of PHI), or (3) disclosure of psychotherapy notes, with limited exceptions. If you authorize us to use or disclose your PHI, you may revoke (take back) the authorization in writing at any time, and we will no longer use or disclose your PHI for the reasons covered by your written authorization. However, we cannot reverse any uses or disclosures already made in reliance on your prior authorization.
IV. Your Rights with Respect to PHI
- You have a right to ask us in writing to restrict use or disclosure of your PHI related to your treatment, payment, or routine health care operations. In addition, you may request PHI disclosure restrictions to family members, other relatives, or close friends involved in your care. We are generally not required to agree to such a restriction, but if we do agree, we will honor our agreement except in case of an emergency. You also have a right to request that we not disclose PHI to your health plan for items or services for which you (or someone on your behalf) paid in full out-of-pocket. We must agree to such a restriction. Any restriction we agree to will not limit our ability to share that information when the law requires us to do so.
- You may request, in writing, to receive confidential communications containing your PHI from us in ways or at locations (for example, by mail or at work) that are outside our usual process. You need not provide a reason for your request, and we will accommodate reasonable requests
- You have a right to review and obtain a copy of certain of your PHI contained in medical and billing records about you maintained by Millennium. This applies to both paper and electronic PHI. If we maintain your PHI electronically, you have a right to obtain a copy of that information in electronic format. In some cases, we may provide you with a summary of your PHI. You must make your request in writing and this right is limited to existing records that are maintained, collected, used or disseminated by Millennium. This right does not apply to results of clinical testing (which must be provided to you by your doctor, not Millennium, pursuant to applicable federal law); information that is specifically excluded by law; or to information we compile in reasonable anticipation of, or for use in, civil, criminal or administrative actions or proceedings; or to such other information that may be prohibited to be disclosed by law. You may also ask that we provide your PHI to another person in a written, signed request that specifies who the person is and where you would like us to send the PHI. We may charge a reasonable cost-based fee for any copies you request. We may also deny your request in limited circumstances.
- You have a right to request that we amend the records described above for as long as we maintain them. You must make the request in writing and give us a reason for the amendment. We may deny your request if the record: (i) was not created by us, unless the originator of the PHI is no longer available to act on the requested amendment; (ii) is accurate and complete; (iii) is not part of the information kept by or for us; or (iv) is not part of the information which you would be permitted to review or obtain a copy. Note that an amendment may take several forms. For example we may add an explanatory statement to a record rather than changing it.
- You have a right to receive an accounting of disclosures made by Millennium to any third party in the six years prior to the date on which the accounting is requested. This right does not apply to certain disclosures, including, but not limited to, disclosures made for the purposes of treatment, payment or health care operations; disclosures made to you or to others involved in your care; disclosures made with your authorization; disclosures made for national security or intelligence purposes or to correctional institutions or law enforcement purposes. You must make any request for an accounting in writing and we may charge a reasonable, cost-based fee to fill more than one request in any given year.
- You have a right to receive a paper copy of this notice at any time, even if you have agreed to receive the notice electronically
If you would like to request a restriction on a use or disclosure of your PHI, receive confidential communications, obtain a copy of certain of your PHI, amend your PHI, or receive an accounting of disclosures of your PHI, please send a written request to the Compliance/Privacy Officer contact listed at the end of this notice (see Section XII below).
V. Other Applicable Laws
Where state law more stringently restricts the uses and disclosures of PHI described in this notice, we will follow the more protective state law. Below is a list of the categories of PHI that are at times subject to more restrictive laws:
- Alcohol and Drug Abuse
- Mental Health
- Reproductive Health
- Genetic information
Please contact our Privacy Officer, using the contact information provided at the end of this notice, for specific information regarding your state
VI. Distribution and Updates of This Notice
This notice is published on the Millennium web site at www.millenniumlabs.com\privacy-notice and is made available in printed form upon request.
VII. Effective Date and Duration of This Notice
We may change the terms of this notice at any time. If we change this notice, we may make the new notice terms effective for all PHI that we maintain, including any information created or received prior to issuing the new notice. If we change this notice, we will post the new notice on our Internet site at www.millenniumlabs.com.
VIII. Communication with Millennium
As a convenience, Millennium may make available email addresses by which you can communicate with us regarding billing issues. Please be advised that email is not a secure means of communication. Therefore Millennium cannot guarantee the security of any information that you send to us prior to our receipt of it. This fact may also restrict our use of email in communicating any response to you – we will attempt to use alternate means of communicating anything that may be considered sensitive information.
IX. Copy of Notice, Questions or Complaints
If you would like a paper copy of this notice, have questions about it, or believe its terms have been, please let us know immediately by contacting us toll-free at 1-877-451-3534 and request the Compliance/Privacy Office. Please include your name, address, and a telephone number where we can contact you, and a brief description of the request or complaint. If you prefer, you may submit an anonymous complaint.
Millennium Laboratories Inc.
16981 Via Tazon
San Diego, CA 92127
Or call our Ethics Hotline at 1-866-677-3847
You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services at:
The U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free: 1-877-696-6775
Please provide as much information as possible so that the complaint can be properly investigated. Millennium will not retaliate against a person who files a complaint with us or with the Secretary of the U.S. Department of Health and Human Services.