Notice of Privacy Practices under HIPAA
Your Health Information. Your Rights. Our Responsibilities.
This notice describes how medical or other personal health information provided to us about you may be used and disclosed by Genomic Health, Inc., its subsidiaries and affiliates (“Genomic Health”) and how you can get access to this information. Please review it carefully.
When it comes to your health information, you have certain rights. This section explains your rights regarding your health information.
You have the right to:
- Get a copy of your medical record.
- You can ask to see or get a copy of your medical record and other health information we have about you.
- We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee for any copy or summary.
- Correct your medical record.
- You can ask us to correct health information we have about you that you think is incorrect or incomplete.
- We may say “no” to your request, but if we do, we’ll tell you why in writing within 60 days of your request.
- Request confidential communication.
- You can ask us to contact you regarding your health information in a specific way (for example, via home or office phone) or to send mail to a different address.
- We will say “yes” to all reasonable requests.
- Ask us to limit the health information we share.
- You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
- If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
- Get a list of those with whom we’ve shared your health information.
- You can ask for a list (an accounting) of the times we’ve shared your health information for the six years prior to the date you ask, who we shared it with, and why.
- We will include in that list all disclosures except for those for treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide you one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months of your initial request.
- Get a copy of this privacy notice.
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
- Choose someone to act for you.
- If you have given someone medical power of attorney or if someone is your legal representative or guardian (or, in some cases, if someone is an administrator, executor, or other authorized person responsible for your estate), that person can exercise your rights and make choices about your health information.
- If you are an unemancipated minor, your parent or legal guardian may exercise your rights and make choices about your health information on your behalf.
- We will do what we can to confirm the person has the authority and can act for you before we take any action.
- Ask questions about this notice.
You can ask questions about this notice and your rights at any time. Please contact our Customer Service department or email us at firstname.lastname@example.org
- File a complaint with us or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) if you believe your privacy rights have been violated.
You can complain if you feel we have violated your rights by contacting Genomic Health either by mail at:
Attn.: Privacy Officer
301 Penobscot Drive
Redwood City, CA 94063
Or e-mail: email@example.com
You can file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
We will not retaliate against you for filing a complaint with us or with OCR.
For certain health information, you can tell us your choices about what we share.
If you have a clear preference for how we share your health information in the situations described below, tell us what you want us to do, and we will follow your instructions. To do so, email us at firstname.lastname@example.org.
In the cases below, you have both the right and choice to tell us to:
- Share health information with your family, close friends, or others involved in your care or payment for your care
- Share health information in a disaster relief situation
- Share health information with organ procurement organizations or related entities for the purpose of facilitating organ or tissue donation and transplantation
If you are not able to tell us your preference, we may go ahead and share your health information if we believe it is in your best interest. We may also share your health information when needed to lessen a serious and imminent threat to health or safety.
In the cases below, we never share your information unless you give us written permission:
- Share your health information with third parties for their marketing purposes
- Sell your health information
Our Uses and Disclosures
There are certain ways in which we may use or disclosure your health information. This section explains those circumstances and provides some examples to help with your understanding.
How do we typically use or share your health information?
We typically use or share your health information to:
- Provide and improve clinical laboratory services (also known as treatment) or to coordinate with your health care provider or health plan.
We can use your health information and share it with other health care professionals who are treating you.
Example: Discussions of the pathology report for your cancer tumor and Recurrence Score® result with your treating physician or a member of your treatment team.
- Run our organization or help your health care provider run their organization.
We can use and share your health information to run our laboratory, develop and improve our services to improve your care or the care of other patients, and contact you when necessary. We can also share your health information with your health care provider to help them run their business, such as to discuss your test report, process claims for payment for services they provide to you or to conduct quality control.
Example: We share health information about you with our third party service providers to manage our business, including, but not limited to, helping us process your test orders, and store your information.
- Bill for our services.
We can use and share your health information to bill and get payment from health plans or other payor entities.
Example: We give information about you to a third party billing business associate, which provides it to your health insurance plan so it will pay for the services you received.
How else can we use or share your health information?
We are allowed or required to share your health information in other ways with other individuals – often in ways that contribute to the public good, such as public health or for law enforcement purposes, or for certain research purposes. If required by law, we will provide you with notice if we share health information about you in any of the below situations. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
- Help with public health and safety issues.
We can share health information about you for certain purposes or in certain situations such as:
- Preventing disease
- Participating in public health investigations
- Helping with product recalls
- Reporting adverse reactions to medications or certain other injuries
- Reporting suspected abuse, neglect, or domestic violence
- Preventing or reducing a serious threat to anyone’s health or safety
- Do research.
We may maintain certain of your health information in certain databases, which may be used or accessed by individuals within our organization for research purposes. We can use or share your information for health research (1) if we have obtained your signed authorization or (2) if we have received approval from an Institutional Review Board or Privacy Board (in which case, we are permitted to conduct the research without your express authorization) or (3) as otherwise permitted by law. We can also use or share your health information without your signed authorization to prepare for research, such as to develop a research protocol. We may share information for research purposes about anyone who is deceased without a signed authorization.
- Comply with the law.
We will share health information about you if state, federal or national laws require it, including with HHS if it wants to see whether we’re complying with federal privacy law.
- Address workers’ compensation, law enforcement, and other government or judicial requests.
We can use or share health information about you:
- For workers’ compensation claims or benefits
- For law enforcement purposes or with a law enforcement official
- With health oversight agencies for activities authorized by law
- For special government functions such as military, national security, and presidential protective services
- Work with a coroner, medical examiner, or funeral director.
We can share your health information with a coroner, medical examiner, or funeral director upon your death.
- Respond to lawsuits and legal actions.
We can share health information about you in response to a court or administrative order, or in response to a subpoena or other lawful process.
- For a merger and/or acquisition
In the event of or in preparation for a merger and/or acquisition of all or part of our business we may be required to share your health information as part of the transaction (including, for instance, to remain operational).
- We are required to maintain the privacy and security of your health information in accordance with applicable law.
- We will notify you if a breach occurs that may have compromised the privacy or security of your health information.
- We must follow the duties and privacy practices described in this notice and give you a copy of it if you request a copy from us.
- We will not use or share your health information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time — just let us know in writing.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html
Changes to Terms of This Notice
We can change the terms of this notice, and the changes will apply to all health information we have about you. The new notice will be available upon request, in our office, and on our web site.
Other Instructions for Notice
The Effective Date of this Notice is 7/31/2015
Genomic Health U.S. Privacy Officer: Janna Sipes, 301 Penobscot Drive, Redwood City, CA 94063, email@example.com, (650) 569-2233.
Genomic Health International Data Protection Officer: Jill Green, 301 Penobscot Drive, Redwood City, CA 94063, firstname.lastname@example.org, (650) 569-2222.