THIS NOTICE DESCRIBES
HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW
YOU CAN ACCESS THIS INFORMATION. PLEASE READ CAREFULLY.
Monogram Incorporated
("Monogram") the world leader in drug resistance testing is
committed to protecting the privacy of the personal and health information
of its customers. Monogram Inc., is committed to protecting the confidentiality
of our laboratory test results and other patient protected health information
(PHI) that we collect or create as part of our diagnostic testing activities.
Please read this Notice
of Privacy Practices carefully so that you will understand both our
commitment to the privacy of your PHI, and how you can participate in
that commitment. Should you have any questions about this Notice or
our privacy practices, please call us at (650) 635-1100, via email to
customerservice@monogrambio.com, or write to us at the following address:
Monogram Inc.
Attention: Privacy Compliance Officer
345 Oyster Point Blvd.
South San Francisco, CA 94080
Privacy Policy
Monogram Inc. is committed
to gathering, maintaining, using and disclosing patient protected health
information (PHI) in a manner that protects your privacy. We will only
use or disclose the minimum amount of your PHI we consider necessary
to perform a service or otherwise described in this Notice. This Notice
applies to all PHI that we maintain. Your doctor, Hospital or other
referring laboratory may have different notices regarding his/her/their
use and disclosure of your PHI.
Monogram Inc. is required
by law to provide you with this Notice of Privacy Practices with respect
to PHI, to maintain the privacy of PHI, to state the uses and disclosures
of PHI that Monogram Inc. may make, and to list the rights of individuals
and our legal duties with respect to their PHI. Your PHI at Monogram
Inc. includes personal and medical information (such as your name, address,
social security number, date of birth, etc.) that we obtain from you,
your physician, health plan, or other sources related to the test services
requested. Your PHI also includes any laboratory testing results that
we create.
Monogram Inc. will abide
by the terms of this Notice of Privacy Practices currently in effect.
We reserve the right to change the terms of this Notice of Privacy Practices
and to make the provisions of the new Notice of Privacy Practices effective
for all PHI that we maintain. We will maintain this Notice on our website
and a hard copy is available upon request.
How we use and disclose Protected
Health Information
Your PHI will be used
or disclosed for treatment, payment, or healthcare operations purposes
and for other purposes permitted or required by law. Not every use or
disclosure is listed; however, all of the ways we use or disclose your
PHI fall into one of the broader categories listed below.
If we intended to use
or disclose your PHI for other purposes, we would need your written
authorization. For example, patient authorization is often required
by state law for each release of HIV test results, except if the results
are being released to public health officials as required by law. You
have the right to revoke your authorization at any time, except if we
have already made a disclosure based on that authorization. We do not
need authorization or permission to use or disclose your PHI for the
following purposes:
For Treatment
As a health care provider
that provides laboratory testing for ordering physicians, Monogram Inc.
uses PHI as part of our testing process and discloses your PHI to physicians
and other authorized health care professionals who need access to your
laboratory results in order to treat you. In addition to your treating
physician, we may provide a specialist or consulting physician with
information about your results. Occasionally, we may also contact you
or your physician to arrange to redraw a specimen.
For Payment
We will use your PHI
in our billing and accounts receivable departments and disclose your
PHI to insurance companies, hospitals, physicians, other referring laboratories
and health plans for payment purposes, or to third parties to assist
us in creating bills, claim forms, cashing checks or getting paid for
our services. For example, we may send claim information including name,
test performed, diagnosis code, ordering physician and other information
as requested to a health plan so that the plan will reimburse us for
the services provided. We may have to contact you and or your physician
in order to obtain information for billing and collection purposes.
We may use an outside collection agency to obtain payment.
For Internal Uses
We may use or disclose
your PHI in the course of activities necessary to support our laboratory
operations, such as development and validation of our assays, performing
quality checks on our testing, for teaching purposes, or for developing
normal reference ranges for tests that we perform. We may also use PHI
for purposes of research and development as approved by our Privacy
Board.
Disclosures to Business Associates
Monogram Inc. may disclose
your PHI to other companies or individuals who need your PHI in order
to provide specific services to us. These other entities, known as "business
associates," must comply with the terms of a contract designed
to ensure that they will maintain the privacy and security of the PHI
we provide to them or which they create on our behalf. Our business
associates must only use your PHI for designated treatment, payment,
or health care operations purposes that they perform on our behalf.
For example, we may disclose your PHI to temporary employees or to the
College of American Pathologists (CAP) or other private accrediting
organizations that inspect and certify the quality of our laboratories.
As Permitted or Required by Law
We may use or disclose
your PHI for various public policy purposes that are authorized or required
by federal or state law. For example, we are required to disclose your
PHI to the Secretary of the U.S. Department of Health and Human Services
("HHS") upon request. We must provide you with copies of your
PHI at your request, except where restricted or prohibited by state
law. We will provide the information regarding your specific state to
you upon request.
Public Health
PHI may be disclosed
in reporting communicable disease results to public health departments
as required by law. We may disclose your PHI for FDA reporting purposes.
Public Safety
In certain circumstances,
we may also use or disclose PHI to prevent or lessen a serious and imminent
threat to the health or safety of a person or the public.
To Avert a Serious Threat to Health
or Safety
We may use or disclose
your PHI if necessary to prevent a serious threat to your health and
safety or that of another person or the general public.
Health Oversight
We may disclose your
PHI in connection with governmental oversight, licensure, auditing,
and other purposes. For example, governmental agencies periodically
review our records to ensure that Monogram Inc. is complying with the
rules of various regulatory and licensing agencies, these agencies including,
HHS and State Health Departments of various states. Other agencies may
audit our billing and laboratory records to verify that the health care
was provided as claimed or that we were paid correctly.
Judicial and Administrative Proceedings
We may disclose your
PHI as required to comply with court orders, discovery requests or other
legal process in the course of a judicial or administrative proceeding.
Law Enforcement / Governmental Agencies
We may also disclose
PHI for law enforcement purposes. For example, we may be required to
release PHI as required by law or in compliance with a court order,
judicial subpoena, court-ordered warrant, grand jury subpoena, administrative
request, investigative demand or similar legal process, but only if
efforts have been made to tell you about the request or to obtain an
order of protection for the requested information. We may release PHI
for other law enforcement purposes, such as to identify or locate a
suspect, fugitive, material witness, or missing person. We may disclose
your PHI for military and veterans activities, national security or
intelligence purposes, or to correctional institutions, or to law enforcement
officials having custody of an inmate.
Workers Compensation
We may disclose your
PHI as necessary to comply with requirements of workers' compensation
or similar programs that provide benefits for work-related injuries
or illness without regard to fault. For example, workers compensation
programs may require that we provide the results of laboratory testing
as part of the case file.
State Law
For all of the above
purposes, in situations where the laws of any state in which we provide
services are more restrictive than applicable federal law, we are required
to follow the more restrictive state law. For example, some states require
physician authorization to release laboratory test results to patients,
and other states prohibit a laboratory from releasing test results directly
to a patient.
We may contact you for specific reasons
Although we do not do
so today, we may want to contact you in the future regarding health-related
products or services that may be of interest to you.
Your rights concerning privacy and
confidentiality
Access
You and/or your authorized
or designated personal representative have the right to inspect and
copy your PHI. Monogram Inc. will deny access to certain information
for specific reasons, for example, where state law and or CLIA regulations
prohibit such patient access.
Amendments
You have the right to
request amendments to your PHI (but we are not required to make the
requested amendments).
Accounting
You have the right to
receive an accounting of disclosures, if any, of your PHI that were
made by Monogram Inc. for a period of up to six years prior to the date
of your written request, but not including any disclosures of your PHI
made prior to April 14, 2003, when the Privacy Rule went into effect.
Under the law, this accounting does not include disclosures made for
purposes of treatment, payment, health care operations, or certain other
excluded purposes, but includes other types of disclosures of your PHI,
including disclosures for public health reporting or in response to
a court order.
Restrictions
You have the right to
ask us if we will agree to restrictions on certain uses and disclosures
of your PHI, but we are not required to agree to your request.
Confidential Communications
You have the right to
request that we send your PHI to an alternate address, but we are not
required to agree to your request.
Notice of Privacy Practices
You have the right to
request a paper copy of this Notice.
Complaints
If you believe your privacy
rights have been violated please contact us at the address located at
the beginning of this Notice. You also have the right to register a
complaint with Monogram Inc. or the Secretary of the U.S. Department
of Health and Human Services. Monogram Inc. will not retaliate against
any individual for filing a complaint.
Exercising your rights
Write to us with your
specific written request and be sure to include sufficient information
for us to identify all of your records. Monogram Inc. will consider
your request and provide you a response within a reasonable timeframe.
Should we deny your request, you have the right to ask for the denial
to be reviewed by another healthcare professional designated by Monogram
Inc.
How to contact us
If you have questions
or concerns regarding the privacy or confidentiality of your PHI, or
you wish to register a complaint, please write us at the address located
at the beginning of this.
Monogram Inc. reserves
the right to amend this Notice of Privacy Practices, at any time, to
reflect changes in our privacy practices, and these changes will apply
retroactively. Any such changes will be applicable to and effective
for all Protected Health Information (PHI) that we maintain including
PHI we created or received prior to the effective date of the Notice
revision.
Safe Harbor Privacy
Practices
THIS NOTICE DESCRIBES HOW MEDICAL
INFORMATION MONGRAM RECEIVES FROM THE EU MAY BE USED AND DISCLOSED AND
HOW YOU CAN ACCESS THIS INFORMATION. PLEASE READ CAREFULLY.
Monogram Biosciences, Inc. ("Monogram"), a world leader in
individualized medicine for people with HIV and cancer, is committed
to protecting the privacy of the personal and sensitive health information
of its customers, including the confidentiality of laboratory test results
and other patient health information that we collect, create or receive
as part of our diagnostic testing activities.
We
recognize and acknowledge current data protection laws in the European
Union (“EU”), and have made a commitment to adhere to the Safe Harbor
Principles of the Safe Harbor Program administered by the U.S. Department
of Commerce with respect to Patient Data (as defined below) and Sensitive
Patient Data (as defined below), transferred from the EU by hospitals,
clinics and doctors requesting laboratory services from Monogram.
For more information about the Safe Harbor Principles, please visit
the U.S. Department of Commerce website at http://www.export.gov/safeharbor.
Monogram Bio self-certifies, on an annual basis, to the U.S. Department
of Commerce its compliance with the Safe Harbor Principles.
Please
read this Notice of Safe Harbor Privacy Practices carefully so that
you will understand both our commitment to the privacy of your personal
and sensitive data, and how you can participate in that commitment.
Should you have any questions about this Notice or our Safe Harbor privacy
practices, please contact us at (650) 635-1100, via e-mail to
customerservice@monogrambio.com, or write to us at the
following address:
Monogram Biosciences, Inc.
Attention: Privacy Compliance Officer
345 Oyster Point Blvd.
South San Francisco, CA 94080
Scope
This
Safe Harbor Policy applies to all Patient Data (as defined below) and
Sensitive Patient Data (as defined below), transferred from the EU to
Monogram Bio in the U.S. by hospitals, clinics, and doctors requesting
laboratory services. Your doctor, hospital or other referring
laboratory may have different notices regarding his/her/their use and
disclosure of your personal and sensitive data, including Patient Data
and Sensitive Data as defined below.
Monogram
will abide by the terms of this Notice of Safe Harbor Privacy Practices
currently in effect. Any changes to our privacy practices will
be reflected in an updated notice posted on this website. If we
change our privacy practices to the extent we depart from the U.S. Safe
Harbor program, we will continue to treat the Patient Data and Sensitive
Patient Data which we have reserved from the EU up to the point of change
according to the Safe Harbor Principles. We will maintain this
Notice on our Web site and a hard copy is available upon request.
Definitions
Patient
Data: Patient Data refers to any personal information relating
to a patient located in the EU, and who can be identified, directly
or indirectly, as a particular person by reference to an identification
number or to one or more aspects of the patient’s physical, physiological,
mental, economic, cultural or social identify. Patient Data includes
the transmission of data over phone lines, computer lines, and in hard
copy, of information such as patient contact information, demographic
data, work history, or family history.
Sensitive
Patient Data: Sensitive Patient Data includes all Patient
Data related to the patient’s health or medical condition (including
biometeric and genetic data), sex life, race or ethnicity, religious
or philosophical beliefs, political opinions or trade union membership.
Privacy
Board: An internal group of Monogram personnel as from time
to time organized by Monogram to consult with experts and review issues
relating to protection of patient information.
Policy
Monogram
is committed to gathering, maintaining, using and disclosing Patient
Data and Sensitive Patient Data transferred to Monogram from the EU
by hospitals, clinics and doctors requesting laboratory services in
a manner that conforms to the Safe Harbor Principles. We will
only use or disclose as much of your data as needed to perform a service
or otherwise described in this Notice.
The Data We Collect
Monogram
requires that any hospital, clinic or doctor submitting Patient Data
and Sensitive Patient Data from the EU to Monogram in the U.S. for the
purposes of laboratory testing provide patients with notice regarding
the types of Patient Data and Sensitive Patient Data that will be collected
for the purposes of performing the laboratory work.
The
Patient Data we process at Monogram consists primarily of your contact
details, such as your name, address, social security or national identification
number, and date of birth that we obtain from you, your physician, health
plan, or other sources related to the test services requested.
The
Sensitive Patient Data we collect includes any medical information that
we obtain from you, your physician, health plan or other source, any
data related to your race and ethnicity and, any laboratory testing
results that we create.
How We Use and Disclose Protected
Health Information
Monogram
may disclose your Patient Data and/or Sensitive Data to other companies
or individuals who need this data in order to provide specific services
to us. Examples of use and disclosure are listed below.
In all cases, Monogram will transfer Patient Data and Sensitive Patient
Data to a third party consistent with the notice provided to patients
and any consents they have given. Further, we will transfer Patient
Data and Sensitive Patient Data only to third parties that have provided
assurances that they will provide at least the same level of privacy
protection as is required by this Notice. When Monogram has knowledge
that a third party is using or sharing Patient Data and/or Sensitive
Patient Data in a way contrary to this Notice, Monogram will take reasonable
steps to prevent or stop such processing or use.
For
Treatment
As a healthcare provider that provides laboratory testing for ordering
physicians, clinics and hospitals, Monogram uses Patient Data and Sensitive
Patient Data as part of our testing process and discloses Patient Data
and Sensitive Patient Data to physicians and other authorized healthcare
professionals who need access to laboratory results in order to treat
you. In addition to your treating physician, we may provide a
specialist or consulting physician with information about your results.
Occasionally, we may also contact you or your physician to arrange to
redraw a specimen.
For Payment
We will use your Patient Data and possibly Sensitive Patient Data
in our billing and accounts receivable departments, and may disclose
Patient Data and Sensitive Patient Data to insurance companies, hospitals,
physicians, other referring laboratories and health plans for payment
purposes, or to third parties to assist us in creating bills, claim
forms, cashing checks or getting paid for our services. For example,
we may send claim information including name, test performed, diagnosis
code, ordering physician and other information as requested to a health
plan so that the plan will reimburse us for the services provided.
We may have to contact you and/or your physician in order to obtain
information for billing and collection purposes. We may use an
outside collection agency to obtain payment.
For Internal Uses
We may use or disclose your Patient Data and Sensitive Patient Data
in the course of activities necessary to support our laboratory operations,
such as development and validation of our assays, performing quality
checks on our testing, for teaching purposes, or for developing normal
reference ranges for tests that we perform. We may also use this
data for purposes of research and development as approved by our Privacy
Board.
As Permitted or Required by Law
We may use or disclose your Patient Data and/or Sensitive Patient
Data for various public policy purposes that are authorized or required
by United States federal or state law. For example, we are required
to disclose your Patient Data and/or Sensitive Patient Data to the Secretary
of the US Department of Health and Human Services upon request.
Public
Health
Patient Data and/or Sensitive Patient Data may be disclosed in reporting
communicable disease results to public health departments as required
by law. We may disclose your Patient Data and/or Sensitive Patient
Data for U.S. Federal Drug Agency (“FDA”) reporting purposes.
Public Safety
In certain circumstances, we may also use or disclose Patient Data and/or
Sensitive Patient Data to prevent or lessen a serious and imminent threat
to the health or safety of a person or the public.
To Avert a Serious Threat to Health or Safety
We may use or disclose your Patient Data and/or Sensitive Patient
Data if necessary to prevent a serious threat to your health and safety
or that of another person or the general public.
Health Oversight
We may disclose your Patient Data and/or Sensitive Patient Data
in connection with governmental oversight, licensure, auditing, and
other purposes. For example, governmental agencies periodically
review our records to ensure that Monogram is complying with the rules
of various regulatory and licensing agencies, including the U.S. Department
of Health and Human Services and various state Health Departments.
Other agencies may audit our billing and laboratory records to verify
that the healthcare was provided as claimed or that we were paid correctly.
Judicial and Administrative Proceedings
We may disclose your Patient Data and/or Sensitive Patient Data as required
to comply with court orders, discovery requests or other legal process
in the course of a judicial or administrative proceeding.
Law Enforcement/Governmental Agencies
We may also disclose Patient Data and/or Sensitive Patient Data
for law enforcement purposes. For example, we may be required
to release Patient Data and/or Sensitive Patient Data as required by
law or in compliance with a court order, judicial subpoena, court-ordered
warrant, grand jury subpoena, administrative request, investigative
demand or similar legal process, but only if efforts have been made
to tell you about the request or to obtain an order of protection for
the requested information. We may release Patient Data and/or
Sensitive Patient Data for other law enforcement purposes, such as to
identify or locate a suspect, fugitive, material witness, or missing
person. We may disclose your Patient Data and/or Sensitive Patient
Data for military and veterans activities, national security or intelligence
purposes, or to correctional institutions, or to law enforcement officials
having custody of an inmate.
Workers Compensation
We may disclose your Patient Data and/or Sensitive Patient Data
as necessary to comply with requirements of workers' compensation or
similar programs that provide benefits for work-related injuries or
illness without regard to fault. For example, workers compensation
programs may require that we provide the results of laboratory testing
as part of the case file.
State Law
For all of the above purposes, in situations where the laws of any state
in which we provide services are more restrictive than applicable federal
law, we are required to follow the more restrictive state law.
For example, some states require physician authorization to release
laboratory test results to patients, and other states prohibit a laboratory
from releasing test results directly to a patient.
Choice
You
have the right to revoke your authorization to transfer Patient Data
and/or Sensitive Patient Data at any time, except if we have already
made a disclosure based on that authorization. To revoke your
authorization, please use the contact information at the beginning of
this Notice.
In
the event Patient Data is to be used for a new purpose incompatible
with the purposes for which it was originally collected or subsequently
authorized, when feasible and appropriate, you will be given the opportunity
to chose (opt-out) whether to have your Patient Data so used.
In the event that Sensitive Patient Data is used for a new purpose,
your explicit consent (opt-in) will be obtained prior to the use or
transfer of the Sensitive Patient Data.
Access
You
or your authorized or designated personal representative has the right
to inspect and copy your Patient Data and Sensitive Patient Data, and
to correct, amend or delete information if it is inaccurate. Where
possible, Monogram will provide access to the Patient Data and/or Sensitive
Patient Data in a timely manner. You may be requested to justify
your request for Patient Data and/or Sensitive Patient Data in a situation
where access to the information would present a burden to Monogram.
The burden to providing the information will be considered, but is not
the controlling factor to establishing whether access will be denied.
Access may be denied when the burden or expense of providing access
would be disproportionate to the risks to an individual’s privacy,
if the rights of persons other than the individual would be violated,
or if prohibited by law.
Security and Data Integrity
Monogram
will take reasonable precautions to protect Patient Data and Sensitive
Patient Data from loss, misuse and unauthorized access, disclosure,
alteration and destruction. The security and integrity of Patient
Data and Sensitive Patient Data are maintained according to the Health
Insurance Accountability and Portability Act (HIPAA).
We may contact you for specific reasons
Although we do not do so today, we may want to contact you in the future
regarding health-related products or services that may be of interest
to you. If, upon receiving such communications or materials, you
wish to be excluded from any further communications, please contact
customerservice@monogrambio.com, or write to us at the following address:
Monogram Biosciences, Inc.
Attention: Privacy Compliance Officer
345 Oyster Point Blvd.
South San Francisco, CA 94080
Complaints
If you believe your privacy rights have been violated, please contact
us at the address located at the beginning of this Notice. To
ensure compliance with the Safe Harbor Principles, Monogram will: (a)
use the services of the American Arbitration Association (“AAA”)
in the investigation and resolution of complaints and comply with advice
given by the AAA; (b) periodically review and verify the Organization’s
compliance with the Safe Harbor Principles; and (c) remedy issues arising
out of any failure to comply with the Safe Harbor Principles.
