Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Nexsun Diagnostic Laboratories, LLC (referred to as “Nexsun Labs” in this Notice) is committed to protecting the privacy of your identifiable health information. This information is known as “protected health information” or “PHI.” Examples of documents that may contain your PHI include laboratory test orders, test results and invoices.
Nexsun Labs is required by law to maintain the privacy of your PHI. We are also required to provide you with this Notice of our legal duties and privacy practices upon request. It describes our legal duties, privacy practices and your patient rights as determined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We are required to follow the terms of this Notice currently in effect. We are required to notify affected individuals in the event of a breach involving PHI that is unsecured. PHI is stored electronically and is subject to electronic disclosure.
Nexsun Labs is committed to the protection of your PHI and will make reasonable efforts to ensure the confidentiality of your PHI, as required by statute and regulation. We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.
How We May Use or Disclose Your Health Information
We attempt to collect the minimal amount of information necessary to provide our services to you for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. This may include your name, address, telephone number, social security number, date of birth, medical history, diagnosis, treatment, provider identification, financial responsibility, health insurance coverage (including group numbers and member identification numbers), and payment information. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your PHI will fall into one of the categories listed below.
We need your authorization to use or disclose your PHI for any purpose not covered by one of the categories below. With limited exceptions, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes or sell your PHI unless you have signed an authorization. You may revoke any authorization you sign at any time. If you revoke your authorization, we will no longer use or disclose your PHI except to the extent we have already taken action based on your authorization.
As permitted under HIPAA, we may use and disclose your PHI for the following purposes:
For Treatment – Nexsun Labs may use or disclose PHI for treatment purposes, including disclosure to physicians and other health care professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results. We may use and disclose PHI to contact you to remind you of an appointment or to tell you about our health-related products and services that may be of interest to you. Examples of other treatment-related purposes include disclosure to a pathologist to help interpret your test results or use of your PHI to contact you to obtain another specimen, if necessary.
However, for self-pay tests, except for the ordering provider, we do not share test results with other providers or healthcare professionals for treatment purposes.
For Payment – Nexsun Labs may use or disclose your PHI for purposes of billing and payment for the laboratory services we provide. For example, Nexsun Labs may provide PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to obtain payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner, or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.
For Healthcare Operations – Nexsun Labs may use or disclose PHI for healthcare operations purposes. These uses and disclosures are necessary, for example, to evaluate the quality of our laboratory testing, the accuracy of results, accreditation functions, and for Nexsun Labs’ operation and management purposes. Nexsun Labs may also disclose PHI to other health care providers or health plans that are involved in your care for their health care operations. For example, Nexsun Labs may provide PHI to manage disease or to coordinate health care or health benefits.
To Communicate with Individuals Involved in Your Care or Payment for Your Care – Nexsun Labs may disclose PHI to a person who is involved in your care or helps pay for your care, such as a family member or friend. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort. As allowed by federal and state law, we may disclose the PHI of minors to their parents or legal guardians.
Business Associates – Nexsun Labs may disclose PHI to its business associates to perform certain business functions or provide certain business services to Nexsun Labs. For example, we may use another company to perform billing services on our behalf. All of our business associates are required to maintain the privacy and confidentiality of your PHI. In addition, at the request of your health care providers or health plan, Nexsun Labs may disclose PHI to their business associates for purposes of performing certain business functions or health care services on their behalf. For example, we may disclose PHI to a business associate of Medicare for purposes of medical necessity review and audit.
Judicial and Administrative Proceedings – Under certain circumstances, Nexsun Labs may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful processes.
Law Enforcement – Nexsun Labs may disclose PHI for law enforcement purposes, including reporting certain types of wounds or physical injuries or in response to a court order, warrant, subpoena or summons, or similar process authorized by law. We may also disclose PHI when the information is needed: 1) for identification or location of a suspect, fugitive, material witness, or missing person, 2) about a victim of a crime, 3) about an individual who has died, 4) in relation to criminal conduct on Nexsun Labs premises, or 5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.
As Required by Law – Nexsun Labs must disclose your PHI if required to do so by federal, state, or local law.
Public Health – Nexsun Labs may disclose PHI for public health activities. These activities generally include: 1) disclosures to a public health authority to report, prevent or control disease, injury, or disability; 2) disclosures to report births and deaths, or to report child abuse or neglect; 3) disclosures to a person subject to the jurisdiction of the Food and Drug Administration (“FDA”) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity, including reporting reactions to medications or problems with products or notifying people of recalls of products they may be using; 4) disclosures to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and 5) disclosures to an employer about an employee to conduct medical surveillance in certain limited circumstances concerning workplace illness or injury.
Victims of Abuse, Neglect, or Domestic Violence – Nexsun Labs may disclose PHI about an individual to a government authority, including social services, if we reasonably believe that an individual is a victim of abuse, neglect, or domestic violence.
Health Oversight Activities – Nexsun Labs may disclose PHI to a health care oversight agency for activities authorized by law such as audits, civil, administrative, or criminal investigations and proceedings/actions, inspections, licensure/disciplinary actions, or other activities necessary for appropriate oversight of the health care system, government benefit programs, and compliance with regulatory requirements and civil rights laws.
Coroners, Medical Examiners, and Funeral Directors – Nexsun Labs may disclose PHI to a coroner, medical examiner, or funeral director for the purpose of identifying a deceased person, determining cause of death, or for performing some other duty authorized by law.
Personal Representative – Nexsun Labs may disclose PHI to your personal representative, as established under applicable law, or to an administrator, executor, or other authorized individual associated with your estate.
Correctional Institution – Nexsun Labs may disclose the PHI of an inmate or other individual when requested by a correctional institution or law enforcement official for health, safety, and security purposes.
To Avert a Serious Threat to Health or Safety – Nexsun Labs may disclose PHI if necessary to prevent or lessen a serious and/or imminent threat to health or safety to a person or the public or for law enforcement authorities to identify or apprehend an individual.
Research – Nexsun Labs may use and disclose PHI for research purposes. Limited data or records may be viewed by researchers to identify patients who may qualify for their research project or for other similar purposes, so long as the researchers do not remove or copy any of the PHI. Before we use or disclose PHI for any other research activity, one of the following will happen: 1) a special committee will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard PHI; 2) if the PHI relates to deceased individuals, the researchers give us assurances that the PHI is necessary for the research and will be used only as part of the research; or 3) the researcher will be provided only with information that does not identify you directly.
Government Functions – In certain situations, Nexsun Labs may disclose the PHI of military personnel and veterans, including Armed Forces personnel, as required by military command authorities. Additionally, we may disclose PHI to authorized officials for national security purposes, such as protecting the President of the United States, conducting intelligence, counter-intelligence, other national security activities, and when requested by foreign military authorities. Disclosures will be made only in compliance with U.S. Law.
Workers’ Compensation – As authorized by applicable laws, Nexsun Labs may use or disclose PHI to comply with workers’ compensation or other similar programs established to provide work-related injury or illness benefits.
Other Uses and Disclosures of PHI – As permitted by HIPAA, we may disclose your PHI to:
- Social Services Agencies
- Public Health Authorities
- The Food and Drug Administration
- Health Oversight Agencies
- Military Command Authorities
- National Security and Intelligence Organizations
- Correctional Institutions
- Organ and Tissue Donation Organizations
- Coroners, Medical Examiners, and Funeral Directors
- Workers Compensation Agents
We may also disclose PHI to those assisting in disaster relief efforts so that family or friends can be notified about your condition, status and location.
For purposes not described above, including uses and disclosures of PHI for marketing purposes and disclosures that would constitute a sale of PHI, Nexsun Labs will ask for patient authorization before using or disclosing PHI. If you signed an authorization form, you may revoke it, in writing, at any time, except to the extent that action has been taken in reliance on the authorization.
Incidental Uses and Disclosures – Sometimes, your PHI may be used or disclosed in the course of our primary uses and disclosures, such as for treatment, payment or healthcare operations. For example, we may use your name in a telephone conversation with a provider. We are permitted to make such incidental uses and disclosures as long as we take reasonable steps to minimize them, and have in place appropriate safeguards to protect them.
Information Breach Notification
Nexsun Labs is required to provide patient notification if it discovers a breach of unsecured PHI unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised. You will be notified without unreasonable delay and no later than 60 days after the discovery of the breach. Such notification will include information about what happened and what can be done to mitigate any harm.
De-identified Information and Limited Data Sets
Nexsun Labs may use and disclose health information that has been “de-identified” by removing certain identifiers making it unlikely that you could be identified. Nexsun Labs also may disclose limited health information, contained in a “limited data set”. The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county and zip code, but not your name or street address.
Note Regarding State Law
For all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.
Your Patient Rights
Subject to certain exceptions, HIPAA establishes the following patient rights with respect to your PHI:
Receive Test Information – You and your personal representative have the right to access PHI consisting of your laboratory test results or reports ordered by your physician. Within 30 days after our receipt of your request, you will receive a copy of the completed laboratory report from Nexsun Labs unless an exception applies. Exceptions include a determination by a licensed health care professional that the access requested is reasonably likely to endanger the life or safety of you or another person, and our inability to provide access to the PHI within 30 days, in which case we may extend the response time for an additional 30 days if we provide you with a written statement of the reasons for the delay and the date by which access will be provided. You have the right to access and receive your PHI in an electronic format if it is readily producible in such a format. You also have the right to direct Nexsun Labs to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI. To request a copy of your PHI:
- Complete and submit a Patient Request to Access or to Disclose Protected Health Information (PHI) (Access Form) to obtain your test results and other PHI
- Submit a written request of your own to our Customer Service team to obtain your PHI (requests must be signed and include enough demographic and other information necessary for us to authenticate you and identify your records)
- Contact the Privacy Officer at 949-783-7340 or by email at [email protected].
Amend Health Information – If you believe that your PHI contains a mistake, you may request, in writing, that Nexsun Labs correct the information. However, we may deny the request in some cases (such as if we determine the PHI is accurate). If we deny your request to change your PHI, we will provide you with a written explanation for the denial.
Accounting of Disclosures – You have the right to receive a list of certain disclosures of your PHI made by Nexsun Labs in the past six years from the date of your written request. Under the law, this does not include disclosures made for treatment, payment, or healthcare operations or certain other purposes.
Request Restrictions – You may request that we agree to restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except for requests to limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket and in full and when the uses or disclosures are not required by law.
Request Limits on Uses and Disclosures of your PHI – You have the right to request that we limit: 1) how we use and disclose your PHI for treatment, payment, and health care operations activities; or 2) our disclosure of PHI to individuals involved in your care or payment for your care. Nexsun Labs will consider your request but is not required to agree to it unless the requested restriction involves a disclosure that is not required by law to a health plan for payment or health care operations purposes and not for treatment, and you have paid for the service in full out of pocket. If we agree to a restriction on other types of disclosures, we will state the agreed restrictions in writing and will abide by them, except in emergency situations when the disclosure is for purposes of treatment.
Request Confidential Communications – You have the right to request that Nexsun Labs communicate with you about your health information at an alternative address or by an alternative means. Nexsun Labs will accommodate reasonable requests.
Copy of this Notice – You have a right to obtain a paper copy of this Notice upon request. This Notice is also available on the Nexsun Labs internet site at www.nexsunlabs.com.
How to Exercise Your Rights
You may write or send an email to us with your specific request. Please refer to the Contact Information below. Nexsun Labs will consider your request and provide you a response.
If you believe your privacy rights have been violated, you have the right to submit a written complaint to Nexsun Labs’ Privacy Office at the address listed below. Please mark the submission “Confidential,” and include your name, address, and telephone number where we can contact you (unless you choose to remain anonymous) and a brief description of your concern, issue, or complaint. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. Nexsun Labs will not retaliate against any individual for filing a complaint about our privacy practices.
If you would like to exercise your rights or would like additional information about Nexsun Labs’ privacy practices, you may contact us:
By Mail: Nexsun Labs
Attention: Privacy Officer
15375 Barranca Parkway, Suite A-110
Irvine, CA 92618
By Email: [email protected]
By Telephone: (949) 783-7340
If you believe your privacy rights have been violated, you may also file a complaint with the Secretary of the U.S. Department of Health and Human Services at:
By Mail: Office for Civil Rights
The U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
By Telephone: (202) 619-0257 or toll-free at (877) 696-6775
Changes to the Nexsun Labs Notice of Privacy Practices
We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. A copy of our Notice is available upon request and is displayed on our website at www.nexsunlabs.com. Please review this site periodically to ensure that you are aware of any such updates.
This Notice was revised and became effective as of: January 01, 2022