HIPAA Notice of Privacy Practices
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.PLEASE REVIEW IT CAREFULLY.
EFFECTIVE DATE OF NOTICE: November 2022
Alphadera Labs, LLC is required by law to provide individuals with notice of its legal duties and privacy practices with respect your "Protected Health Information" (defined below). This Notice describes the privacy practices of Alphadera Labs, its employees and other personnel (“Alphadera Labs,” “we” or “us”).
I. Our responsibility
Alphadera Labs and the members of its workforce are committed to protecting the privacy and confidentiality of your personal information, genetic information, and laboratory test results.
Alphadera Labs is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to keep your Protected Health Information confidential. This Notice describes our legal duties and privacy practices, and explains your patient privacy rights. When we use or disclose your Protected Health Information, we are required to abide by the terms of this Notice.
II. What is protected health information
Protected Health Information is your demographic information, medical history, laboratory results, insurance information and other health information that is collected, generated, used, and communicated by Alphadera Labs to produce genetic testing results and bill for our testing services. Examples of Protected Health Information include your name, date of birth, medical record number, social security number, insurance beneficiary number, and genetic information.
III. How we use and disclose your health information
Your Protected Health Information may be used and disclosed for treatment, payment, healthcare operations and other purposes permitted or required by law. Alphadera Labs may use and disclose your Protected Health Information for the following purposes:
3.1 TREATMENT
We may use or disclose your Protected Health Information for treatment purposes. For example, we may use your Protected Health Information to perform our testing services and disclose your genetic testing results to your physician and/or other healthcare providers involved in your care.
3.2 PAYMENT
We may use or disclose your Protected Health Information to obtain payment for healthcare services we provide. For example, we may use and disclose your information to send a bill to your insurance company or health plan to receive payment for the services provided to you.
3.3 HEALTH CARE OPERATIONS
We may use and disclose your Protected Health Information for our healthcare operations. For example, we may use your Protected Health Information to monitor the quality of our testing services and review the competence and qualifications of our laboratory professionals.
3.4 PERSONS INVOLVED IN YOUR CARE OR PAYMENT FOR YOUR CARE
We may disclose your Protected Health Information to person involved in your care or payment for your care, such as a family member, relative, or close friend, unless you object or ask us not to.
3.5 PERSONAL REPRESENTATIVES
We may disclose Protected Health Information about you to your authorized personal representative, such as a lawyer, administrator, executor or other authorized person responsible for you or your estate.
3.6 MINORS' PROTECTED HEALTH INFORMATION
We may disclose Protected Health Information about minors to their parents or legal guardians.
3.7 DISCLOSURES TO BUSINESS ASSOCIATES
We may disclose your Protected Health Information to other companies or individuals, known as "Business Associates," who provide services to us. For example, we may use a company to perform billing services on our behalf. Our Business Associates are required to protect the privacy and security of your Protected Health Information and notify us of any improper disclosure of information.
3.8 AS REQUIRED BY LAW
We must disclose your Protected Health Information when required to do so by any applicable federal, state or local law.
3.9 PUBLIC HEALTH ACTIVITIES
We may disclose your Protected Health Information for public health-related activities. Examples include: reporting diseases to authorized public health authorities; public health investigations; or notifying a manufacturer of a product regulated by the U.S. Food and Drug Administration of a possible problem encountered when using the product in our testing process.
3.10 HEALTH OVERSIGHT ACTIVITIES
We may disclose your Protected Health Information to a healthcare oversight agency for activities that are authorized by law, such as audits, investigations, inspections and licensure activities. For example, we may disclose your Protected Health Information to agencies responsible for ensuring compliance with the rules of government health programs such as
Medicare or Medicaid.
3.11 RESEARCH
Under certain circumstances, we may use or disclose your Protected Health Information for research purposes. All research projects at Alphadera Labs are subject to review by a committee responsible for ensuring the protection of individual
research subjects, appropriate patient authorization, and an adequate plan to safeguard Protected Health Information. In
preparation for research, we may review limited Protected Health Information to draft research protocols, to identify
prospective research participants, or for similar purposes provided the information is not removed from our premises.
3.12 JUDICIAL AND ADMINISTRATIVE PROCEEDINGS
Under certain circumstances, we may disclose your Protected Health Information in the course of a judicial or
administrative proceeding in response to a court order, subpoena or other lawful process.
3.13 LAW ENFORCEMENT
We may disclose your Protected Health Information to the police or other law enforcement officials as required by law or in compliance with a court order, warrant, subpoena, summons, or other legal process for locating a suspect, fugitive, witness, missing person, or victim of a crime.
3.14 THREATS TO HEALTH OR SAFETY
We may disclose Protected Health Information to prevent or reduce the risk of a serious and imminent threat to the health
or safety of an individual or the general public.
3.15 VICTIMS OF ABUSE, NEGLECT, OR VIOLENCE
If required or authorized by law, we may disclose Protected Health Information to a government agency, such as social services or a protective services agency, if we reasonably believe that an individual adult or child is the victim of abuse, neglect, or domestic violence.
3.16 ALL OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
We will ask for your written authorization before using or disclosing your Protected Health Information for any purpose not
described above. You may revoke your authorization, in writing, at any time, except for disclosures that the company has
already acted upon. A revocation of authorization must be submitted to the Privacy Officer at the address listed in Section VIII below.
IV. Your rights regarding your medical information
You have the following rights with respect to your Protected Health Information. To exercise any of these rights, please
contact our Privacy Officer using the contact information provided at the end of this Notice.
4.1 ACCESS TO PROTECTED HEALTH INFORMATION
You, or your authorized or designated personal representative, have the right to inspect and copy the Protected Health
Information maintained by us. We may deny access to certain information for specific reasons, for example, where Federal and state laws regulating laboratories prohibit us from disclosing genetic testing results directly to a patient.
4.2 RESTRICTIONS ON USES AND DISCLOSURES
You have the right to request restrictions on our use and disclosure of your Protected Health Information. You also have the right to request a restriction on the Protected Health Information we disclose about you to someone who is involved in your care or payment for your care, such as a family member or friend. Except as described in this section, we are not required to agree to your request. We must agree to your request if the disclosure has been made to a health plan for the purpose of payment or health care operations and the disclosure relates to an expense for which you have been paid out of pocket. To request restrictions, you must send a written request to privacy@alphaderalabs.com.
4.3 CONFIDENTIAL COMMUNICATIONS
You have the right to request that we communicate with you about your Protected Health Information by alternative
means or to an alternative address. Your request must be in writing and must specify the alternative means or location.
We will accommodate reasonable requests for confidential communications.
4.4 CORRECT OR UPDATE INFORMATION
If you believe the Protected Health Information we maintain about you contains an error, you may request that we correct
or update your information. Your request must be in writing and must explain why the information should be corrected or
updated. We may deny your request under certain circumstances and provide a written explanation.
4.5 ACCOUNTING OF DISCLOSURES
You may request a list, or accounting, of certain disclosures of your Protected Health Information made by us or our business associates for purposes other than treatment, payment, healthcare operations and certain other activities. The request must be in writing and the list will include disclosures made within the prior six years.
4.6 COPY OF NOTICE
Upon request, you may obtain a paper or electronic copy of this Notice.
V. INFORMATION BREACH NOTIFICATION
We are required to notify you following the discovery a breach of unsecured Protected Health Information, unless there is
a demonstration, based on a risk assessment, that there is a "low probability" that the Protected Health Information has
been compromised. You will be notified in a timely fashion, no later than 60 days after discovery of the breach.
VI. QUESTIONS AND COMPLAINTS
If you have questions or concerns about our privacy practices or would like a more detailed explanation about your privacy rights, please contact our Privacy Office using the contact information below.
If you believe that we may have violated your privacy rights, you may submit a complaint to our Privacy Office. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request.
Alphadera Labs will not take retaliatory action against you and you will not be penalized in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
VII. CHANGES TO OUR NOTICE OF PRIVACY PRACTICES
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law.
We will promptly post any changes to this Notice on our website at www.alphaderalabs.com. Please review this website periodically to ensure that you are aware of any updates.
VIII. CONTACT INFORMATION
When communicating with us regarding this Notice, our privacy practices, or your privacy rights, please contact the Privacy Officer using the following contact information:
Alphadera Labs
Attention: Privacy Officer
15355 W Vantage Pkwy.,
Ste 195,
Houston, TX 77032
EEA Privacy Notice
NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM, OR SWITZERLAND
THIS SECTION ONLY APPLIES TO USERS OF OUR SERVICES LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM, OR SWITZERLAND (COLLECTIVELY, THE “EEA DESIGNATED COUNTRIES”) AT THE TIME OF DATA COLLECTION. WE MAY ASK YOU TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN WHEN YOU USE SOME OF OUR SERVICES, OR WE MAY RELY ON YOUR IP ADDRESS TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN.
Where we rely only on your IP address, we cannot apply the terms of this Notice to any User or Customer that masks or otherwise obfuscate their location information so as not to appear located in the Designated Countries. If any terms in this Notice conflict with other terms in our Privacy Policy, the terms in this Notice shall apply to users in the Designated Countries. This Notice is supplemental to our Privacy Notice and Terms of Service.
I. ALPHADERA LABS’S RELATIONSHIP TO YOU
A “controller” is an entity that determines the purposes for which and the manner in which any personal information is processed. Alphadera Labs is a “controller” with respect to your personal information under certain circumstances. Regarding our Provider Portal and Patient Portal, Alphadera Labs is a controller in relation to the information that a provider enters directly into the Websites about him or herself or his or her patients. To the extent a user or patient directly enters personal information on our Websites to pay for, use, or obtain further information about our Services, Alphadera Labs is a controller. A “processor” is an entity that processes personal information on behalf of a controller. For example, any third parties that act as our service providers are “processors” that handle your personal information in accordance with our instructions. To the extent that Alphadera Labs receives personal information as part of any Informed Consent or Test Requisition Form, and to the extent that Alphadera Labs receives identifiable samples and/or identifiable genetic information necessary to perform the Services, Alphadera Labs is a processor, and your provider is the controller.
II. LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We process personal information on the following legal bases: (1) with your consent per an informed consent form from your provider; (2) as necessary to fulfill our contractual obligations to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedoms related to data privacy. To the extent that any de-identified data is anonymized, it is not considered personal data and falls outside applicable privacy laws.
III. MARKETING ACTIVITIES
Direct marketing includes any communications we send you based only on advertising or promoting products and services. Transactional communications about your account or our Services are not considered “direct marketing” communications. We will only contact patients or providers by electronic means (including email or SMS) based on our legitimate interest or their consent. If you do not want us to use your personal information this way, please click an unsubscribe link in your emails, or contact us at privacy@alphaderalabs.com.
IV. INDIVIDUAL DATA SUBJECT RIGHTS
We provide you with the rights described below when you use our Services. When we receive an individual rights request from you, please make sure you are ready to verify your identity. Please be advised that there are limitations to your individual rights. We may limit your individual rights in the following ways: (i) where denial of access is required or authorized by law; (ii) when granting access would have a negative impact on other's privacy; (iii) to protect our rights and properties; and (iv) where the request is frivolous or burdensome. If you have questions if you would like to exercise your rights under the applicable law, please get in touch with us at privacy@alphaderalabs.com.
V. RIGHT TO WITHDRAW CONSENT
If we rely on consent to process your personal information, you have the right to withdraw your consent at any time. A withdrawal of consent will not affect the lawfulness of our processing or the processing of any third parties based on consent before your withdrawal.
VI. RIGHT OF ACCESS AND RECTIFICATION
If you request a copy of your personal information that we hold, we will provide you with a copy without undue delay and free of charge, except where we are permitted by law to charge a fee. We may limit your access if such access adversely affects the rights and freedoms of other individuals. You may request to correct or update any of your personal information held by us unless you can do so directly via the Services.
VII. RIGHT TO ERASURE (THE “RIGHT TO BE FORGOTTEN”)
You may request us to erase any of your personal information held by us that: is no longer necessary in relation to the purposes for which it was collected or otherwise processed; was collected in relation to processing that you previously consented to but later withdrew such consent; or was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing.
VIII. RIGHT TO OBJECT TO PROCESSING
You may object to our processing at any time and as permitted by applicable law if we process your personal information on the legal basis of consent, contract, or legitimate interests. We can continue to process your personal information if it is necessary to defend legal claims or for any other exceptions permitted by applicable law.
IX. RIGHT TO RESTRICTION
You have the right to restrict our processing of your personal information where one of the following applies:
a. You contest the accuracy of the personal information that we processed. We will restrict the processing of your personal information, which may interrupt some or all of the Services, during the period necessary for us to verify the accuracy of your personal information.
b. The processing is unlawful, and you oppose the erasure of your personal information and request the restriction of its use instead.
c. We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise, or defend legal claims.
d. You have objected to processing pending the verification of whether the legitimate grounds of our processing override your rights. We will only process your restricted personal information with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for the important public interest. We will inform you if or when the restriction is lifted.
X. RIGHT TO DATA PORTABILITY
Suppose we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means. In that case, you may request to receive your personal information in a structured, commonly used, and machine-readable format and to have us transfer your personal information directly to another “controller,” where technically feasible, unless the exercise of this right adversely affects the rights and freedoms of others.
XI. NOTIFICATION TO THIRD PARTIES
Suppose we share your personal information with third parties. In that case, we will notify them of any requests for rectification, erasure, or restriction of your personal information unless this proves impossible or involves a disproportionate effort.
Local laws may limit the rights described above. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:
a. cause interference with the execution and enforcement of the law and private legal rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
b. breach or prejudice the rights of confidentiality and security of others;
c. prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, compliance with regulatory requirements relating to economic and financial management; or
d. otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.
XII. Complaints
If you believe we have infringed or violated your privacy rights, please contact us at privacy@alphaderalabs.com so that we can resolve your concerns. You also have a right to lodge a complaint with a competent supervisory authority in a Member State of your habitual residence, place of work, or place of the alleged infringement. A listing of data protection authorities can be found at **http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm**.
You may also contact our EU Representative, DataRep, at https://www.datarep.com.