THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE READ CAREFULLY.
Monogram Incorporated ("Monogram") the world leader in drug resistance testing is committed to protecting the privacy of the personal and health information of its customers. Monogram Inc., is committed to protecting the confidentiality of our laboratory test results and other patient protected health information (PHI) that we collect or create as part of our diagnostic testing activities.
Please read this Notice
of Privacy Practices carefully so that you will understand both our
commitment to the privacy of your PHI, and how you can participate in
that commitment. Should you have any questions about this Notice or
our privacy practices, please call us at (650) 635-1100, via email to
customerservice@monogrambio.
Monogram Inc.
Attention: Privacy Compliance Officer
345 Oyster Point Blvd.
South San Francisco, CA 94080
Privacy Policy
Monogram Inc. is committed to gathering, maintaining, using and disclosing patient protected health information (PHI) in a manner that protects your privacy. We will only use or disclose the minimum amount of your PHI we consider necessary to perform a service or otherwise described in this Notice. This Notice applies to all PHI that we maintain. Your doctor, Hospital or other referring laboratory may have different notices regarding his/her/their use and disclosure of your PHI.
Monogram Inc. is required by law to provide you with this Notice of Privacy Practices with respect to PHI, to maintain the privacy of PHI, to state the uses and disclosures of PHI that Monogram Inc. may make, and to list the rights of individuals and our legal duties with respect to their PHI. Your PHI at Monogram Inc. includes personal and medical information (such as your name, address, social security number, date of birth, etc.) that we obtain from you, your physician, health plan, or other sources related to the test services requested. Your PHI also includes any laboratory testing results that we create.
Monogram Inc. will abide by the terms of this Notice of Privacy Practices currently in effect. We reserve the right to change the terms of this Notice of Privacy Practices and to make the provisions of the new Notice of Privacy Practices effective for all PHI that we maintain. We will maintain this Notice on our website and a hard copy is available upon request.
How we use and disclose Protected Health Information
Your PHI will be used or disclosed for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed; however, all of the ways we use or disclose your PHI fall into one of the broader categories listed below.
If we intended to use or disclose your PHI for other purposes, we would need your written authorization. For example, patient authorization is often required by state law for each release of HIV test results, except if the results are being released to public health officials as required by law. You have the right to revoke your authorization at any time, except if we have already made a disclosure based on that authorization. We do not need authorization or permission to use or disclose your PHI for the following purposes:
For Treatment
As a health care provider that provides laboratory testing for ordering physicians, Monogram Inc. uses PHI as part of our testing process and discloses your PHI to physicians and other authorized health care professionals who need access to your laboratory results in order to treat you. In addition to your treating physician, we may provide a specialist or consulting physician with information about your results. Occasionally, we may also contact you or your physician to arrange to redraw a specimen.
For Payment
We will use your PHI in our billing and accounts receivable departments and disclose your PHI to insurance companies, hospitals, physicians, other referring laboratories and health plans for payment purposes, or to third parties to assist us in creating bills, claim forms, cashing checks or getting paid for our services. For example, we may send claim information including name, test performed, diagnosis code, ordering physician and other information as requested to a health plan so that the plan will reimburse us for the services provided. We may have to contact you and or your physician in order to obtain information for billing and collection purposes. We may use an outside collection agency to obtain payment.
For Internal Uses
We may use or disclose your PHI in the course of activities necessary to support our laboratory operations, such as development and validation of our assays, performing quality checks on our testing, for teaching purposes, or for developing normal reference ranges for tests that we perform. We may also use PHI for purposes of research and development as approved by our Privacy Board.
Disclosures to Business Associates
Monogram Inc. may disclose your PHI to other companies or individuals who need your PHI in order to provide specific services to us. These other entities, known as "business associates," must comply with the terms of a contract designed to ensure that they will maintain the privacy and security of the PHI we provide to them or which they create on our behalf. Our business associates must only use your PHI for designated treatment, payment, or health care operations purposes that they perform on our behalf. For example, we may disclose your PHI to temporary employees or to the College of American Pathologists (CAP) or other private accrediting organizations that inspect and certify the quality of our laboratories.
As Permitted or Required by Law
We may use or disclose your PHI for various public policy purposes that are authorized or required by federal or state law. For example, we are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services ("HHS") upon request. We must provide you with copies of your PHI at your request, except where restricted or prohibited by state law. We will provide the information regarding your specific state to you upon request.
Public Health
PHI may be disclosed in reporting communicable disease results to public health departments as required by law. We may disclose your PHI for FDA reporting purposes.
Public Safety
In certain circumstances, we may also use or disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
To Avert a Serious Threat to Health or Safety
We may use or disclose your PHI if necessary to prevent a serious threat to your health and safety or that of another person or the general public.
Health Oversight
We may disclose your PHI in connection with governmental oversight, licensure, auditing, and other purposes. For example, governmental agencies periodically review our records to ensure that Monogram Inc. is complying with the rules of various regulatory and licensing agencies, these agencies including, HHS and State Health Departments of various states. Other agencies may audit our billing and laboratory records to verify that the health care was provided as claimed or that we were paid correctly.
Judicial and Administrative Proceedings
We may disclose your PHI as required to comply with court orders, discovery requests or other legal process in the course of a judicial or administrative proceeding.
Law Enforcement / Governmental Agencies
We may also disclose PHI for law enforcement purposes. For example, we may be required to release PHI as required by law or in compliance with a court order, judicial subpoena, court-ordered warrant, grand jury subpoena, administrative request, investigative demand or similar legal process, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information. We may release PHI for other law enforcement purposes, such as to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI for military and veterans activities, national security or intelligence purposes, or to correctional institutions, or to law enforcement officials having custody of an inmate.
Workers Compensation
We may disclose your PHI as necessary to comply with requirements of workers' compensation or similar programs that provide benefits for work-related injuries or illness without regard to fault. For example, workers compensation programs may require that we provide the results of laboratory testing as part of the case file.
State Law
For all of the above purposes, in situations where the laws of any state in which we provide services are more restrictive than applicable federal law, we are required to follow the more restrictive state law. For example, some states require physician authorization to release laboratory test results to patients, and other states prohibit a laboratory from releasing test results directly to a patient.
We may contact you for specific reasons
Although we do not do so today, we may want to contact you in the future regarding health-related products or services that may be of interest to you.
Your rights concerning privacy and confidentiality
Access
You and/or your authorized or designated personal representative have the right to inspect and copy your PHI. Monogram Inc. will deny access to certain information for specific reasons, for example, where state law and or CLIA regulations prohibit such patient access.
Amendments
You have the right to request amendments to your PHI (but we are not required to make the requested amendments).
Accounting
You have the right to receive an accounting of disclosures, if any, of your PHI that were made by Monogram Inc. for a period of up to six years prior to the date of your written request, but not including any disclosures of your PHI made prior to April 14, 2003, when the Privacy Rule went into effect. Under the law, this accounting does not include disclosures made for purposes of treatment, payment, health care operations, or certain other excluded purposes, but includes other types of disclosures of your PHI, including disclosures for public health reporting or in response to a court order.
Restrictions
You have the right to ask us if we will agree to restrictions on certain uses and disclosures of your PHI, but we are not required to agree to your request.
Confidential Communications
You have the right to request that we send your PHI to an alternate address, but we are not required to agree to your request.
Notice of Privacy Practices
You have the right to request a paper copy of this Notice.
Complaints
If you believe your privacy rights have been violated please contact us at the address located at the beginning of this Notice. You also have the right to register a complaint with Monogram Inc. or the Secretary of the U.S. Department of Health and Human Services. Monogram Inc. will not retaliate against any individual for filing a complaint.
Exercising your rights
Write to us with your specific written request and be sure to include sufficient information for us to identify all of your records. Monogram Inc. will consider your request and provide you a response within a reasonable timeframe. Should we deny your request, you have the right to ask for the denial to be reviewed by another healthcare professional designated by Monogram Inc.
How to contact us
If you have questions or concerns regarding the privacy or confidentiality of your PHI, or you wish to register a complaint, please write us at the address located at the beginning of this.
Monogram Inc. reserves the right to amend this Notice of Privacy Practices, at any time, to reflect changes in our privacy practices, and these changes will apply retroactively. Any such changes will be applicable to and effective for all Protected Health Information (PHI) that we maintain including PHI we created or received prior to the effective date of the Notice revision.
Safe Harbor Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL
INFORMATION MONGRAM RECEIVES FROM THE EU MAY BE USED AND DISCLOSED AND
HOW YOU CAN ACCESS THIS INFORMATION. PLEASE READ CAREFULLY.
Monogram Biosciences, Inc. ("Monogram"), a world leader in
individualized medicine for people with HIV and cancer, is committed
to protecting the privacy of the personal and sensitive health information
of its customers, including the confidentiality of laboratory test results
and other patient health information that we collect, create or receive
as part of our diagnostic testing activities.
We
recognize and acknowledge current data protection laws in the European
Union (“EU”), and have made a commitment to adhere to the Safe Harbor
Principles of the Safe Harbor Program administered by the U.S. Department
of Commerce with respect to Patient Data (as defined below) and Sensitive
Patient Data (as defined below), transferred from the EU by hospitals,
clinics and doctors requesting laboratory services from Monogram.
For more information about the Safe Harbor Principles, please visit
the U.S. Department of Commerce website at http://www.export.gov/safeharbor .
Monogram Bio self-certifies, on an annual basis, to the U.S. Department
of Commerce its compliance with the Safe Harbor Principles.
Please
read this Notice of Safe Harbor Privacy Practices carefully so that
you will understand both our commitment to the privacy of your personal
and sensitive data, and how you can participate in that commitment.
Should you have any questions about this Notice or our Safe Harbor privacy
practices, please contact us at (650) 635-1100, via e-mail to
customerservice@monogrambio.com , or write to us at the
following address:
Monogram Biosciences, Inc.
Attention: Privacy Compliance Officer
345 Oyster Point Blvd.
South San Francisco, CA 94080
Scope
This Safe Harbor Policy applies to all Patient Data (as defined below) and Sensitive Patient Data (as defined below), transferred from the EU to Monogram Bio in the U.S. by hospitals, clinics, and doctors requesting laboratory services. Your doctor, hospital or other referring laboratory may have different notices regarding his/her/their use and disclosure of your personal and sensitive data, including Patient Data and Sensitive Data as defined below.
Monogram
will abide by the terms of this Notice of Safe Harbor Privacy Practices
currently in effect. Any changes to our privacy practices will
be reflected in an updated notice posted on this website. If we
change our privacy practices to the extent we depart from the U.S. Safe
Harbor program, we will continue to treat the Patient Data and Sensitive
Patient Data which we have reserved from the EU up to the point of change
according to the Safe Harbor Principles. We will maintain this
Notice on our Web site and a hard copy is available upon request.
Definitions
Patient Data: Patient Data refers to any personal information relating to a patient located in the EU, and who can be identified, directly or indirectly, as a particular person by reference to an identification number or to one or more aspects of the patient’s physical, physiological, mental, economic, cultural or social identify. Patient Data includes the transmission of data over phone lines, computer lines, and in hard copy, of information such as patient contact information, demographic data, work history, or family history.
Sensitive Patient Data: Sensitive Patient Data includes all Patient Data related to the patient’s health or medical condition (including biometeric and genetic data), sex life, race or ethnicity, religious or philosophical beliefs, political opinions or trade union membership.
Privacy
Board: An internal group of Monogram personnel as from time
to time organized by Monogram to consult with experts and review issues
relating to protection of patient information.
Policy
Monogram
is committed to gathering, maintaining, using and disclosing Patient
Data and Sensitive Patient Data transferred to Monogram from the EU
by hospitals, clinics and doctors requesting laboratory services in
a manner that conforms to the Safe Harbor Principles. We will
only use or disclose as much of your data as needed to perform a service
or otherwise described in this Notice.
The Data We Collect
Monogram requires that any hospital, clinic or doctor submitting Patient Data and Sensitive Patient Data from the EU to Monogram in the U.S. for the purposes of laboratory testing provide patients with notice regarding the types of Patient Data and Sensitive Patient Data that will be collected for the purposes of performing the laboratory work.
The Patient Data we process at Monogram consists primarily of your contact details, such as your name, address, social security or national identification number, and date of birth that we obtain from you, your physician, health plan, or other sources related to the test services requested.
The Sensitive Patient Data we collect includes any medical information that we obtain from you, your physician, health plan or other source, any data related to your race and ethnicity and, any laboratory testing results that we create.
How We Use and Disclose Protected
Health Information
Monogram
may disclose your Patient Data and/or Sensitive Data to other companies
or individuals who need this data in order to provide specific services
to us. Examples of use and disclosure are listed below.
In all cases, Monogram will transfer Patient Data and Sensitive Patient
Data to a third party consistent with the notice provided to patients
and any consents they have given. Further, we will transfer Patient
Data and Sensitive Patient Data only to third parties that have provided
assurances that they will provide at least the same level of privacy
protection as is required by this Notice. When Monogram has knowledge
that a third party is using or sharing Patient Data and/or Sensitive
Patient Data in a way contrary to this Notice, Monogram will take reasonable
steps to prevent or stop such processing or use.
For Treatment
As a healthcare provider that provides laboratory testing for ordering
physicians, clinics and hospitals, Monogram uses Patient Data and Sensitive
Patient Data as part of our testing process and discloses Patient Data
and Sensitive Patient Data to physicians and other authorized healthcare
professionals who need access to laboratory results in order to treat
you. In addition to your treating physician, we may provide a
specialist or consulting physician with information about your results.
Occasionally, we may also contact you or your physician to arrange to
redraw a specimen.
For Payment
We will use your Patient Data and possibly Sensitive Patient Data
in our billing and accounts receivable departments, and may disclose
Patient Data and Sensitive Patient Data to insurance companies, hospitals,
physicians, other referring laboratories and health plans for payment
purposes, or to third parties to assist us in creating bills, claim
forms, cashing checks or getting paid for our services. For example,
we may send claim information including name, test performed, diagnosis
code, ordering physician and other information as requested to a health
plan so that the plan will reimburse us for the services provided.
We may have to contact you and/or your physician in order to obtain
information for billing and collection purposes. We may use an
outside collection agency to obtain payment.
For Internal Uses
We may use or disclose your Patient Data and Sensitive Patient Data
in the course of activities necessary to support our laboratory operations,
such as development and validation of our assays, performing quality
checks on our testing, for teaching purposes, or for developing normal
reference ranges for tests that we perform. We may also use this
data for purposes of research and development as approved by our Privacy
Board.
As Permitted or Required by Law
We may use or disclose your Patient Data and/or Sensitive Patient
Data for various public policy purposes that are authorized or required
by United States federal or state law. For example, we are required
to disclose your Patient Data and/or Sensitive Patient Data to the Secretary
of the US Department of Health and Human Services upon request.
Public Health
Patient Data and/or Sensitive Patient Data may be disclosed in reporting
communicable disease results to public health departments as required
by law. We may disclose your Patient Data and/or Sensitive Patient
Data for U.S. Federal Drug Agency (“FDA”) reporting purposes.
Public Safety
In certain circumstances, we may also use or disclose Patient Data and/or
Sensitive Patient Data to prevent or lessen a serious and imminent threat
to the health or safety of a person or the public.
To Avert a Serious Threat to Health or Safety
We may use or disclose your Patient Data and/or Sensitive Patient
Data if necessary to prevent a serious threat to your health and safety
or that of another person or the general public.
Health Oversight
We may disclose your Patient Data and/or Sensitive Patient Data
in connection with governmental oversight, licensure, auditing, and
other purposes. For example, governmental agencies periodically
review our records to ensure that Monogram is complying with the rules
of various regulatory and licensing agencies, including the U.S. Department
of Health and Human Services and various state Health Departments.
Other agencies may audit our billing and laboratory records to verify
that the healthcare was provided as claimed or that we were paid correctly.
Judicial and Administrative Proceedings
We may disclose your Patient Data and/or Sensitive Patient Data as required
to comply with court orders, discovery requests or other legal process
in the course of a judicial or administrative proceeding.
Law Enforcement/Governmental Agencies
We may also disclose Patient Data and/or Sensitive Patient Data
for law enforcement purposes. For example, we may be required
to release Patient Data and/or Sensitive Patient Data as required by
law or in compliance with a court order, judicial subpoena, court-ordered
warrant, grand jury subpoena, administrative request, investigative
demand or similar legal process, but only if efforts have been made
to tell you about the request or to obtain an order of protection for
the requested information. We may release Patient Data and/or
Sensitive Patient Data for other law enforcement purposes, such as to
identify or locate a suspect, fugitive, material witness, or missing
person. We may disclose your Patient Data and/or Sensitive Patient
Data for military and veterans activities, national security or intelligence
purposes, or to correctional institutions, or to law enforcement officials
having custody of an inmate.
Workers Compensation
We may disclose your Patient Data and/or Sensitive Patient Data
as necessary to comply with requirements of workers' compensation or
similar programs that provide benefits for work-related injuries or
illness without regard to fault. For example, workers compensation
programs may require that we provide the results of laboratory testing
as part of the case file.
State Law
For all of the above purposes, in situations where the laws of any state
in which we provide services are more restrictive than applicable federal
law, we are required to follow the more restrictive state law.
For example, some states require physician authorization to release
laboratory test results to patients, and other states prohibit a laboratory
from releasing test results directly to a patient.
Choice
You have the right to revoke your authorization to transfer Patient Data and/or Sensitive Patient Data at any time, except if we have already made a disclosure based on that authorization. To revoke your authorization, please use the contact information at the beginning of this Notice.
In
the event Patient Data is to be used for a new purpose incompatible
with the purposes for which it was originally collected or subsequently
authorized, when feasible and appropriate, you will be given the opportunity
to chose (opt-out) whether to have your Patient Data so used.
In the event that Sensitive Patient Data is used for a new purpose,
your explicit consent (opt-in) will be obtained prior to the use or
transfer of the Sensitive Patient Data.
Access
You
or your authorized or designated personal representative has the right
to inspect and copy your Patient Data and Sensitive Patient Data, and
to correct, amend or delete information if it is inaccurate. Where
possible, Monogram will provide access to the Patient Data and/or Sensitive
Patient Data in a timely manner. You may be requested to justify
your request for Patient Data and/or Sensitive Patient Data in a situation
where access to the information would present a burden to Monogram.
The burden to providing the information will be considered, but is not
the controlling factor to establishing whether access will be denied.
Access may be denied when the burden or expense of providing access
would be disproportionate to the risks to an individual’s privacy,
if the rights of persons other than the individual would be violated,
or if prohibited by law.
Security and Data Integrity
Monogram
will take reasonable precautions to protect Patient Data and Sensitive
Patient Data from loss, misuse and unauthorized access, disclosure,
alteration and destruction. The security and integrity of Patient
Data and Sensitive Patient Data are maintained according to the Health
Insurance Accountability and Portability Act (HIPAA).
We may contact you for specific reasons
Although we do not do so today, we may want to contact you in the future
regarding health-related products or services that may be of interest
to you. If, upon receiving such communications or materials, you
wish to be excluded from any further communications, please contact
customerservice@monogrambio.
Monogram Biosciences, Inc.
Attention: Privacy Compliance Officer
345 Oyster Point Blvd.
South San Francisco, CA 94080
Complaints
If you believe your privacy rights have been violated, please contact
us at the address located at the beginning of this Notice. To
ensure compliance with the Safe Harbor Principles, Monogram will: (a)
use the services of the American Arbitration Association (“AAA”)
in the investigation and resolution of complaints and comply with advice
given by the AAA; (b) periodically review and verify the Organization’s
compliance with the Safe Harbor Principles; and (c) remedy issues arising
out of any failure to comply with the Safe Harbor Principles.