Eurofins Viracor Inc., (“Viracor Eurofins”), is committed to protecting the privacy and security of its clients, partners, and associates and therefore operates under a set of strict privacy principles.
Viracor Eurofins is required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 to maintain the privacy of your protected health information (PHI) and provide you with notice of our legal duties and privacy practices. Your PHI includes any information that identifies you and relates to your past, present or future health care or payment for your health care. This notice describes how we may use or disclose your PHI to provide you with treatment, obtain payment for our services, operate our laboratory, and perform other activities. It also describes your privacy and access rights with respect to your PHI.
HOW VIRACOR EUROFINS MAY USE OR DISCLOSE YOUR PROTECTED HEALTH INFORMATION
The information below describes how Viracor Eurofins may use or disclose your protected health information. If you have questions about any of the below uses and disclosures, contact our Privacy Officer at 1-800-305-5198.
(a) For Treatment
- We may use your PHI to provide you with clinical laboratory services. For example, our laboratory scientists will use your PHI to perform the laboratory tests you requested. We may share your PHI with health care professionals involved in your medical care. For example, we may share your test results with the physician who ordered your laboratory test.
(b) For Payment
- We may use and disclose your PHI in order to obtain payment for our laboratory services. For example, we may share your PHI with your health plan in order to receive payment for performing a laboratory test.
(c) For Heath Care Operations
- We may use and disclose medical information about you to operate our laboratory and provide our services. For example, we may use your PHI to evaluate the clinical performance of our laboratory scientists or to teach students entering the clinical laboratory sciences field.
(d) To Business Associates
- We may share your PHI with business associates who use PHI to perform certain functions or activities on our behalf. For example, we may share your PHI with an outside billing company or collection agency who assists us in obtaining payment for our services. These business associates are required to maintain the privacy of your medical information. As of February 17, 2010, business associates are also directly responsible for compliance with federal security standards and certain provisions of the federal privacy law, to further ensure the protection of your PHI.
(e) To Persons Involved In Your Care or Payment for Your Care
- Unless you object, we may disclose your PHI to people (such as a spouse, friend, or family member) who are involved in your care or payment for your care.
(f) As Required by Law
- We will disclose your PHI when required to do so by federal, state or local law.
(g) For Public Heath Activities
- When required by law, we may disclose your PHI to public health authorities so that they can perform certain public health activities, such as tracking the incidence of communicable diseases.
(h) For Abuse, Neglect & Domestic Violence
- If we have reason to believe that you are a victim of abuse, neglect, or domestic violence, we may disclose your PHI to the proper government authority.
(i) For Health Oversight Activities
- We may share your PHI with health oversight agencies that assure we are following certain laws in providing our services. For example, we may share your PHI with Centers for Medicare & Medicaid Services when it is certifying our laboratory or making sure we were paid properly for our services.
(j) For Judicial and Administrative Proceedings
- We may disclose your PHI in response to a court or administrative order, or in response to a proper subpoena, discovery request, or other lawful process
(k) For Law Enforcement Purposes
- We may disclose your PHI for law enforcement purposes such as reporting certain types of wounds, responding to a court order or other legal process, identifying or locating suspects, witnesses, and missing persons; identifying a victim of a crime, or responding to a suspicious death, suspected crime on our premises or certain other emergency situations.
(l) To Coroners, Medical Examiners and Funeral Directors
- We may disclose PHI to a coroner, medical examiner or funeral director as may be necessary to identify a deceased person, determine the cause of death, or perform other legal duties.
(m) For Organ and Tissue Donation Purposes
- We may disclose PHI to organizations that engage in organ donation and transplantation activities.
(n) For Research Purposes
- We may use your PHI for research purposes if we have your permission, the information does not identify you, or an Independent Review Board finds that your permission is not necessary because certain other federally required protections have been met.
(o) To Avert A Serious Threat to Health or Safety
- We may disclose your PHI to certain persons in order to prevent a serious threat to the health and safety of yourself or others.
(p) For Specialized Government Functions
- We may disclose your PHI for specialized government functions, such as assisting in national security or protecting the President. In certain situations, we may disclose the PHI of military personnel and veterans to military authorities and disclose the PHI of inmates to correctional institutions or law enforcement personnel.
(q) For Workers’ Compensation Purposes
- We may disclose your PHI for workers’ compensation purposes as appropriate under State workers’ compensation laws.
(r) Data Breach Notification
- We may use or disclose your PHI to provide legally-required notices of unauthorized access, acquisition or disclosure of your PHI.
ADDITIONAL INFORMATION COLLECTED
In addition to personal information collected for the purposes noted above, Viracor Eurofins may also collect the information below for the reasons noted:
(a) IP Addresses (Server Log Information)
- In some cases we may collect IP addresses in order to detect unauthorized access attempts and control system access security. An IP address is a number automatically assigned to your computer whenever you access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other.
(b) Registration (User-Supplied Information) -
- Users accessing customer support via our on-line support web site are required to give Viracor Eurofins contact information such as their name and e-mail address, and demographic information such as a ZIP code, organization and/or role. The user’s contact information is used to contact the user when necessary. Personally identifiable information will not be disclosed.
In addition, note that Viracor Eurofins provides its clients with services that involve it processing personal data on its client’s behalf, such as where it provides remote hosting, system monitoring, system trouble-shooting, data warehousing and application management services. In this capacity, Viracor Eurofins does not own or control the personal data it processes, but rather its clients do. In this capacity, Viracor Eurofins receives and processes personal data merely as a “data processor” on behalf of its client. In such situations, Viracor Eurofins often has no contact with the individuals to whom such personal data relates and so is dependent upon its client to comply with applicable Personal Privacy, HIPAA, EU and/or Swiss data protection law at the time that the personal data is originally collected or received by its client.
OTHER USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION
Before we use or disclose your PHI for any purpose other than those mentioned above, we will ask for your written authorization. Certain federal and state laws may limit the information we are allowed to disclose under your authorization. Uses and disclosures of your PHI for marketing require your authorization. You may revoke your authorization in writing at any time, except to the extent we have already relied upon it.
- To request an Authorization form, contact the Viracor Eurofins Privacy Officer at 1-800-305-5198; email PrivacyOfficer@Viracor-Eurofins.com; or send a written request to Viracor Eurofins, Attn: Privacy Officer, 1001 NW Technology Drive, Lee’s Summit, Missouri, 64086.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
(a) Right to Receive a Copy of this Notice
- You have the right to receive a paper copy of this Notice even if you have already received it electronically. To receive a paper copy of this Notice, contact the Viracor Eurofins Privacy Officer at 1-800-305-5198; email PrivacyOfficer@Viracor-Eurofins.com; or send a written request to Viracor Eurofins, Attn: Privacy Officer, 1001 NW Technology Drive, Lee’s Summit, Missouri, 64086.
(b) Right to Request Restrictions
- You have the right to request that we restrict how your PHI is used or disclosed. For example, you may ask us not to share your PHI with a certain person or company. We will carefully consider your request, however we have the right to deny your request. We must agree to your request if the disclosure is to a health plan for purposes of payment or health care operations and the disclosure relates to a health care expense for which you have already paid. If we agree to your request, we will honor it except when the PHI is needed to provide you with emergency treatment. If you would like to request a restriction on how your PHI is used or disclosed, contact our Privacy Officer at 1-800-305-5198 or at PrivacyOfficer@Viracor-Eurofins.com. The Privacy Officer will provide you with our Restriction Request form.
(c) Right to Request “Confidential Communications”
- You have the right to request that we contact you about your PHI at a specific address or in a specific time, place, or manner. We will grant all reasonable requests. If you would like to request a “confidential communication,” contact our Privacy Officer at 1-800-305-5198 or at PrivacyOfficer@Viracor-Eurofins.com. The Privacy Officer will provide you with our Confidential Communications Request form.
(d) Right to Access Your PHI
- You have the right to inspect and receive copies of PHI that we use to make decisions about your care and payment for your care, or to designate another person to receive a copy of your PHI. As of February 17, 2010, you have the right to request an electronic copy of your PHI if it is maintained in an electronic health record (“EHR”). All requests to inspect or receive copies must be written and sent to:
Eurofins Viracor, Inc.
Attn: Client Services
1001 NW Technology Drive
Lee’s Summit, MO 64086
(e) Right to Amend Your PHI
- You have the right to request that we amend your PHI if you feel that it is inaccurate or incomplete. In certain circumstances, we are not required to grant your request. If we do not grant your request, we will provide you with the reasons why your request was denied. If you would like to request that your information be amended, contact our Privacy Officer at 1-800-305-5198 or at PrivacyOfficer@Viracor-Eurofins.com. The Privacy Officer will provide you with our Amendment Request form.
(f) Right to an “Accounting of Disclosures”
- You have the right to receive a list of certain disclosures we have made of your protected health information. This list will not include disclosures we have made for treatment, payment, or health care operations purposes, or certain other types of disclosures. However, as of January 1, 2014, you will have the right to receive an accounting of all disclosures of your PHI made through an EHR. Requests for an accounting of disclosures through an EHR will only go back for three years. To request an Accounting of Disclosures, contact our Privacy Officer at 1-800-305-5198 or at PrivacyOfficer@Viracor-Eurofins.com. The Privacy Officer will provide you with our Request for Accounting of Disclosures form.
REVISIONS TO THIS NOTICE
We reserve the right to change the terms of this Notice and the right to make the new notice provisions effective for all PHI we maintain, regardless of when it was created or received. We will keep our current Notice posted on our website at https://www.Viracor-Eurofins.com, and we are required to follow the terms of the notice currently in effect. If you would like a paper copy of a revised notice contact our Privacy Officer at 1-800-305-5198; email PrivacyOfficer@Viracor-Eurofins.com; or send a request to Viracor Eurofins, Attn: Privacy Officer; 1001 NW Technology Drive, Lee’s Summit, MO 64086.
If you believe your privacy rights have been violated, you may file a complaint with Viracor Eurofins or with the Secretary of the Department of Health and Human Services. To file a complaint with Viracor Eurofins, contact our Privacy Officer at 1-800-305-5198; email PrivacyOfficer@Viracor-Eurofins.com; or send a complaint to Viracor Eurofins, Attn: Privacy Officer; 1001 NW Technology Drive, Lee’s Summit, MO 64086. Viracor Eurofins will not retaliate against anyone filing a complaint.