Apex Healthware Privacy Policies

This section of our website describes Apex Healthware's policies related to how we use and disclose any protected health information, our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them as well as privacy practices on our websites or applications that link to them.

Data Privacy Framework

Apex Healthware, LLC ("Apex") complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Apex has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

Apex has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy Framework website at https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Apex Healthware is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to privacy@ApexHealthware.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@ ApexHealthware.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Apex Healthware’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Apex Healthware remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Apex Healthware proves that it is not responsible for the event giving rise to the damage.

In compliance with the Data Privacy Framework Principles, Apex Healthware commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact Apex Healthware by email at privacy@ ApexHealthware.com

Apex Healthware has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

HIPAA notice of privacy practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Apex Healthware, LLC ("Apex") is committed to protecting the privacy of your identifiable health information. This information is known as “protected health information” or “PHI.” Examples of documents that may contain your PHI include laboratory test orders, test results and invoices for medical services.

Our PHI & HIPAA Responsibilities

Apex Healthware is required by law to maintain the privacy of your PHI. We are also required by law to provide you with this Notice of our legal duties and privacy practices upon request. This notice describes our legal duties, privacy practices and your patient rights as determined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We are also required to follow the terms of this Notice which is currently in effect. We are also required to notify affected individuals in the event of a breach involving PHI that is unsecured. PHI is stored electronically and is subject to electronic disclosure by Apex computer applications. This Notice does not apply to certain services that are performed by our software, such as some drugs of abuse testing services and insurance applicant services.

Ways We May Use or Disclose Your PHI Health Information

We use your PHI for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your PHI will fall into one of the categories listed below.

We will need your authorization to use or disclose your PHI for any purpose not covered by one of the categories below. With limited exceptions, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes or sell your PHI unless you have signed an authorization. You may revoke any authorization you sign at any time. If you revoke your authorization, we will no longer use or disclose your PHI except to the extent we have already taken action based on your authorization.

We may use and disclose your PHI for the following purposes:

Treatment

Apex Healthware provides laboratory testing software for physicians and other healthcare professionals, and we use your PHI in our testing process. We disclose your PHI to authorized healthcare professionals who order tests or need access to your test results for treatment purposes. We may use and disclose PHI to contact you about our services, such as to remind you of an appointment or to return your specimen collection kit, notify you of the status of your laboratory testing, or to tell you about our health-related products and services that may be of interest to you. Examples of other treatment-related purposes include disclosure to a pathologist to help interpret your test results or use of your PHI to contact you to obtain another specimen, if necessary.

Payment

Apex Healthware may use and disclose your PHI for purposes of billing and payment. For example, we may disclose your PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to obtain payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.

Healthcare Operations

Apex Healthware may use and disclose your PHI for activities necessary to support our healthcare operations. This includes functions such as performing quality checks on our testing, internal audits, arranging for legal services or developing reference ranges for our tests. It also includes, for example, the sale, transfer, merger, or consolidation of all or part of Apex Healthware with another covered entity, or an entity that following such activity will become a covered entity and due diligence related to the transaction(s).

Business Associates

We may provide your PHI to other companies or individuals that need it to provide services to us. These other entities, known as "business associates," are required to maintain the privacy and security of PHI. For example, our business associates may use your PHI to conduct billing, collections, imaging, courier, or record storage services on our behalf.

Individuals Involved in Your Care

We may disclose relevant PHI to a family member, friend, caregiver or other individual involved in your healthcare or payment for your healthcare, if you tell us that this is acceptable to you or you do not object; or if in our professional judgment, we believe that you do not object.

As Required by Law

We may use and disclose your PHI as required by law.

Law Enforcement Activities and Legal Proceedings

We may use and disclose your PHI if necessary to prevent or lessen a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI as required to comply with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process in the course of a judicial or administrative proceeding, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information.

Research

We may use or disclose PHI for research projects, such as studying how to diagnose or treat particular diseases. These research projects must go through a special process that protects the confidentiality of your medical information. We may also use or disclose PHI about deceased patients to researchers if certain requirements are met.

De-identified Information

We may use your PHI to create “de-identified” information, which means that we remove information that can be used to identify you. There are specific rules under the law about what type of information needs to be removed before information is considered de-identified. Once information has been de-identified as required by law, it is no longer PHI and we may use it for any lawful purpose.

Other Uses and Disclosures

As permitted by HIPAA, we may disclose your PHI to:

Social Services Agencies
Public Health Authorities
The Food and Drug Administration
Health Oversight Agencies
Military Command Authorities
National Security and Intelligence Organizations
Correctional Institutions
Organ and Tissue Donation Organizations
Coroners, Medical Examiners and Funeral Directors
Workers Compensation Agents

We may also disclose PHI to those assisting in disaster relief efforts so that family or friends can be notified about your condition, status and location.

Incidental Uses and Disclosures

Sometimes, your PHI may be used or disclosed in the course of our primary uses and disclosures, such as for treatment, payment or healthcare operations. For example, we may call your name in the waiting room at one of our Patient Service Centers, or use it in a telephone conversation with a provider. We are permitted to make such incidental uses and disclosures as long as we take reasonable steps to minimize them, and have in place appropriate safeguards to protect them.

Note Regarding State Law

For all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.

Your Patient Rights

Receive Test Information

You have the right to access your PHI. You may:

Obtain your test results online by visiting the website provided by the laboratory using our software ("Performing Lab") to access your account and/or request your records; or
Complete and submit a Patient Request to Access or to Disclose Protected Health Information (PHI) (Access Form) to obtain your test results and other PHI; or
Submit a written request of your own to obtain your PHI (requests must be signed and include enough demographic and other information necessary for the Performing Lab to authenticate you and identify your records).

If your request for test information is denied, you may request that the denial be reviewed.

Amend Health Information

You may request amendments (changes) to your PHI by making a written request to the Performing Lab. However, we may deny the request in some cases (such as if we determine the PHI is accurate). If we deny your request to change your PHI, we will provide you with a written explanation of the reason for the denial and let you know about further actions you may take.

Accounting of Disclosures

You have the right to receive a list of certain disclosures of your PHI made by Apex Healthware in the past six years from the date of your written request. Under the law, this does not include disclosures made for treatment, payment, or healthcare operations or certain other purposes.

Request Restrictions

You may request that we agree to restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except for requests to limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket and in full and when the uses or disclosures are not required by law.

Request Confidential Communications

You have the right to request that we send your health information by alternative means or to an alternative address, and we will accommodate reasonable requests.

Copy of this Notice

You have the right to obtain a paper copy of this Notice upon request.

How to Exercise Your Rights

You may write or send an email to us with your specific request. Please refer to the Contact Information below. Apex Healthware will consider your request and provide you a response.

Complaints/Questions/Contact Information

If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. Apex Healthware will not retaliate against any individual for filing a complaint. To file a complaint with us, or should you have any questions about this Notice, send an email to us at Support@ApexHealthware.com, or write to us at the following address:

Apex Healthware
Attention: Privacy Officer
20079 Stone Oak Parkway, Suite 1105-612
San Antonio, Texas 78258

You may also contact the Privacy Officer at (210) 943-3600.

Note

We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.

Non-Discrimination Notice

We comply with applicable Federal civil rights laws and do not discriminate on the basis of race, color, national origin, age, disability, or sex. Apex Healthware does not exclude people or treat them differently because of race, color, national origin, age, disability, or sex.

You can file a grievance in person, by mail, or email. If you need help filing a grievance, the Apex Healthware Civil Rights Coordinator is available to help you.

You can also file a civil rights complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, electronically through the Office for Civil Rights Complaint Portal, available at https://ocrportal.hhs.gov/ocr/portal/lobby.jsf, or by mail or phone at:

U.S. Department of Health and Human Services
200 Independence Avenue, SW
Room 509F, HHH Building
Washington, D.C. 20201
(800) 368-1019, (800) 537-7697 (TDD)

Privacy Notice

Your privacy is important to us. This Notice explains how Apex Healthware and its affiliates (“Apex”, “we”, “our”) collect information from or about you (“you” or “your”) when you visit the websites or any applications, social media networks, interactive features, and other services that link to this Notice (the “Platforms”), and how we use, maintain, protect and disclose that information.

If you are using our Platforms in connection with our HIPAA covered services, please refer to our HIPAA Notice of Privacy Practices, which describes how we use and disclose your protected health information, our legal duties with respect to your protected health information, and your rights with respect to your protected health information and how you may exercise them. In connection with HIPAA covered services, in the event of conflict between this Notice and our HIPAA Notice of Privacy Practices, our HIPAA Notice of Privacy Practices will prevail.

Information We Collect

We may collect information about you including non-personally identifiable information and/or “Personal Information,” which is information that may identify, relate to, describe, or be capable of being associated with or reasonably linked, directly or indirectly, with a particular identified or identifiable person or household.

Personal Information is only collected for the purpose of providing medical products or services requested by you or your healthcare provider and, if appropriate, information related to performing and/or billing for the service. Personal Information we might collect includes data such as the following:

Identifiers

Identifiers such as a real name, postal address, unique personal identifier, online identifier, Internet Protocol address, signature, email address, account name, or other similar identifiers.

Financial Information

Financial information such as credit card number or debit card number and address or other information related to a billing or payment transaction.

Professional or employment-related information

Commercial Information

Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Platforms, cookies and other tracking technologies, third parties and affiliates such as service providers.

Internet/Electronic Information

Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, form submissions, email unsubscribes and subscribes, email engagement or advertisement.

Geolocation Data

Personal address information, including home and provider locations.

Personal Information

Personal information, including driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sex life, precise geolocation, information concerning your health, and genetic information.

We do not consider Personal Information to include information that can no longer be used to identify a specific natural person, whether in combination with other information or otherwise. For example, de-identified or aggregated consumer information. Additionally, the following types of information are not considered Personal Information:

publicly available information from government records; or
information excluded from the applicable data privacy law’s scope, including but not limited to PHI covered by HIPAA, information derived from PHI that is de-identified in accordance with HIPAA, and personal information we handle in our capacity as a service provider to a business.

If we combine non-personally identifiable information with Personal Information, we will treat such information appropriately, but not all rights may apply to the non-personally identifiable information portion.

How We Use Personal Information That We Collect for Business or Commercial Purposes

We may use your Personal Information:

to fulfill the purposes for which the information was provided (e.g., to provide a service or perform on a contract); to identify you in order to respond to requests, provide services or products, personalize information we provide to you, or otherwise as described below;
to communicate with you about your account or our relationship, such as making announcements about the Platforms or our privacy policies and terms;
to send push notifications and other information through our Platforms;
to design, improve and administer our Platforms;
to improve our products and services;
to recruit and evaluate job applicants and candidates for employment and to conduct background checks;
to engage in the ordinary course of employment (e.g., facilitate onboarding processes, manage compensation, provide benefits, review performance, etc.) and for other internal human resources purposes;
to audit and measure user interaction with our Platforms, so we can improve the relevancy or effectiveness of our content and messaging;
to develop and carry out marketing, advertising and analytics;
to provide texts or emails containing information about our products or services, or events or news, that may be of interest to recipients, as permitted by law;
to deliver content and products or services relevant to your interests, including targeted ads on third party sites;
to detect security incidents or monitor for fraudulent or illegal activity;
to enable security measures (such as, to protect our Platforms, customers, employees and business partners);
debugging to identify and repair errors;
to protect our rights and to protect your safety or the safety of others;
to investigate fraud or respond to government inquiries;
to complete corporate transactions (from time to time, we sell, buy, merge or otherwise reorganize our businesses, and these corporate restructurings may involve disclosure of Personal Information to prospective or actual purchasers, or the receipt of it from sellers);
to comply with laws, regulations or other legal process; or otherwise use your Personal Information with your consent.

We may also use your Personal Information to:

provide you with the services and products you request or that have been ordered and/or requested by your healthcare provider;
process or collect payments for our services; or
respond to your questions and otherwise provide support you request.

We may use Precise Location Data from your device in accordance with the device’s consent process on some of our Platforms to help us improve your user experience and provide information that is relevant to you, such as our Patient Portal.

When you choose to print or email one of your results from within the Apex CloudLab application, the result file is temporarily stored on your mobile device to aid in more efficient delivery of your result. The result file will be deleted from your mobile device storage once the action of printing or emailing is complete.

How Long We Retain Your Personal Information

Apex Healthware retains your Personal Information only for as long as is necessary for our legitimate business purposes. We will retain and use your Personal Information to the extent necessary to comply with our legal, accounting, or reporting obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. Additionally, we may continue to store your Personal Information contained in our standard back-ups. This applies to all categories of Personal Information in use by us.

Selling Personal Information or Disclosing of Personal Information for Targeted Advertising

We do not sell OR disclose Personal Information for the purpose of targeted or cross-context advertising (under California law, this is called “Sharing”).

Cookie Notice

Our websites, like almost all other websites, use cookies and other technologies to make the website work as you expect and to collect and share information. Please see our Cookie Notice for more information.

Keeping Your Information Secure

Apex Healthware has adopted physical, technical and administrative measures that are designed to prevent unauthorized access or disclosure, maintain data accuracy, and ensure appropriate use of Personal Information. We cannot, however, ensure or warrant the security of information. No security measures are infallible.

How can you help protect your information?

If you are using a Apex Healthware Platform for which you registered and chose a password, you should not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also, remember to sign out of the Apex Healthware Platform and close your browser window when you have finished your work.

Please note that unencrypted email is not a secure method of transmission, as information in such emails may be accessed and viewed by others while in transit to us. For this reason, we prefer that you not communicate confidential or sensitive information to us via regular unencrypted email. We will, however, honor patient requests for communications through unencrypted email.

Links to other sites

Our Platforms may be accessed from or contain links to other websites that we do not own or operate. If you access those links, you will leave our Platforms. Quest does not control those third party websites or their privacy practices, which may differ from ours. We do not endorse or make any representations about third-party sites, including about the content or security of those sites. The information you choose to provide to or that is collected by these third parties is not covered by this Notice.

Children's Privacy

We do not knowingly collect information from children (as defined by COPPA) and we do not target our Platforms to children. If we learn that we have collected any information from children, we will delete it. For more information about the Children’s Online Privacy Protection Act (“COPPA”), which applies to websites that direct their services to children under the age of thirteen (13), please visit the Federal Trade Commission’s website https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.

Additional Rights of Individuals in Certain Jurisdictions

Depending on where you live, you may have certain rights with respect to Personal Information that we have collected and used under certain circumstances, which may include the following:

The Right to Know About Personal Information Collected, Disclosed, or Sold.
The Right to Access and Receive your Specific Personal Information
The Right to Correct Personal Information.
The Right to Request Deletion of Personal Information about You.
The Right to Opt-Out of the Sale or Cross-Context Behavioral Advertising of Personal Information
The Right to Limit the Use or Disclosure of Sensitive Personal Information
The Right to Appeal a Business or Controller’s Refusal to Take Action
The Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
Authorized Agent Designation

When you make a request for a right provided by your state you can expect the following:

We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, in order for us to verify that you are who you say you are. Which information may depend on the type and sensitivity of information that you would like to have acted on.
We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
In certain cases, a request may be denied, for example, if we cannot verify your identity; the law requires that we maintain the information (e.g., to comply with federal and state medical record retention requirements); or, if we need the information for internal purposes such as to continue to provide you services. If we deny your request, we will explain why we denied it.

International Transfer of Your Personal Information

Your personal information may be transferred to, stored, and processed in a country other than the one in which it was provided, including transfers to the U.S. (i.e., a 'Recipient' country). Apex Healthware will use mechanisms for any such transfer as required under applicable law. If You have questions concerning the transfer of your Personal Information, please contact us using the contact details set out below.

Individuals Outside of the United States

If you are located outside of the United States, please click the following link(s) for additional information regarding your privacy rights: Europe (EU/EEA/UK/Switzerland); Canada.

Updates To This Privacy Notice

From time to time, we may change this Privacy Notice. If we make changes, we will revise the “Last Updated” date at the bottom of this Notice. We encourage you to review this Notice periodically to be sure you are aware of those changes. Changes will become effective as of the “Last Updated” date.

Contact Us

Should you have any questions about this Notice or our privacy practices more generally, please email us at Support@ApexHealthware.com, or write to us at the following address:

Apex Healthware, LLC
Attention: Privacy Officer
20079 Stone Oak Parkway, Suite 1105-612
San Antonio, Texas 78258

You may also contact the Privacy Officer at (210) 943-3600.

Last Updated: March 7, 2024