HIPAA notice of privacy practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Apex Healthware, LLC ("Apex") is committed to protecting the privacy of your identifiable health information. This information is known as
“protected health information” or “PHI.” Examples of documents that may contain your PHI include laboratory test orders, test results and invoices for medical services.
Our PHI & HIPAA Responsibilities
Apex Healthware is required by law to maintain the privacy of your PHI. We are also required by law to provide you with this
Notice of our legal duties and privacy practices upon request. This notice describes our legal duties, privacy practices and
your patient rights as determined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
We are also required to follow the terms of this Notice which is currently in effect. We are also required to notify affected individuals
in the event of a breach involving PHI that is unsecured. PHI is stored electronically and is subject to electronic disclosure by Apex computer applications.
This Notice does not apply to certain services that are performed by our software, such as some drugs of abuse testing services and insurance applicant services.
Ways We May Use or Disclose Your PHI Health Information
We use your PHI for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law.
Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your PHI will fall into one of the categories listed below.
We will need your authorization to use or disclose your PHI for any purpose not covered by one of the categories below.
With limited exceptions, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes
or sell your PHI unless you have signed an authorization. You may revoke any authorization you sign at any time.
If you revoke your authorization, we will no longer use or disclose your PHI except to the extent we have already taken action based on your authorization.
We may use and disclose your PHI for the following purposes:
Treatment
Apex Healthware provides laboratory testing software for physicians and other healthcare professionals, and we use your
PHI in our testing process. We disclose your PHI to authorized healthcare professionals who order tests or need access
to your test results for treatment purposes. We may use and disclose PHI to contact you about our services, such as
to remind you of an appointment or to return your specimen collection kit, notify you of the status of your laboratory testing, or
to tell you about our health-related products and services that may be of interest to you. Examples of other
treatment-related purposes include disclosure to a pathologist to help interpret your test results or use of your PHI
to contact you to obtain another specimen, if necessary.
Payment
Apex Healthware may use and disclose your PHI for purposes of billing and payment. For example, we may disclose
your PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for
health benefits or to obtain payment for our services. If you are insured under another person’s health
insurance policy (for example, parent, spouse, domestic partner or a former spouse), we may also send invoices
to the subscriber whose policy covers your health services.
Healthcare Operations
Apex Healthware may use and disclose your PHI for activities necessary to support our healthcare operations.
This includes functions such as performing quality checks on our testing, internal audits, arranging for
legal services or developing reference ranges for our tests. It also includes, for example,
the sale, transfer, merger, or consolidation of all or part of Apex Healthware with another covered entity,
or an entity that following such activity will become a covered entity and due diligence related to the transaction(s).
Business Associates
We may provide your PHI to other companies or individuals that need it to provide services to us.
These other entities, known as "business associates," are required to maintain the privacy and security of PHI.
For example, our business associates may use your PHI to conduct billing, collections, imaging, courier, or record storage services on our behalf.
Individuals Involved in Your Care
We may disclose relevant PHI to a family member, friend, caregiver or other individual involved in your
healthcare or payment for your healthcare, if you tell us that this is acceptable to you or you do not object;
or if in our professional judgment, we believe that you do not object.
As Required by Law
We may use and disclose your PHI as required by law.
Law Enforcement Activities and Legal Proceedings
We may use and disclose your PHI if necessary to prevent or lessen a serious threat to your health and safety or
that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant,
investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive,
material witness, or missing person. We may disclose your PHI as required to comply with a court or administrative order.
We may disclose your PHI in response to a subpoena, discovery request or other legal process in the course of a judicial
or administrative proceeding, but only if efforts have been made to tell you about the request or to
obtain an order of protection for the requested information.
Research
We may use or disclose PHI for research projects, such as studying how to diagnose or treat particular diseases.
These research projects must go through a special process that protects the confidentiality of your medical information.
We may also use or disclose PHI about deceased patients to researchers if certain requirements are met.
De-identified Information
We may use your PHI to create “de-identified” information, which means that we remove information that
can be used to identify you. There are specific rules under the law about what type of information needs
to be removed before information is considered de-identified. Once information has been de-identified as
required by law, it is no longer PHI and we may use it for any lawful purpose.
Other Uses and Disclosures
As permitted by HIPAA, we may disclose your PHI to:
- Social Services Agencies
- Public Health Authorities
- The Food and Drug Administration
- Health Oversight Agencies
- Military Command Authorities
- National Security and Intelligence Organizations
- Correctional Institutions
- Organ and Tissue Donation Organizations
- Coroners, Medical Examiners and Funeral Directors
- Workers Compensation Agents
We may also disclose PHI to those assisting in disaster relief efforts so that family or friends
can be notified about your condition, status and location.
Incidental Uses and Disclosures
Sometimes, your PHI may be used or disclosed in the course of our primary uses and disclosures,
such as for treatment, payment or healthcare operations. For example, we may call your name in
the waiting room at one of our Patient Service Centers, or use it in a telephone conversation with a provider.
We are permitted to make such incidental uses and disclosures as long as we take reasonable steps to minimize them,
and have in place appropriate safeguards to protect them.
Note Regarding State Law
For all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.
Your Patient Rights
Receive Test Information
You have the right to access your PHI. You may:
- Obtain your test results online by visiting the website provided by the laboratory using our software ("Performing Lab") to access your account and/or request your records; or
- Complete and submit a Patient Request to Access or to Disclose Protected Health Information (PHI) (Access Form) to obtain your test results and other PHI; or
- Submit a written request of your own to obtain your PHI (requests must be signed and include enough demographic and other information
necessary for the Performing Lab to authenticate you and identify your records).
If your request for test information is denied, you may request that the denial be reviewed.
Amend Health Information
You may request amendments (changes) to your PHI by making a written request to the Performing Lab. However,
we may deny the request in some cases (such as if we determine the PHI is accurate).
If we deny your request to change your PHI, we will provide you with a written explanation of the reason
for the denial and let you know about further actions you may take.
Accounting of Disclosures
You have the right to receive a list of certain disclosures of your PHI made by Apex Healthware in the past
six years from the date of your written request. Under the law, this does not include disclosures made for
treatment, payment, or healthcare operations or certain other purposes.
Request Restrictions
You may request that we agree to restrictions on certain uses and disclosures of your PHI.
We are not required to agree to your request, except for requests to limit disclosures to your health
plan for purposes of payment or healthcare operations when you have paid us for the item or service
covered by the request out-of-pocket and in full and when the uses or disclosures are not required by law.
Request Confidential Communications
You have the right to request that we send your health information by alternative means or to an alternative address,
and we will accommodate reasonable requests.
Copy of this Notice
You have the right to obtain a paper copy of this Notice upon request.
How to Exercise Your Rights
You may write or send an email to us with your specific request. Please refer to the Contact Information below.
Apex Healthware will consider your request and provide you a response.
Complaints/Questions/Contact Information
If you believe your privacy rights have been violated, you have the right to file a complaint with us.
You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services,
Office for Civil Rights. Apex Healthware will not retaliate against any individual for filing a complaint.
To file a complaint with us, or should you have any questions about this Notice, send an email to us at
Support@ApexHealthware.com, or write to us at the following address:
Apex Healthware
Attention: Privacy Officer
20079 Stone Oak Parkway, Suite 1105-612
San Antonio, Texas 78258
You may also contact the Privacy Officer at (210) 943-3600.
Note
We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices,
and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI
created or received prior to the effective date of the Notice revision. Our Notice is displayed on our
website and a copy is available upon request.
Non-Discrimination Notice
We comply with applicable Federal civil rights laws and do not discriminate on the basis of race, color,
national origin, age, disability, or sex. Apex Healthware does not exclude people or treat them differently
because of race, color, national origin, age, disability, or sex.
You can file a grievance in person, by mail, or email. If you need help filing a grievance, the Apex Healthware
Civil Rights Coordinator is available to help you.
You can also file a civil rights complaint with the U.S. Department of Health and Human Services,
Office for Civil Rights, electronically through the Office for Civil Rights Complaint Portal,
available at https://ocrportal.hhs.gov/ocr/portal/lobby.jsf, or by mail or phone at:
U.S. Department of Health and Human Services
200 Independence Avenue, SW
Room 509F, HHH Building
Washington, D.C. 20201
(800) 368-1019, (800) 537-7697 (TDD)