HIPAA Notice of Privacy Practices
This Notice describes how medical information about you may be used and disclosed. It also details how you can obtain this information from us. Please review it carefully.
NOTE: THIS POLICY ONLY APPLIES TO INFORMATION IN OUR POSSESSION AS A RESULT OF PERFORMING CLINICAL DIAGNOSTIC TESTING OR OTHER TESTING REGULATED BY THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (“HIPAA”). THIS POLICY DOES NOT APPLY TO NON-HIPAA COVERED TESTING.
What is Protected Health Information?
Protected Health Information (“PHI”) includes your name and date of birth, medical history, laboratory results, insurance information and other health information that we collect, generate, use, and share to produce genetic testing results, bill for our testing services, and for other purposes allowed or required by law.
How We Protect Protected Health Information
Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), GoToKnow™ and its affiliated covered entities (collectively referred to as “GoToKnow™” in this Notice) is required by law to maintain the privacy of PHI, and to provide notice of our privacy practices regarding PHI. GoToKnow™ is committed to the protection of your PHI and will make reasonable efforts to ensure the confidentiality of your PHI, as required by applicable law.
How We Use and Disclose PHI
We use your PHI for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law, as further described below. Not every possible use or disclosure of PHI is listed in this Notice, but all uses and disclosures will fall into one of these categories. Some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements.
- Treatment. GoToKnow™ provides laboratory testing for physicians and other healthcare professionals. Therefore, we use or disclose PHI for treatment purposes, including disclosure to physicians, nurses, pharmacies, and other healthcare professionals who provide you with healthcare services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results, or contacting you to obtain another specimen if necessary.
- Payment. GoToKnow™ may use or disclose PHI to bill and collect payment for laboratory or other services we provide. For example, GoToKnow™ may provide PHI to your health plan to receive payment for the healthcare services provided to you. If you are insured under another person’s health insurance policy (for example, a parent, spouse or domestic partner), we may also send invoices to the person whose policy covers healthcare services provided to you.
- Healthcare Operations. GoToKnow™ may use or disclose PHI for healthcare operations purposes. These uses and disclosures are necessary, for example, to evaluate the quality of our laboratory testing, accuracy of results, accreditation functions and for GoToKnow™’s operation and management purposes. GoToKnow™ may also disclose PHI to other healthcare providers or health plans that are involved in your care for their healthcare operations. For example, GoToKnow™ may provide PHI to manage disease, or to coordinate healthcare or health benefits.
- Appointment Reminders and Health-related Benefits and Services. GoToKnow™ may use and disclose PHI to contact you as a reminder that you have an appointment for specimen collection. We may also use and disclose PHI to tell you about health-related benefits and services that may be of interest to you. For example, GoToKnow™ may contact you about new testing services available from GoToKnow™ or its affiliates.
- Disclosure of PHI to You or As Directed by You. GoToKnow™ may disclose PHI to you or as directed by you to a third party. Your right to see and receive a copy of your PHI is listed below under the heading “Patient Rights Regarding PHI”.
- Emergencies. In the event of an emergency, GoToKnow™ will obtain your consent to use and/or disclose PHI about you to the extent that you are capable of providing consent. If you are not capable of providing consent in an emergency, GoToKnow™ may use and/or disclose PHI to notify, or assist in the notification of, a family member, your personal representative, or another person responsible for your care. We will use our professional judgement to determine whether you are capable of providing this consent, whether the event is an emergency and whether to use and/or disclose PHI under the circumstances.
- Individuals Involved in Your Care or Payment for Your Care. GoToKnow™ may disclose PHI to a person who is involved in your care or helps pay for your care, such as a family member, caregiver or friend. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort. To the extent permitted by applicable federal and state law, we may disclose the PHI of minors to their parents or legal guardians.
- Business Associates. GoToKnow™ may disclose PHI to its business associates to perform certain business functions or provide certain business services to GoToKnow™. Our business associates are other companies or individuals that need your PHI in order to provide services to us. For example, we may use another company to perform billing services on our behalf. Business associates are required to maintain the privacy and confidentiality of your PHI in accordance with applicable law. In addition, at the request of your healthcare providers or health plan, GoToKnow™ may disclose PHI to their business associates for purposes of performing certain business functions or healthcare services on their behalf. For example, we may disclose PHI to a business associate of Medicare for purposes of medical necessity review and audit.
- Disclosure Pursuant to Judicial or Administrative Proceedings. Under certain circumstances, GoToKnow™ may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process.
- Disclosure Pursuant to Law Enforcement. GoToKnow™ may disclose PHI for law enforcement purposes, or in response to a court order, warrant, subpoena or summons, or similar process authorized by law. We may also disclose PHI when the information is needed: (1) for identification or location of a suspect, fugitive, material witness or missing person, (2) about a victim of a crime, (3) about an individual who has died, (4) in relation to criminal conduct on a GoToKnow™ premises, or (5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.
- Disclosure Required by Law. GoToKnow™ must disclose your PHI if required to do so by federal, state, or local law.
- Public Health. GoToKnow™ may disclose PHI for public health activities. These activities generally include: (1) disclosures to a public health authority to report, prevent or control disease, injury, or disability; (2) disclosures to report births and deaths, or to report child abuse or neglect; (3) disclosures to a person subject to the jurisdiction of the Food and Drug Administration (FDA) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity, including reporting reactions to medications or problems with products or notifying people of recalls of products they may be using; (4) disclosures to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and (5) disclosures to an employer about an employee to conduct medical surveillance in certain limited circumstances concerning workplace illness or injury.
- Disclosure About Victims of Abuse, Neglect or Domestic Violence. GoToKnow™ may disclose PHI about an individual to a government authority, including social services, if we reasonably believe that an individual is a victim of abuse, neglect, or domestic violence.
- Health Oversight Activities. GoToKnow™ may disclose PHI to a healthcare oversight agency for activities authorized by law, such as audits, civil, administrative or criminal investigations and proceedings/actions, inspections, licensure/disciplinary actions or other activities necessary for appropriate oversight of the healthcare system, government benefit programs, and compliance with regulatory requirements and civil rights laws.
- Coroners, Medical Examiners and Funeral Directors. GoToKnow™ may disclose PHI to a coroner, medical examiner or funeral director for the purpose of identifying a deceased person, determining cause of death or for performing some other duty authorized by law.
- Organ and Tissue Donation. If requested, GoToKnow™ may disclose PHI to organizations that handle organ procurement, or eye and tissues donation banks, or other healthcare organizations as needed to make organ and tissue donation and transplantation possible.
- Personal Representative. GoToKnow™ may disclose PHI to your personal representative as permitted under applicable law, or to an administrator, executor, or other authorized individual associated with your estate.
- Correctional Institutions. GoToKnow™ may disclose the PHI of an inmate or other individual when requested by a correctional institution or law enforcement official for health, safety and security purposes.
- Serious Threat to Health or Safety. GoToKnow™ is allowed to disclose PHI when it has a good faith belief that the disclosure (1) is necessary to prevent or lessen a serious and/or imminent threat to the health or safety of the patient or others and (2) is to a person or persons reasonably able to prevent or lessen the threat.
- Research. GoToKnow™ may use and disclose PHI for research purposes. Limited data or records may be viewed by researchers to identify patients who may qualify for their research project or for other similar purposes, so long as the researchers do not remove or copy any of the PHI. Before we use or disclose PHI for any other research activity, either a special committee will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard PHI, or the researchers will be provided only with information that does not identify you directly. We may also use or disclose PHI about deceased patients to researchers if certain requirements are met.
- Government Functions. In certain situations, GoToKnow™ may disclose the PHI of military personnel and veterans, including Armed Forces personnel, as required by military command authorities. Additionally, we may disclose PHI to authorized officials for national security purposes, such as protecting the President of the United States, conducting intelligence, counter-intelligence, other national security activities, and when requested by foreign military authorities. Disclosures will be made only in compliance with U.S. law.
- Workers’ Compensation. As authorized by applicable law, GoToKnow™ may use or disclose PHI to comply with workers’ compensation or other similar programs established to provide work-related injury or illness benefits.
- De-identified Information and Limited Data Sets. GoToKnow™ may use and disclose health information that has been “de-identified” by removing certain identifiers, making it unlikely that you could be identified. GoToKnow™ also may disclose limited health information, contained in a “limited data set”. The limited data set does not contain any information that can directly identify you.
Other Uses and Disclosures of PHI
For purposes not described above, including uses and disclosures of PHI for marketing purposes and disclosures that would constitute a sale of PHI, GoToKnow™ will ask for patient authorization before using or disclosing PHI. If you provide authorization, you may revoke it in writing at any time, except to the extent that action has been taken in reliance on the authorization.
Additional Safeguards and Protections
GoToKnow™ employs additional safeguards for PHI that is subject to protection under other federal and state laws, for example, relating to mental health, HIV/AIDS, genetic testing and federally assisted alcohol and drug treatment programs. As applicable, GoToKnow™ will obtain your permission before disclosing the information to healthcare providers who are not involved in your treatment program or care.
GoToKnow™ is required to provide patient notification if it discovers a breach of unsecured PHI, unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised. The notification will include information about what happened and what can be done to mitigate any harm.
Patient Rights Regarding PHI
Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:
- Right to Receive a Copy of the GoToKnow™ Notice of Privacy Practices. You have a right to receive a copy of the GoToKnow™ Notice of Privacy Practices at any time by contacting us at privacyofficer@GoToKnow™test.com or by sending a written request to: HIPAA Privacy Officer, GoToKnow™, 27 Drydock Ave., 3rd Floor, Boston, MA 02210. This Notice will also be posted on the GoToKnow™ website at www.GoToKnow™test.com
- Right to Request Limits on Uses and Disclosures of your PHI. You have the right to request that we limit: (1) how we use and disclose your PHI for treatment, payment, and healthcare operations activities; or (2) our disclosure of PHI to individuals involved in your care or payment for your care. GoToKnow™ will consider your request, but is not required to agree to it unless the requested restriction involves both (x) a disclosure that is not required by law to a health plan for payment or healthcare operations purposes and not for treatment, and (y) you have paid for the service in full out of pocket. If we agree to a restriction on other types of disclosures, we will state the agreed restrictions in writing and will abide by them, except in emergency situations when the disclosure is for purposes of treatment.
- Right to Request Confidential Communications. You have the right to request that GoToKnow™ communicate with you about your PHI at an alternative address or by an alternative means. GoToKnow™ will accommodate reasonable requests received in writing.
- Right to See and Receive Copies of Your PHI. You and your personal representatives have the right to access PHI consisting of your laboratory test results or reports ordered by your physician. Within 30 days after our receipt of your request, you will receive a copy of the completed laboratory report from GoToKnow™ unless an exception applies. Exceptions include a determination by a licensed healthcare professional that the access requested is reasonably likely to endanger the life or safety of you or another person, and our inability to provide access to the PHI within 30 days, in which case we may extend the response time for an additional 30 days if we provide you with a written statement of the reasons for the delay and the date by which access will be provided. You have the right to access and receive your PHI in electronic format if it is readily producible in such a format. You also have the right to direct GoToKnow™ to transmit a copy to another person who you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI. To request a copy of your PHI:
- Complete the GoToKnow™ HIPAA Patient Request Form.
- Contact the Privacy Officer by e-mail at privacyofficer@GoToKnow™test.com or by sending a written request to: HIPAA Privacy Officer, GoToKnow™, 27 Drydock Ave., 3rd Floor, Boston, MA 02210.
- Right to Receive an Accounting of Disclosures. You have a right to receive a list of certain instances in which GoToKnow™ disclosed your PHI. This list will not include certain disclosures of PHI, such as (but not limited to) those made based on your written authorization or those made prior to the date on which GoToKnow™ was required to comply. If you request an accounting of disclosures of PHI that were made for purposes other than treatment, payment, or healthcare operations, the list will include disclosures made in the past six years, unless you request a shorter period of disclosures. If you request an accounting of disclosures of PHI that were made for purposes of treatment, payment, or healthcare operations, the list will include only those disclosures made in the past three years for which an accounting is required by law, unless you request a shorter period of disclosures.
- Right to Correct or Update your PHI. If you believe that your PHI contains a mistake, you may request, in writing, that GoToKnow™ correct the information. If your request is denied, we will provide an explanation of the reasoning for our denial.
How to Exercise Your Rights
To exercise any of your rights described in this Notice, you must send a written request to: HIPAA Privacy Officer, GoToKnow™, 27 Drydock Ave., 3rd Floor, Boston, MA 02210. Patients may update insurance and/or billing information through our website or by contacting the Patient Billing Department using the phone number indicated on the billing invoice.
How to Contact Us
If you have questions or comments regarding the GoToKnow™ Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact: privacyofficer@GoToKnow™test.com or send a written request to: HIPAA Privacy Officer, GoToKnow™, 27 Drydock Ave., 3rd Floor, Boston, MA 02210. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services. GoToKnow™ will not take retaliatory action against you for filing a complaint about our privacy practices.
Changes to the GoToKnow™ Notice of Privacy Practices
GoToKnow™ reserves the right to make changes to this Notice and to our privacy policies from time to time. Changes adopted will apply to any PHI we maintain about you. GoToKnow™ is required to abide by the terms of our notice as currently in effect. When changes are made, we will promptly update this Notice and post the information on the GoToKnow™ website at www.GoToKnow™test.com.
Please review this site periodically to ensure that you are aware of any such updates.
Effective Date of Notice: January 28, 2022
Last Revised: January 28, 2022
Notice Regarding Applicability
This Notice does not apply with respect to information associated with services (such as occupational screening, paternity/identity tests, insurance screening or clinical trials tests) that do not involve electronic transactions for which the Department of Health and Human Services (“HHS”) has adopted standards related to use and disclosure.
GoToKnow™ works diligently to provide exceptional service to all of its clients. The following information is provided to assist clients in contacting the appropriate GoToKnow™ office with questions regarding HIPAA.
|General HIPAA Inquiries|
|Privacy and Security||privacyofficer@GoToKnow™test.com|
|Transactions and Code Sets||tcs@GoToKnow™test.com|
|National Provider Identifier (NPI)||npi@GoToKnow™test.com|
|Questions regarding specific HIPAA transactions and/or Code Sets standards should be addressed to the following:|
|Claims Status (276/277)||claimstatus@GoToKnow™test.com|
|Other HIPAA Inquiries|
|Trading Partner Agreement inquiry||tpa@GoToKnow™test.com|
|EDI Communications (B2B)||data@GoToKnow™test.com|