AiDX is a corporation based in the state of Florida in the United States. AiDX makes no representation that the Website, or the Content or services available through the Website, are appropriate or accessible outside of the United States or in all locations. Access to the Website or Services may not be legal by certain persons or in certain countries. If you access the Website or Services from outside the United States, you do so on your own initiative and are responsible for compliance with all applicable laws from your home nation, and the country, state and city in which you are present while using the Website or Services.
AiDX, this Website, and our Services, are based in the United States and, regardless of where you access our Website or Services, the information collected as part of that use will be transferred to and maintained on servers located in the United States. Any information we obtain about you will be stored in accordance with U.S. privacy laws, regulations, and standards, which may not be equivalent to the laws in your country of residence. By using this Website or any Service, you consent to this collection, transfer, storage, and processing of information to and in the United States.
The Services may contain links to external websites. aiDX does not maintain these sites and is not responsible for the privacy practices of sites that it does not operate. Please refer to the specific privacy statements posted on those sites.
Aggregate Data Collection
Types of Personal Information Collected
aiDX may collect, store, and use personally identifiable information (such as name, email address, postal code, and email preferences) when it is voluntarily submitted to us, such as when you register for our informational newsletters or contact us.
The Services are directed at an adult audience. By using the Services, you confirm that you are not under the age of 13. We will not knowingly collect or use any personal information from any children under the age of 13. If we become aware that we have collected any personal information from children under 13, we will promptly remove such information from our databases.
Use of Personal Information
Information that you provide to aiDX through applidx.com is encrypted using industry standard Secure Sockets Layer (SSL) technology. Your information is processed and stored on controlled servers with restricted access. We cannot ensure or warrant the security of any information you transmit to the Services, and you do so at your own risk. aiDX therefore disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
By using the Services, you acknowledge and affirm that you have provided notice to, and obtained consent from, any third party individuals whose personal information you supply to us.
NOTICE OF PRIVACY PRACTICES
Effective Date: June 1, 2018
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY AIDX AND ITS EMPLOYEES AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
In this Notice of Privacy Practices (this “Notice”) we use terms like “we”, “us” and “our” to refer to Applied Ingenuity Diagnostics (“aiDX”). This Notice applies to aiDX and its employees, including its scientists, clinical directors, genetic counselors and administrative employees.
We are required by law to:
- Maintain the confidentiality of your protected health information in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and applicable state law;
- Comply with the terms of this Notice, including any amendments; and
- Give you this Notice of our legal duties and privacy practices with respect to your PHI that we maintain.
We reserve the right to change the terms of this Notice at any time. We also reserve the right to make the changes apply to your PHI we already have. Before we make a material change to this Notice, we will post a new Notice in a clear and prominent area and on our website. You can also request a copy of the new Notice from our Gainesville FL Office at the contact information provided in this Notice.
What is “Protected Health Information”?
“Protected Health Information” or “PHI” is information, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services. Any information about you (including PHI) that has been de-identified in accordance with standards established under HIPAA (“De-Identified Data”) is not considered PHI. De-Identified Data is not subject to this Notice and we may use and disclose De-Identified Data for any lawful purpose.
How We May Use Or Disclose PHI Without Consent Or Authorization:
We may use and/or disclose your PHI without your consent or authorization for the following purposes:
- Treatment. We may use and disclose your PHI in order to provide health care services and treatment for you. For example, our genetic counselors may use and disclose your PHI with each other to conduct laboratory tests on your samples. We may also disclose your PHI to other health care providers (i.e., who are not part of aiDX) for purposes of your treatment by those health care providers. These other health care providers include physicians who order genetic tests for you, but may also include other physicians who take over your care in the future or genetic counselors employed by other companies, which entered into a contract with. Scientific developments over time may allow us to develop additional or updated information regarding your test results, which we may communicate in the future to your current or future health care providers.
- Payment. We may use and disclose your PHI in order to bill and collect payment for the treatment and services provided to you. For instance, we may provide portions of your PHI to your health plan to get paid for the health care services we provided to you. We may also disclose your PHI to your health plan to permit it to make a determination of eligibility or coverage for insurance benefits, to review the services we provided to you for medical necessity, and to perform utilization review activities. We also disclose your PHI to the responsible party of your account. If you are listed as a dependent on another person’s insurance policy, financial information regarding medical care provided may be mailed to that responsible party. In addition, if you do not timely pay us for the health care services we provided to you, we may also disclose limited PHI to a collection agency. We may also disclose your PHI to other health care providers, health plans or health care clearinghouses for their payment activities. For example, we may provide your PHI to an ambulance/transportation company that provided services to you.
- Health Care Operations. We may use and disclose your PHI in order to support our business activities, such as quality assessment activities, employee review activities, and conducting or arranging for our other business activities. For example, we may use PHI to review our treatment and services and to evaluate the performance of our staff in providing services. We may also use your PHI to evaluate and improve services provided by our business associates and other health care providers. In addition, we may use and disclose your PHI to other health care providers, health plans or health care clearinghouses for their limited health care operations, such as quality assessment activities, licensing and other health care compliance activities.
- Business Associates. We may disclose your PHI to our business associates that assist us in our delivery of health care and related services. Other business associates may include software providers, billing companies, lawyers, accountants and other persons or entities who provide us with technology or other items or services used in our business. Before we disclose your PHI to a business associate, we will have a written contract with the business associate that will require the business associate to maintain the privacy of your PHI in accordance with HIPAA.
- Research. We may use and disclose your PHI to conduct medical research as permitted under HIPAA. Under HIPAA, we may use or disclose PHI for research purposes if:
- An applicable Institutional Review Board or Privacy Board determines that (1) the use or disclosure involves no more than minimal risk to the privacy of the individual’s information, (2) the research could not practicably be conducted if individual authorization was required, and (3) the research could not practicably be conducted without access to the PHI ;
- The use or disclosure is solely in preparation for research, for example, to design a research study, and we obtain representations from the researcher that your PHI will be used only for this purpose, will not be removed and is necessary for research purposes;
- The PHI is from decedents; or
- We use only a limited data set (i.e., excluding certain direct identifiers) and enter into data set agreement with the researcher.
- Uses and Disclosures Required by Law. We may use or disclose your PHI as required by law, but must limit such use or disclosure to relevant information and otherwise comply with applicable legal requirements.
- Public Health Activities. We may use or disclose your PHI for public health activities. For example, we may use or disclose your PHI to public health authorities responsible for collecting information for purposes of preventing or controlling disease and certain disclosures related to regulatory activities of the Food and Drug Administration.
- Abuse, Neglect, or Domestic Violence. We may use or disclose your PHI in some instances if we reasonably believe that you are a victim of abuse, neglect, or domestic violence.
- Health Oversight Activities. We may use or disclose your PHI for certain health oversight activities, including, for example, inspections and licensure of health care facilities.
- Judicial and Administrative Proceedings. We may use or disclose your PHI under some circumstances in response to a subpoena or order by a court or administrative tribunal.
- Law Enforcement Purposes. We may use or disclose your PHI for certain law enforcement purposes. For example, we may use or disclose your PHI to law enforcement officials for identification of suspects or where a crime has been committed on our premises.
- Decedents. We may use or disclose PHI of decedents to coroners, medical examiners, and funeral directors.
- Serious Safety Threat. We may use or disclose your PHI where we believe it is necessary to prevent or lessen a serious threat to the safety of a person or the public.
- Specialized Government Functions. We may use or disclose your PHI under some circumstances for specialized government functions, including those related to the armed forces, national security, and intelligence.
- Workers’ Compensation: We may use or disclose your PHI in order to comply with laws related to workers’ compensation and similar programs.
- Scheduling Appointments, Appointment Reminders and Health Related Benefits or Services. We may use and disclose your PHI to schedule appointments, give you appointment reminders, and give you information about treatment alternatives or other health care related services or benefits we offer.
- Personal Representatives. We may disclose your PHI to your personal representatives that are appointed by you or authorized by applicable law.
- Inmates. If you are an inmate of a correctional institutional or under the custody of a law enforcement official, we may release your PHI to the correctional institution or law enforcement official. We may release such information for purposes that include (1) providing you with health care; (2) protecting your health and safety or the health and safety of others; or (3) protecting the safety and security of the correctional institution.
Uses and Disclosures for which You Have An Opportunity to Agree or Object:
- Individuals Involved in Your Care. We may disclose your PHI to a family member, friend or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part. The opportunity for you to agree or object may be given retroactively in emergency situations.
Our Communications with You
We may use a number of means of communicating with you in order to provide you with information and/or obtain information from you regarding your treatment, payment for services or for other lawful purposes. Such communications may include your PHI. Our means of communicating with you may include unencrypted email or text messages if you have consented to the use of email and text messaging as a means of communication. The use of unencrypted email or text messages may pose certain risks to the privacy and security of the data being transmitted, including that your PHI may be accessed by an unauthorized third party. As part of the process of ordering your laboratory tests, you will be asked by your health care provider to fill out a Test Requisition Form. The Test Requisition Form asks for your consent to be contacted via email and text message. If you consent to the use of email and text message on the Test Requisition Form, you are acknowledging and agreeing that we may use email and text message to communicate with you, even if such email and text messages are not encrypted. You may revoke your consent to the use of email and text messages for communications at any time by providing written notice to us at the contact information provided in this Notice. Your revocation will be effective with respect to all of your PHI that we maintain, unless we have already taken action in reliance on your authorization.
Your Authorization Is Needed for Other Uses and Disclosures
Unless otherwise permitted by applicable law, we will not use or disclose your PHI for purposes not described in this Notice unless you give us written authorization to do so (including via electronic signature). If you give us such written authorization, then, in most cases, you may revoke it in writing at any time as described in the authorization. Your revocation will be effective with respect to all of your PHI that we maintain, unless we have already taken action in reliance on your authorization.
What Rights Do You Have Regarding Your PHI?
- The Right to Request Additional Restrictions on Uses and Disclosures of Your PHI. You have the right to ask that we put additional restrictions on how we use and disclose your PHI. Please note that, except in limited circumstances, we are not required to agree to your requested restrictions.
- The Right to Inspect and Copy Your PHI. For so long as we maintain your PHI, you have the right to request to inspect and copy your PHI maintained by us. Because your PHI may include a significant amount of underlying data generated as part of our laboratory tests, when providing you with access to or a copy of your PHI, we may provide a summary of your records in lieu of providing access to all data generated as part of the services we provide. This summary includes the test requisition form submitted by your health care provider, all clinical notes associated with your records, and the report containing your test results. The summary does not include all underlying data generated by us in running your laboratory tests. In using aiDX’s services, you are agreeing to receive this summary in lieu of all PHI. To request inspection or a copy of your PHI, you must submit a request to us in writing using the contact information provided in this Notice. Please note that in certain circumstances, we are not required to agree to your request.
- The Right to Amend or Correct. If you feel that your PHI maintained by us is incorrect or incomplete, you have the right to ask us to correct or amend the information. To request an amendment to your PHI, you must submit the request in writing using the contact information provided in this Notice, and your written request must include an explanation of the reasons for the amendment. Please note that in certain circumstances, we are not required to agree to your request.
- The Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters by a different means or at a different location than we currently use. Please note that in certain circumstances, we are not required to agree to your request.
- Paper Copy of this Notice. You have the right to request and receive a paper copy of this Notice.
- The Right to an Accounting of Disclosures. You have the right to request a list of certain disclosures that we and our business associates made for certain purposes for the last six (6) years.
If you want to exercise any of the rights described in this Notice, please direct your inquiry to:
Applied Ingenuity Diagnostics
2531 NW 41st ST Bldg A
Gainesville, FL 32606-7490
Attention: Privacy Officer
How to Complain About Our Privacy Practices. If you think we may have violated your privacy rights, you may file a complaint with us at the contact information described above or with the Secretary of the United States Department of Health and Human Services. We will not take any retaliatory action against you if you file a complaint about our privacy practices.
Information Security Statement
Applied Ingenuity Diagnostics cares about your patients and your data as much as you do. We are committed to protecting the information you have entrusted to us. In order to demonstrate our commitment to information security, we do security Risk assessment. We undergo this assessment every year, along with many other practices, to ensure patient health information is secure.
Contact aiDX’s Information Security Team for any questions at: InfoSec@applidx.com.