NOTICE OF PRIVACY PRACTICESTHIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Joint Notice of Privacy PracticesThis Joint Notice of Privacy Practices describes the privacy practices of the U.S. subsidiaries of Myriad Genetics, Inc. which are a “covered entity” under Federal privacy laws which make up the Myriad Affiliated Covered Entity (“ACE”). The ACE entities are Myriad Genetic Laboratories, Inc., Crescendo Bioscience, Inc., Assurex Health, Inc., and Myriad Women’s Health, Inc. (formerly known as Counsyl, Inc.), (collectively referred to herein as “Myriad”). For purposes of complying with Federal privacy and security requirements, the above-designated entities have designated themselves an ACE. These entities are under common ownership and control and have agreed to treat themselves as a single “covered entity” under Federal privacy laws. Myriad is committed to protecting the confidentiality of your medical and health information (“protected health information” or “PHI”) as described in this Notice. We are required by law to provide this Notice to you and to maintain the privacy and security of your protected health information as stated in this Notice. Myriad Genetics, Inc., and our additional U.S. subsidiaries which are not part of the ACE and are not covered entities, also follow the relevant privacy practices outlined in this Notice.
Uses and Disclosures of Your Protected Health InformationMyriad may use or disclose your protected health information for treatment, payment, research, or healthcare operations purposes and for other purposes as permitted or required by law. Where state or federal law restricts one of the described uses or disclosures, we follow the requirements of such state or federal law. These are general descriptions only. They do not cover every example of disclosure within a category.
Treatment:We may use and disclose your protected health information to provide you with laboratory services related to your treatment, including disclosure to other health care professionals who are involved in your care for use in treating you in the future. For example, when your test has been completed, we will use your protected health information to create a test results report which we will provide to the physician that ordered your test.
Payment:We may use and disclose your protected health information to bill and obtain payment from health plans or other entities for the services we provide to you. For example, we may contact your health plan to verify coverage for the services we are providing, to get prior approval for those services when required, or to generate a claim for the services provided to obtain payment.
Research:We may use and disclose your protected health information for internal and external research purposes to, among other things, develop and improve our testing services and products. We may disclose your PHI to organizations that support medical research or that find, investigate, or cure diseases. To do this, we will use standard de-identification practices to de-identify your PHI before it is disclosed, or obtain your consent to do so. For example, we may use your PHI to assist us in developing our variant classification program.
Health Care Operations:We may use and disclose your protected health information, as needed, in order to support the business activities of our company, such as quality assessment and improvement activities, staff training, providing customer service, managing costs, and licensing of our laboratory with the goal of improving the care we provide. For example, we may use your PHI to develop and improve our internal controls to improve our testing services.
Business Associates:We may also disclose your protected health information to third party “business associates”, which may also include affiliates of Myriad, that perform various administrative activities for us related to treatment, payment or health care operations. For example, we may disclose information to an agency that performs collections on unpaid accounts. Our business associates sign an agreement stating they will maintain the privacy and security of your health information as required by law.
Persons Involved in Your Care:We may disclose your protected health information to individuals, such as family members, relatives, personal friends or others who are involved with your care or who help pay for your care as long as you have not expressed your objection to, or requested a restriction on these types of disclosures. For example, if you are covered by your spouse’s, parents’ or other individual’s health insurance, we may disclose information to that individual relevant to payment for the services we have provided you. In all cases, we will use our best judgment and restrict the information shared to only that which is relevant to your family’s and others’ involvement in your care. In cases where you are not present or the opportunity to agree or object to the use or disclosure cannot be provided because of your incapacitation or an emergency circumstance, a disclosure may be made in your best interests.
To Perform and Improve Our Services.We may use and disclose your PHI to, among other things, assist with your healthcare provider’s operations to facilitate the provision of healthcare services, improve and develop new screenings and other services, provide customer service when you have questions about your billing, results, or otherwise, and to run and improve our organization. We may share your PHI with your healthcare provider by discussing your Report with them or by processing claims for payment.
Other uses and disclosures:We are permitted or required by law to share your information in other ways usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can disclose your information for these purposes. These additional uses and disclosures include:
- for public health and safety activities authorized by law to collect or receive such information for the purposes of preventing or controlling disease, injury, or disability;
- to certain governmental agencies if we suspect child abuse or neglect; we may also release your protected health information to certain governmental agencies if we believe you to be a victim of abuse, neglect, or domestic violence;
- to Food and Drug Administration (FDA) regulated entities for purposes of monitoring or reporting the quality, safety, or effectiveness of FDA regulated products, or to participate in product recalls;
- to your employer when we have provided health care to you at the request of your employer for purposes related to occupational health and safety (in most cases you will receive notice
- that information is disclosed to your employer);
- if required by law to a government oversight agency conducting audits, investigations, inspections and related oversight functions; in emergency circumstances, such as to prevent a serious and imminent threat to a person or the public;
- to respond to lawsuits or legal actions (if required or requested by a legal representative, court or administrative order, subpoena or discovery request, in most cases you will have notice of such release);
- to law enforcement officials to identify or locate suspects, fugitives or witnesses, or victims of crime, or for other allowable law enforcement purposes;
- to correctional institutions, to the extent that Myriad makes such disclosures to coroners or medical examiners for the purpose of identifying a deceased person, determining cause of death or another purpose authorized by law and to funeral directors as necessary to carry out their duties with respect to the deceased to the extent consistent with applicable law;
- if necessary to arrange an organ or tissue donation from you or a transplant for you;
- if you are a member of the military for activities set out by certain military command authorities required by armed forces services;
- if necessary for national security, intelligence, or protective services activities;
- for purposes related to your workers’ compensation benefits or similar programs that provide benefits for work-related injuries or illness;
- to researchers when the research they are conducting has been approved by an institutional review or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information or to people preparing to conduct a research project;
- in connection with the publication of clinical research or studies in peer reviewed journals or for medical and societal presentations, or disclosure to publicly available databases such as the National Center for Biotechnology Information, in which case we use standard de-identification practices to de-identify PHI before it is disclosed;
- as a part of a business transaction, such as a merger or acquisition of all or part of our business; in this event, your PHI will still be afforded the same or comparable protections contained in this Notice;
- we may make a disclosure to the secretary of the HHS for HIPAA Rules compliance and enforcement purposes; and
- we may create and distribute de-identified health information by removing all individually identifiable information.
Uses and Disclosures with Your AuthorizationUses and disclosures of your protected health information other than those stated immediately above will be made only with your written authorization. Examples include, but are not limited to:
- use or disclosure of protected health information for marketing purposes, and
- disclosures that constitute a sale of your protected health information.
Your Individual RightsFollowing is a statement of your rights related to your protected health information and how you may exercise these rights. In accordance with the privacy rule, in the event that you request access, restrictions, confidential communications, record amendments or an accounting of disclosures, Myriad is required to respond within 30 days of receiving your request. Myriad may notify you within the first 30 days of receiving your request that an additional 30 days is necessary to respond to your request.
Access:You have the right to access and receive a copy of your protected health information that may be used to make decisions about your care or payment for your care. If we maintain the information you have requested in an electronic format you can ask for it to be provided to you electronically, and also ask us to electronically send copies to another person. Requests for access to or copies of your protected health information must be submitted to Myriad in writing following the applicable process listed below.
For Myriad Genetic Laboratories patients: Contact Customer Support at (800) 469-7423 or use Myriad’s record request form which is located at mysupport360.com under the “Resources” tab in the “Patient Records Request” section.
For Assurex Health patients: Contact Customer Support at (866) 757-9204 or via email at firstname.lastname@example.org.
For Myriad Women’s Health patients: Contact Customer Support at 1-888-COUNSYL (1-888-268-6795) or via email at email@example.com
For Crescendo Biosciences patients: Contact Customer Support at (877) 743-8639 or firstname.lastname@example.org.