Privacy Policy

Exagen Inc. Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, INCLUDING WHEN YOU USE THE SITE, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Introduction

Exagen Inc. (“Exagen”) is committed to obtaining, maintaining, using and disclosing patient protected health information (“PHI”) (also known as “personal health information”) in a manner that protects patient privacy. PHI is current, past or future information created or received by Exagen from physicians about patients for whom testing is ordered from Exagen. It may include patient condition, diagnosis, treatment, medication, and payment information. We will only use or disclose the minimum amount of your PHI we consider necessary to provide laboratory services as ordered by a physician and to collect payment for such services. This notice only applies to the PHI that we maintain. Your doctor or other healthcare provider, including other laboratories, may have different notices regarding their use and disclosure of PHI created by them.

Exagen is required by law to maintain the privacy of PHI, to state the uses and disclosures of PHI that Exagen may make, and to provide notice of the rights of individuals and our legal duties with respect to their PHI. PHI at Exagen includes personal and medical information (such as your name, address, date of birth, social security number, medical history, provider identification, test ordered, payment information, insurer, financial responsibility, etc.) that we obtain from a physician, patient, health plan, or other sources. Exagen creates, through its testing services, information to be used by a physician, within the context of other clinical and laboratory findings, to aid in the diagnosis and treatment of a disease, syndrome or condition.

Protection of PHI

Access to PHI is restricted to only those employed by Exagen who need the information in order to provide service, or aid in the provision of services, to clients and patients. We maintain physical, technical and procedural safeguards to protect PHI against unauthorized use and disclosure. We have policies and procedures in place to comply with the laws that protect PHI and our employees are regularly trained on these policies and procedures. Our procedures are designed to safeguard PHI against inappropriate use and disclosure consistent with the applicable law.

Collection and Use of Personal Information Provided by You While Using our Website

PHI will be used or disclosed for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. It is not possible to list every use or disclosure; however, all of the ways we use or disclose your PHI falls into one of the categories listed below.

Exagen will not use or disclose your PHI, other than for the purposes listed below, without your written authorization. In the event of our request to use PHI for some other purpose, we would contact you with information about the possible disclosure and request your authorization. You would have the right to revoke your authorization at any time, except if we have already made a disclosure based on that authorization. We do not need your authorization to use or disclose your PHI for the following purposes. Third parties to whom we provide PHI are required by law to keep PHI confidential.

For Treatment

Exagen is permitted to use and disclose your PHI for your treatment and to coordinate your care with others involved in your care. For example, we use and disclose PHI in order to fulfill requests by physicians to perform laboratory testing services.

For Payment

Exagen uses and discloses, PHI, as necessary, to obtain reimbursement for testing services from third parties such as Insurance Companies or health plans.

For Healthcare Operations

We may use or disclose your PHI in the course of performing health care operations such as quality assessment and improvement activities.

Other Activities Permitted or Required by Law

We may use or disclose your PHI for activities permitted by federal or state law, with or without your authorization. These activities include:

Required by Law

We may use or disclose PHI to the extent such use or disclosure is requited by federal, state or local law and it complies with and is limited to the requirements of that law. The Secretary of the U.S. Department of Health and Human Services may, upon request, obtain access to PHI in our possession to review compliance with HIPAA.

Law Enforcement and Judicial and Administrative Proceedings

We use or disclose PHI for certain law enforcement purposes and in response to official subpoenas, court orders, discovery requests and other legal process.

Public Health Activities

When the appropriate conditions apply, we may use or disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

Health Oversight Activities

We use and disclose your PHI in connection with health oversight activities authorized by law (e.g., governmental audits of our compliance with certain laws and regulations; oversight of governmental-funded health benefits programs and civil rights laws.)

Research

We use and disclose PHI in connection with research performed by Exagen and by researchers outside of Exagen. This research generally is subject to the oversight of an Institutional Review Board. In most cases, while PHI may be used to help prepare a research project or to contact you to ask whether you want to participate in a study, it will not be further disclosed for research without your authorization. Sometimes, however, where permitted under federal law and institutional policy, and approved by an Institutional Review Board or a privacy board, PHI may be used or disclosed. In addition, PHI may be used or disclosed to compile “limited or de-identified data sets” that do not include your name, address, social security number or other direct identifiers. These data sets may, in turn, be used for research and promotional purposes.

Family and Friends

Under certain circumstances, we may disclose PHI to family members, other relatives, or close personal friends or others that you identify to the extent it is directly relevant to their involvement with your care or payment related to your care.

Business Associates

Exangen may disclose PHI to business associates which are third parties who contract with Exagen to provide certain services for us such as quality and compliance reviews and audits. As provided in HIPAA, we require business associates to sign contracts stating they will appropriately safeguard your PHI and comply with other HIPAA obligations.

Military and Veterans

If you are a member of the armed forces, we may release medical information about you as required by military command authorities if and to the extent permitted by law. We may also release medical information about foreign military personnel to the appropriate foreign military authority.

Your Rights Concerning Privacy and Confidentiality

Under the privacy laws and this Privacy Policy, you have the right to:

Restrict Use

You have a right to ask us in writing to restrict use or disclosure of your PHI related to your treatment, related to your payment or related to routine health care operations. In addition, you may request PHI disclosure restrictions to family members, other relatives or close friends involved in your care. We are not required to agree to your requested restrictions unless they are related to services which were paid for in full by you. Any restriction we agree to is not effective to prevent uses or disclosures of PHI required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with federal privacy regulations adopted under HIPAA or for certain activities permitted or required by law.

Ask for Special Requests for Communications

You may request, in writing, to receive confidential communications containing your PHI from us in ways or at locations that are outside our usual process. We will make every effort to accommodate reasonable requests.

Ask for Review and Copies of Your PHI

You have a right to review and obtain a copy of existing PHI maintained by Exagen. You must make your request in writing and this right is limited to existing records that are maintained, collected, used or disseminated by Exagen. Please contact us at the number below to discuss your specific request. You also do not have the right to obtain information we compile in reasonable anticipation of, or for use in, civil, criminal or administrative actions or proceedings. We may charge a fee for any copies you request.

Ask to Amend Records

You have a right to request that we amend the records described above for as long as we maintain them. You must make the request in writing and give us a reason for the amendment. We may deny your request if: (1) we determine that we did not create the record, unless the originator of the PHI is no longer available to act on the requested amendment; or (2) if we believe that the existing records are accurate and complete. Note that an amendment may take several forms; for example we may add an explanatory statement to a record rather than changing it.

Request Accounting of Disclosures

You have a right to receive an accounting of disclosures made by Exagen to any third party in the six years prior to the date on which the accounting is requested. This right does not apply to certain disclosures, including, but not limited to, disclosures made for the purposes of treatment, payment or health care operations; disclosures made to you or to others involved in your care; disclosures made with your authorization; disclosures made for national security or intelligence purposes or to correctional institutions or law enforcement purposes. You must make any request for an accounting in writing and we may charge a fee to fill more than one request in any given year.

Request Copy of this Notice

You have the right to request a paper copy of this notice.

File a Complaint

If you believe your privacy rights have been violated, you have the right to register a complaint with Exagen or the Secretary of the U.S. Department of Health and Human Services. Exagen will not retaliate against any individual for filing a complaint in good faith. You may file a complaint by calling us or by writing to us using the information listed below.

How to Contact Us

If you have any questions, comments, or concerns about this policy as it pertains to the collection and use of your PHI, please contact us at:

Privacy Officer

Exagen Inc.

1261 Liberty Way, Suite C Vista, CA 92081

Telephone: 888.452.1522

Effective Date and Duration of This Notice

This notice describes the current privacy policy of Exagen. We may change the terms of this notice at any time. If we change this notice, we may make the new notice terms effective for all PHI that we maintain, including any information created or received prior to issuing the new notice. If we change this notice, we will post the new notice at www.exagen.com. If the changes are material, we will provide you additional, prominent notice on an ongoing basis to ensure you are aware of any updates. If revisions to the notice are unacceptable to you, you must cease using the Site. This notice was published and became effective on August 1, 2008, and was revised on November 6th, 2019.

Communication with Exagen

As a convenience, Exagen may make available email addresses by which you can communicate with us regarding billing issues. Please be advised that email is not a secure means of communication, therefore Exagen cannot guarantee the security of any information that you send to us prior to our receipt of it. This fact may also restrict our use of email in communicating any response to you – we will make every attempt to use alternate means of communicating anything that may be considered sensitive information.