Exagen Inc. Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, INCLUDING WHEN YOU USE THE SITE, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Exagen Inc. (“Exagen”) is committed to obtaining, maintaining, using and disclosing patient protected health information (“PHI”) (also known as “personal health information”) in a manner that protects patient privacy. PHI is current, past or future information created or received by Exagen from physicians about patients for whom testing is ordered from Exagen. It may include patient condition, diagnosis, treatment, medication, and payment information. We will only use or disclose the minimum amount of your PHI we consider necessary to provide laboratory services as ordered by a physician and to collect payment for such services. This notice only applies to the PHI that we maintain. Your doctor or other healthcare provider, including other laboratories, may have different notices regarding their use and disclosure of PHI created by them.
Exagen is required by law to maintain the privacy of PHI, to state the uses and disclosures of PHI that Exagen may make, and to provide notice of the rights of individuals and our legal duties with respect to their PHI. PHI at Exagen includes personal and medical information (such as your name, address, date of birth, social security number, medical history, provider identification, test ordered, payment information, insurer, financial responsibility, etc.) that we obtain from a physician, patient, health plan, or other sources. Exagen creates, through its testing services, information to be used by a physician, within the context of other clinical and laboratory findings, to aid in the diagnosis and treatment of a disease, syndrome or condition.
Protection of PHI
Access to PHI is restricted to only those employed by Exagen who need the information in order to provide service, or aid in the provision of services, to clients and patients. We maintain physical, technical and procedural safeguards to protect PHI against unauthorized use and disclosure. We have policies and procedures in place to comply with the laws that protect PHI and our employees are regularly trained on these policies and procedures. Our procedures are designed to safeguard PHI against inappropriate use and disclosure consistent with the applicable law.
Collection and Use of Personal Information Provided by You While Using our Website
PHI will be used or disclosed for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. It is not possible to list every use or disclosure; however, all of the ways we use or disclose your PHI falls into one of the categories listed below.
Exagen will not use or disclose your PHI, other than for the purposes listed below, without your written authorization. In the event of our request to use PHI for some other purpose, we would contact you with information about the possible disclosure and request your authorization. You would have the right to revoke your authorization at any time, except if we have already made a disclosure based on that authorization. We do not need your authorization to use or disclose your PHI for the following purposes. Third parties to whom we provide PHI are required by law to keep PHI confidential.
Exagen is permitted to use and disclose your PHI for your treatment and to coordinate your care with others involved in your care. For example, we use and disclose PHI in order to fulfill requests by physicians to perform laboratory testing services.
Exagen uses and discloses, PHI, as necessary, to obtain reimbursement for testing services from third parties such as Insurance Companies or health plans.
For Healthcare Operations
We may use or disclose your PHI in the course of performing health care operations such as quality assessment and improvement activities.
Other Activities Permitted or Required by Law
We may use or disclose your PHI for activities permitted by federal or state law, with or without your authorization. These activities include:
Required by Law
We may use or disclose PHI to the extent such use or disclosure is requited by federal, state or local law and it complies with and is limited to the requirements of that law. The Secretary of the U.S. Department of Health and Human Services may, upon request, obtain access to PHI in our possession to review compliance with HIPAA.
Law Enforcement and Judicial and Administrative Proceedings
We use or disclose PHI for certain law enforcement purposes and in response to official subpoenas, court orders, discovery requests and other legal process.
Public Health Activities
When the appropriate conditions apply, we may use or disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
Health Oversight Activities
We use and disclose your PHI in connection with health oversight activities authorized by law (e.g., governmental audits of our compliance with certain laws and regulations; oversight of governmental-funded health benefits programs and civil rights laws.)
We use and disclose PHI in connection with research performed by Exagen and by researchers outside of Exagen. This research generally is subject to the oversight of an Institutional Review Board. In most cases, while PHI may be used to help prepare a research project or to contact you to ask whether you want to participate in a study, it will not be further disclosed for research without your authorization. Sometimes, however, where permitted under federal law and institutional policy, and approved by an Institutional Review Board or a privacy board, PHI may be used or disclosed. In addition, PHI may be used or disclosed to compile “limited or de-identified data sets” that do not include your name, address, social security number or other direct identifiers. These data sets may, in turn, be used for research and promotional purposes.
Family and Friends
Under certain circumstances, we may disclose PHI to family members, other relatives, or close personal friends or others that you identify to the extent it is directly relevant to their involvement with your care or payment related to your care.
Exangen may disclose PHI to business associates which are third parties who contract with Exagen to provide certain services for us such as quality and compliance reviews and audits. As provided in HIPAA, we require business associates to sign contracts stating they will appropriately safeguard your PHI and comply with other HIPAA obligations.
Military and Veterans
If you are a member of the armed forces, we may release medical information about you as required by military command authorities if and to the extent permitted by law. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
Your Rights Concerning Privacy and Confidentiality
You have a right to ask us in writing to restrict use or disclosure of your PHI related to your treatment, related to your payment or related to routine health care operations. In addition, you may request PHI disclosure restrictions to family members, other relatives or close friends involved in your care. We are not required to agree to your requested restrictions unless they are related to services which were paid for in full by you. Any restriction we agree to is not effective to prevent uses or disclosures of PHI required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with federal privacy regulations adopted under HIPAA or for certain activities permitted or required by law.
Ask for Special Requests for Communications
You may request, in writing, to receive confidential communications containing your PHI from us in ways or at locations that are outside our usual process. We will make every effort to accommodate reasonable requests.
Ask for Review and Copies of Your PHI
You have a right to review and obtain a copy of existing PHI maintained by Exagen. You must make your request in writing and this right is limited to existing records that are maintained, collected, used or disseminated by Exagen. Please contact us at the number below to discuss your specific request. You also do not have the right to obtain information we compile in reasonable anticipation of, or for use in, civil, criminal or administrative actions or proceedings. We may charge a fee for any copies you request.
Ask to Amend Records
You have a right to request that we amend the records described above for as long as we maintain them. You must make the request in writing and give us a reason for the amendment. We may deny your request if: (1) we determine that we did not create the record, unless the originator of the PHI is no longer available to act on the requested amendment; or (2) if we believe that the existing records are accurate and complete. Note that an amendment may take several forms; for example we may add an explanatory statement to a record rather than changing it.
Request Accounting of Disclosures
You have a right to receive an accounting of disclosures made by Exagen to any third party in the six years prior to the date on which the accounting is requested. This right does not apply to certain disclosures, including, but not limited to, disclosures made for the purposes of treatment, payment or health care operations; disclosures made to you or to others involved in your care; disclosures made with your authorization; disclosures made for national security or intelligence purposes or to correctional institutions or law enforcement purposes. You must make any request for an accounting in writing and we may charge a fee to fill more than one request in any given year.
Request Copy of this Notice
You have the right to request a paper copy of this notice.
File a Complaint
If you believe your privacy rights have been violated, you have the right to register a complaint with Exagen or the Secretary of the U.S. Department of Health and Human Services. Exagen will not retaliate against any individual for filing a complaint in good faith. You may file a complaint by calling us or by writing to us using the information listed below.
How to Contact Us
If you have any questions, comments, or concerns about this policy as it pertains to the collection and use of your PHI, please contact us at:
1261 Liberty Way
Vista, CA 92081
Effective Date and Duration of This Notice
This notice was published and became effective on August 1, 2008, and was revised on November 6th, 2019.
Communication with Exagen
As a convenience, Exagen may make available email addresses by which you can communicate with us regarding billing issues. Please be advised that email is not a secure means of communication, therefore Exagen cannot guarantee the security of any information that you send to us prior to our receipt of it. This fact may also restrict our use of email in communicating any response to you – we will make every attempt to use alternate means of communicating anything that may be considered sensitive information.