Exagen Inc. Privacy Statement
Exagen Inc. ("Exagen") is committed to developing and commercializing pharmaceutical products and personalized medicine laboratory services that allow physicians to serve unmet medical needs. In conducting our business, it may be necessary for us to have certain information about you and your health. We understand that your personal information and your health are very personal, private subjects and we want you to feel as comfortable as possible visiting our web site and using our services. Therefore, we are dedicated to protecting the privacy of your personal and health information.
Personal information collected via a website is protected by privacy laws. Additionally, the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA") protects patients’ medical records and other personal information provided by patients in connection with health care diagnosis and treatment. Exagen has policies and procedures in place to comply with these laws and to protect the confidentially of both personal information and protected health information.
1. Online Privacy:
Collection and use of personal information provided by you while using our Site, and
2. Notice of Privacy Practices:
Possible disclosure and use of medical information
1. Online Privacy:
Collection and Use of Personal Information Provided by You While Using our Website
THIS NOTICE DESCRIBES HOW PERSONAL INFORMATION ABOUT YOU MAY BE COLLECTED AND USED WHEN YOU USE THE SITE AND HOW YOU CAN CONTACT US. PLEASE REVIEW IT CAREFULLY.
What Personal Information We Collect
On our Site, we will collect information that identifies you (“personal information”) online only when you voluntarily provide it to us through our Site. For example, when you choose to register on our Site, we may ask you to provide some personal information, such as your first and last name, mailing address, telephone number and/or e-mail address. Also, we may collect information that will allow you to establish a username and password. In addition, we may collect information that you voluntarily provide to us through responses to questionnaires, such as customer satisfaction surveys.
How We Use Personal Information That We Collect Online
We may use your personal information within Exagen (1) to provide you with the services and products you request, (2) to assist with your questions about our services, billing, payment methods or use of our Site, (3) to process or collect payments made in connection with our services to you, and (4) to evaluate our services and products and to improve our Site to serve you better.
When you register online on the site for one of our services, you may be given the option of receiving periodic informational/promotional mail or email from Exagen. You choose whether or not to receive correspondence when you provide this information or by changing your preferences within your registration profile at any time.
Disclosure of Personal Information to Third Parties
We will not give, sell, rent, loan or otherwise disclose any of your personal information to any third party, unless (1) you have authorized us to do so, (2) we are legally required to do so, for example, in response to a governmental subpoena, court order or other legal process, and/or (3) it is necessary to do so in order to protect and defend our or a third party’s rights or property, or to protect the safety of the public or any person.
In the event that all or a substantial portion of the assets, business or stock of Exagen are acquired by, merged with or transferred to another party, or in the event that Exagen goes out of business or enters bankruptcy, your personal information may be one of the assets that is transferred to or acquired by the third party. You acknowledge that such transfers may occur, and that any acquirer of Exagen or its assets may continue to use your personal information as set forth in this Privacy-Policy. If any acquirer of Exagen or its assets will use your personal information contrary to this Privacy-Policy, you will receive prior notice.
We will also make full use of all information acquired through this site that is not personally identifiable.
Our Site is not directed at or intended for use by minors. Therefore, we do not wish to receive, nor do we knowingly collect, personal information from minors via this web site.
No one under the age 13 may provide any personal information to Exagen on or through our Site. In the event that we learn that we have collected personal information from a child under the age 13 without verification of parental consent, we will delete that information. If you believe that we might have any information from or about a child under 13, please contact us.
Collection of Information
Do Not Track
We do not track our users across third party websites and thus do not respond to the Do Not Track (“DNT”) settings in your web browser. However, some third party websites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, certain website browsers allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
Internet tags (also known as single-pixel GIFs, clear GIFs, invisible GIFs, and 1-by-1 GIFs) are smaller than cookies and tell the web site server information such as the IP address and browser type related to the visitor’s computer. This site may or may not use Internet tags.
How We Protect Information Online
It is our policy to protect your account information against unauthorized access or release. To accomplish this protection, we use services that encrypt your account information.
In addition, we have procedures that limit Exagen’s employees and contractors’ access to personal information. Only those employees and contractors with a business reason to know have access to such information. We educate our employees about the importance of confidentiality and customer privacy through standard operating procedures, mandatory training programs, and internal policies on data privacy and corporate integrity. We take appropriate disciplinary measures to enforce employee privacy responsibilities.
Please bear in mind that no Internet transmission is ever 100% secure or error-free. More specifically, e-mail sent to or from this site may not be secure. As a result, you should take particular care in deciding what information you send via e-mail. Any passwords, ID numbers, or other special access numbers you might use to access any part of this Site are your responsibility; take care to safeguard them.
Links to Other Sites
California residents may choose to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes or choose to opt out of such disclosure. Our policy is not to disclose personal information collected online to a third party for directing marketing without your approval. To make a request or to opt out at any time, please contact us at the contact information provided below.
By using our Site, you consent to the collection, use and disclosure of information as described in this policy.
How to Contact Us
Attn: General Counsel
1261 Liberty Way, Suite C
Vista, CA 92081
Effective Date: April 24, 2015
2. NOTICE OF PRIVACY PRACTICES OF EXAGEN, INC.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, INCLUDING WHEN YOU USE THE SITE, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Exagen, Inc. (“Exagen”) is committed to obtaining, maintaining, using and disclosing patient protected health information (“PHI”) (also known as “personal health information”) in a manner that protects patient privacy. PHI is current, past or future information created or received by Exagen from physicians about patients for whom testing is ordered from Exagen. It may include patient condition, diagnosis, treatment, medication, and payment information. We will only use or disclose the minimum amount of your PHI we consider necessary to provide laboratory services as ordered by a physician and to collect payment for such services. This notice only applies to the PHI that we maintain. Your doctor or other healthcare provider, including other laboratories, may have different notices regarding their use and disclosure of PHI created by them.
Exagen is required by law to maintain the privacy of PHI, to state the uses and disclosures of PHI that Exagen may make, and to provide notice of the rights of individuals and our legal duties with respect to their PHI. PHI at Exagen includes personal and medical information (such as your name, address, date of birth, social security number, medical history, provider identification, test ordered, payment information, insurer, financial responsibility, etc.) that we obtain from a physician, patient, health plan, or other sources. Exagen creates, through its testing services, information to be used by a physician, within the context of other clinical and laboratory findings, to aid in the diagnosis and treatment of a disease, syndrome or condition.
Protection of PHI
Access to PHI is restricted to only those employeed by Exagen who need the information in order to provide service, or aid in the provision of services, to clients and patients. We maintain physical, technical and procedural safeguards to protect PHI against unauthorized use and disclosure. We have policies and procedures in place to comply with the laws that protect PHI and our employees are regularly trained on these policies and procedures. Our procedures are designed to safeguard PHI against inappropriate use and disclosure consistent with the applicable law.
Use and Disclose of PHI for which Patient Authorization is not required
PHI will be used or disclosed for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. It is not possible to list every use or disclosure; however, all of the ways we use or disclose your PHI falls into one of the categories listed below.
Exagen will not use or disclose your PHI, other than for the purposes listed below, without your written authorization. In the event of our request to use PHI for some other purpose, we would contact you with information about the possible disclosure and request your authorization. You would have the right to revoke your authorization at any time, except if we have already made a disclosure based on that authorization. We do not need your authorization to use or disclose your PHI for the following purposes. Third parties to whom we provide PHI are required by law to keep PHI confidential.
Exagen is permitted to use and disclose your PHI for your treatment and to coordinate your care with others involved in your care. For example, we use and disclose PHI in order to fulfill requests by physicians to perform laboratory testing services.
Exagen uses and discloses, PHI, as necessary, to obtain reimbursement for testing services from third parties such as Insurance Companies or health plans.
For Healthcare Operations
We may use or disclose your PHI in the course of performing health care operations such as quality assessment and improvement activities.
Other Activities Permitted or Required by Law
We may use or disclose your PHI for activities permitted by federal or state law, with or without your authorization. These activities include:
Required by Law
We may use or disclose PHI to the extent such use or disclosure is requited by federal, state or local law and it complies with and is limited to the requirements of that law. The Secretary of the U.S. Department of Health and Human Services may, upon request, obtain access to PHI in our possession to review compliance with HIPAA.
Law Enforcement and Judicial and Administrative Proceedings
We use or disclose PHI for certain law enforcement purposes and in response to official subpoenas, court orders, discovery requests and other legal process.
Public Health Activities
When the appropriate conditions apply, we may use or disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
Health Oversight Activities
We use and disclose your PHI in connection with health oversight activities authorized by law (e.g., governmental audits of our compliance with certain laws and regulations; oversight of governmental-funded health benefits programs and civil rights laws.)
We use and disclose PHI in connection with research performed by Exagen and by researchers outside of Exagen. This research generally is subject to the oversight of an Institutional Review Board. In most cases, while PHI may be used to help prepare a research project or to contact you to ask whether you want to participate in a study, it will not be further disclosed for research without your authorization. Sometimes, however, where permitted under federal law and institutional policy, and approved by an Institutional Review Board or a privacy board, PHI may be used or disclosed. In addition, PHI may be used or disclosed to compile “limited or de-identified data sets” that do not include your name, address, social security number or other direct identifiers. These data sets may, in turn, be used for research and promotional purposes.
Family and Friends
Under certain circumstances, we may disclose PHI to family members, other relatives, or close personal friends or others that you identify to the extent it is directly relevant to their involvement with your care or payment related to your care.
Exagen may disclose PHI to business associates which are third parties who contract with Exagen to provide certain services for us such as quality and compliance reviews and audits. As provided in HIPAA, we require business associates to sign contracts stating they will appropriately safeguard your PHI and comply with other HIPAA obligations.
Military and Veterans
If you are a member of the armed forces, we may release medical information about you as required by military command authorities if and to the extent permitted by law. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
Your Rights Concerning Privacy and Confidentiality
You have a right to ask us in writing to restrict use or disclosure of your PHI related to your treatment, related to your payment or related to routine health care operations. In addition, you may request PHI disclosure restrictions to family members, other relatives or close friends involved in your care. We are not required to agree to your requested restrictions unless they are related to services which were paid for in full by you. Any restriction we agree to is not effective to prevent uses or disclosures of PHI required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with federal privacy regulations adopted under HIPAA or for certain activities permitted or required by law.
Ask for Special Requests for Communications
You may request, in writing, to receive confidential communications containing your PHI from us in ways or at locations that are outside our usual process. We will make every effort to accommodate reasonable requests.
Ask for Review and Copies of Your PHI
You have a right to review and obtain a copy of existing PHI maintained by Exagen. You must make your request in writing and this right is limited to existing records that are maintained, collected, used or disseminated by Exagen. Please contact us at the number below to discuss your specific request. You also do not have the right to obtain information we compile in reasonable anticipation of, or for use in, civil, criminal or administrative actions or proceedings. We may charge a fee for any copies you request.
Ask to Amend Records
You have a right to request that we amend the records described above for as long as we maintain them. You must make the request in writing and give us a reason for the amendment. We may deny your request if: (1) we determine that we did not create the record, unless the originator of the PHI is no longer available to act on the requested amendment; or (2) if we believe that the existing records are accurate and complete. Note that an amendment may take several forms; for example we may add an explanatory statement to a record rather than changing it.
Request Accounting of Disclosures
You have a right to receive an accounting of disclosures made by Exagen to any third party in the six years prior to the date on which the accounting is requested. This right does not apply to certain disclosures, including, but not limited to, disclosures made for the purposes of treatment, payment or health care operations; disclosures made to you or to others involved in your care; disclosures made with your authorization; disclosures made for national security or intelligence purposes or to correctional institutions or law enforcement purposes. You must make any request for an accounting in writing and we may charge a fee to fill more than one request in any given year.
Request Copy of this Notice
You have the right to request a paper copy of this notice.
File a Complaint
If you believe your privacy rights have been violated, you have the right to register a complaint with Exagen or the Secretary of the U.S. Department of Health and Human Services. Exagen will not retaliate against any individual for filing a complaint in good faith. You may file a complaint by calling us or by writing to us using the information listed below.
How to Contact Us
If you have any questions, comments, or concerns about this policy as it pertains to the collection and use of your PHI, please contact us at:
1261 Liberty Way, Suite C
Vista, CA 92081
Effective Date and Duration of This Notice
This notice was published and became effective on August 1, 2008, and was revised on April 27, 2015.
Communication with Exagen
As a convenience, Exagen may make available email addresses by which you can communicate with us regarding billing issues. Please be advised that email is not a secure means of communication, therefore Exagen cannot guarantee the security of any information that you send to us prior to our receipt of it. This fact may also restrict our use of email in communicating any response to you – we will make every attempt to use alternate means of communicating anything that may be considered sensitive information.