PLEASE READ THIS NOTICE CAREFULLY; IT DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
The following is the Notice of Privacy Practices ("NPP") of Ulta Lab Tests, LLC ("Ulta Lab Tests") as described in the Health Insurance Portability and Accountability Act of 1996 and regulations promulgated thereunder, commonly known as HIPAA. HIPAA requires Ulta Lab Tests by law to maintain the privacy of your personal health information and to provide you with notice of Ulta Lab Tests’ legal duties and privacy policies with respect to your personal health information. Additionally, there are state and federal laws which may provide increased privacy protection to health information about certain treatments or conditions.
We are required by law to abide by the terms of this NPP as currently in effect. However, this NPP and associated practices may be changed at any time and the changes can apply to information already held by Ulta Lab Tests at the time of change. If this NPP is revised, a current copy will be made available to you upon request. The NPP currently in effect also may be viewed on our website at any time by going to www.UltaLabTests.com. You authorize Ulta Lab Tests to send you any notices electronically.
At Ulta Lab Tests, we are committed to safeguarding the privacy and confidentiality of your personal health information to the full extent required by law. Ulta Lab Tests and our providers utilize secured technologies to protect your information. Personal information about patients that is maintained on Ulta Lab Tests’ systems and servers is protected using industry standard security measures. In order to secure your personal information, our data storage system is encrypted, access to your data is password-protected, and sensitive data transmitted to and from the database servers is encrypted utilizing industry standard HTTPS. However, no security measures are perfect or impenetrable, and Ulta Lab Tests cannot guarantee that the information submitted to, maintained on, or transmitted from its systems will be completely secure. Ulta Lab Tests is not responsible for the circumvention of any privacy settings or security measures contained on the Ulta Lab Tests website by any users or third parties.
Your Personal Health Information
We collect personal health information from you through testing, payment and related healthcare operations, the application and enrollment process, and/or healthcare providers or health plans, or through other means, as applicable. Your personal health information that is protected by law broadly includes any information, oral, written or recorded, that is created or received by certain health care entities. The law specifically protects health information that contains data, such as your name, address, social security number, and other items, that could be used to identify you as the individual patient who is associated with that health information. We are required to abide by the terms of this notice
Uses or Disclosures of Your Personal Health Information
Generally, we may not use or disclose your personal health information without your permission. Further, once your permission has been obtained, wemust use or disclose your personal health information in accordance with the specific terms that permission. The following are the circumstances under which we are permitted by law to use or disclose your personal health information.
Without Your Consent
In each of the areas described below, Ulta Lab Tests is not required to, and will not, ask for your consent to use or disclose your protected health information in order to provide you with services you request, to collect payment for those services, to pay third-parties involved in providing those services, and to conduct other related health care operations otherwise permitted or required by law. Also, we are permitted to disclose your personal health information within and among our workforce and affiliated providers in order to accomplish these same purposes. However, even with your permission, we are still required to limit such uses or disclosures to the minimal amount of personal health information that is reasonably required to provide those services or complete those activities.
If you seek reimbursement from your healthcare insurance carrier for the costs of your lab tests, the insurance carrier will require that we disclose your protected health information. If your lab tests are ordered through your physician, he/she will have access to the results and other protected health information and may receive your test results before releasing them to you. We may disclose information about you to your other health care providers, including doctors, nurses, technicians or hospital personnel, if they are involved with your care. Ulta Lab Tests may contact you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. For example, if you have identified a particular health problem, we may send you information that describes other tests that may be helpful to you.
We may collect customer data so that we can evaluate and develop new or existing testing programs, monitor quality, and perform other activities related to the overall operation of Ulta Lab Tests. Further, your information may be used by Ulta Lab Tests in connection with professional services we obtain, such as legal services, audit functions, legal compliance, and detection of fraud or abuse.
As Required by Law
The HIPAA rules permit Ulta Lab Tests to disclose your private health information under certain circumstances when the disclosure is required by other laws or in furtherance of law. We may use or disclose your personal health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law. Examples of instances in which we are required to disclose your personal health information include: (a) public health activities including, preventing or controlling disease or other injury, public health surveillance or investigations, reporting adverse events with respect to food or dietary supplements or product defects or problems to the Food and Drug Administration, medical surveillance of the workplace or to evaluate whether the individual has a work-related illness or injury in order to comply with Federal or state law; (b) disclosures regarding victims of abuse, neglect, or domestic violence including, reporting to social service or protective services agencies; (c) health oversight activities including, audits, civil, administrative, or criminal investigations, inspections, licensure or disciplinary actions, or civil, administrative, or criminal proceedings or actions, or other activities necessary for appropriate oversight of government benefit programs; (d) judicial and administrative proceedings in response to an order of a court or administrative tribunal, a warrant, subpoena, discovery request, or other lawful process; (e) law enforcement purposes for the purpose of identifying or locating a suspect, fugitive, material witness, or missing person, or reporting crimes in emergencies, or reporting a death; (f) disclosures about decedents for purposes of cadaveric donation of organs, eyes or tissue; (g) for research purposes under certain conditions; (h) to avert a serious threat to health or safety; (i) military and veterans activities; (j) national security and intelligence activities, protective services of the President and others; (k) medical suitability determinations by entities that are components of the Department of State; (l) correctional institutions and other law enforcement custodial situations; and (m) covered entities that are government programs providing public benefits, and for workers’ compensation.
Other Permitted Disclosures
Ulta Lab Tests may use your protected health information for marketing in limited circumstances permitted by law. For example, we may use your name and address to communicate with you about a health related product or service that we provide. We may send you newsletters or promotional items of nominal value.
There are other special situations where Ulta Lab Tests may use your health information. Mostly, these are for public health purposes. We may disclose protected health information to government officials in charge of collecting information to prevent or control disease, report injury or disability, to report reactions to medications or product defects or problems, or to notify a person who may have been exposed to a communicable disease or may be at risk of contracting or spreading a disease or condition.
Ulta Lab Tests Uses or Discloses Only the "Minimum Necessary" Information
Ulta Lab Tests will normally use and/or disclose only the minimum amount of information that is necessary to perform certain activities. However, this "minimum necessary" policy does not apply when you or another health care provider involved in your care requests information, when information disclosure is required by law or when you authorize the disclosure.
All Other Situations, With Your Specific Authorization.
Ulta Lab Tests must obtain your specific written authorization to use or disclose your protected health information in any way not outlined in this NPP. You may revoke your authorization in writing at any time. However, your revocation will not be effective to the extent we have already acted in reliance on the authorization.
Your Rights Under HIPAA
You may exercise any of the following rights by contacting the Ulta Lab Tests Privacy Officer identified below.
Right to Request Restrictions on Use or Disclosure
You have the right to request restrictions on certain uses and disclosures of your personal health information about yourself. You may request restrictions on the following uses or disclosures: (a) to carry out testing, payment, or related operations; (b) disclosures to family members, relatives, or close personal friends of personal health information directly relevant to your care or payment related to your health care, or your location, general condition, or death; (c) instances in which you are not present or your permission cannot practicably be obtained due to your incapacity or an emergency circumstance; (d) permitting other persons to act on your behalf to pick up filled prescriptions, medical supplies, X-rays, or other similar forms of personal health information; or (e) disclosure to a public or private entity authorized by law or by its charter to assist in disaster relief efforts.
While we are not required to agree to any requested restriction, if we agree to a restriction, we are bound not to use or disclose your personal healthcare information in violation of such restriction, except in certain emergency situations. We will not accept a request to restrict uses or disclosures that are otherwise required by law.
Right to Receive Confidential Communications
You have the right to receive confidential communications of your personal health information. We may require written requests. We may condition the provision of confidential communications on you providing us with information as to how payment will be handled and specification of an alternative address or other method of contact. We may require that a request contain a statement that disclosure of all or a part of the information to which the request pertains could endanger you. We may not require you to provide an explanation of the basis for your request as a condition of providing communications to you on a confidential basis. We must permit you to request and must accommodate reasonable requests by you to receive communications of personal health information from us by alternative means or at alternative locations.
Right to Inspect and Copy Your Personal Health Information
Your designated record set is a group of records we maintain that includes medical records and billing records about you, or enrollment, payment, claims adjudication, and case or medical management records systems, as applicable. You have the right of access in order to inspect and obtain a copy your personal health information contained in your designated record set, except for: (a) information complied in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, and (b) health information maintained by us to the extent to which the provision of access to you would be prohibited by law. We may require written requests. We must provide you with access to your personal health information in the form or format requested by you, if it is readily producible in such form or format, or, if not, in a readable hard copy form or such other form or format. We may provide you with a summary of the personal health information requested, in lieu of providing access to the personal health information or may provide an explanation of the personal health information to which access has been provided, if you agree in advance to such a summary or explanation and agree to the fees imposed for such summary or explanation. We will provide you with access as requested in a timely manner, including arranging with you a convenient time and place to inspect or obtain copies of your personal health information or mailing a copy to you at your request. We will discuss the scope, format, and other aspects of your request for access as necessary to facilitate timely access. If you request a copy of your personal health information or agree to a summary or explanation of such information, we may charge a reasonable cost-based fee for copying, postage, if you request a mailing, and the costs of preparing an explanation or summary as agreed upon in advance. We reserve the right to deny you access to and copies of certain personal health information as permitted or required by law. We will reasonably attempt to accommodate any request for personal health information, to the extent possible, giving you access to other personal health information after excluding the information as to which we have a ground to deny access. Upon denial of a request for access or request for information, we will provide you with a written denial specifying the legal basis for denial, a statement of your rights, and a description of how you may file a complaint with us. If we do not maintain the information that is the subject of your request for access but we know where the requested information is maintained, we will inform you of where to direct your request for access.
Right to Amend Your Personal Health Information
You have the right to request that we amend your personal health information or a record about you contained in your designated record set, for as long as the designated record set is maintained by us. We have the right to deny your request for amendment, if: (a) we determine that the information or record that is the subject of the request was not created by us, unless you provide a reasonable basis to believe that the originator of the information is no longer available to act on the requested amendment, (b) the information is not part of your designated record set maintained by us, (c) the information is prohibited from inspection by law, or (d) the information is accurate and complete. We may require that you submit written requests and provide a reason to support the requested amendment. If we deny your request, we will provide you with a written denial stating the basis of the denial, your right to submit a written statement disagreeing with the denial, and a description of how you may file a complaint with us or the Secretary of the U.S. Department of Health and Human Services ("DHHS"). This denial will also include a notice that if you do not submit a statement of disagreement, you may request that we include your request for amendment and the denial with any future disclosures of your personal health information that is the subject of the requested amendment. Copies of all requests, denials, and statements of disagreement will be included in your designated record set. If we accept your request for amendment, we will make reasonable efforts to inform and provide the amendment within a reasonable time to persons identified by you as having received personal health information of yours prior to amendment and persons that we know have the personal health information that is the subject of the amendment and that may have relied, or could foreseeably rely, on such information to your detriment.
Right to Receive an Accounting of Disclosures of Your Personal Health Information
You have the right to receive a written accounting of all disclosures of your personal health information that we have made within the six (6) year period immediately preceding the date on which the accounting is requested. You may request an accounting of disclosures for a period of time less than six (6) years from the date of the request. Such disclosures will include the date of each disclosure, the name and, if known, the address of the entity or person who received the information, a brief description of the information disclosed, and a brief statement of the purpose and basis of the disclosure or, in lieu of such statement, a copy of your written authorization or written request for disclosure pertaining to such information. We are not required to provide accountings of disclosures for the following purposes: (a) treatment, payment, and healthcare operations, (b) disclosures pursuant to your authorization, (c) disclosures to you, (d) for a facility directory or to persons involved in your care, (e) for national security or intelligence purposes, (f) to correctional institutions, and (g) with respect to disclosures occurring prior to 4/14/03. We reserve our right to temporarily suspend your right to receive an accounting of disclosures to health oversight agencies or law enforcement officials, as required by law. We will provide the first accounting to you in any twelve (12) month period without charge, but will impose a reasonable cost-based fee for responding to each subsequent request for accounting within that same twelve (12) month period.
You may make a complaint to us or to the Secretary of Health and Human Services if you feel we have violated your privacy rights. Ulta Lab Tests wants to hear from you if you have any questions, concerns or complaints about the privacy of your health information.
You may contact us by telephone, mail or e-mail:Ulta Lab Tests, LLC
You may also file a complaint with the Secretary of Health and Human Services at the following address:
Office for Civil Rights, DHHS, 90 7th Street, Suite 4-100, San Francisco, CA 94103
No one at Ulta Lab Tests will retaliate or take any action against you for filing a complaint.