Effective Date: 2018-09-30
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Joint Notice of Privacy Practices describes the privacy practices of the U.S. subsidiaries of Myriad Genetics, Inc. which are a “covered entity” under Federal privacy laws which make up the Myriad Affiliated Covered Entity (“ACE”). The ACE entities are Myriad Genetic Laboratories, Inc., Assurex Health, Inc., and Myriad Women’s Health, Inc. (formerly known as Counsyl, Inc.), (collectively referred to herein as “Myriad”). For purposes of complying with Federal privacy and security requirements, the above-designated entities have designated themselves an ACE. These entities are under common ownership and control and have agreed to treat themselves as a single “covered entity” under Federal privacy laws. Myriad is committed to protecting the confidentiality of your medical and health information (“protected health information” or “PHI”) as described in this Notice. We are required by law to provide this Notice to you and to maintain the privacy and security of your protected health information as stated in this Notice. Myriad Genetics, Inc., and our additional U.S. subsidiaries which are not part of the ACE and are not covered entities, also follow the relevant privacy practices outlined in this Notice.
Myriad may use or disclose your protected health information for treatment, payment, research, or healthcare operations purposes and for other purposes as permitted or required by law. Where state or federal law restricts one of the described uses or disclosures, we follow the requirements of such state or federal law. These are general descriptions only. They do not cover every example of disclosure within a category.
We may use and disclose your protected health information to provide you with laboratory services related to your treatment, including disclosure to other health care professionals who are involved in your care for use in treating you in the future. For example, when your test has been completed, we will use your protected health information to create a test results report which we will provide to the physician that ordered your test.
We may use and disclose your protected health information to bill and obtain payment from health plans or other entities for the services we provide to you. For example, we may contact your health plan to verify coverage for the services we are providing, to get prior approval for those services when required, or to generate a claim for the services provided to obtain payment.
We may use and disclose your protected health information for internal and external research purposes to, among other things, develop and improve our testing services and products. We may disclose your PHI to organizations that support medical research or that find, investigate, or cure diseases. To do this, we will use standard de-identification practices to de-identify your PHI before it is disclosed, or obtain your consent to do so. For example, we may use your PHI to assist us in developing our variant classification program.
We may use and disclose your protected health information, as needed, in order to support the business activities of our company, such as quality assessment and improvement activities, staff training, providing customer service, managing costs, and licensing of our laboratory with the goal of improving the care we provide. For example, we may use your PHI to develop and improve our internal controls to improve our testing services.
We may also disclose your protected health information to third party “business associates”, which may also include affiliates of Myriad, that perform various administrative activities for us related to treatment, payment or health care operations. For example, we may disclose information to an agency that performs collections on unpaid accounts. Our business associates sign an agreement stating they will maintain the privacy and security of your health information as required by law.
We may disclose your protected health information to individuals, such as family members, relatives, personal friends or others who are involved with your care or who help pay for your care as long as you have not expressed your objection to, or requested a restriction on these types of disclosures. For example, if you are covered by your spouse’s, parents’ or other individual’s health insurance, we may disclose information to that individual relevant to payment for the services we have provided you. In all cases, we will use our best judgment and restrict the information shared to only that which is relevant to your family’s and others’ involvement in your care.
In cases where you are not present or the opportunity to agree or object to the use or disclosure cannot be provided because of your incapacitation or an emergency circumstance, a disclosure may be made in your best interests.
We may use and disclose your PHI to, among other things, assist with your healthcare provider’s operations to facilitate the provision of healthcare services, improve and develop new screenings and other services, provide customer service when you have questions about your billing, results, or otherwise, and to run and improve our organization. We may share your PHI with your healthcare provider by discussing your Report with them or by processing claims for payment.
We are permitted or required by law to share your information in other ways usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can disclose your information for these purposes. These additional uses and disclosures include:
For all of the above purposes, in cases where state law is more restrictive than federal law, we are required to follow the more restrictive state law.
Uses and disclosures of your protected health information other than those stated immediately above will be made only with your written authorization. Examples include, but are not limited to:
If you provide authorization for the disclosure of your health information, you may revoke this authorization at any time in writing, except to the extent that Myriad or a Myriad’s business associates has taken an action in reliance on the use or disclosure indicated in the authorization.
Following is a statement of your rights related to your protected health information and how you may exercise these rights. In accordance with the privacy rule, in the event that you request access, restrictions, confidential communications, record amendments or an accounting of disclosures, Myriad is required to respond within 30 days of receiving your request. Myriad may notify you within the first 30 days of receiving your request that an additional 30 days is necessary to respond to your request.
You have the right to access and receive a copy of your protected health information that may be used to make decisions about your care or payment for your care. If we maintain the information you have requested in an electronic format you can ask for it to be provided to you electronically, and also ask us to electronically send copies to another person. Requests for access to or copies of your protected health information must be submitted to Myriad in writing following the applicable process listed below.
For Myriad Genetic Laboratories patients: Contact Customer Support at (800) 469-7423 or use Myriad’s record request form.
For Assurex Health patients: Contact Customer Support at (866) 757-9204 or via email at [email protected].
For Myriad Women’s Health patients: Contact Customer Support at 1-888-COUNSYL (1-888-268-6795) or via email at [email protected].
You may ask us to limit the use and disclosure of your protected health information for the purposes of treatment, payment and health care operations activities. We will consider your request carefully, but we may not be required to agree to your requested restrictions. Requests for restrictions should be directed to the Privacy Office.
You have the right to ask that we send information to you to an alternate address or by alternate means. We will accommodate reasonable requests. Requests for alternate means of sending protected health information and the use of alternate addresses should be directed to the Privacy Office.
You have the right to request an amendment of your protected health information. We will honor your request unless we are not the originator of the information or we believe the information you requested to be amended is accurate and complete. Requests for amendments to medical records should be directed to the Privacy Office.
You have a right to receive a list of certain instances in which we disclosed your protected health information. This list will not include disclosures of protected health information such as those made for treatment, payment, health care operations, or disclosures made based on your written authorization. You can request a list including disclosures made up to six years prior to the date of your request. Requests for an accounting of disclosures should be directed to the Privacy Office.
You will be notified within 60 days in the event that we (or one of our business associates) discover a breach of your unsecured protected health information. Notification will include any impact that the breach may have had on you and/or your family member(s) and actions Myriad undertook to minimize the impact of the breach.
If you have received this Notice electronically, you have a right to receive a paper copy at any time. You may download a copy of this Notice from our website, or you may obtain a paper copy of the Notice by calling or writing our Privacy Office.
If you believe that your privacy rights have been violated by us or disagree with our privacy practices, you may file a complaint. You may file a complaint with us by notifying our Privacy Office, or you may send a written complaint to the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you if you file a complaint about our privacy practices. For further information regarding our complaint process, you may contact our Privacy Office.
ATTN: Myriad Privacy Office
Myriad Genetics, Inc.
320 Wakara Way
Salt Lake City, UT 84108
We reserve the right to change this Notice and to make the provisions in our new Notice effective for all protected health information we maintain. If we change these practices, we will publish a revised Notice on our website.
This notice became effective on September 30, 2018.