Privacy Policy

PRIVACY POLICY

 MolecularDx, LLC (“MolecularDx,” or “we,” “us,” “our”) respect your concerns about personal data protection and value our relationship with you. This Privacy Policy (the “Policy”) applies solely to personal data collected through MolecularDx web sites, web pages, portals, interactive features, applications, telephone support lines, email, widgets, blogs and their respective contents in addition to our Twitter, Facebook or other social networking sites, and their respective contents (collectively, the “Sites”), whether accessed via computer, mobile device or other device (collectively, “Device”).

This Policy describes the types of personal data we collect through the Sites and how that personal data may be used and/or with whom it may be shared. This Policy also describes how you can reach us to update your contact information, access and control the use of the personal data we collect in connection with our marketing communications and activities, or get answers to questions you may have about our privacy practices at these Sites. Please read this Policy carefully, because by using the Sites you are acknowledging that you understand and agree to the terms of this Policy. In addition, please review our Terms and Conditions, which governs your use of the Sites and any content you submit to the Sites.

INFORMATION COLLECTED ON OUR SITES

Information You Provide To Us

Generally you can visit the Sites without providing personal data, unless otherwise mentioned in the Sites themselves. However there may be circumstances when you may be asked or choose to provide personal data that could reasonably be used to contact you, to identify you personally (such as your name, home address, telephone number, credit card data or email address, or health or medical information (collectively, “Personal Data”) through the Sites. For example, MolecularDx may collect Personal Data when you register on the Sites, request information, purchase products or services, supply products or services, submit a resume, comments or participate in some promotion, survey or other feature of the Sites, or otherwise communicate or interact with us. The Sites may also ask you to provide other Personal Data about yourself, such as demographic data (gender, zip code, age, etc.) or certain information about your preferences, product use, and interests. If we combine demographic or other data we collect about you with Personal Data about you, we will treat the combined information as personal data according to the applicable laws, subject to your prior opt-in, if and when required by the applicable laws. If you do not want your Personal Data processed by us, please do not submit it or notify us in writing to have it deleted.

Data Collected by Automated Means

Whenever you visit or interact with the Sites, MolecularDx may use a variety of technologies that automatically or passively collect information about how the Sites are accessed and used (“usage data”). Usage data may include, in part, browser type, operating system, the page served, the time, how many users visited the Sites, and the preceding page views. Usage data is statistical data which provides us with information about the use of the Sites, such as how many visitors visit a specific page on the Sites, how long they stay on that page, and which hyperlinks, if any, they “click” on. This usage data helps us to keep the Sites fresh and interesting to our visitors and to tailor content to a visitor’s interests. Usage data is generally non-identifying, but if MolecularDx associates it with you as a specific and identifiable person, MolecularDx treats it as Personal Data.

In the course of collecting usage data, MolecularDx might also automatically collect your IP address or other unique identifier (“Device Identifier”) for your Device. A Device Identifier is a number that is automatically assigned to your Device when you access a web site or its servers, and our computers identify your Device by its Device Identifier. When you visit the Sites, we may view your Device Identifier. We use this data to determine the general physical location of your Device and understand from what regions of the world the visitors to the Sites come. We also may use this Personal Data to enhance the Sites.

The technologies used on the Sites to collect usage data, including Device Identifiers, may include cookies.  Please review our Cookies Policy for additional information about cookies.

2. HOW WE USE THE INFORMATION COLLECTED

MolecularDx uses the Personal Data and usage data we collect through the Sites for a variety of business purposes, including for example, to: respond to your questions and requests; provide you with access to certain areas and features of the Sites; verify your identity; communicate with you about your account and activities on the Sites and, in our discretion, changes to any MolecularDx policy; tailor content, advertisements, and offers we serve you; send you samples, premiums, products and information; process payment for products or services purchased by you; process payment for products or services sold by you to MolecularDx; improve the Sites; develop new products and services; process applications and transactions; and for purposes disclosed at the time you provide your personal data or otherwise with your consent.

3. INFORMATION WE SHARE

We will not provide any of your Personal Data to any third parties without your specific consent, except as described in this Policy or as otherwise disclosed to you. We may share non-personal data, such as aggregate user statistics, demographic data, and usage data with third parties. We may also share your personal data in the following circumstances: for your treatment, third parties providing services on our behalf, In order to carry out your requests, to make various features, services and materials available to you through the Sites, and to respond to your inquiries, we may share your Personal Data or usage data with third parties that perform functions on our behalf (or on behalf of our business associates), such as companies or individuals that: host or operate our Sites; analyze data; provide customer service; mail product samples or manage payments; advertisers; sponsors or other third parties that participate in or administer our promotions or provide marketing or promotional assistance. When sharing your Personal Data with these third parties we require them to use and protect your Personal Data in a manner that is consistent with this Policy.

Your Agreement To Have Your Personal Data Shared.

While on our Sites, you will have the opportunity to opt-in to receive information and/or marketing offers from us and from someone else or to otherwise consent to the sharing of your Personal Data with a third party. If you agree to have your Personal Data shared, your Personal Data will be disclosed to the third party and the Personal Data you disclose will be subject to the privacy policy of that third party.

Business Transfers.

Your Personal Data may also be used by us or shared with our subsidiaries, affiliates and other entities in the family of companies controlled by MolecularDx for internal reasons, primarily for business and operational purposes mentioned herein. If another entity acquires us or all or a portion of our assets, Personal Data, usage data, and any other information that we have collected about the users of the Sites may be disclosed to such entity as part of the due diligence process and will be transferred to such entity as one of the transferred assets. Should such a sale or transfer occur, we will require the transferee to use the Personal Data and usage data in a manner that is consistent with this Policy.

You may ask us to refrain from using and sharing your personal data (whether collected online or offline) among our affiliates for marketing purposes. Please tell us your preference by contacting us as indicated in the “How to Contact Us” section of this Policy.

4. INFORMATION WE RECEIVE FROM THIRD PARTIES

MolecularDx may receive your Personal Data or usage data from third parties. For example, if you are on another web site and you opt-in to be contacted by MolecularDx, that web site will forward to us your e-mail address and other Personal Data about you, so that we may contact you as requested. You may also choose to participate in a third party application or feature such as one of our Facebook or Twitter pages or a similar application or feature on a third party web site through which you allow us to collect and share (or the third party to collect and share) information about you, including Personal Data.

We may also supplement the Personal Data we collect about you through the Sites with other data from third parties in order to enhance our ability to serve you, to tailor our content to you and to offer you opportunities to purchase products or services that we believe may be of interest to you. We may combine the Personal Data we receive from these third parties with data we collect through the Sites. In those cases, we will apply this Policy to any Personal Data received, unless we have disclosed otherwise.

5. YOUR ACCESS AND CHOICES

You may always direct us not to share your Personal Data with third parties, not to use your Personal Data to provide you with information or offers, or not to send you newsletters, e-mails or other communications by: (i) sending us an e-mail at info@molecdx.com; (ii) contacting us by mail at MolecularDx, LLC, Attention: Quality Assurance Director, 620 7^th Street, Windber, PA 15963, USA; or (iii) following the removal instructions in the communication that you receive. MolecularDx does not charge for this service, and your opt-out request will be processed within 10-15 business days of the date on which we receive it. To help protect your privacy and security, we will take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data.

If you wish to verify, correct, or update any of your Personal Data collected through the Sites, you may do so by contacting us at the above address or e-mail. In accordance with our routine record keeping, we may delete certain records that contain Personal Data you have submitted through the Sites. We are under no obligation to store such Personal Data indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Data.

6. ADVERTISING; OPT-IN and OPT-OUT

MolecularDx may license technology to serve advertisements on other Sites and within its content as that content is served across the Internet. In addition, MolecularDx may use third party network advertisers to serve advertisements and third party analytics vendors to evaluate and provide us with information about the use of the Sites and viewing of our content. We do not share Personal Data with these third parties, but ad network providers, the advertisers, the sponsors, and/or analytics service providers may set and access their own cookies, pixel tags and similar technologies on your Device and they may otherwise collect or have access to data about you, including usage data. Third parties that provide marketing programs on MolecularDx’s behalf are responsible for maintaining both cookie opt-in and opt-out functionality. We and our network advertisers may target advertisements for products and services in which you might be interested based on your visits to both the Sites and other web sites subject to your prior opt-in if and when required by the applicable laws.

If you prefer to not receive targeted advertising any longer, you can opt out of some network advertising programs that use your Personal Data. To do so click on the “Opt-Out Now” link at the bottom of the page when you first visit www.molecdx.com. Please note that even if you choose to remove your Personal Data (opt out), you might still see advertisements while you’re browsing online.

7. LINKS TO OTHER SITES

The Sites may provide links to other websites that we do not own or operate. This includes links from advertisers, sponsors and partners that may use our logo(s) as part of a co-branding agreement. To the extent that any linked websites are not part of the MolecularDx Sites, we do not control, recommend or endorse and are not responsible for these websites or their content, products, services or privacy policies or practices. These other websites may send their own cookies to your Device, they may independently collect data or solicit personal data and may or may not have their own privacy policies. You should also independently assess the authenticity of any website which appears or claims that it is one of our Sites (including those linked to through an email or social networking page).

8. HOW WE PROTECT PERSONAL DATA

We maintain certain administrative, technical and physical safeguards to help protect against loss, misuse or unauthorized access, disclosure, alteration or destruction of your Personal Data.

9. CHILDREN

The Sites are not directed to children under 13. We do not knowingly collect personally identifiable data from anyone under 13 years of age. If we determine upon collection that a user is under this age, we will not use or maintain his/her personal data without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable data from a child under the age of 13, we will delete such personal data from our records.

10. UPDATES TO OUR PRIVACY POLICY

This Policy and other policies on the Sites may be updated periodically and without prior notice to you, and any changes will be effective immediately upon the posting of the revised policy on the Sites. However, we will use your Personal Data in a manner consistent with the policy in effect at the time you submitted the Personal Data, unless you consent to the new or revised policy. We will post a prominent notice on the Sites to notify you of any significant changes to our Policy and indicate at the top of the Policy when it was most recently updated.

13. HOW TO CONTACT US

If you have any questions or comments about this Policy, please contact us by:

Writing to:

MolecularDx, LLC

Attention: Quality Assurance

620 7^th Street

Windber, PA 15963

or

Via email to: info@molecdx.com

HIPAA Notice

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

This HIPAA Notice applies to MolecularDx, LLC (“MolecularDx” in this Notice),.

MolecularDx’s Protection of Protected Health Information (PHI)

Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), MolecularDx is required by law to maintain the privacy of health information that identifies you, called protected health information (PHI), and to provide you with notice of our legal duties and privacy practices regarding PHI.  MolecularDx is committed to the protection of your PHI and will make reasonable efforts to ensure the confidentiality of your PHI, as required by statute and regulation.  We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.

MolecularDx’s Use and Disclosure of PHI

As permitted under HIPAA, the following categories explain the types of uses and disclosures of PHI that MolecularDx may make.  Some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements, for example, the Clinical Laboratory Improvement Amendments of 1988 (CLIA).

• For treatment – MolecularDx may use or disclose PHI for treatment purposes, including disclosure to physicians, nurses, medical students, pharmacies, and other health care professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results.
• For payment – MolecularDx may use or disclose PHI to bill and collect payment for laboratory or genetic counseling services we provide.  For example, MolecularDx may provide PHI to your health plan to receive payment for the health care services provided to you.
• For health care operations – MolecularDx may use or disclose PHI for health care operations purposes. These uses and disclosures are necessary, for example, to evaluate the quality of our laboratory testing, accuracy of results, accreditation functions and for MolecularDx’s operation and management purposes.   MolecularDx may also disclose PHI to other health care providers or health plans that are involved in your care for their health care operations. For example, MolecularDx may provide PHI to manage disease, or to coordinate health care or health benefits.
• Appointment reminders and health-related benefits and services – MolecularDx may use and disclose PHI to contact you as a reminder that you have an appointment with us and may use and disclose PHI to tell you about health-related benefits and services that may be of interest to you.  For example, MolecularDx may contact you about a new patient service center in your area or about new testing services available at MolecularDx based on services ordered by your physician.
• Individuals involved in your care or payment for your care – MolecularDx may disclose PHI to a person who is involved in your care or helps pay for your care, such as a family member or friend. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort.  As allowed by federal and state law, we may disclose the PHI of minors to their parents or legal guardians.
• Business associates – MolecularDx may disclose PHI to its business associates to perform certain business functions or provide certain business services to MolecularDx.  For example, we may use another company to perform billing services on our behalf.  All of our business associates are required to maintain the privacy and confidentiality of your PHI.  In addition, at the request of your health care providers or health plan, MolecularDx may disclose PHI to their business associates for purposes of performing certain business functions or health care services on their behalf.  For example, we may disclose PHI to a business associate of Medicare for purposes of medical necessity review and audit.
• Disclosure for judicial and administrative proceedings – Under certain circumstances, MolecularDx may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or other lawful process.
• Law enforcement – MolecularDx may disclose PHI for law enforcement purposes, including reporting of certain types of wounds or physical injuries or in response to a court order, warrant, subpoena or summons, or similar process authorized by law.  We may also disclose PHI when the information is needed: 1) for identification or location of a suspect, fugitive, material witness or missing person, 2) about a victim of a crime, 3) about an individual who has died, 4) in relation to criminal conduct on MolecularDx premises, or 5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.
• As required by law – MolecularDx must disclose your PHI if required to do so by federal, state, or local law.
• Public Health – MolecularDx may disclose PHI for public health activities. These activities generally include: 1) disclosures to a public health authority to report, prevent or control disease, injury, or disability; 2) disclosures to report births and deaths, or to report child abuse or neglect; 3) disclosures to a person subject to the jurisdiction of the Food and Drug Administration  (“FDA”) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity, including reporting reactions to medications or problems with products or notifying people of recalls of products they may be using;  4) disclosures to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and 5) disclosures to an employer about an employee to conduct medical surveillance in certain limited circumstances concerning work-place illness or injury.
• Disclosure about victims of abuse, neglect, or domestic violence – MolecularDx may disclose PHI about an individual to a government authority, including social services, if we reasonably believe that an individual is a victim of abuse, neglect, or domestic violence.
• Health oversight activities – MolecularDx may disclose PHI to a health care oversight agency for activities authorized by law such as audits, civil, administrative, or criminal investigations and proceedings/actions, inspections, licensure/disciplinary actions, or other activities necessary for appropriate oversight of the health care system, government benefit programs, and compliance with regulatory requirements and civil rights laws.
• Coroners, medical examiners, and funeral directors – MolecularDx may disclose PHI to a coroner, medical examiner, or funeral director for the purpose of identifying a deceased person, determining cause of death, or for performing some other duty authorized by law.
• Personal Representative – MolecularDx may disclose PHI to your personal representative, as established under applicable law, or to an administrator, executor, or other authorized individual associated with your estate.
• Correctional institution – MolecularDx may disclose the PHI of an inmate or other individual when requested by a correctional institution or law enforcement official for health, safety, and security purposes.
• Serious threat to health or safety – MolecularDx may disclose PHI if necessary to prevent or lessen a serious and/or imminent threat to health or safety to a person or the public or for law enforcement authorities to identify or apprehend an individual.
• Research – MolecularDx may use and disclose PHI for research purposes.  Limited data or records may be viewed by researchers to identify patients who may qualify for their research project or for other similar purposes, so long as the researchers do not remove or copy any of the PHI.  Before we use or disclose PHI for any other research activity, one of the following will happen: 1) a special committee will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard PHI; 2) if the PHI relates to deceased individuals, the researchers give us assurances that the PHI is necessary for the research and will be used only as part of the research; or 3) the researcher will be provided only with information that does not identify you directly.
• Government functions – In certain situations, MolecularDx may disclose the PHI of military personnel and veterans, including Armed Forces personnel, as required by military command authorities.  Additionally, we may disclose PHI to authorized officials for national security purposes, such as protecting the President of the United States, conducting intelligence, counter-intelligence, other national security activities, and when requested by foreign military authorities. Disclosures will be made only in compliance with U.S. Law.
• Workers’ compensation – As authorized by applicable laws, MolecularDx may use or disclose PHI to comply with workers’ compensation or other similar programs established to provide work-related injury or illness benefits.
• De-identified Information and Limited Data Sets: MolecularDx may use and disclose health information that has been “de-identified” by removing certain identifiers making it unlikely that you could be identified. MolecularDx also may disclose limited health information, contained in a “limited data set”.  The limited data set does not contain any information that can directly identify you.  For example, a limited data set may include your city, county and zip code, but not your name or street address.

Other Uses and Disclosures of PHI

For purposes not described above, including uses and disclosures of PHI for marketing purposes and disclosures that would constitute a sale of PHI, MolecularDx will ask for patient authorization before using or disclosing PHI.  If you signed an authorization form, you may revoke it, in writing, at any time, except to the extent that action has been taken in reliance on the authorization.

Information Breach Notification

MolecularDx is required to provide patient notification if it discovers a breach of unsecured PHI unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised.  You will be notified without unreasonable delay and no later than 60 days after discovery of the breach.  Such notification will include information about what happened and what can be done to mitigate any harm.

Patient Rights Regarding PHI

Subject to certain exceptions, HIPAA establishes the following patient rights with respect to PHI:

• Right to Receive a Copy of the MolecularDx Notice of Privacy Practices – You have a right to receive a copy of the this HIPAA Notice and MolecularDx’s Notice of Privacy Practices at any time by contacting us at info@molecdx.com, calling us at 814-361-6997 and asking for the Quality Assurance Director, or by sending a written request to: MolecularDx, LLC, Attention Quality Assurance, 620 7^th Street, Windber, PA 15963.  This Notice will also be posted on the MolecularDx internet site at www.molecdx.com.
• Right to Request Limits on Uses and Disclosures of your PHI – You have the right to request that we limit: 1) how we use and disclose your PHI for treatment, payment, and health care operations activities; or 2) our disclosure of PHI to individuals involved in your care or payment for your care.  MolecularDx will consider your request, but is not required to agree to it unless the requested restriction involves a disclosure that is not required by law to a health plan for payment or health care operations purposes and not for treatment, and you have paid for the service in full out of pocket.  If we agree to a restriction on other types of disclosures, we will state the agreed restrictions in writing and will abide by them, except in emergency situations when the disclosure is for purposes of treatment.
• Right to Request Confidential Communications – You have the right to request that MolecularDx communicate with you about your PHI at an alternative address or by an alternative means.  MolecularDx will accommodate reasonable requests.
• Right to See and Receive Copies of Your PHI – You and your personal representative have the right to access PHI consisting of your laboratory test results or reports ordered by your physician.  Within 30 days after our receipt of your request, you will receive a copy of the completed laboratory report from MolecularDx unless an exception applies.  Exceptions include a determination by a licensed health care professional that the access requested is reasonably likely to endanger the life or safety of you or another person, and our inability to provide access to the PHI within 30 days, in which case we may extend the response time for an additional 30 days if we provide you with a written statement of the reasons for the delay and the date by which access will be provided. You have the right to access and receive your PHI in an electronic format if it is readily producible in such a format.  You also have the right to direct MolecularDx to transmit a copy to another person you designate, provided such request is in writing, signed by you, and clearly identifies the designated person and where to send the copy of your PHI. To request a copy of your PHI:
  • Complete the MolecularDx HIPAA Patient Request Form.
  • Contact MolecularDx by email at info@molecdx.com.
• Right to Receive an Accounting of Disclosures – You have a right to receive a list of certain instances in which MolecularDx disclosed your PHI.  This list will not include certain disclosures of PHI, such as (but not limited to) those made based on your written authorization or those made prior to the date on which MolecularDx was required to comply. If you request an accounting of disclosures of PHI that were made for purposes other than treatment, payment, or health care operations, the list will include disclosures made in the past six years, unless you request a shorter period of disclosures.  If you request an accounting of disclosures of PHI that were made for purposes of treatment, payment, or health care operations, the list will include only those disclosures made in the past three years for which an accounting is required by law, unless you request a shorter period of disclosures.
• Right to Correct or Update your PHI – If you believe that your PHI contains a mistake, you may request, in writing, that MolecularDx correct the information.  If your request is denied, we will provide an explanation of the reasoning for our denial.

How to Exercise Your Rights

To exercise any of your rights described in this notice, you must send a written request to: MolecularDx, LLC, Attention Quality Assurance,  620 7^th Street, Windber, PA 15963.  Except, patients may update insurance and/or billing information through our website or by contacting the Patient Billing Department using the phone number indicated on the billing invoice.

How to Contact Us or File a Complaint

If you have questions or comments regarding this Notice, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact:  info@molecdx.com, call us at 814-361-6997 and ask for the Quality Assurance Director, or send a written request to: MolecularDx, LLC, Attention Quality Assurance 620 7th Street, Windber, PA 15963.  You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services.  MolecularDx will not take retaliatory action against you for filing a complaint about our privacy practices.

Changes to the MolecularDx HIPAA Notice

MolecularDx reserves the right to make changes to this Notice and to our privacy policies from time to time.  Changes adopted will apply to any PHI we maintain about you.  MolecularDx is required to abide by the terms of our notices currently in effect.  When changes are made, we will promptly update this Notice and post the information on the MolecularDx website at www.molecdx.com Please review this site periodically to ensure that you are aware of any such updates.