BioReference API MarketPlace and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof) are owned by BioReference, its licensors, or other providers of such material and are protected by certain United States and international copyright, trademark, trade secret, and other intellectual property or proprietary rights laws. BioReference owns all right, title and interest, including without limitation, all intellectual property rights and other rights in and to its software applications (including but not limited to the BioReference API MarketPlace), any intellectual property rights used in connection with the software applications, and other proprietary technology, including any data structures therein, accompanying documentation, and any updates or revisions to the foregoing. All rights not specifically conveyed are retained by BioReference.
You agree that you will not use BioReference’s trademarks, service marks, or trade dress or any similar names, marks, or trade dress without prior express, written permission from BioReference. This prohibition on using BioReference’s trademarks includes, but is not limited to, use in domain names, on websites or social media accounts, or as the names or titles of software applications or software features or functions.
Subject to the rights granted by you to BioReference and limitations herein, you reserve and retain sole and exclusive ownership of all right, title, and interest in, to, and under (a) your extensions and applications, and (b) all modifications, corrections, repairs, translations, enhancements, and other derivative works and improvements of your extensions and applications, including all intellectual property rights arising therefrom or relating thereto (collectively, (a) and (b) are “Your Products”), to the extent Your Products do not infringe any of BioReference’s intellectual property rights. You are solely responsible for all costs incurred by you in the creation and maintenance of Your Products.
If you are accessing the BioReference API MarketPlace on behalf of a company, entity, or organization (collectively “entity”), then you represent and warrant that you: (a) are an authorized representative of that entity with the authority to bind such entity to the BioReference Terms; (b) have read and understand the BioReference Terms; and (c) agree to these BioReference Terms on behalf of such entity. All references to “you” in these BioReference Terms shall also refer to that entity.
To access the BioReference API MarketPlace, you will be required to register. After an approved registration, you will be issued certain credentials, which may be required to access the BioReference APIs. You may not make credentials available to others including by embedding them in open source projects and only you may access the BioReference API MarketPlace with the credentials provided to you. You will not misrepresent or mask your identity or your credentials when accessing or using the BioReference API MarketPlace. If you choose, or are provided with, a user name, password, or any other data related to our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of the security of your account. You also agree to ensure that you will exit from your account at the end of each session. You should avoid or use particular caution when accessing your account from a public or shared computer as connections such as this may not be secure and could expose your password or other personal information to unauthorized hands.
BioReference reserves the right to disable any user name, password, or other identifier, whether chosen by you or provided by us, at any time if, in BioReference’s opinion, you have violated any provision of BioReference Terms or caused a security breach.
Furthermore, BioReference reserve the right to revoke your access to the BioReference API MarketPlace without prior notice if we determine your use violates the BioReference Terms or is otherwise objectionable as determined in BioReference’s sole discretion.
All access, implementation and use of the BioReference API MarketPlace must be in compliance with all applicable federal and state law, rules, regulation, third party rights (including, without limitation, laws regarding the import or export of data or software, privacy and security) as well as BioReference Terms. You will only use the BioReference API MarketPlace in connection with legally permissible activities and as described in the BioReference Terms.
Upon request, you will be required to promptly certify certain aspects of your compliance with BioReference Terms, by the way of illustration: (1) certifying your compliance with the above paragraph, and your security, privacy and data use practices, policies and procedures, (2) sharing the details of your privacy and security incident response plans and mitigation actions, and (3) providing certification which must be signed by an authorized officer of your entity.
You agree that upon discovery of any privacy or security incidents potentially involving data of BioReference users, you will immediately notify BioReference.
BioReference sets and enforces limitations on the use of BioReference APIs. You agree that you will not circumvent, or attempt to circumvent, such limitations as they apply to each BioReference API or as otherwise set forth in the BioReference Terms, except as approved in advance in writing by BioReference. BioReference may limit the number or nature of network calls that you or your application may make. BioReference may change such usage limits at any time with or without prior notice and may use any means to enforce its usage limitations or prevent overuse of the BioReference APIs.
BioReference reserves the right to inspect, monitor and audit any records or activity related to your use of the BioReference API MarketPlace, to improve the BioReference API MarketPlace, identify potential security issues, or ensure compliance with the BioReference Terms. You will timely cooperate with BioReference’s audit requests by providing BioReference access to relevant knowledgeable personnel, physical premises, documentation, infrastructure, and application software.
BioReference reserves the right to determine whether or not your use of the BioReference API MarketPlace is acceptable, including the manner in which the BioReference APIs are integrated into Your Products or services. BioReference may collect and use your BioReference API MarketPlace usage data and information related to your use of the BioReference API MarketPlace for internal operations such as performance improvement and quality assurance purposes.
BioReference’s review, testing, or approval of your use of the BioReference API MarketPlace for Your Products or services does not constitute any representation or acknowledgement by BioReference that Your Products or services and/or any content therein comply with the BioReference Terms, any laws, rules, or regulations, nor does it constitute any acceptance by BioReference of any responsibility or liability in connection with Your Products or services, or any content therein.
If you do not comply with the BioReference Terms, or fail to timely evidence such compliance or if BioReference believes that you have attempted to exceed or circumvent any of the prohibited uses, requirements or limitations described in the Terms, your ability to use the BioReference API MarketPlace may be temporarily or permanently blocked or revoked.
Unless permitted by applicable law or any Supplemental Agreement(s) between you and BioReference, you shall not, and shall not direct, encourage, or assist any other individual or entity to: (a) license, sublicense, sell, resell, transfer, assign, distribute or otherwise provide or make available to any other individual or entity the BioReference API MarketPlace; (b) modify or make derivative works based upon the BioReference API MarketPlace; (c) improperly use the BioReference API MarketPlace, including, without limitation, (1) creating Internet “links” to any part of the BioReference API MarketPlace, “framing” or “mirroring” any part of the BioReference API MarketPlace on any other websites or systems, or “scraping” or otherwise improperly obtaining data from the BioReference APIs MarketPlace, (2) transmitting any viruses or other code that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system or data; (d) reverse engineer, decompile, modify, or disassemble the BioReference API MarketPlace; (e) send spam or otherwise duplicative or unsolicited messages with the BioReference APIs; or (f) use the BioReference APIs MarketPlace to (1) display any offensive content or any content for which you do not have the right to share with BioReference or to display or (2) distribute unsolicited advertising or promotions, or (3) engage in fraudulent or unauthorized activity including phishing, pharming, spidering, harvesting or other similar activities.
In addition, you shall not, and shall not direct, encourage, or assist any other individual or entity to, access or use the BioReference API MarketPlace to: (a) design or develop a competitive or substantially similar product or service; (b) copy or extract any features or functionality thereof; (c) launch or cause to be launched on or in connection with the BioReference API MarketPlace a malicious automated program or script, including web spiders, crawlers, robots, indexers, bots, viruses or worms, or any program intended to overburden or hinder the operation and/or performance of the BioReference API MarketPlace; (d) attempt to gain unauthorized access to the BioReference API MarketPlace or its related systems or networks; (e) include any underlying BioReference platform or product with competitors in any aggregated view, i.e. webpage, app, software, etc.; (f) aggregate BioReference’s data with competitors’ data; or (g) parse or scrape any of BioReference’s data; in each case other than as explicitly permitted by BioReference in writing. You shall not share with another individual or entity, or enable another individual or entity to use any operational, technical or other data obtained through the use of the BioReference API MarketPlace in any manner that is competitive to BioReference, including, without limitation, in connection with any application, website or other product or service that also includes, features, endorses, or otherwise supports in any way another individual or entity that provides services competitive to BioReference’s products and services.
BioReference will use commercially reasonable efforts to make the BioReference API MarketPlace available with an Uptime Percentage of at least 99.0%, during an annual cycle.
You are solely responsible for selecting all content made available through and contained in Your Products and for ensuring that such content complies with the BioReference Terms and any other requirements applicable to such content. You are fully responsible for any information you provide to BioReference via the BioReference APIs MarketPlace.
The BioReference API MarketPlace may contain content owned by a third party. This content is the sole responsibility of the third party that makes it available. Additionally, content accessible through BioReference APIs and BioReference products may be subject to the intellectual property rights of third parties.
If you suggest new features or functionality for the BioReference API MarketPlace that BioReference, in its sole discretion, adopts for API Market Place, such new features or functionality will be the sole and exclusive property of BioReference.
The documentation for the BioReference API MarketPlace include guidelines for providing attribution to BioReference. You agree to provide any attribution in accordance with the guidelines of these BioReference Term, which may be updated from time to time. You may use these resources but you shall not make any changes or modifications to them.
Except for third party content described herein, “BioReference Data” includes all data received from BioReference through BioReference API MarketPlace. Where such data includes non-public content relating to a user, such content shall not be re-disclosed BioReference Data to other users or third parties without prior written consent from that user.
You may be given access to information that is confidential to BioReference, which may include your credentials as well as any materials, communications or other information that is marked confidential or that would reasonably be considered confidential under the circumstances. You agree to use BioReference confidential information only for the purpose of using the BioReference API MarketPlace in accordance with the BioReferenceTerms, and, unless compelled by a court of applicable jurisdiction (and you gave BioReference prior written notice and a reasonable chance to defend its interests prior to such court compelled disclosure), you agree to not disclose any BioReference confidential information to any third party without BioReference’s prior written consent.
BioReference confidential information does not include information that you, as can be shown by written evidence, independently developed, or that was rightfully given to you by a third party without any confidentiality obligation, or that becomes public through no fault of your own or any party under your control.
You agree to implement and maintain appropriate administrative, physical, and technical safeguards and measures to protect BioReference Data and BioReference confidential information against unauthorized or unlawful processing and against unauthorized loss, destruction, damage, alteration, or disclosure in the same manner that you would protect your own confidential and proprietary information but in no event using less than a reasonable degree of care, and in compliance with applicable federal and state privacy and data security laws and regulations.
You further represent and warrant that (a) you have the right to distribute, or otherwise make available Your Products to your end users, (b) such products comply with all applicable local, state, federal and international laws and regulations as well as applicable terms of service and privacy notices and (c) Your Products do not and will not infringe the rights of any third party.
You agree to indemnify and hold BioReference and its parent company, officers, directors, employees, affiliates and agents harmless from and against any and all claims, demands, losses, liabilities, and expenses (including legal fees), arising out of or in connection with: (a) your use of the BioReference API MarketPlace or information obtained through your use of the BioReference API MarketPlace; (b) your breach or violation of the BioReferenceTerms or (c) your violation of the rights of any third party, including with respect to any third party content
BioReference may provide documentation, functional and technical design documents, and other documents that may be relevant in using BioReference API MarketPlace. Although BioReference has no obligation to provide support, or training for set-up or use of BioReference API MarketPlace, BioReference reserve the right, in its sole discretion, to provide commercially reasonable maintenance and support associated with the use of BioReference API MarketPlace.
BioReference in its sole discretion may modify, update or discontinue the BioReference API MarketPlace. BioReference may also impose additional limits on certain features and services or restrict your access to parts or all of the BioReference API MarketPlace without prior notice or liability.
Your privacy is important to us.
1. Information we collect:
Two types of information are collected from our website:
We will not disclose, sell or rent your name or any personal information about you to any third party. We use the aggregate information we collect to measure the number of visitors to the different pages and sections of our site, and to help us make our site more useful to visitors. The aggregate information we collect is not linked to personal information, and we do not report on individual user sessions.
2. How we use your information:
We use "cookies" to personalize our site for you and to collect aggregate information about site usage by our users. A cookie is a text file that our website transfers to your computer's hard drive for record keeping purposes. The cookie assigns a random, unique number to your computer. It does not contain information that would personally identify you.
4. Disclosures of Information to Third Parties:
BRLI web-sites contain links to other Internet web sites, which may direct you to an external web site or may be displayed within a frame on the BRLI owned site, including co-branded or other affiliated sites which may or may not be owned or operated by BRLI. Links to the BRLI web-site may also be featured on independent third-party web sites. BRLI has no control, and is not responsible for the privacy practices, functionality, utilization, or accessibility of other web sites that may host links to the BRLI web-site, or that you may visit through links or frames on the BRLI owned Site, including such sites' use of any information (such as IP number, browser type, or usage history) collected when visitors to the BRLI site click through links. We recommend that you review individual site privacy policies before providing any information on such web sites.
5. Other Information we collect and how we use it:
We may gather and store aggregate information about visitors. The collection of this aggregate information enables us to measure the number of visitors to various portions of the site, diagnose problems with our server, administer the site and track visitor activity.
We will use this aggregate information to learn more about what you and our customers are expecting from our services, and tailor and improve the site. Because aggregate information collected on the site does not personally identify you, we may use aggregate information for any purpose, and share aggregate information with third parties for any purpose. Below are ways we may collect this aggregate information:
We use Google Analytics as a third party tracking service, to collect information about how our website performs and how our users, navigate through and use our website. This helps us evaluate our users' use of our website; compile statistical reports on activity; and improve our content and website performance.
Google Analytics gathers non-personally identifying information such as your IP address, browser type, internet service provider, referring and exit pages, time stamp, and similar data about your use of our website. We do not allow third parties to, use the Google Analytics tool to track our users individually; collect any user personal Information other than IP address; or correlate your IP address with your identity. Google provides further information about its own privacy practices and offers a browser add-on to opt out of Google Analytics tracking https://tools.google.com/dlpage/gaoptout.
BioReference Laboratories, Inc.
481 Edward H. Ross Drive
Elmwood Park, NJ 07407
(800) 229-5227 x 8222
Effective Date: September 23, 2013
Revision Date: March 12, 2021
Our Commitment to Safeguard Your Protected Health Information.
BioReference Laboratories, Inc. and its affiliates, subsidiaries and divisions, including but not limited to, GeneDx, Inc., Florida Clinical Laboratory, Inc., and GenPath (collectively “BRLI”) are committed to complying with and addressing data privacy requirements under all applicable laws, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA). This notice of privacy practices (NOPP) explains how we handle your protected health information (PHI) in connection with the provision of clinical laboratory testing services.
BRLI is required by law to protect the privacy of health information that may reveal your identity and provide you with a copy of this NOPP, and to follow its terms then in effect. However, BRLI reserves the right to change its privacy practices and the corresponding policies and procedures and, where permitted by applicable law, to make these changes effective regarding PHI created or received prior to the effective date of such changes. Should we make changes to this NOPP, we will post a revised NOPP in our website and in our patient service centers. BRLI may also need to materially change its policies and procedures as necessary to comply with changes in the law and for other valid reasons, in which case BRLI will promptly revise its policies and this NOPP and distribute the revised NOPP in the manner described below.
You have the right to obtain a paper copy of the NOPP upon request. A copy of BRLI’s current NOPP will always be available in the reception area of our patient service centers. You will also be able to obtain your own copy by accessing our website at http://www.bioreference.com/privacy calling our office or at the time of your on-site visit.
If you have any questions about this NOPP or would like additional information, please contact our Privacy Office at 800- 229-5227 Ext 8222.
Please address any written request (such as requests for a copy of this NOPP, access to your record, to restrict a disclosure to a payer, etc.) to:
BioReference Laboratories, Inc.
481 Edward H. Ross Drive
Elmwood Park, NJ, 07407
Fax: (201) 663-6585
Information that we have provided or will provide testing services to you or information about your health, such as a diagnosis, procedures, or information about your healthcare provider in combination with your demographic information (such as name, home or email address, or date of birth); or unique numbers that may identify you (such as your social security number, your phone number, or your driver’s license number).
We may collect, use, disclose, and maintain your PHI for the following purposes:
For Treatment, Benefits and Services: As a service provider, we may disclose your PHI to doctors, nurses, and other health care providers who are involved in your health care, and they may use such PHI to treat you, While providing services, we may use your PHI to determine care management options. For example, your PHI will be shared among your doctor(s) and healthcare providers. Your doctor may also share your health information with another doctor or healthcare provider to whom you have been referred for further treatment.
We may also make your PHI available to providers by making it accessible through a Health Information Exchange (HIE), an electronic network that makes it possible to share information electronically, but no one will be permitted to access it through the HIE without your consent except in an emergency, unless you direct us not to allow access during an emergency. Be aware that if your physician allows us to transfer your laboratory and pathology reports to his or her electronic health record (EHR) in his or her office, once they have been transferred, anyone taking care of you at that office may be able to access your laboratory and pathology results directly.
For Payment: We may use and disclose your PHI to bill and collect payment for your healthcare and/or release portions of your PHI to a private insurer to get paid for services that we delivered to you. For example, we may share your PHI with your health insurance plan so it will pay for your services or to obtain prior authorization for your services.
For Health Care Operations: We may use and disclose your PHI while operating our clinical laboratory. For example, we may use your PHI for certain administrative, financial, legal, and quality improvement purposes, such as to conduct quality assessments, internal audits, general administrative and business planning activities and other activities necessary to support our healthcare operations. We may share your health information with other health care providers and payors for certain of their health care operations if the information is related to a relationship the healthcare provider or payor currently has or previously had with you, and if the healthcare provider or payor is required by federal law to protect the privacy of your health information.
Testing Alternatives and Services: In the course of providing services to you, we may use your health information to contact you with a reminder that you have an appointment for services. We may also use your health information in order to recommend possible alternatives or services that may be of interest to you. However, to the extent a third party provides financial remuneration to us so that we make these treatment-related or health care operations-related communications to you, we will secure your authorization in advance as we would with any other marketing communication (as described later in this NOPP).
Business Associates: We may disclose the minimum amount of your PHI necessary to contractors, agents and other business associates who need the information to help us with billing or other business activities related to the services we provide. For example, we may share PHI with a billing company that helps us obtain payment from your health insurer, an attorney or with a quality assurance consultant to obtain their advice regarding our operations and comply with the law. If we do disclose your PHI to a business associate, we will have a written contract with them that requires the business associate and any of its subcontractors to take reasonable steps to protect the privacy of your PHI as required by law and/or contract.
When Required by Law: We may collect, use, maintain, or disclose your PHI as required by law. For instance, under the United States’ Clinical Laboratory Improvement Amendments of 1988 (CLIA), we are required to obtain and maintain for designated periods of time personal health data and specimens belonging to patients for whom we are providing laboratory testing services. Therefore, while you may refuse to provide BRLI with your PHI, we are unable to test any specimen of yours without the certain data elements which we are required to obtain under CLIA. Please note that the CLIA-mandated retention periods can range from two (2) years for test requisitions and authorizations to ten (10) years for pathology test reports and histopathology slides. For more information on the specific CLIA-mandated retention periods please check 42 C.F.R. § 493.1105, as amended from time to time. In addition, we maintain patient information in connection with pending litigation, legal processes, legal claims, compliance, regulatory matters, and investigations, as necessary.
For Public Health Activities: We may disclose PHI when we are required to collect information about disease or injury, or to report vital statistics to the public health authority. We are also required to release some PHI about you to your employer if your employer hires us to perform a pre-employment test or we discover that you have a disease that your employer must know about to comply with employment laws.
For Research Purposes: In certain circumstances, pursuant to the approval and supervision of a privacy board, we may use and disclose your PHI to our research staff and their designees to assist in medical research.
Victims of Abuse, Neglect, or Domestic Violence: We may release your PHI to a public health authority that is authorized to receive reports of abuse, neglect, or domestic violence. For example, we may report your PHI to government officials if we reasonably believe that you have been a victim of such abuse, neglect, or domestic violence. We will make every effort to obtain your permission before releasing this information, but in some cases, we may be required or authorized by law to act without your permission.
Judicial and Administrative Proceedings: We may disclose your PHI in response to valid court orders, court-ordered warrants, and judicial summonses and subpoenas, grand jury subpoenas, and administrative requests. We may also disclose your PHI in response to a discovery requests or other legal process and legal requests, but only if efforts have been made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.
For Health Oversight Activities: We may disclose PHI to an agency responsible for monitoring the health care system for such purposes as reporting or investigation of unusual incidents and inspecting our facility. These government agencies monitor government benefit programs such as Medicare and Medicaid, as well as compliance with government regulatory programs and civil rights laws.
To Avert Threat to Health or Safety: To avoid a serious threat to health or safety, we may disclose PHI as necessary to law enforcement or other persons who can reasonably prevent or lessen the threat of harm.
For Specific Government Functions: We may disclose PHI of U.S. military personnel and veterans and to correctional facilities in certain situations, to government benefit programs relating to eligibility and enrollment, and for national security and intelligence activities, such as protection of the President.
For Law Enforcement: We may disclose your PHI to comply with court orders, to assist law enforcement officers with identifying or locating a suspect, fugitive, witness, or missing person; if we suspect that death resulted from criminal conduct; or if necessary to report a crime that occurred in any of our facilities;
Workers’ Compensation: We may disclose your PHI for workers’ compensation or similar programs that provide benefits for work-related injuries, as authorized by and to the extent necessary to comply with laws regarding workers’ compensation or similar programs providing benefits for work-related injuries or illness.
Coroners, Medical Examiners and Funeral Directors: Where allowed by applicable law, we may disclose PHI relating to an individual's death to coroners, medical examiners, or funeral directors, and to organ procurement organizations relating to organ, eye, or tissue donations or transplants. Note: Information belonging to patients who are deceased more than 50 years is not considered PHI.
To Family, Friends, or Others Involved in Your Care: If you do not object, we may share your PHI with your family members, friends, and others if this information is directly related to their involvement in your care, or payment for your care. In some cases, we may need to share your information with a disaster relief organization that will help us notify these persons.
Completely De-identified or Partially De-identified Information: We may use and disclose your health information if we have removed any information that could identify you. Where permitted by applicable law, we may also use and disclose health information about you for research, public health, and specific healthcare operations if most of your identifiers are removed and the person who will receive the information signs an agreement to protect the privacy of the information as required by federal and applicable state law. In that case any direct identifiers (such as your name, street address, social security number, phone number, fax number, home address, or license number) would be removed, but your zip code, date of birth, or dates of service would not be removed.
For Internal Assessments and Healthcare Operations Communications: We may use your PHI to help us understand which products, services and offers are relevant to you, to improve our products and services, and generally to communicate news or matters involving quality of care that may be relevant to you. Keep in mind that this use is solely for internal purposes and that we will not sell any of your PHI to any third party. If you do not wish to receive these communications, you can inform us of your decision by providing notice to the Privacy Office at the address set forth in this NOPP and we will not engage in such activity.
Other Permitted Disclosures: We will use your PHI, only for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your PHI for another purpose, we will explain the legal basis we rely on. Our legal basis to use, and disclose PHI includes (i) your consent (which may subsequently be withdrawn at any time by contacting the Privacy Office at the address listed in this NOPP), (ii) legitimate business needs, which include but are not limited to ensuring that we provide accurate results and that we have the right information on file to communicate with you at any time, obtaining payment for our services, and ensuring that we comply with our quality assurance policies, (iii) creation or performance of contractual obligations (e.g. communicating laboratory results to you or your provider), and (iv) compliance with legal requirements (e.g. complying with a court order or a legal mandate).
Requirement for Written Authorization: We will only make other uses and disclosures of your PHI that are not described in this NOPP, and not otherwise required or allowed by law, with your written authorization. For example, we will not sell your PHI or use or disclose your PHI for marketing purposes without your written authorization.
If you provide us with written authorization, you may revoke that written authorization at any time, except to the extent that we have already collected, maintained, used, or disclosed the same in accordance with the provisions set forth above. You must revoke your authorization in writing by contacting the Privacy Office at the address listed in this NOPP.
Additional Protections for HIV, Alcohol and Substance Use, Mental Health, and Genetic Information: We apply additional protections to PHI that is subject to other state and federal laws, including information and programs relating to HIV/AIDS, alcohol and substance use, mental health, and genetic testing and treatment. Special privacy protections applying to PHI relating to alcohol and substance use, mental health information, and genetic information and HIV/AIDS -related information. Subject to limited federal and state legal requirements and the above uses and disclosures, we will obtain your permission prior to disclosing HIV/AIDS-related information, alcohol and substance use, mental health, and genetic related information.
Right To Notice of Breach of Unsecured Health Information: We are required by law to maintain the privacy of your PHI, to provide you with this NOPP containing our legal duties and privacy practices with respect to your health information, and to abide by the terms of this NOPP. It is our policy to safeguard your health information so as to protect the information from those who should not have access to it. If, however, for some reason we experience a breach of your unsecured protected health information, we will notify you of the breach as required by applicable law.
The privacy practices described in this NOPP apply to BioReference Laboratories, Inc. and all of its subsidiaries, divisions, including but not limited to, GeneDx, Inc., Florida Clinical Laboratory, Inc., and GenPath.
We maintain reasonable security measures to safeguard your PHI from loss, interference, misuse, unauthorized access, disclosure, alteration, or destruction. We also maintain reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current.
To Request Restrictions on Uses/Disclosures: You have the right to ask that we limit how we use or disclose your PHI. We will consider your request but are not legally bound to agree to the restriction. To this effect, you will need to contact our Privacy Office at the address listed in this NOPP and provide us with your written instructions, which we will keep on file. To the extent that we do agree to any restrictions on our use/disclosure of your PHI, we will put the agreement in writing and abide by it to the extent permitted by law or the information is needed to provide you with emergency treatment. Once we have agreed to a restriction, you have the right to revoke the restriction at any time. Under some circumstances, we will also have the right to revoke the restriction as long as we notify you before doing so; in other cases, we will need your permission before we can revoke the restriction. We are required, however, to honor your written request if you direct us not to share specific PHI with your insurance company relating to a service you or someone on your behalf has paid for out-of-pocket and in full. It is your responsibility to inform other providers who may receive copies of such information that they may not share this information with your insurer.
To Choose How We Contact You: You have the right to ask that we send you information at an alternative address or by an alternative means. We must agree to your request as long as it is reasonably easy for us to do so and we may not ask the reason for the request.
To Inspect and Copy Your PHI: You have the right to inspect and obtain a copy of any of your PHI in either electronic or paper form for as long as we maintain this information in our records. We will provide the records in the specific form and format that you request if it is readily producible in such form or format. To obtain a copy of your PHI, please submit your request in writing. Depending upon where you live, we may charge a fee as permitted by law for the costs of copying, mailing or other supplies necessary to fulfill your request. We generally require payment before or at the time we provide the copies and will let you know the amount due in advance.
Under certain very limited circumstances, we may deny your request to inspect or obtain a copy of your information. If we do, we will provide a written statement that explains the reasons for the denial and a description of your right to have that decision reviewed. In such cases where you have the right to have your denial reviewed, we will describe the review process to you in writing. If your request for access to your PHI is denied for any reason, we will describe to you in writing how you can file a complaint with BRLI or with the Secretary of the United States Department of Health and Human Services’ Office of Civil Rights (OCR).
To Request Amendment of Your PHI: If you believe that the PHI in our system is incorrect or incomplete, you may ask us to amend the information for as long as the information is kept in our records. If you wish to amend your PHI, please request an amendment in writing including why you think we should make the amendment. Ordinarily we will respond to your request within 60 days. If we need additional time to respond, we will notify you in writing within 60 days to explain the reason for the delay and when you can expect to have a final answer to your request. If we deny part or all of your request, we will provide you with a written notice explaining our reasons for doing so and how you can appeal the decision. You will have the right to have certain information related to your requested amendment included in your records. For example, if you disagree with our decision, you will have an opportunity to submit a statement explaining your disagreement which we will include in your records. We will also provide you with information on how to file a complaint with us or with the Secretary of the Department of Health and Human Services.
To Receive an Accounting of Disclosures: You have a right to submit a request in writing asking for information about our disclosures of your PHI, except for disclosures made:
The scope of your right to request an accounting may be modified from time to time to comply with changes in federal law or state law.
Ordinarily we will respond to your request for an accounting within 60 days. If we need additional time to prepare the accounting you have requested, we will notify you in writing about the reason for the delay and the date when you can expect to receive the accounting. In rare cases, we may have to delay providing you with the accounting without notifying you because a law enforcement official or government agency has asked us to do so.
If you believe your privacy rights have been violated, you may file a complaint with BRLI or the federal agency that enforces HIPAA by submitting your complaint as described below:
HIPAA Privacy Office
BioReference Laboratories, Inc.
481 Edward H. Ross Dr.
Elmwood Park, N. J. 07407
T: 800 229-5227 Ext. 8222
Office of Civil Rights
U.S. Department of Health and Human Services 200 Independence Avenue, S.W.
Washington, D.C. 20201
Telephone: (800) 368-1019 www.hhs.gov/ocr/hipaa
You will not be penalized or subject to retaliation for filing a complaint.
BioReference Laboratories, Inc. complies with all applicable federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability or sex, and does not exclude people or treat them differently because of race, color, national origin, age, disability, or sex. We provide free aids and services to people with disabilities to communicate effectively with us, such as:
Provides free language services to people whose primary language is not English, such as:
We have interpreters available at no cost 24/7, in compliance with federal and state laws, to assist patients, their family members, and other legally authorized persons. For assistance, please contact our Customer Service Department at 1-800-229-5227.