The United States Department of Health and Human Services (“HHS”) has promulgated regulations pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) designed to protect the confidentiality and integrity of Protected Health Information (PHI). PHI is defined by HIPAA as individually identifiable health information that is: Transmitted by electronic media; Maintained in any medium; or Transmitted or maintained in any other form or medium.
MPLN is a clinical reference laboratory performing specialized molecular diagnostic testing services for clients throughout the United States and internationally. Clients include, but are not limited to, physicians, hospitals and other laboratories. The ordering of tests and reporting of test results are communications permitted under HIPAA for purposes of treatment, payment and healthcare operations. Although classified as an “indirect health care provider,” MPLN is considered a “covered entity” for purposes of compliance with the HIPAA section on Standards for Privacy of Individually Identifiable Health Information (Privacy Rule).
PHI at MPLN includes personal and medical information (i.e. patient name, address, date of birth, test ordered, etc.) that we obtain from physicians, health plans or other sources. PHI also includes the laboratory testing results we generate. MPLN is committed to protecting the confidentiality of every individual’s laboratory test results and other patient PHI. To ensure protection of PHI, MPLN has implemented policies and procedures: to comply with federal, state and local laws and regulations regarding the use and disclosure of such PHI; to protect confidentiality and integrity of PHI we collect, create or exchange as part of our diagnostic testing services; and to prevent inappropriate access to or disclosure of such information.
PHI will be used or disclosed for treatment, payment, or healthcare operation purposes and for other purposes permitted or required by law. While we cannot list every possible use or disclosure, most of the ways we use or disclose PHI will fall into one of the categories listed below. If we want to use or disclose PHI for purposes that do not fall into these categories, we must first obtain written authorization. According to law, MPLN does not need authorization or permission to use or disclose a patient’s PHI for the following purposes:
Treatment: As a healthcare provider that provides laboratory testing for patients and requested by physicians, MPLN uses PHI as part of our testing processes, and MPLN discloses PHI to physicians and other authorized health care professionals who need access to the laboratory results to treat the patient. In addition to the treating physician, we may provide a consulting specialist physician with information about a patient’s results to further validate the results before release to the ordering physician. We may also disclose a patient’s PHI to another testing laboratory if we are unable to perform the testing ourselves, and need to refer the specimen to that laboratory to perform the requested testing.
Payment: Our billing department will use and disclose PHI to certain insurance companies, hospitals, physicians, and health plans for payment purposes, or to third parties to assist us in creating bills, claim forms, or getting paid for our services. For example, we may send a patient’s name, date of service, test performed, diagnosis code, and other information to a health plan so that the plan will pay us for the services we provided. In some cases, we may have to contact the patient to obtain billing information or for other billing purposes. When required, we may use an outside collection agency to obtain payment.
Health Care Operations: We may use or disclose PHI in the course of activities required to support our health care operations, such as performing quality checks on our testing, or for developing normal reference ranges for tests that we perform. This information will be used in an effort to continually improve the quality and effectiveness of the healthcare services we provide. We may also disclose health information to other healthcare providers or payers for their health care operations, but only if they already have a relationship with the patient and the purpose is for quality assurance activities, peer review activities, detecting fraud, or for other limited purposes.
Disclosures to Business Associates: MPLN may disclose a patient’s PHI to other companies or individuals who, on behalf of MPLN, need PHI to provide specific services to us. These other entities, known as "business associates," generally must comply with the terms of a contract designed to ensure that they will maintain the privacy and security of PHI in the same manner that we do (i.e., for designated treatment, payment, or health care operations purposes that they perform for us). For example, PHI may be disclosed to couriers we use to transport specimens to us, or to private accrediting organizations that inspect and certify the quality of our laboratories. Other Ways PHI May Be Used or Disclosed: When required by law: to comply with federal or state laws, the orders of a court, or the orders of a governmental agency. Public health: to public health authorities for preventing or controlling disease, or reporting vital information (for example, reporting certain sexually transmitted diseases).
Health oversight activities: to a health oversight agency for oversight activities authorized by law (for example as part of our regular inspection of our laboratory by state regulators ensuring compliance with state laws). Judicial and administrative proceedings: to courts, parties to a lawsuit, or government agencies as may be required during the course of a judicial or administrative proceeding (for example in response to a subpoena).
Law enforcement: to law enforcement officials relating to crimes and other law enforcement purposes.
Research: to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
Threats to health or safety: to others, consistent with law, to prevent a serious threat to personal health or safety (for example, in the course of an investigation of a physician's license).
Specialized government functions: to military command authorities, veterans' administration, and national security and intelligence officials for activities deemed necessary to carry out their respective missions, or to law enforcement officials having custody of an inmate. Workers compensation: to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or similar programs established by law.
Right to request your protected health information: You have the right to access your protected health information (laboratory testing). You must make the request for such protected health information in writing or by calling Client Services at (800)600-1274. The results will be sent within 30 days after we receive the authorization and processing fee. If the results cannot be produced within the 30 days, you will be notified by mail.
MPLN’s information technology system, MPLNet™, uses modern encryption, authorization/authentication technology to guard against unauthorized access to private health information across the MPLN internal network as well as open networks such as the Internet (http://www.mplnet.com). As per HIPAA guidelines, MPLN continually monitors external communications and maintains strict security standards for both hardware and software to protect private health information.
Molecular Pathology Laboratory Network, Inc.
250 East Broadway Avenue
Maryville, TN 37804