HIPAA Policy

Effective Date: April 20th, 2024

NOTICE OF HIPAA AND WEBSITE PRIVACY PRACTICE
The DNA Company
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.

OUR PLEDGE REGARDING YOUR HEALTH INFORMATION

The DNA Company is committed to protecting medical, mental health and personal information about you (“Health Information”). We are required by law to maintain the privacy of your Health Information, provide you information about our legal duties and privacy practices, inform you of your rights and the ways in which we may use Health Information and disclose it to other entities and persons.

HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU

The following sections describe different ways that we may use and disclose your Health Information. Some information, such as certain drug and alcohol information, HIV information, genetic information and mental health information is entitled to special restrictions related to its use and disclosure. Not every use or disclosure will be listed. All of the ways we are permitted to use and disclose information, however, will fall within one of the following categories. Other uses and disclosures not described in this Notice will be made only if we have your written authorization.

For Treatment. We may use Health Information about you to provide you with medical and mental health treatment or services. We may disclose Health Information about you to doctors, nurses, technicians, students, or other health system personnel who are involved in taking care of you in the health system. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. A doctor treating you for a mental condition may need to know what medications you are currently taking, because the medications may affect what other medications may be prescribed to you. We may also share Health Information about you with other The DNA Company providers. The disclosure of your Health Information to The DNA Company providers may be done electronically through a health information exchange that allows providers involved in your care to access some of your The DNA Company records to coordinate services for you.

For Payment. We may use and disclose Health Information about you so that the treatment and services you receive at The DNA Company or from other entities, such as an ambulance company, may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give information to your health plan about surgery or therapy you received at The DNA Company so your

health plan will pay us or reimburse you for the surgery or therapy. We may also tell your health plan about a proposed treatment to determine whether your plan will pay for the treatment.

For Health Care Operations. We may use and disclose Health Information about you for our business operations. For example, your Health Information may be used to review the quality and safety of our services, or for business planning, management and administrative services. We may contact you about alternative treatment options for you or about other benefits or services we provide. We may also use and disclose your health information to an outside company that performs services for us such as accreditation, legal, computer or auditing services. These outside companies are called “business associates” and are required by law to keep your Health Information confidential. We may also disclose information to doctors, nurses, technicians, medical and other students, and other health system personnel for performance improvement and educational purposes.

Appointment Reminders. We may contact you to remind you that you have an appointment at The DNA Company.

Fundraising Activities. We may contact you to provide information about The DNA Company sponsored activities, including fundraising programs and events. We may use contact information, such as your name, address and phone number, date of birth, physician name, the outcome of your care, department where you received services and the dates you received treatment or services at The DNA Company. You may opt-out of receiving fundraising information for The DNA Company by contacting us clientcare@thednacompany.com.

Individuals Involved in Your Care or Payment for Your Care. We may release medical information to anyone involved in your medical care, e.g., a friend, family member, personal representative, or any individual you identify. We may also give information to someone who helps pay for your care. We may also tell your family or friends about your general condition and that you are in the hospital.

As Required By Law. We will disclose Health Information about you when required to do so by federal or state law.

To Prevent a Serious Threat to Health or Safety. We m a y use and disclose Health Information about you when necessary to prevent or lessen a serious and imminent threat to your health and safety or the health and safety of the public or another person. Any disclosure would be to someone able to help stop or reduce the threat.

Workers’ Compensation. We may use or disclose Health Information about you for Workers’ Compensation or similar programs as authorized or required by law. These programs provide benefits for work-related injuries or illness.

Public Health Disclosures. We may disclose Health Information about you for public health activities such as:

  • preventing or controlling disease (such as cancer and tuberculosis), injury or

disability.

  • reporting vital events such as births and deaths.
  • reporting child abuse or neglect.
  • reporting adverse events or surveillance related to food, medications or defects or problems with products.
  • notifying persons of recalls, repairs or replacements of products they may be using.
  • notifying a person who may have been exposed to a disease or may be at risk of contracting or spreading a disease or condition.

Abuse and Neglect Reporting. We may disclose your Health Information to a government authority that is permitted by law to receive reports of abuse, neglect, or domestic violence.

Health Oversight Activities. We may disclose Health Information to governmental, licensing, auditing, and accrediting agencies as authorized or required by law.

Lawsuits and Other Legal Proceedings. We may disclose Health Information to courts, attorneys and court employees in the course of conservatorship, writs and certain other judicial or administrative proceedings. We may also disclose Health Information about you in response to a court or administrative order, or in response to a subpoena, discovery request, warrant, or other lawful process.

Law Enforcement. If asked to do so by law enforcement, and as authorized or required by law, we may release Health Information:

  • To identify or locate a suspect, fugitive, material witness, certain escapees, or missing person.
  • About a suspected victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement.
  • About a death suspected to be the result of criminal conduct.
  • About criminal conduct at The DNA Company; and
  • In case of a medical emergency, to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.

National Security and Intelligence Activities. As required by law, we may disclose Health Information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities.

Psychotherapy Notes. Psychotherapy notes means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual’s medical record. Psychotherapy notes have additional protections under federal law and most uses or disclosures of psychotherapy require your written authorization.

Marketing or Sale of Health Information. Most uses and disclosures of your Health Information for marketing purposes or any sale of your Health Information would require your written authorization.

OTHER USES AND DISCLOSUERS OF HEALTH INFORMATION

Other uses and disclosures of Health Information not covered by this Notice will be made only with your written authorization. If you authorize us to use or disclose your Health Information, you may revoke that authorization, in writing, at any time. However, the revocation will not be effective for information that we have already used and disclosed in reliance on the authorization.

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION

Your Health Information is the property of The DNA Company. You have the following rights regarding the Health Information we maintain about you:

Right to Inspect and Copy. With certain exceptions, you have the right to inspect and/or receive a copy of your Health Information. If we have the information in electronic format then you have the right to get your Health Information in electronic format if it is possible for us to do so. If not, we will work with you to agree on a way for you to get the information electronically or as a paper copy.

To inspect and/or to receive a copy of your Health Information, you must submit your request in writing to 650 E. Parkridge Ave., Suite 109, Corona, CA 92879. If you request a copy of the information, there is a fee for these services.

We may deny your request to inspect and/or to receive a copy in certain limited circumstances. If you are denied access to Health Information, in most cases, you may have the denial reviewed. Another licensed health care professional chosen by The DNA Company will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

Right to Request an Amendment or Addendum. If you feel that Health Information we have about you is incorrect or incomplete, you may ask us to amend the information or add an addendum (addition to the record). You have the right to request an amendment or addendum for as long as the information is kept by or for The DNA Company.

Amendment. To request an amendment, your request must be made in writing and submitted to The DNA Company, 650 E. Parkridge Ave., Suite 109, Corona, CA 92879. You must be specific about the information that you believe to be incorrect or incomplete and you must provide a reason that support the request.

We may deny your request for an amendment if it is not in writing, we cannot determine from the request the information you are asking to be changed or corrected or your request does not include a reason to support the change or addition. In addition, we may deny your request if you ask us to amend information that:

  • Was not created by The DNA Company
  • Is not part of the Health Information kept by or for The DNA Company;
  • Is not part of the information which you would be permitted to inspect and copy; or
  • The DNA Company believes to be accurate and complete.

Addendum. To submit an addendum, the addendum must be made in writing and submitted to The DNA Company 650 E. Parkridge Ave., Suite 109, Corona, CA 92879. An addendum must not be longer than 250 words per alleged incomplete or incorrect item in your record.

Right to an Accounting of Disclosures. You have the right to receive a list of certain disclosures we have made of your Health Information.

To request this accounting of disclosures, you must submit your request in writing to The DNA Company 650 E. Parkridge Ave., Suite 109, Corona, CA 92879. Your request must state a time period that may not be longer than the six previous years. You are entitled to one accounting within any 12-month period at no cost. If you request a second accounting within that 12-month period, there will be a charge for the cost of compiling the accounting. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to Request Restrictions. You have the right to request a restriction or limitation on the Health Information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the Health Information we disclose about you to someone who is involved in your care or the payment for your care, such as a family member or friend.

To request a restriction, you must make your request in writing to The DNA Company 650 E. Parkridge Ave., Suite 109, Corona, CA 92879. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, only to you and your spouse. We are not required to agree to your request except in the limited circumstance described below. If we do agree, our agreement must be in writing, and we will comply with your request unless the information is needed to provide you emergency care.

We are required to agree to a request not to share your information with your health plan if the following conditions are met:

  1. We are not otherwise required by law to share the information
  2. The information would be shared with your insurance company for payment purposes.
  3. You pay the entire amount due for the health care item or service out of your own pocket or someone else pays the entire amount for you.

Right to Request Confidential Communications. You have the right to request that we communicate with you about your Health Information in a certain way or at a certain location. For example, you may ask that we contact you only at home or only by mail.

To request confidential medical communications, you must make your request in writing to The DNA Company 650 E. Parkridge Ave., Suite 109, Corona, CA 92879.

We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice.

Right to be Notified of a Breach. You have the right to be notified if we or one of our Business Associates discovers a breach of unsecured Health information about you.

Rights regarding ePHI

WHAT RIGHTS YOU HAVE REGARDING YOUR ePHI

These are your rights with respect to your ePHI:

The Right to See and Get Copies of Your ePHI. In general, you have the right to see your ePHI that is in our possession, or to get copies of it; however, you must request it in writing. If we do not have your ePHI, but we know who does, we will advise you how you can get it. You will receive a response from us within 30 days of our receipt of your written request. Under certain circumstances, we may feel we must deny your request, but if we do, we will give you, in writing, the reasons for the denial. We will also explain your right to have our denial reviewed.

If you ask for copies of your ePHI, we will charge you not more than $.25 per page. We may see fit to provide you with a summary or explanation of the ePHI, but only if you agree to it, as well as to the cost, in advance.

The Right to Request Limits on Uses and Disclosures of Your ePHI. You have the right to ask that we limit how we use and disclose your ePHI. While we will consider your request, we are not legally bound to agree. If we do agree, we will put those limits in writing and abide by them except in emergency situations. You do not have the right to limit the uses and disclosures that we are legally required or permitted to make.

The Right to Choose How We Send Your ePHI to You. It is your right to ask that your ePHI be sent to you at an alternate address (for example, sending information to your work address rather than your home address) or by an alternate method (for example, via email instead of by regular mail). We are obliged to agree to your request, provided that we can give you the ePHI in the format you requested without undue inconvenience. We may not require an explanation from you as to the basis of your request as a condition of providing communications on a confidential basis.

 

The Right to Get a List of the Disclosures We Have Made. You are entitled to a list of disclosures of your ePHI that we have made. The list will not include uses or disclosures to which you have already consented, i.e., those for treatment, payment, or health care operations, sent directly to you or to your family; neither will the list include disclosures made for national security purposes or those made to corrections or law enforcement personnel. All disclosure records will be held for six years.

 

We will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list we give you will include disclosures made in the previous six years, unless you indicate a shorter period. The list will include the date of the disclosure, to who ePHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. We will provide the list to you at no cost, unless you make more than one request in the same year, in which case we will charge you a reasonable sum based on a set fee for each additional request.

 

The Right to Amend Your ePHI. If you believe that there is some error in your ePHI, or that important information has been omitted, it is your right to request that we correct the existing information or add the missing information. Your request and the reason for the request must be made in writing. You will receive a response within 60 days of our receipt of your request. We may deny your request, in writing, if we find that the ePHI is:

(a) correct and complete; (b) forbidden to be disclosed; (c) not part of our records; or (d) written by someone other than us. Our denial must be in writing and must state the reasons for the denial. It must also explain your right to file a written statement objecting to the denial. If you do not file a written objection, you still have the right to ask that your request and any denial be attached to any future disclosures of your ePHI. If we approve your request, we will make the change(s) to your ePHI. Additionally, we will tell you that the changes have been made, and we will advise all others who need to know about the change(s) to your ePHI.

The Right to Get This Notice by Email. You have the right to get this notice by email. You also have the right to request a paper copy.

INON- VIOLATION OF THIS NOTICE: We are not in violation of this Notice or the HIPAA Privacy Rule if any of our workforce members or our business associates disclosed ePHI under the following circumstances:

Disclosures by Whistleblowers: If a workforce member or a business associate in good faith believes that we have engaged in conduct that is unlawful or otherwise violates clinical and professional standards or that the services or care provided by our organizations has the potential of endangering one or more users or workforce members or the public and discloses such information to:

 

  1. A Public Health Authority or Health Oversight Authority authorized by law to investigate or otherwise oversee the relevant conduct or conditions, or the suspected violation, or an appropriate health care accreditation organization for the purpose of reporting the allegation of failure to meet professional standards or misconduct.
  2. An attorney on behalf of the workforce member or business associate or hired by the workforce member or business associate for the purpose of determining their legal options regarding the suspected violation.

CHANGES TO The DNA Company’s PRIVACY PRACTICES AND THIS NOTICE

We reserve the right to change DNA Co.’s privacy practices and this Notice. We reserve the right to make the revised or changed Notice effective for Health Information we already have about you as well as any information we receive in the future. We will post a copy of the current Notice throughout DNA CO. In addition, at any time you may request a copy of the current Notice in effect.

QUESTIONS OR COMPLAINTS

If you have any questions about this Notice, please contact HIPPA Compliance 650 E. Parkridge Ave., Suite 109, Corona, CA 92879. – Updated April, 20th, 2024.

HOW TO COMPLAIN ABOUT OUR PRIVACY PRACTICES

If, in your opinion, we may have violated your privacy rights, or if you object to a decision we made about access to your ePHI, you are entitled to file a complaint with the person listed below in VI. You may also send a written complaint to the Secretary of the Department of Health and Human Services at 200 Independence Avenue S.W., Washington, D.C. 20201. If you file a complaint about our privacy practices, we will take no retaliatory action against you.

Select your currency