Notice of Privacy Practices

Virant Diagnostics is required by law to maintain the privacy of health information that identifies you and your Protected Health Information (PHI) following the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and to provide you with notice of our legal duties and privacy practices regarding PHI.

This notice is being made available to inform you how medical information about you may be used, how it may be disclosed, and how you can get access to this information. Virant Diagnostics is required by law to maintain the privacy of health information that identifies you and your Protected Health Information (PHI) following the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and to provide you with notice of our legal duties and privacy practices regarding PHI.  Virant Diagnostics is committed to the protection of your PHI and will make all reasonable efforts to ensure the confidentiality of your PHI, as required by statute and regulation.  We are required to be in total compliance with the terms of the current version of this Notice under HIPAA.

“Protected Health Information” is information that individually identifies you and that the laboratory creates or gets from you or from another healthcare provider, health plan, your employer, or a healthcare clearinghouse and that relates to (1) your past, present, or future physical or mental health or conditions, (2) the provision of health care to you, or (3) the past, present, or future payment for your health care. Some of the uses and disclosures described may be limited or restricted by state laws or other legal requirements, such as the Clinical Laboratory Improvement Amendments of 1988 (CLIA).

All Virant Diagnostics employees, contractors, and partners must follow this notice.

How we may use and disclose your health information:

Typically, we use or disclose your health information in the ways described in this notice, although not every use or disclosure falling within each category is listed below.

Virant Diagnostics may use or disclose PHI, in particular the results of the diagnostic test performed by the lab for clinical management and potential treatment purposes, including disclosure to physicians, nurses, medical students, pharmacies, and other health care professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results.

Virant Diagnostics may use or disclose your PHI so that we can bill and collect payment from you, a health plan, or a third party. For example, we may need to give your health plan information about a laboratory or genetic service provided to you so your health plan will pay us or reimburse you for the service.

Virant Diagnostics may use or disclose PHI to run our practice, improve your care, and contact you when necessary. Examples include the evaluation of our laboratory testing, the accuracy of results, accreditation functions, and other quality management purposes.   Virant Diagnostics may also disclose PHI to other authorized healthcare providers or health plans that are involved in your care for their operational needs.

Virant Diagnostics may use and disclose PHI to contact you as a reminder that you have an appointment with the laboratory and may use and disclose PHI to tell you about health-related services that may be of interest and benefit to you. 

Virant Diagnostics may disclose PHI to a person who is involved and/or authorized in your care, or helps pay for your care, such as a family member or friend. We also may notify your family about your location or general condition or disclose such information to an entity assisting in a disaster relief effort.  As allowed by federal and state law, we may disclose the PHI of minors to their parents or legal guardians.

Virant Diagnostics may disclose PHI to its business associates, and third parties, who perform services on our behalf and who have provided assurances that they will safeguard your PHI.  For example, we may use another company to perform billing services on our behalf.  All of our business associates are required to maintain the privacy and confidentiality of your PHI.

Virant Diagnostics under certain circumstances, may use and disclose your PHI for research purposes.  Limited data or records may be viewed by researchers to identify patients who may qualify for their research project or for other similar purposes, so long as the researchers do not remove or copy any of the PHI.  All research projects, however, are subject to a special approval process before your PHI may be used or disclosed as follows: 1) a special committee (Institutional Review Board – IRB) will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard PHI; 2) if the PHI relates to deceased individuals, the researchers give us assurances that the PHI is necessary for the research and will be used only as part of the research; or 3) the researcher will be provided only with information that does not identify you directly.

As authorized by applicable laws, Virant Diagnostics may use or disclose PHI to inform worker’s compensation carriers or your employer if you are injured at work.

Under certain circumstances, Virant Diagnostics may disclose your PHI in the course of a judicial or administrative proceeding, including in response to a court or administrative order, subpoena, discovery request, or another lawful process.

Virant Diagnostics must disclose your PHI if required to comply with federal, state, or local law.

Virant Diagnostics may disclose PHI for public health activities. These activities generally include 1) disclosures to a public health authority to report, prevent or control disease, injury, or disability; 2) disclosures to report births and deaths, or to report child abuse or neglect; 3) disclosures to a person subject to the jurisdiction of the Food and Drug Administration; 4) disclosures to notify a person who may have been exposed to disease; and 5) disclosures to an employer about an employee to conduct medical surveillance in certain limited circumstances concerning work-place illness or injury.

Virant Diagnostics may disclose PHI about an individual to a government authority if we reasonably believe that an individual is a victim of abuse, neglect, or domestic violence.

Virant Diagnostics may disclose the PHI of an inmate or other individual when requested by a correctional institution or law enforcement official for health, safety, and security purposes.

Virant Diagnostics may disclose PHI if necessary to prevent or lessen a serious and/or imminent threat to health or safety to a person or the public or for law enforcement authorities to identify or apprehend an individual.

In certain situations, Virant Diagnostics may disclose the PHI of military personnel and veterans, including Armed Forces personnel, as required by military command authorities.  Additionally, we may disclose PHI to authorized officials for national security purposes, intelligence, and protective services.

Virant Diagnostics may disclose PHI to a health care oversight agency for activities authorized by law such as audits, civil, administrative, or criminal investigations and proceedings/actions, inspections, licensure/disciplinary actions, or other activities necessary for appropriate oversight of the health care system, government benefit programs, and compliance with regulatory requirements and civil rights laws.

Virant Diagnostics may disclose PHI to a coroner, medical examiner, or funeral director for the purpose of identifying a deceased person, determining the cause of death, or performing some other duty authorized by law.

Virant Diagnostics may disclose PHI to your personal representative, as established under applicable law, or to an administrator, executor, or other authorized individual associated with your estate.

Virant Diagnostics may use and disclose health information that has been “de-identified” by removing certain identifiers making it unlikely that you could be identified. Virant Diagnostics also may disclose limited health information, contained in a “limited data set”.  The limited data set does not contain any information that can directly identify you.  For example, a limited data set may include your city, county, and zip code, but not your name or street address.

For purposes not described above, including uses and disclosures of PHI for marketing purposes and disclosures that would constitute a sale of PHI, Virant Diagnostics will ask for patient authorization before using or disclosing PHI.  If you signed an authorization form, you may revoke it, in writing, at any time, except to the extent that action has been taken in reliance on the authorization.

Virant Diagnostics is required to provide patient notification if it discovers a breach of unsecured PHI unless there is a demonstration, based on a risk assessment, that there is a low probability that the PHI has been compromised.  You will be notified without unreasonable delay and no later than 60 days after the discovery of the breach.  Such notification will include information about what happened and what can be done to mitigate any harm.

Our Responsibilities:

We are required by law to maintain the privacy and security of your health information. We will let you know if a breach occurs that compromises the privacy or security of your health information. We will not use or share your information other than as described in this Notice unless you provide us with your authorization. If a state or Maryland law is applicable and is more restrictive than federal law, we will follow the more restrictive law. For example, in some cases disclosures of your mental health information may be limited unless we obtain your written permission prior to the disclosure.

Patient Rights Regarding PHI:

The law entitles you to the following;

  • Get an electronic or paper copy of your medical record. We will provide a copy or summary of your health information, usually within 30 days of your request. We may charge you a reasonable, cost-based fee for the copies.
  • Ask us to correct your medical record. You can ask us to correct health information about you that you think is incorrect or incomplete. We may say no to your request, but we’ll tell you why in writing within 60 days.
  • Request confidential communications. You can ask us to contact you in a specific way (for example home or office phone) or to send mail to a different address. We will agree to reasonable requests.
  • Ask us to limit what we use or disclose. You can ask us not to use or disclose certain PHI. We are not required to agree to your request, and we may say no if it would affect your care or if we cannot reasonably comply with your request. If we agree to your request, we will comply with your request unless the information is needed to provide you with emergency treatment.
  • Right to Restrict Disclosures of your PHI to your Health Plan. If you pay for a service out of pocket and in full, you may request that we not disclose information about that visit to your insurance plan and we must honor that request. However, if you want us to bill your insurance plan for any subsequent care, we may have to provide the original information to your carrier in order for us to be paid for the subsequent service. We will agree to that limitation unless the law would require us to do otherwise.
  • Right to an Accounting of Disclosures. You have the right to ask for an “accounting of disclosures,” which is a list of the disclosures we made of your PHI. This right applies to disclosures for purposes other than treatment, payment or healthcare operations as described in this Notice. It also excludes disclosures we may have made to you or pursuant to your authorization, for a resident directory, to family members or friends involved in your care, or for notification purposes. You can ask for a list (accounting) of the times we’ve shared your PHI for six years prior to the date you ask. The first accounting you request within a twelve (12) month period will be free. For additional accountings, we may charge you for the costs of providing the list.
  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • Get a copy of this Notice. You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically.
  • Right to Receive Notice of a Breach. You have the right to receive a notification, in the event that there is a breach of your unsecured PHI, which requires notification under the Privacy Rule

How to Contact Us or File a Complaint:

If you have questions or comments regarding the Virant Diagnostics  Notice of Privacy Practices, or have a complaint about our use or disclosure of your PHI or our privacy practices, please contact info@VirantDX.com, call us at (877) 888-2973, or send a written request to: HIPAA Privacy Officer, Virant Diagnostics, 11002 Veirs Mill Road, Suite 404, Wheaton, MD 20902.  You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services.  Virant Diagnostics will not take retaliatory action against you for filing a complaint about our privacy practices. 

U.S. Department of Health and Human Services

Office for Civil Rights

200 Independence Avenue SW, Room 509F, HHH Building

Washington, D.C. 20201

For your regional office, please visit: https://www.hhs.gov/ocr/about-us/contact-us/index.html

Changes to the Virant Diagnostics Notice of Privacy Practices:

Virant Diagnostics reserves the right to make changes to this notice and to our privacy policies from time to time.  Changes adopted will apply to any PHI we maintain about you.  Virant Diagnostics is required to abide by the terms of our notice currently in effect.  When changes are made, we will promptly update this notice and post the information on the Virant Diagnostics website at www.VirantDX.com.  Please review this site periodically to ensure that you are aware of any such updates.

Effective Date of Notice:  March 30, 2023