HIPAA / Privacy Policy

NeuroPointDX Notice of Privacy Practices

This notice details the Privacy Practices of NeuroPointDX in compliance with the Health Insurance Portability and Accountability Act. This notice describes the following:

  1. The Health Insurance Portability and Accountability Act (HIPAA).
  2. NeuroPointDX administrative requirements and responsibilities.
  3. How your protected health information (PHI) may be used or disclosed.
  4. Your patient rights and how to use them.
  5. How to file a HIPAA complaint and how to obtain further information regarding HIPAA law and the Privacy Practices of NeuroPointDX.

The Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is the main medical privacy law in the U.S. It was developed by the U.S. Department of Health and Human Services to protect patients’ individually identifiable health information (PHI) while allowing for the rapid and lawful flow of information needed to deliver healthcare services. The overall objectives of HIPAA are: make health insurance more portable, reduce healthcare fraud, and protect personal medical information. NeuroPointDX and its business associates are bound by HIPAA regulations and are committed to compliance with HIPAA.

NeuroPointDX Administrative Requirements and Responsibilities

  • Develop and implement written privacy policies and procedures that are consistent with HIPAA law.
  • Designate a Privacy Officer responsible for developing and implementing privacy policies and procedures, receiving HIPAA complaints, and providing patients or their legal representatives, with further information on the privacy policies and procedures.
  • Train all workforce members on privacy policies and procedures and apply appropriate sanctions against workforce members who violate them.
  • Mitigate, to the extent possible, any harmful effect caused by the unlawful use or disclosure of PHI by its workforce or its business associates.
  • Provide and maintain administrative, technical, and physical safeguards to prevent the intentional and unintentional use or disclosure of PHI.
  • Develop and implement procedures for patients or their representatives to file a HIPAA violation complaint.
  • NeuroPointDX may not retaliate against an individual for exercising rights provided by HIPAA law, for assisting in an investigation by the Department of Health and Human Services, or for opposing an act or practice that an individual believes violates HIPAA law.
  • NeuroPointDX may not require that an individual waive any right provided by HIPAA law as a condition for obtaining treatment, payment, or enrollment.
  • NeuroPointDX must maintain documentation and records of its privacy policies and procedures, privacy practices and notices, disposition of complaints, and other actions or activities that HIPAA law requires to be documented for a minimum of six (6) years after the date of their creation or last effective date, whichever is later.

How Your Protected Health Information May Be Used or Disclosed

In accordance with HIPAA law, NeuroPointDX applies the Minimum Necessary Rule to any request, use or disclosure of PHI. The Minimum Necessary Rule states that for any request, use or disclosure of PHI, only the minimum necessary information that is needed will be provided, with the following exceptions:

  1. Use or disclosure for treatment, payment, or healthcare operations.
  2. Use or disclosure made directly to a patient, or their legal representative, of the patient’s own PHI.
  3. Use or disclosure based on a valid authorization form, which is a patient’s written permission to use or disclose their PHI.
  4. Use or disclosure that is required by law, such as disclosures to the Department of Health and Human Services for investigations, reviews, and HIPAA enforcement.

NeuroPointDX is permitted to use and disclose PHI without a valid patient authorization form for the following purposes and situations:

  1. To the individual of whom the PHI is about.
  2. For treatment, payment, and healthcare operations.
  3. Opportunity to agree or object.
  4. Incident to an otherwise permitted use or disclosure.
  5. Public interest and benefit activities
  6. Limited data set for research, public health, or healthcare operations.

Your Patient Rights and How to Use Them

HIPAA law gives patients specific rights to access and control their PHI.

  • The right to receive a Notice of Privacy Practices.
  • The right to a copy of one’s own PHI, and the right of parents and legal guardians to obtain a copy of their minor children’s PHI.
  • The right to request PHI amendments, a written note from the patient to be added to their medical record.
  • The right to restrict disclosures to others. Allows a patient or their legal representative to name particular people or entities who they do not want to receive their PHI. This includes disclosures to their health insurer about treatments or services for which the patient, or their family has paid for in full. Patients may not restrict disclosures that are required by law.
  • The right to receive PHI by alternative means.
  • The right to an accounting of PHI disclosures.
  • The right to file a privacy complaint with NeuroPointDX and/or the Department of Health and Human Services.
  • The right to receive and send digital copies of PHI in electronic health records.

How to File a HIPAA Complaint or Obtain Further Information Regarding HIPAA Law

To file a privacy complaint or obtain more information on HIPAA or the privacy practices of NeuroPointDX, contact our Privacy Officer.

NeuroPointDX Privacy Officer
Name: Michael Colwell
Phone: (608) 204-0104
Fax: (608) 204-0107
Email: mcolwell@stemina.com

To report a HIPAA violation or for other inquiries, please contact the Office of Civil Rights (OCR), a division of the U.S. Department of Health and Human Services.

Department of Health and Human Services
Contact: The Office for Civil Rights
Phone: 1-800-368-1019
Email: OCRMail@hhs.gov
Website: https://ocrportal.hhs.gov/ocr/cp/complaint_frontpage.jsf