Privacy Policy

Privacy Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE READ CAREFULLY.

Monogram Incorporated (“Monogram”) the world leader in drug resistance testing is committed to protecting the privacy of the personal and health information of its customers. Monogram Inc., is committed to protecting the confidentiality of our laboratory test results and other patient protected health information (PHI) that we collect or create as part of our diagnostic testing activities.

Please read this Notice of Privacy Practices carefully so that you will understand both our commitment to the privacy of your PHI, and how you can participate in that commitment. Should you have any questions about this Notice or our privacy practices, please call us at 1-650-635-1100, via email to customerservice@monogrambio.com, or write to us at the following address:

Monogram Inc. Attention: Privacy Compliance Officer 345 Oyster Point Blvd. South San Francisco, CA 94080

Privacy Policy

Monogram Inc. is committed to gathering, maintaining, using and disclosing patient protected health information (PHI) in a manner that protects your privacy. We will only use or disclose the minimum amount of your PHI we consider necessary to perform a service or otherwise described in this Notice. This Notice applies to all PHI that we maintain. Your doctor, hospital, or other referring laboratory may have different notices regarding his/her/their use and disclosure of your PHI.

Monogram Inc. is required by law to provide you with this Notice of Privacy Practices with respect to PHI, to maintain the privacy of PHI, to state the uses and disclosures of PHI that Monogram Inc. may make, and to list the rights of individuals and our legal duties with respect to their PHI. Your PHI at Monogram Inc. includes personal and medical information (such as your name, address, social security number, date of birth, etc) that we obtain from you, your physician, health plan, or other sources related to the test services requested. Your PHI also includes any laboratory testing results that we create.

Monogram Inc. will abide by the terms of this Notice of Privacy Practices currently in effect. We reserve the right to change the terms of this Notice of Privacy Practices and to make the provisions of the new Notice of Privacy Practices effective for all PHI that we maintain. We will maintain this Notice on our Website and a hard copy is available upon request.

How we use and disclose Protected Health Information

Your PHI will be used or disclosed for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed; however, all of the ways we use or disclose your PHI fall into one of the broader categories listed below.

If we intended to use or disclose your PHI for other purposes, we would need your written authorization. For example, patient authorization is often required by state law for each release of HIV test results, except if the results are being released to public health officials as required by law. You have the right to revoke your authorization at any time, except if we have already made a disclosure based on that authorization. We do not need authorization or permission to use or disclose your PHI for the following purposes:

For Treatment

As a healthcare provider that provides laboratory testing for ordering physicians, Monogram Inc. uses PHI as part of our testing process and discloses your PHI to physicians and other authorized healthcare professionals who need access to your laboratory results in order to treat you. In addition to your treating physician, we may provide a specialist or consulting physician with information about your results. Occasionally, we may also contact you or your physician to arrange to redraw a specimen.

For Payment

We will use your PHI in our billing and accounts receivable departments and disclose your PHI to insurance companies, hospitals, physicians, other referring laboratories and health plans for payment purposes, or to third parties to assist us in creating bills, claim forms, cashing checks or getting paid for our services. For example, we may send claim information including name, test performed, diagnosis code, ordering physician, and other information as requested to a health plan so that the plan will reimburse us for the services provided. We may have to contact you and or your physician in order to obtain information for billing and collection purposes. We may use an outside collection agency to obtain payment.

For Internal Uses

We may use or disclose your PHI in the course of activities necessary to support our laboratory operations, such as development and validation of our assays, performing quality checks on our testing, for teaching purposes, or for developing normal reference ranges for tests that we perform. We may also use PHI for purposes of research and development as approved by our Privacy Board.

Disclosures to Business Associates

Monogram Inc. may disclose your PHI to other companies or individuals who need your PHI in order to provide specific services to us. These other entities, known as “business associates,” must comply with the terms of a contract designed to ensure that they will maintain the privacy and security of the PHI we provide to them or which they create on our behalf. Our business associates must only use your PHI for designated treatment, payment, or healthcare operations purposes that they perform on our behalf. For example, we may disclose your PHI to temporary employees or to the College of American Pathologists (CAP) or other private accrediting organizations that inspect and certify the quality of our laboratories.

As Permitted or Required by Law

We may use or disclose your PHI for various public policy purposes that are authorized or required by federal or state law. For example, we are required to disclose your PHI to the Secretary of the US Department of Health and Human Services (“HHS”) upon request. We must provide you with copies of your PHI at your request, except where restricted or prohibited by state law. We will provide the information regarding your specific state to you upon request.

Public Health

PHI may be disclosed in reporting communicable disease results to public health departments as required by law. We may disclose your PHI for FDA reporting purposes.

Public Safety

In certain circumstances, we may also use or disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

To Avert a Serious Threat to Health or Safety

We may use or disclose your PHI if necessary to prevent a serious threat to your health and safety or that of another person or the general public.

Health Oversight

We may disclose your PHI in connection with governmental oversight, licensure, auditing, and other purposes. For example, governmental agencies periodically review our records to ensure that Monogram Inc. is complying with the rules of various regulatory and licensing agencies, these agencies including, HHS and state health departments of various states. Other agencies may audit our billing and laboratory records to verify that the healthcare was provided as claimed or that we were paid correctly.

Judicial and Administrative Proceedings

We may disclose your PHI as required to comply with court orders, discovery requests, or other legal process in the course of a judicial or administrative proceeding.

Law Enforcement / Governmental Agencies

We may also disclose PHI for law enforcement purposes. For example, we may be required to release PHI as required by law or in compliance with a court order, judicial subpoena, court-ordered warrant, grand jury subpoena, administrative request, investigative demand or similar legal process, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information. We may release PHI for other law enforcement purposes, such as to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI for military and veterans activities, national security or intelligence purposes, or to correctional institutions, or to law enforcement officials having custody of an inmate.

Workers’ Compensation

We may disclose your PHI as necessary to comply with requirements of workers’ compensation or similar programs that provide benefits for work-related injuries or illness without regard to fault. For example, workers’ compensation programs may require that we provide the results of laboratory testing as part of the case file.

State Law

For all of the above purposes, in situations where the laws of any state in which we provide services are more restrictive than applicable federal law, we are required to follow the more restrictive state law. For example, some states require physician authorization to release laboratory test results to patients, and other states prohibit a laboratory from releasing test results directly to a patient.

We may contact you for specific reasons

Although we do not do so today, we may want to contact you in the future regarding health-related products or services that may be of interest to you.

Your rights concerning privacy and confidentiality

Access

You and/or your authorized or designated personal representative have the right to inspect and copy your PHI. Monogram Inc. will deny access to certain information for specific reasons, for example, where state law and or CLIA regulations prohibit such patient access.

Amendments

You have the right to request amendments to your PHI (but we are not required to make the requested amendments).

Accounting

You have the right to receive an accounting of disclosures, if any, of your PHI that were made by Monogram Inc. for a period of up to six years prior to the date of your written request, but not including any disclosures of your PHI made prior to April 14, 2003, when the Privacy Rule went into effect. Under the law, this accounting does not include disclosures made for purposes of treatment, payment, healthcare operations, or certain other excluded purposes, but includes other types of disclosures of your PHI, including disclosures for public health reporting or in response to a court order.

Restrictions

You have the right to ask us if we will agree to restrictions on certain uses and disclosures of your PHI, but we are not required to agree to your request.

Confidential Communications

You have the right to request that we send your PHI to an alternate address, but we are not required to agree to your request.

Notice of Privacy Practices

You have the right to request a paper copy of this Notice.

Complaints

If you believe your privacy rights have been violated please contact us at the address located at the beginning of this Notice. You also have the right to register a complaint with Monogram Inc. or the Secretary of the US Department of Health and Human Services. Monogram Inc. will not retaliate against any individual for filing a complaint.

Exercising your rights

Write to us with your specific written request and be sure to include sufficient information for us to identify all of your records. Monogram Inc. will consider your request and provide you a response within a reasonable timeframe. Should we deny your request, you have the right to ask for the denial to be reviewed by another healthcare professional designated by Monogram Inc.

How to contact us

If you have questions or concerns regarding the privacy or confidentiality of your PHI, or you wish to register a complaint, please write us at the address located at the beginning of this.

Monogram Inc. reserves the right to amend this Notice of Privacy Practices, at any time, to reflect changes in our privacy practices, and these changes will apply retroactively. Any such changes will be applicable to and effective for all that we maintain including PHI we created or received prior to the effective date of the Notice revision.

Safe Harbor Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION MONGRAM RECEIVES FROM THE EU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE READ CAREFULLY. Monogram Biosciences, Inc. (“Monogram”), a world leader in individualized medicine for people with HIV and cancer, is committed to protecting the privacy of the personal and sensitive health information of its customers, including the confidentiality of laboratory test results and other patient health information that we collect, create, or receive as part of our diagnostic testing activities.

We recognize and acknowledge current data protection laws in the European Union (“EU”), and have made a commitment to adhere to the Safe Harbor Principles of the Safe Harbor Program administered by the US Department of Commerce with respect to Patient Data (as defined below) and Sensitive Patient Data (as defined below), transferred from the EU by hospitals, clinics, and doctors requesting laboratory services from Monogram. For more information about the Safe Harbor Principles, please visit the US Department of Commerce Website at http://www.export.gov/safeharbor. Monogram Bio self-certifies, on an annual basis, to the US Department of Commerce its compliance with the Safe Harbor Principles.

Please read this Notice of Safe Harbor Privacy Practices carefully so that you will understand both our commitment to the privacy of your personal and sensitive data, and how you can participate in that commitment. Should you have any questions about this Notice or our Safe Harbor privacy practices, please contact us at 1-650-635-1100, via e-mail to customerservice@monogrambio.com, or write to us at the following address:
Monogram Biosciences, Inc.
Attention: Privacy Compliance Officer
345 Oyster Point Blvd.
South San Francisco, CA 94080

Scope

This Safe Harbor Policy applies to all Patient Data (as defined below) and Sensitive Patient Data (as defined below), transferred from the EU to Monogram Bio in the US by hospitals, clinics, and doctors requesting laboratory services. Your doctor, hospital, or other referring laboratory may have different notices regarding his/her/their use and disclosure of your personal and sensitive data, including Patient Data and Sensitive Data as defined below.

Monogram will abide by the terms of this Notice of Safe Harbor Privacy Practices currently in effect. Any changes to our privacy practices will be reflected in an updated notice posted on this Website. If we change our privacy practices to the extent we depart from the US Safe Harbor program, we will continue to treat the Patient Data and Sensitive Patient Data which we have reserved from the EU up to the point of change according to the Safe Harbor Principles. We will maintain this Notice on our Website and a hard copy is available upon request.

Definitions

Patient Data: Patient Data refers to any personal information relating to a patient located in the EU, and who can be identified, directly or indirectly, as a particular person by reference to an identification number or to one or more aspects of the patient’s physical, physiological, mental, economic, cultural, or social identify. Patient Data includes the transmission of data over phone lines, computer lines, and in hard copy, of information such as patient contact information, demographic data, work history, or family history.

Sensitive Patient Data: Sensitive Patient Data includes all Patient Data related to the patient’s health or medical condition (including biometeric and genetic data), sex life, race or ethnicity, religious or philosophical beliefs, political opinions, or trade union membership.

Privacy Board: An internal group of Monogram personnel as from time to time organized by Monogram to consult with experts and review issues relating to protection of patient information.

Policy

Monogram is committed to gathering, maintaining, using and disclosing Patient Data and Sensitive Patient Data transferred to Monogram from the EU by hospitals, clinics, and doctors requesting laboratory services in a manner that conforms to the Safe Harbor Principles. We will only use or disclose as much of your data as needed to perform a service or otherwise described in this Notice.

The Data We Collect

Monogram requires that any hospital, clinic, or doctor submitting Patient Data and Sensitive Patient Data from the EU to Monogram in the US for the purposes of laboratory testing provide patients with notice regarding the types of Patient Data and Sensitive Patient Data that will be collected for the purposes of performing the laboratory work.

The Patient Data we process at Monogram consists primarily of your contact details, such as your name, address, social security or national identification number, and date of birth that we obtain from you, your physician, health plan, or other sources related to the test services requested.

The Sensitive Patient Data we collect includes any medical information that we obtain from you, your physician, health plan or other source, any data related to your race and ethnicity, and any laboratory testing results that we create.

How We Use and Disclose Protected Health Information

Monogram may disclose your Patient Data and/or Sensitive Data to other companies or individuals who need this data in order to provide specific services to us. Examples of use and disclosure are listed below. In all cases, Monogram will transfer Patient Data and Sensitive Patient Data to a third party consistent with the notice provided to patients and any consents they have given. Further, we will transfer Patient Data and Sensitive Patient Data only to third parties that have provided assurances that they will provide at least the same level of privacy protection as is required by this Notice. When Monogram has knowledge that a third party is using or sharing Patient Data and/or Sensitive Patient Data in a way contrary to this Notice, Monogram will take reasonable steps to prevent or stop such processing or use.

For Treatment

As a healthcare provider that provides laboratory testing for ordering physicians, clinics and hospitals, Monogram uses Patient Data and Sensitive Patient Data as part of our testing process and discloses Patient Data and Sensitive Patient Data to physicians and other authorized healthcare professionals who need access to laboratory results in order to treat you. In addition to your treating physician, we may provide a specialist or consulting physician with information about your results. Occasionally, we may also contact you or your physician to arrange to redraw a specimen.

For Payment

We will use your Patient Data and possibly Sensitive Patient Data in our billing and accounts receivable departments, and may disclose Patient Data and Sensitive Patient Data to insurance companies, hospitals, physicians, other referring laboratories and health plans for payment purposes, or to third parties to assist us in creating bills, claim forms, cashing checks, or getting paid for our services. For example, we may send claim information including name, test performed, diagnosis code, ordering physician and other information as requested to a health plan so that the plan will reimburse us for the services provided. We may have to contact you and/or your physician in order to obtain information for billing and collection purposes. We may use an outside collection agency to obtain payment.

For Internal Uses

We may use or disclose your Patient Data and Sensitive Patient Data in the course of activities necessary to support our laboratory operations, such as development and validation of our assays, performing quality checks on our testing, for teaching purposes, or for developing normal reference ranges for tests that we perform. We may also use this data for purposes of research and development as approved by our Privacy Board.

As Permitted or Required by Law

We may use or disclose your Patient Data and/or Sensitive Patient Data for various public policy purposes that are authorized or required by US federal or state law. For example, we are required to disclose your Patient Data and/or Sensitive Patient Data to the Secretary of the US Department of Health and Human Services upon request.

Public Health

Patient Data and/or Sensitive Patient Data may be disclosed in reporting communicable disease results to public health departments as required by law. We may disclose your Patient Data and/or Sensitive Patient Data for US Federal Drug Agency (FDA) reporting purposes.

Public Safety

In certain circumstances, we may also use or disclose Patient Data and/or Sensitive Patient Data to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

To Avert a Serious Threat to Health or Safety

We may use or disclose your Patient Data and/or Sensitive Patient Data if necessary to prevent a serious threat to your health and safety or that of another person or the general public.

Health Oversight

We may disclose your Patient Data and/or Sensitive Patient Data in connection with governmental oversight, licensure, auditing, and other purposes. For example, governmental agencies periodically review our records to ensure that Monogram is complying with the rules of various regulatory and licensing agencies, including the US Department of Health and Human Services and various state health departments. Other agencies may audit our billing and laboratory records to verify that the healthcare was provided as claimed or that we were paid correctly.

Judicial and Administrative Proceedings

We may disclose your Patient Data and/or Sensitive Patient Data as required to comply with court orders, discovery requests or other legal process in the course of a judicial or administrative proceeding.

Law Enforcement/Governmental Agencies

We may also disclose Patient Data and/or Sensitive Patient Data for law enforcement purposes. For example, we may be required to release Patient Data and/or Sensitive Patient Data as required by law or in compliance with a court order, judicial subpoena, court-ordered warrant, grand jury subpoena, administrative request, investigative demand or similar legal process, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information. We may release Patient Data and/or Sensitive Patient Data for other law enforcement purposes, such as to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your Patient Data and/or Sensitive Patient Data for military and veterans activities, national security or intelligence purposes, or to correctional institutions, or to law enforcement officials having custody of an inmate.

Workers’ Compensation

We may disclose your Patient Data and/or Sensitive Patient Data as necessary to comply with requirements of workers’ compensation or similar programs that provide benefits for work-related injuries or illness without regard to fault. For example, workers’ compensation programs may require that we provide the results of laboratory testing as part of the case file.

State Law

For all of the above purposes, in situations where the laws of any state in which we provide services are more restrictive than applicable federal law, we are required to follow the more restrictive state law. For example, some states require physician authorization to release laboratory test results to patients, and other states prohibit a laboratory from releasing test results directly to a patient.

Choice

You have the right to revoke your authorization to transfer Patient Data and/or Sensitive Patient Data at any time, except if we have already made a disclosure based on that authorization. To revoke your authorization, please use the contact information at the beginning of this Notice.

In the event Patient Data is to be used for a new purpose incompatible with the purposes for which it was originally collected or subsequently authorized, when feasible and appropriate, you will be given the opportunity to chose (opt out) whether to have your Patient Data so used. In the event that Sensitive Patient Data is used for a new purpose, your explicit consent (opt in) will be obtained prior to the use or transfer of the Sensitive Patient Data.

Access

You or your authorized or designated personal representative has the right to inspect and copy your Patient Data and Sensitive Patient Data, and to correct, amend or delete information if it is inaccurate. Where possible, Monogram will provide access to the Patient Data and/or Sensitive Patient Data in a timely manner. You may be requested to justify your request for Patient Data and/or Sensitive Patient Data in a situation where access to the information would present a burden to Monogram. The burden to providing the information will be considered, but is not the controlling factor to establishing whether access will be denied. Access may be denied when the burden or expense of providing access would be disproportionate to the risks to an individual’s privacy, if the rights of persons other than the individual would be violated, or if prohibited by law.

Security and Data Integrity

Monogram will take reasonable precautions to protect Patient Data and Sensitive Patient Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. The security and integrity of Patient Data and Sensitive Patient Data are maintained according to the Health Insurance Accountability and Portability Act (HIPAA).

We may contact you for specific reasons

Although we do not do so today, we may want to contact you in the future regarding health-related products or services that may be of interest to you. If, upon receiving such communications or materials, you wish to be excluded from any further communications, please contact customerservice@monogrambio.com, or write to us at the following address:
Monogram Biosciences, Inc.
Attention: Privacy Compliance Officer
345 Oyster Point Blvd.
South San Francisco, CA 94080

Complaints

If you believe your privacy rights have been violated, please contact us at the address located at the beginning of this Notice. To ensure compliance with the Safe Harbor Principles, Monogram will: (a) use the services of the American Arbitration Association (AAA) in the investigation and resolution of complaints and comply with advice given by the AAA; (b) periodically review and verify the Organization’s compliance with the Safe Harbor Principles; and (c) remedy issues arising out of any failure to comply with the Safe Harbor Principles.