PATIENT NOTICE OF PRIVACY PRACTICES

THIS PATIENT NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, YOUR PATIENT RIGHTS AND HOW TO REPORT A COMPLAINT OR CONCERN. PLEASE REVIEW CAREFULLY.

The terms of this Patient Notice of Privacy Practices (Notice) apply to GS Labs LLC. (GS Labs, we), its affiliates and its staff. GS Labs may share protected health information (PHI) of patients as necessary to carry out treatment, payment, and health care operation as permitted by law. Questions or concerns about this Notice should be directed to the Compliance Office at info@GSLabstesting.com or via phone at 844-263-9994.

Effective Date: 11/29/2022

Most Recent Revision Date: 11/29/2022

OUR LEGAL DUTY

GS Labs is committed to and required by federal and state law to maintain the privacy of our patient’s health information, called protected health information (PHI), and to provide patients with notice of our legal obligations and privacy practices with respect to PHI. We are required to comply with the terms of this Notice for as long as it remains in effect. We reserve the right to make changes to our Notice as permitted by applicable law. If changes are made to the Notice, the new terms of our Notice are effective for all health information maintained, created and/or received by us prior to the date changes were made. The most recent version of this Notice is always available on the GS Labs website and/or the lab location. We are also required to notify you in the event of a breach of your unsecured PHI. We respect our legal obligation to keep PHI that identifies you private. We will not use or disclose your health information without your written authorization, except as described in this Notice and permitted by law.

OUR PLEDGE TO YOU

We understand that your PHI is private and personal, and we are committed to its protection. This Notice applies to all the records of your care at GS Labs. We are required by law to:

keep your protected health information private during your lifetime and for 50 years following your death.

provide you with this Notice describing our legal duties and privacy practices for your protected health information.

notify you as outlined in state and federal law if a breach of your unsecured protected health information has occurred.

follow the terms of the Notice that is currently in effect.

UNDERSTANDING WHAT COMPRISES YOUR HEALTH INFORMATION

Each time you use the services of GS Labs, a health record of the test(s) conducted, and the associated result(s) is created. The health record also includes the personal information you provided upon registration. You may be utilizing our services in a Direct-to-Consumer capacity or via lab tests requested by a physician.

HOW WE USE AND DISCLOSE YOUR PHI

USES AND DISLCOSURES PERMITTED BY LAW WITHOUT YOUR WRITTEN AUTHORIZATION

The following describes how we may use and disclose your health information without written authorization from you.

Treatment: Under HIPAA, we may use or disclose your PHI for treatment purposes which may include disclosure of your test results to physicians, nurses, medical students, pharmacies, and other health care professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results. We will share your information with physicians involved in determining and/or managing your treatment plan.

Payment: Under HIPAA, we may use or disclose your PHI for the purposes of obtaining payment. We are permitted to disclose your PHI for the purposes of obtaining payment. If insurance is responsible for the payment of your services, we will share your health information with your insurance payer to determine coverage and obtain payment or be reimbursed for the provided services.

Health Care Operations: Under HIPAA, we may use or disclose your PHI for healthcare operations which means the management and operation of the lab. For example, we may use your PHI to conduct quality and accuracy testing, obtain/maintain lab accreditations, provide training to our staff, manage disease, meet public health reporting requirements etc.

Business Associates: Certain aspects and components of our services are performed through contracts with “business associates” outside of our company, such as auditing, accreditation, outcomes data collection, legal services, etc. Whenever an arrangement between our company and a business associate involves the use or disclosure of your PHI, we will have a written contract that contains terms that will protect the privacy of your PHI.

Communication with Family and Others: Unless you expressly object, we may disclose relevant protected health information to a family member, friend, or other person involved in your care or related to your healthcare or as needed for notification purposes. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may be required by state or federal law to disclose the PHI of minors to their legal guardians or parents.

Appointment Reminders: We may contact you via text, email and /or write to remind you of scheduled appointments, information about your treatment, or that it is time to make a routine appointment. You have the right to request communications regarding your PHI from us by alternative means. For instance, if you wish appointment reminders to not be left on voice mail or sent to a particular address, we will accommodate reasonable requests.

Health related products and services: HIPAA limits the extent of the marketing we can do with you. We are permitted to communicate with you about a product or service that we offer that you may be interested in. We may use or disclose your PHI, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. For example, your name and email address may be used to send you a newsletter about the services we offer or the addition of services you might be interested in utilizing to manage your health. We provide an opportunity during registration for you to opt out of receiving this type of communication.

Research: In limited circumstances PHI about you may be disclosed to researchers preparing to conduct a research project. For example, it may be necessary for researchers to look for patients with specific medical conditions to prepare a research protocol. For actual research studies we would obtain your specific authorization if information that directly identifies you is disclosed. The only exception would be circumstances when the Institutional Review Board grants a waiver of authorization as permitted under federal guidelines.

Organ Donation: Consistent with applicable law, we may disclose health information to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.

Incidental Uses and Disclosures: There are certain incidental uses or disclosures of your health information that occur while we are providing services to you or conducting our business. For example, another patient in the testing area may hear your name. We will make reasonable efforts to limit these incidental uses and disclosures.

USES AND DISCLOSURES REQUIRED BY LAW

The following describes the situations we may be required to use and disclose your health information to meet legal requirements.

As Required by Law: We will use or disclose your health information as required by federal, state, or local law.

Public Health Activities: We may disclose health information about you for public health activities. These activities may include disclosures to a public health authority authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability. We may disclose information to:

Authorities authorized to receive reports of abuse and neglect

FDA-regulated entities for purposes of monitoring or reporting the quality, safety, or effectiveness of FDA-regulated products

Notify a person who may have been exposed to a disease or may be at risk of contracting or spreading a disease or condition

Report certain information about births, deaths, and various diseases to government agencies

Send evidence of required immunizations to a school with parent or guardian permission

Law Enforcement: We may disclose your health information for law enforcement purposes:

At the request of a law enforcement official and in response to a subpoena, court order, investigative demand, or other lawful process

If we believe it is evidence of criminal conduct occurring on our premises

If you are a victim of crime and we obtain your agreement, or under certain circumstances, if we are unable to obtain your agreement

To identify or locate a suspect, fugitive, material witness or missing person

To alert authorities that a death may be the result of criminal conduct

To report a crime, the location of the crime or victim, or the identity, description or location of the person who committed the crime.

Threats to Health or Safety: Under certain circumstances, we may use or disclose your health information if we believe it is necessary to avert or lessen a serious threat to health and safety and is to a person reasonably able to prevent or lessen the threat or is necessary for law enforcement authorities to identify or apprehend an individual involved in a crime.

Health Oversight Activities: We may disclose health information for health oversight activities authorized by law. For example, oversight activities include audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws.

Specialized Government Functions: We may disclose your information for national security and intelligence activities authorized by law, for protective services of the president; or if you are a military member, to the military under limited circumstances.

Funeral Directors, Medical Examiners, and Coroners: We may disclose your health information to funeral directors, medical examiners, and coroners consistent with applicable law to carry out their duties.

Lawsuits and Administrative Proceedings: We may release your health information in response to a court or administrative order. We may also provide your information in response to a subpoena or other discovery request, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

Workers’ Compensation: We may disclose health information to the extent authorized and necessary to comply with laws relating to workers’ compensation or other similar programs established by law.

Correctional Institutions: If you are an inmate of a correctional institution or under custody of a law enforcement official, we may disclose to the correctional institution, its agents, or the law enforcement official your health information necessary for your health or the health and safety of other individuals.

Disaster Relief Purposes: We may use or share your PHI with public or private disaster organizations, like the American Red Cross, so that your family can be told of your location and condition in case of disaster or emergency.

USES AND DISCLOSURES THAT REQUIRE YOUR WRITTEN AUTHORIZATION

Apart from what we say in this Notice, we will not use or share your PHI unless we get your written authorization. If you give us written authorization to use or disclose your PHI, you may revoke that permission in writing at any time. The following uses and disclosures will only be made with your written authorization:

Permitted by law, uses and disclosures not listed above

Marketing as defined by HIPAA

Sale of Health Information: Disclosures that constitute a sale of your health information

Sensitive Medical Information: We will obtain written permission from you, when required by federal and state laws, to use or share sensitive PHI, such as mental health, diseases that may result in social stigma, substance abuse or genetic testing information.

YOUR RIGHTS REGARDING PHI

HIPAA provides you with a set of patient rights regarding your PHI. To exercise any of these rights, please submit a request in writing, signed by you or your legal representative, to: info@GS Labstesting.com or phone 844-263-9994 and request the Compliance Office. Please note that some requests, such as updating your address or phone number, can be made via the Patient Portal.

Right to Request a Copy of this Notice: You have the right to request a paper of this Notice in writing. You can also access the Notice at INSERT WEBLINK.

Right to See and Access Your Health Information: You may request to copy and/or inspect much of the PHI that we retain on your behalf. For PHI that we maintain in any electronic form, you may request a copy in a reasonable electronic format. You may be charged a reasonable copy fee and your request will be completed according to the Nebraska Statute.

Right to Request an Amendment or Correction: You may request that your health information be amended if you feel that the information is not correct. We are not obligated to make requested amendments, but we will give each request careful consideration. When making your request, please provide your rationale for the amendment. If an amendment or correction is made, we may notify others who work with us if we believe that such notification is necessary. We may deny your request and will notify you of our decision in writing.

Right to an Accounting of Disclosures: For purposes other than treatment, payment, or health care operations, you have the right to request an accounting of certain disclosures of your health information showing with who, why and when your health information was shared. Your request must state a time period that may not be longer than six years.

Right to Request Restrictions on Use and Disclosure: You may request restrictions on how your health information is used for treatment, payment or health care operations or disclosed to certain family members or others who are involved in your care. We will consider your request, but we are not required to agree to it unless the requested restriction involves a disclosure that is not required by law to a health plan for payment or health care operations purposes and not for treatment, and you previously paid for the services in full and out of pocket. If we agree to a voluntary restriction, the restriction may be lifted if use of the information is necessary to provide emergency treatment.

Right to Request Confidential Communications: You may request that we communicate with you in a certain way in a certain location. When submitting your request, please explain how or where you wish to be contacted. We will accommodate reasonable requests.

Changes to this Notice

We reserve the right to change this Notice as our privacy practices change and to make the new provisions effective for all health information we maintain. We will post a current Notice in patient registration areas and on our website.

For More Information or to Report a Problem/Concern

If you have questions or would like additional information, you may contact the Compliance Department via the previously provided phone number and/or email address.

If you believe your privacy rights have been violated, you may file a complaint with the Compliance Department via the previously provided phone number and/or address or with the Secretary of Health and Human Services. There will be no retaliation for filing a complaint.