Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Myriad Genetic Laboratories, Inc. (Myriad) is committed to protecting the confidentiality of your medical and health information (“protected health information”) as described in this Notice. We are required by law to provide this Notice to you and to maintain the privacy and security of your protected health information as stated in this Notice.

Uses and Disclosures of Your Protected Health Information

Myriad may use or disclose your protected health information for treatment, payment, or healthcare operations purposes and for other purposes as permitted or required by law.

Treatment: We may use your protected health information to provide you with laboratory services related to your treatment and provide your test results to a health care provider who needs the information to treat you. For example, when your test has been completed, we will use your protected health information to create a test results report which we will provide to the physician that ordered your test.

Payment: We may use and disclose your protected health information to obtain payment for the services we provide to you. This may include activities like contacting your health plan to verify coverage for the services we are providing to you or to get prior approval for those services when required. For example, we will use your protected health information to generate a claim for the services we have provided to you and disclose information about those services to your health plan to obtain payment.

Health Care Operations: We may use and disclose your protected health information, as needed, in order to support the business activities of our company, such as quality assessment and improvement activities, staff training, providing customer service, managing costs, and licensing of our laboratory.

Business Associates: We may also disclose your protected health information to third party “business associates” that perform various administrative activities for our company related to treatment, payment or health care operations. For example, we may disclose information to an agency that performs collections on unpaid accounts. Our business associates sign an agreement stating they will maintain the privacy and security of your health information as required by law.

Persons Involved in Your Care: We may disclose your protected health information to individuals, such as family members, relatives, personal friends or others who are involved with your care or who help pay for your care as long as you have not expressed your objection to or requested a restriction on these types of disclosures. For example, if you are covered by your spouse’s, parents’ or other individual’s health insurance, we may disclose information to that individual relevant to payment for the services we have provided you. In all cases, we will use our best judgment and restrict the information shared to only that which is relevant to your family’s and others’ involvement in your care.

In cases where you are not present or the opportunity to agree or object to the use or disclosure cannot be provided because of your incapacitation or an emergency circumstance, a disclosure may be made in your best interests.

Other uses and disclosures: We are permitted or required by law to make certain other uses and disclosures (including disclosures for non-treatment, non-payment or non-heath care operations), of your protected health information without your consent or authorization. Subject to conditions specified by these laws and requirements, we may release your protected health information:

  • for public health activities, such as required reporting of disease and for required public health investigation;
  • to certain governmental agencies if we suspect child abuse or neglect; we may also release your protected health information to certain governmental agencies if we believe you to be a victim of abuse, neglect, or domestic violence;
  • to entities regulated by the Food and Drug Administration if necessary to report adverse events, product defects, or to participate in product recalls;
  • to your employer when we have provided health care to you at the request of your employer for purposes related to occupational health and safety (in most cases you will receive notice that information is disclosed to your employer);
  • if required by law to a government oversight agency conducting audits, investigations, inspections and related oversight functions; in emergency circumstances, such as to prevent a serious and imminent threat to a person or the public;
  • to respond to lawsuits or legal actions (if required or requested by a legal representative, court or administrative order, subpoena or discovery request, in most cases you will have notice of such release);
  • to law enforcement officials to identify or locate suspects, fugitives or witnesses, or victims of crime, or for other allowable law enforcement purposes;
  • to correctional institutions, to the extent that Myriad makes such disclosures to coroners or medical examiners for the purpose of identifying a deceased person, determining cause of death or another purpose authorized by law and to funeral directors as necessary to carry out their duties with respect to the deceased to the extent consistent with applicable law;
  • if necessary to arrange an organ or tissue donation from you or a transplant for you;
  • if you are a member of the military for activities set out by certain military command authorities required by armed forces services;
  • if necessary for national security, intelligence, or protective services activities;
  • for purposes related to your workers’ compensation benefits;
  • to researchers when the research they are conducting has been approved by an institutional review or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information; and to the secretary of the HHS for HIPAA Rules compliance and enforcement purposes.

For all of the above purposes, in cases where state law is more restrictive than federal law, we are required to follow the more restrictive state law.

Uses and Disclosures with Your Authorization

Uses and disclosures of your protected health information other than those stated above will be made only with your written authorization. Examples include, but are not limited to:

  • use or disclosure of protected health information for marketing purposes, including subsidized treatment communications, and
  • disclosures that constitute a sale of your protected health information.

You may revoke this authorization, at any time, in writing, except to the extent that Myriad or Myriad’s business associates has taken an action in reliance on the use or disclosure indicated in the authorization.

Your Individual Rights

Following is a statement of your rights related to your protected health information and how you may exercise these rights. In accordance with the privacy rule, in the event that you request access, restrictions, confidential communications, record amendments or an accounting of disclosures, Myriad is required to respond within 30 days of receiving your request. Myriad may notify you within the first 30 days of receiving your request that an additional 30 days is necessary to respond to your request.

Access: You have the right to access and receive a copy of your protected health information that may be used to make decisions about your care or payment for your care. If we maintain the information you have requested in an electronic format you can ask for it to be provided to you electronically, and also ask us to electronically send copies to another person. Requests for access to or copies of your protected health information must be submitted to Myriad in writing. You may use Myriad’s record request form which is located at mysupport360.com under the “Resources” tab in the “Patient Records Request” section.

Restrictions: You may ask us to limit the use and disclosure of your protected health information for the purposes of treatment, payment and health care operations activities. We will consider your request carefully, but we are not required to agree to your requested restrictions unless they are related to services which were paid for in full by you. Requests for restrictions should be directed to the Compliance Department.

Confidential Communications: You have the right to ask that we send information to you to an alternate address or by alternate means (other than regular mail). We will accommodate reasonable requests. Requests for alternate means of sending protected health information and the use of alternate addresses should be directed to the Compliance and Privacy Department.

Amendments: You have the right to request an amendment of your protected health information. We will honor your request unless we are not the originator of the information or we believe the information you requested to be amended is accurate and complete. Requests for amendments to medical records should be directed to the Compliance and Privacy Department.

Accounting of Disclosures: You have a right to receive a list of certain instances in which we disclosed your protected health information. This list will not include disclosures of protected health information such as those made for treatment, payment, health care operations, or disclosures made based on your written authorization. You can request a list including disclosures made up to six years prior to the date of your request. Requests for an accounting of disclosures should be directed to the Compliance and Privacy Department.

Breach Notification: You will be notified within 60 days in the event that we (or one of our business associates) discover a breach of your unsecured protected health information. Notification will include any impact that the breach may have had on you and/or your family member(s) and actions Myriad undertook to minimize the impact the breach.

Copy of this Notice: If you have received this Notice electronically, you have a right to receive a paper copy at any time. You may download a copy of this Notice from our website, or you may obtain a paper copy of the Notice by calling or writing our Compliance and Privacy Department.

Complaints/Objections: If you believe that your privacy rights have been violated by us or disagree with our privacy practices, you may file a complaint. You may file a complaint with us by notifying our Compliance Department, or you may send a written complaint to the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you if you file a complaint about our privacy practices. For further information regarding our complaint process, you may contact our Compliance and Privacy Department.

Contacts

Compliance and Privacy Department
Myriad Genetic Laboratories, Inc.
320 Wakara Way
Salt Lake City, UT 84108
(801) 584-3600
compliance@myriad.com

Changes to this Notice

We reserve the right to change this Notice and to make the provisions in our new Notice effective for all protected health information we maintain. If we change these practices, we will publish a revised Notice on our website.

Effective Date

This notice was published and became effective on April 14, 2003, and was revised on October 4, 2016.

Download PDF