Pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), on December 28, 2000, the Secretary of HHS issued final regulations that promulgated federal standards with respect to the use and disclosure of Protected Health Information by a health plan, healthcare provider or healthcare data clearinghouse. Pursuant to recent expansions of HIPAA by the Health Information Technology for Economic and Clinical Health Act (HITECH), the Secretary of HHS issued regulations expanding our obligations regarding breach notification.
These regulations impact the privacy and security of Protected Health Information by all health providers, including BioReference Laboratories and its business units (“BRLI”). These regulations change how BRLI handles electronic transactions and code sets, national identifiers, and notification to patients whose unsecured PHI has been breached.
BRLI has appointed a HIPAA Compliance/Security Officer, established a HIPAA Project Office, BRLI has also implemented procedures to satisfy the breach notification provisions of HITECH.
Our focus remains on BRLI’s responsibilities to the patients, doctors and health care organizations we serve to ensure we meet the HIPAA standards, while not negatively impacting our ability to deliver care. In addition, we defer to the more stringent state and CLIA laws, where applicable, regarding the circumstances under which we use and disclose Protected Health Information.
We take our responsibility to protect patient rights very seriously. We therefore put great emphasis on protecting the privacy and security of your patient data that we handle daily, as required by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology Act (HITECH) regulations. This is especially important in this age of increased automation of electronic health information.
To help you understand your privacy rights as a patient and to protect your patient information we have posted links below to BRLI’s Notice of Privacy Practices and to various forms.
Notice of Privacy Practices (English)
Notice of Privacy Practices (Spanish)
Notice of Privacy Practices (Mandarin)
Patient Access Request (English)
Patient Access Request (Spanish)
Authorization to Disclose to Third Party (English)
Authorization to Disclose to Third Party (Spanish)
For additional information about HIPAA privacy or security or to lodge a privacy complaint please contact the Privacy Office at:
Email address: firstname.lastname@example.org
Phone number: 800-229-5227 ext 8433