Amica Health, LLC ("Amica") complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Amica has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
Amica has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy Framework website at https://www.dataprivacyframework.gov/.
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Amica Health is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to privacy@amicahealth.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@amicahealth.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Amica Health’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Amica Health remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Amica Health proves that it is not responsible for the event giving rise to the damage.
In compliance with the Data Privacy Framework Principles, Amica Health commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact Amica Health by email at privacy@ amicahealth.com
Amica Health has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Amica Health, LLC ("Amica") is committed to protecting the privacy of your identifiable health information. This information is known as “protected health information” or “PHI.” Examples of documents that may contain your PHI include laboratory test orders, test results and invoices for medical services.
Amica Health is required by law to maintain the privacy of your PHI. We are also required by law to provide you with this Notice of our legal duties and privacy practices upon request. This notice describes our legal duties, privacy practices and your patient rights as determined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We are also required to follow the terms of this Notice which is currently in effect. We are also required to notify affected individuals in the event of a breach involving PHI that is unsecured. PHI is stored electronically and is subject to electronic disclosure by Amica computer applications. This Notice does not apply to certain services that are performed by our software, such as some drugs of abuse testing services and insurance applicant services.
We use your PHI for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your PHI will fall into one of the categories listed below.
We will need your authorization to use or disclose your PHI for any purpose not covered by one of the categories below. With limited exceptions, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes or sell your PHI unless you have signed an authorization. You may revoke any authorization you sign at any time. If you revoke your authorization, we will no longer use or disclose your PHI except to the extent we have already taken action based on your authorization.
We may use and disclose your PHI for the following purposes:
TreatmentAmica Health provides laboratory testing software for physicians and other healthcare professionals, and we use your PHI in our testing process. We disclose your PHI to authorized healthcare professionals who order tests or need access to your test results for treatment purposes. We may use and disclose PHI to contact you about our services, such as to remind you of an appointment or to return your specimen collection kit, notify you of the status of your laboratory testing, or to tell you about our health-related products and services that may be of interest to you. Examples of other treatment-related purposes include disclosure to a pathologist to help interpret your test results or use of your PHI to contact you to obtain another specimen, if necessary.
PaymentAmica Health may use and disclose your PHI for purposes of billing and payment. For example, we may disclose your PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to obtain payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.
Healthcare OperationsAmica Health may use and disclose your PHI for activities necessary to support our healthcare operations. This includes functions such as performing quality checks on our testing, internal audits, arranging for legal services or developing reference ranges for our tests. It also includes, for example, the sale, transfer, merger, or consolidation of all or part of Amica Health with another covered entity, or an entity that following such activity will become a covered entity and due diligence related to the transaction(s).
Business AssociatesWe may provide your PHI to other companies or individuals that need it to provide services to us. These other entities, known as "business associates," are required to maintain the privacy and security of PHI. For example, our business associates may use your PHI to conduct billing, collections, imaging, courier, or record storage services on our behalf.
Individuals Involved in Your CareWe may disclose relevant PHI to a family member, friend, caregiver or other individual involved in your healthcare or payment for your healthcare, if you tell us that this is acceptable to you or you do not object; or if in our professional judgment, we believe that you do not object.
As Required by LawWe may use and disclose your PHI as required by law.
Law Enforcement Activities and Legal ProceedingsWe may use and disclose your PHI if necessary to prevent or lessen a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI as required to comply with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process in the course of a judicial or administrative proceeding, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information.
ResearchWe may use or disclose PHI for research projects, such as studying how to diagnose or treat particular diseases. These research projects must go through a special process that protects the confidentiality of your medical information. We may also use or disclose PHI about deceased patients to researchers if certain requirements are met.
De-identified InformationWe may use your PHI to create “de-identified” information, which means that we remove information that can be used to identify you. There are specific rules under the law about what type of information needs to be removed before information is considered de-identified. Once information has been de-identified as required by law, it is no longer PHI and we may use it for any lawful purpose.
Other Uses and DisclosuresAs permitted by HIPAA, we may disclose your PHI to:
We may also disclose PHI to those assisting in disaster relief efforts so that family or friends can be notified about your condition, status and location.
Incidental Uses and DisclosuresSometimes, your PHI may be used or disclosed in the course of our primary uses and disclosures, such as for treatment, payment or healthcare operations. For example, we may call your name in the waiting room at one of our Patient Service Centers, or use it in a telephone conversation with a provider. We are permitted to make such incidental uses and disclosures as long as we take reasonable steps to minimize them, and have in place appropriate safeguards to protect them.
Note Regarding State LawFor all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.
You have the right to access your PHI. You may:
If your request for test information is denied, you may request that the denial be reviewed.
Amend Health InformationYou may request amendments (changes) to your PHI by making a written request to the Performing Lab. However, we may deny the request in some cases (such as if we determine the PHI is accurate). If we deny your request to change your PHI, we will provide you with a written explanation of the reason for the denial and let you know about further actions you may take.
Accounting of DisclosuresYou have the right to receive a list of certain disclosures of your PHI made by Amica Health in the past six years from the date of your written request. Under the law, this does not include disclosures made for treatment, payment, or healthcare operations or certain other purposes.
Request RestrictionsYou may request that we agree to restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except for requests to limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket and in full and when the uses or disclosures are not required by law.
Request Confidential CommunicationsYou have the right to request that we send your health information by alternative means or to an alternative address, and we will accommodate reasonable requests.
Copy of this NoticeYou have the right to obtain a paper copy of this Notice upon request.
How to Exercise Your RightsYou may write or send an email to us with your specific request. Please refer to the Contact Information below. Amica Health will consider your request and provide you a response.
Complaints/Questions/Contact InformationIf you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. Amica Health will not retaliate against any individual for filing a complaint. To file a complaint with us, or should you have any questions about this Notice, send an email to us at Support@amicahealth.com, or write to us at the following address:
Amica HealthYou may also contact the Privacy Officer at (210) 943-3600.
NoteWe reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.
Non-Discrimination NoticeWe comply with applicable Federal civil rights laws and do not discriminate on the basis of race, color, national origin, age, disability, or sex. Amica Health does not exclude people or treat them differently because of race, color, national origin, age, disability, or sex.
You can file a grievance in person, by mail, or email. If you need help filing a grievance, the Amica Health Civil Rights Coordinator is available to help you.
You can also file a civil rights complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, electronically through the Office for Civil Rights Complaint Portal, available at https://ocrportal.hhs.gov/ocr/portal/lobby.jsf, or by mail or phone at:
U.S. Department of Health and Human ServicesYour privacy is important to us. This Notice explains how Amica Health and its affiliates (“Amica”, “we”, “our”) collect information from or about you (“you” or “your”) when you visit the websites or any applications, social media networks, interactive features, and other services that link to this Notice (the “Platforms”), and how we use, maintain, protect and disclose that information.
If you are using our Platforms in connection with our HIPAA covered services, please refer to our HIPAA Notice of Privacy Practices, which describes how we use and disclose your protected health information, our legal duties with respect to your protected health information, and your rights with respect to your protected health information and how you may exercise them. In connection with HIPAA covered services, in the event of conflict between this Notice and our HIPAA Notice of Privacy Practices, our HIPAA Notice of Privacy Practices will prevail.
Information We CollectWe may collect information about you including non-personally identifiable information and/or “Personal Information,” which is information that may identify, relate to, describe, or be capable of being associated with or reasonably linked, directly or indirectly, with a particular identified or identifiable person or household.
Personal Information is only collected for the purpose of providing medical products or services requested by you or your healthcare provider and, if appropriate, information related to performing and/or billing for the service. Personal Information we might collect includes data such as the following:
IdentifiersIdentifiers such as a real name, postal address, unique personal identifier, online identifier, Internet Protocol address, signature, email address, account name, or other similar identifiers.
Financial InformationFinancial information such as credit card number or debit card number and address or other information related to a billing or payment transaction.
Professional or employment-related informationCommercial Information
Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Platforms, cookies and other tracking technologies, third parties and affiliates such as service providers.
Internet/Electronic InformationInternet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, form submissions, email unsubscribes and subscribes, email engagement or advertisement.
Geolocation DataPersonal address information, including home and provider locations.
Personal InformationPersonal information, including driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sex life, precise geolocation, information concerning your health, and genetic information.
We do not consider Personal Information to include information that can no longer be used to identify a specific natural person, whether in combination with other information or otherwise. For example, de-identified or aggregated consumer information. Additionally, the following types of information are not considered Personal Information:
If we combine non-personally identifiable information with Personal Information, we will treat such information appropriately, but not all rights may apply to the non-personally identifiable information portion.
We may use your Personal Information:
We may also use your Personal Information to:
We may use Precise Location Data from your device in accordance with the device’s consent process on some of our Platforms to help us improve your user experience and provide information that is relevant to you, such as our Patient Portal.
When you choose to print or email one of your results from within the Amica CloudLab application, the result file is temporarily stored on your mobile device to aid in more efficient delivery of your result. The result file will be deleted from your mobile device storage once the action of printing or emailing is complete.
Amica Health retains your Personal Information only for as long as is necessary for our legitimate business purposes. We will retain and use your Personal Information to the extent necessary to comply with our legal, accounting, or reporting obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. Additionally, we may continue to store your Personal Information contained in our standard back-ups. This applies to all categories of Personal Information in use by us.
We do not sell OR disclose Personal Information for the purpose of targeted or cross-context advertising (under California law, this is called “Sharing”).
Our websites, like almost all other websites, use cookies and other technologies to make the website work as you expect and to collect and share information. Please see our Cookie Notice for more information.
Amica Health has adopted physical, technical and administrative measures that are designed to prevent unauthorized access or disclosure, maintain data accuracy, and ensure appropriate use of Personal Information. We cannot, however, ensure or warrant the security of information. No security measures are infallible.
If you are using a Amica Health Platform for which you registered and chose a password, you should not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also, remember to sign out of the Amica Health Platform and close your browser window when you have finished your work.
Please note that unencrypted email is not a secure method of transmission, as information in such emails may be accessed and viewed by others while in transit to us. For this reason, we prefer that you not communicate confidential or sensitive information to us via regular unencrypted email. We will, however, honor patient requests for communications through unencrypted email.
Our Platforms may be accessed from or contain links to other websites that we do not own or operate. If you access those links, you will leave our Platforms. Quest does not control those third party websites or their privacy practices, which may differ from ours. We do not endorse or make any representations about third-party sites, including about the content or security of those sites. The information you choose to provide to or that is collected by these third parties is not covered by this Notice.
We do not knowingly collect information from children (as defined by COPPA) and we do not target our Platforms to children. If we learn that we have collected any information from children, we will delete it. For more information about the Children’s Online Privacy Protection Act (“COPPA”), which applies to websites that direct their services to children under the age of thirteen (13), please visit the Federal Trade Commission’s website https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.
Depending on where you live, you may have certain rights with respect to Personal Information that we have collected and used under certain circumstances, which may include the following:
When you make a request for a right provided by your state you can expect the following:
Your personal information may be transferred to, stored, and processed in a country other than the one in which it was provided, including transfers to the U.S. (i.e., a 'Recipient' country). Amica Health will use mechanisms for any such transfer as required under applicable law. If You have questions concerning the transfer of your Personal Information, please contact us using the contact details set out below.
If you are located outside of the United States, please click the following link(s) for additional information regarding your privacy rights: Europe (EU/EEA/UK/Switzerland); Canada.
From time to time, we may change this Privacy Notice. If we make changes, we will revise the “Last Updated” date at the bottom of this Notice. We encourage you to review this Notice periodically to be sure you are aware of those changes. Changes will become effective as of the “Last Updated” date.
Should you have any questions about this Notice or our privacy practices more generally, please email us at Support@amicahealth.com, or write to us at the following address:
Amica Health, LLCYou may also contact the Privacy Officer at (210) 943-3600.
Last Updated: March 7, 2024