PRIVACY AND SECURITY
PRIVACY AND SECURITY
At Physicians Reference Laboratory (PRL), we respect every individual's right to privacy. Our relationship with you is our most valuable asset and is the very basis of our name and reputation. Whether you are a PRL user in good standing or a visitor to the public area of our Web site, we understand the importance you place on the privacy and security of information that personally identifies you or your account information. We refer to and treat this information as "personal information". We extend the following pledge to you.
The PRL Privacy Pledge & Notification\
Revised January 2002
1. We do not sell personal information to anyone.
2. We will only share personal information with others as stated in this pledge, unless we give you additional notice or ask for your permission.
We do reserve the right to disclose or report personal information in limited circumstances where we believe in good faith that disclosure is required under law, to cooperate with regulators or law enforcement authorities, or to protect our rights or property.
3. Whenever we collect personal information from you, we will reference this pledge and notification or otherwise explain to you how we intend to use that information.
We use personal information in ways that are compatible with the purposes for which we originally requested it. For example, we will use the information you give us to process your requests and transactions, to provide you with additional information about products and services, or to evaluate your service needs. To do so, we may share personal information with a trusted agent or affiliate.
We limit the collection and use of personal information to what is necessary to administer our business and to deliver superior service to you. This may include advising you about our products or services, those of our affiliates, and other opportunities that we believe may interest you. To serve you better, we may combine information you give us on the Web or through other channels.
4. We will protect the confidentiality of any personal information you share with us.
When we share personal information with an agent or affiliate, we protect that personal information with a strict confidentiality agreement. Companies that we hire to provide support services or act as our agent must conform to our privacy standards.
PRL corporate policies require that employees with access to confidential member information may not use or disclose the information except for business use. All employees are required to safeguard such information, as specified in their confidentiality agreements with PRL.
On occasion we may assist a company that is not affiliated with PRL in providing or offering a product or service to you. For example, if you are a drug manufacturer customer, we may share personal information with the manufacturer company or its agents or affiliates. In such circumstances, marketing materials will include instructions on how you can request not to receive those communications in the future. In all cases your personal information is protected by a strict confidentiality agreement. We do not allow any non-affiliated company to retain your personal information longer than necessary to provide the product, service, or information, unless you affirmatively grant us permission to do so.
5. We continue to evaluate our efforts to protect personal information and make every effort to keep your personal information accurate and up to date.
If you identify any error in your personal information or need to make a change to that information, please contact us and we will promptly update our records.
If you have any questions or concerns, please contact us by e-mail at info.contact@prlnet.com or call us at (913) 338-4070.
ADDITIONAL INFORMATION ABOUT PRIVACY & SECURITY AT PRL
PRL EXPRESS
PRL EXPRESS is the area of our Web Site available only to our customers. PRL EXPRESS provides a private and secure central hub of information and services. Logging-in to PRL EXPRESS requires a personal user id and a password individually selected by each member. PRL EXPRESS uses leading encryption technology so that the data we transmit to you and the data you transmit to us across the Internet is safe. Secure data includes protocols, patient information, news alerts, bulletins, and membership surveys.
Browsers and Internet Security
Any time you enter an order or provide personal information in PRL EXPRESS (such as an account number or password), we encrypt it using Secure Socket Layer (SSL) technology. SSL protects information as it crosses the Internet. To support this technology, you need an SSL-capable browser. PRL recommends using a b encryption, 128-bit browser like Netscape Navigator 4.06 or higher or Microsoft's Internet Explorer 4.01 or higher. These browsers will activate SSL automatically whenever you sign on to your Clinical Trials Online account.
You can tell if you are visiting a secure area within a Web site by looking at the symbol on the bottom of your browser screen. If you are using Netscape Navigator or Internet Explorer, you will see either a lock or a key. When the symbol appears unbroken or the padlock is in the locked position, your session connection is taking place via a secure server.
If you need a browser, you can go to the Netscape Web site or the Microsoft Web site to download the latest Navigator or Internet Explorer browser. We do not recommend the use of beta browser versions.
Your Password and Other Security Issues
Your PRL EXPRESS password is your private entry key into your account. You should never share it with anyone and you should change it periodically, especially if you believe someone may have gained access to it. To change your password, do so on the PRL EXPRESS website under Change Your Password. If you require assistance, your Customer Service Representative can assist you in this process.
Our password requirements, which facilitate online account security, are as follows:
Your password must contain no symbols (!, %, #, etc.)
If you forget your password, please call a customer service representative at (913) 338-4070 and we will be glad to help you.
Logging Off
After you've finished accessing your PRL EXPRESS account, don't forget to log off. This prevents someone else from accessing your account if you leave your computer and your session hasn't "timed out," or automatically shut down. An easy way to log off is to simply shutdown your browser.
Security Risk of Using Non-Approved Automated Software Applications For security reasons and to guard the safety of your data, access to this site is limited to the SSL-capable browser, Microsoft Internet Explorer 5.00 or higher. Under no circumstances should you use any software, program, application, or any other device to access or log-in to PRL EXPRESS, or to automate the process of obtaining, downloading, transferring, or transmitting any content to or from PRL’s computer systems, Web site, or proprietary software.
Cookies
To personalize your experience on our Web site or with one of our promotions, and to enhance security within PRL EXPRESS, we may assign your computer browser a unique random number, called a "cookie."
Cookies enhance PRL’s Web site performance in several important ways: they provide a secure way for us to verify your identity during your online session, they personalize your experience on our site, and they make your visit to our site more convenient for you. It also allows us to understand how people are using our site so that we can improve your experience on the site.
Your privacy and security are not compromised when you accept a cookie from our Web site. We do not use cookies to collect personal information. Cookies from a secure site, such as PRL’s, are encrypted and sent securely, and a cookie can't read data from your computer's hard disk or read cookie files from other Web sites.
In addition, companies we may hire to evaluate our Web promotions may set cookies to assist with such an evaluation. Again, neither PRL nor companies acting on our behalf use cookies to collect personal information.
Accepting Cookies
Certain areas of the PRL site require that you accept cookies if you wish to enter. These areas include PRL EXPRESS and some featured sections that enable you to personalize the information or service available to you. If while inside our Web site you receive a pop-up box asking if you would like to "accept the cookie," you must answer "yes" in order to advance beyond the area that prompted the message.
Correcting and Updating Your Information
The accuracy of your personal information is important to us. If you are a member and have a concern about your personal or account information maintained at PRL, or want to correct, update, or confirm your information, please login to Clinical Trials Online and send us an e-mail from the Contact Us section. Members and others may also send an e-mail to info.contact@prlnet.com or call us at (913) 338-4070. We will be happy to review and update our records.
PRIVACY POLICY – HIPAA
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Physicians Reference Laboratory (PRL) is a provider of diagnostic testing, information and services. At PRL, we are committed to protecting the confidentiality of individuals’ laboratory test results and other protected health information that we collect or create as part of our diagnostic testing activities.
We urge you to read this Notice of Privacy Practices carefully so that you will understand our commitment to the privacy and protection of your confidential health care information.
This notice is effective as of April 14, 2003. We may change the terms of this Notice at any time. If we change this Notice, we may make the new notice terms effective for all Protected Health Information that we maintain, including any information created or received prior to issuing the new notice. If we change this Notice, we will post the revised notice on our website at www.prlnet.com. You also may obtain a revised notice by contacting the Privacy Officer.
Our Privacy Obligations
We are required by law to maintain the privacy of your medical and health information (Protected Health Information or PHI) and to provide you with this Notice of our legal duties and privacy practices with respect to your Protected Health Information. Your PHI at PRL includes personal and medical information (such as your name, address, date of birth, test ordered, etc.) that we obtain from your physician, health plan or other source. Your PHI also includes the laboratory testing results that we create. When we use or disclose your Protected Health Information, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure). Your other health care providers may have different notices regarding the use and disclosure of your PHI maintained by them.
Permissible Uses and Disclosures
Your PHI will be used or disclosed for treatment, payment, or healthcare operations purposes and for other purposes permitted or required by law. The following categories describe different ways that we use and disclose your PHI. Please note that not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose your PHI without your written authorization will fall within one of the categories listed below.
If we want to use or disclose your PHI for purposes that do not fall into these categories, we would have to obtain your written authorization first. You have the right to revoke your authorization at any time, except if we have already made a disclosure based on that authorization.
According to law, we do not need your authorization or permission to use or disclose your PHI for the following purposes:
1. Treatment. As a health care provider that provides laboratory testing for ordering physicians, PRL uses your PHI as part of our testing processes and PRL discloses your PHI to physicians and other authorized health care professionals who need access to your laboratory results to treat you. In addition to your treating physician, we may provide a consulting specialist physician with information about your results to further validate the results before release to your physician. We may also disclose your PHI to another testing laboratory if we are unable to perform the testing ourselves and need to refer your specimen to that laboratory to perform the requested testing.
2. Payment. We may use and disclose PHI in the process of obtaining payment for services that we provide to you. For example, our billing department may send your name, date of service, test performed, diagnosis code, and other information to a health plan so that the plan will pay us for services we provided. In some cases we may have to contact you to obtain billing information or for other billing purposes. When required, we may use an outside collection agency to obtain payment.
3. Health Care Operations. We may use and disclose PHI in the course of activities necessary to support our health care operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the care and customer service that we deliver to you. For example, we may use PHI to evaluate the quality and competence of our employees and we may disclose PHI in order to resolve any complaints you may have and ensure that you have a pleasant visit with us.
4. Disclosures to Business Associates. We may disclose your PHI to other companies or individuals who need your PHI in order to provide specific services to us. These other entities, known as “business associates,” generally must comply with the terms of a contract designed to ensure that they will maintain the privacy and security of your PHI in the same manner that we do. For example, we may disclose your PHI to temporary employees, or to private accrediting organizations that inspect and certify the quality of our laboratory.
5. Public Health Activities. We may disclose your PHI to public health authorities for the purpose of preventing or controlling disease, injury or disability.
6. Health Oversight Activities. We may disclose your PHI to a health oversight agency that oversees the health care system or government benefit programs (such as Medicare or Medicaid).
7. Threats to health or safety. We may disclose your PHI as necessary to prevent a serious threat to your health and safety or that of another person or the general public.
8. Judicial and Administrative Proceedings. We may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order, subpoena (under certain circumstances), order of either the Commissioner of Public Health or the Commissioner of Mental Health or other lawful process.
9. Law Enforcement Officials. We may disclose your PHI to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena.
10. Research. We may use or disclose your PHI for research purposes if an Institutional Review Board/Privacy Board approves a waiver of authorization for such use or disclosure.
11. Specialized Government Functions. We may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State under certain circumstances as required by law.
12. As required by law. We may use and disclose your PHI when required to do so by any other law not already referred to in the preceding categories.
YOUR INDIVIDUAL RIGHTS
1. For Further Information; Complaints. If you desire further information about your privacy rights, are concerned that we have violated your privacy rights or disagree with a decision that we made about access to your PHI, you may contact our Privacy Officer. You may also file written complaints with the Director, Office for Civil Rights of the U.S. Department of Health and Human Services. Upon request, the Privacy Officer will provide you with the correct address for the Director. We will not retaliate against you if you file a complaint with us or the Director.
2. Right to Request Additional Restrictions. You may request in writing that we restrict our use and disclosure of your PHI. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction.
3. Right to Receive Confidential Communications. You may request in writing that we send your PHI to an alternate address, although we are not required to agree to your request.
4. Right to Inspect and Copy Your Health Information. You may request to inspect and copy your PHI maintained by us. Under limited circumstances, we may deny you access to your records. If you desire access to your records, please obtain a record request form from the Privacy Officer and submit the completed form to the Privacy Officer.
5. Right to Amend Your Records. You have the right to request that we amend Protected Health Information maintained in your medical record file or billing records. If you desire to amend your records, please obtain an amendment request form from the Privacy Officer and submit the completed form to the Privacy Officer. We will comply with your request unless we believe that the information that would be amended is accurate and complete, or other special circumstances apply.
6. Right to Receive an Accounting of Disclosures. Upon written request, you may obtain an accounting of disclosures of your PHI made by us during any period of time prior to the date of your request, provided that such period does not exceed six years and does not apply to disclosures that occurred prior to April 14, 2003. Under the law, this accounting does not include disclosures made for purposes of treatment, payment, health care operations, disclosures to you or authorized by you, incidental disclosures and certain other excluded disclosures.
7. Right to Receive Paper Copy of this Notice. Upon request, you may obtain a paper copy of this Notice, even if you have agreed to receive such notice electronically.
HOW TO CONTACT US
You may contact the Privacy Officer at:
HIPAA Privacy Officer
Physicians Reference Laboratory
7800 W. 110th St.
Overland Park, KS 66210
Telephone Number: 913-338-4070