DELFI Diagnostics, Inc.
HIPAA Notice of Privacy Practices for U.S. Residents

Effective December 6, 2024

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT UNITED STATES RESIDENTS MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

DELFI Diagnostics, Inc. (“DELFI,” “our,” “us,” or “we”) is required by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), to provide you with a notice of DELFI’s legal duties and privacy practices with respect to protected health information (“PHI”) that DELFI may collect and maintain about you.

This Notice of Health Information Privacy Practices (“Notice”) describes how we may use and disclose your PHI to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your PHI when in the hands of DELFI and its business associates, which are vendors that may assist us in providing services to you. PHI is any information that may identify you and relates to your past, present or future health condition, treatment, or payment for services.

OUR RESPONSIBILITIES

DELFI is committed and required by law to maintain the privacy and security of your PHI. We are required to follow the terms of this Notice and, except as described in this Notice, will not disclose your PHI without your authorization. We will let you know in accordance with applicable law if an incident occurs that compromises the privacy or security of your PHI. If you provide us with authorization to use or disclose your PHI for a specific purpose and later change your mind, please let us know in writing using the contact information at the end of this notice. We must also give you a copy of this notice. We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, and posted on our web site.

USES AND DISCLOSURE OF YOUR PROTECTED HEALTH INFORMATION

    • Treatment. We may use or disclose your PHI for purposes of providing your medical treatment. For example, we may use your PHI to perform our testing services and disclose your testing results to your physician and other health care providers involved in your care.

    • Payment. We may use or disclose your PHI for purposes of billing and collecting payment for our services. For example, we may disclose PHI to your health plan in order to obtain payment for the services provided to you.

    • Healthcare Operations. We may use or disclose your PHI to facilitate our healthcare operations. For example, we may review your PHI to monitor the quality and accuracy of our testing services and review the competence and qualifications of our laboratory professionals.

    • Business associates. There are some services provided to us through contracts with business associates (e.g., billing services), and we may disclose your PHI to our business associate so that they can perform the job we have asked them to do. To further protect your PHI, we require our business associates to appropriately safeguard your information.

    • Individuals Involved in Your Care or Payment for Your Care. We may disclose your PHI to a family member, other relative, close friend, or any other person you identify that is directly relevant to that person’s involvement in your care or payment related to your care.

    • Minors’ PHI. We may disclose PHI about minors to their parents or legal guardians, as permitted by federal and state law.

    • Communication about Products and Services. We may use and disclose your PHI to contact you about other DELFI products and services which we believe may be of interest to you. We do not disclose your PHI to third parties for marketing purposes without your written authorization.

    • As Required by Law. We may use or disclose your PHI if required to do so by any applicable federal, state, or local law.

    • Public Health Activities and threats to health and safety. We may disclose your PHI to public health or other legal authorities charged with preventing or controlling disease, receiving report of suspected abuse, neglect, or domestic violence, receiving reports of adverse reactions to medications or devices, notifying people of recalls of products, or otherwise preventing or reducing serious threats to the health and safety of you, others, or the public generally.

    • Health Oversight Activities. We may disclose your PHI to a healthcare oversight agency for activities that are authorized by law, such as audits, investigations, inspections, and licensure activities. For example, we may disclose your PHI to agencies responsible for ensuring compliance with the rules of government health programs, such as Medicare or Medicaid.

    • Research. We can use or share your information for health research.

    • Law Enforcement or Other Government Requests and Judicial and Administrative Proceedings. Under certain circumstances, we may disclose your PHI as required to comply with a judicial or administrative order or in response to a subpoena, discovery request, or other lawful process. We may also share information to address workers’ compensation, law enforcement, and other government requests.

    • Law Enforcement. We may disclose your PHI to the police or other law enforcement officials as required by law or in compliance with a court order, warrant, subpoena, summons, or other legal process for locating a suspect, fugitive, witness, missing person, or victim of a crime.

    • Data Breach Notification. We may use your PHI to provide legally required notices of unauthorized access, acquisition, or disclosure of your PHI.

    • De-identification of PHI. We may de-identify your PHI by removing identifying features as determined by law to make it unlikely that the information could identify you. This may include de-identification of biospecimen samples, as well as deidentified genetic information, clinical information, test results or other health information shared with DELFI. We may use de-identified data for our own legitimate business purposes without restriction, including for quality assessment, and production evaluation/improvement, and we may also share deidentified information with third parties.

    • All Other Disclosures. Uses and disclosures of PHI for purposes other than those described above (or as otherwise permitted or required by law) will not be made without a written authorization signed by you or your personal representative. Once you sign an authorization, you may revoke it at any time by contacting DELFI, unless we have already relied upon it to use or disclose PHI. A revocation of authorization must be submitted at the address provided at the end of this Notice.

YOUR RIGHTS

You have certain rights when it comes to your PHI. You have the right to:

    • Access to PHI and Test Results. You may request to inspect and obtain a copy of your medical records and other health information that we maintain. We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee associated with producing copies of your medical records and other information. We may deny access to certain information for specific reasons, for example, if the access requested is reasonably likely to endanger the life or safety of you or another person or if you have agreed to a temporary suspension of access in a research consent form. If your request for information is denied, you may request that the denial be reviewed by filing a request for review at the contact information at the end of this notice.

    • Right to amend your PHI that you think is incorrect or incomplete. If you believe the information we have about you is incorrect or incomplete, you may request that we update it. We may say “no” to your request, but we’ll tell you why in writing within 60 days.

    • Restriction Requests. You may ask that we limit how we use or share your PHI in reasonable ways. We are not required to agree to your request except for restrictions on uses or disclosures for the purpose of carrying out payment or health care operations, where you have made payment to DELFI “out-of-pocket” and in full, in which case we will agree to your requested limitation unless a law requires us to share that information.

    • Alternative Confidential Communications. You may request that we communicate with you in a certain way or at a certain location (e.g., mailing information to an alternate address).

    • Accounting of Disclosures. We may disclose your PHI to public health or other legal authorities charged with preventing or controlling disease, receiving report of suspected abuse, neglect, or domestic violence, receiving reports of adverse reactions to medications or devices, notifying people of recalls of products, or otherwise preventing or reducing serious threats to the health and safety of you, others, or the public generally. You can ask for a list (accounting) of the times we have shared your health information for six years prior to the date you ask, who we shared it with, and why.

    • Copy of This Notice. You may request a paper copy of this Notice at any time, even if you have received it electronically.

    • Choose Someone to Act for You. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.

CHANGES TO OUR NOTICE

We reserve the right to change the terms of this Notice from time to time. The current version of this Notice is available on our website and upon request.

COMPLAINTS

If you have any questions or comments about this Notice, or if you have any complaints about DELFI’s privacy practices, please contact us using the contact information provided below. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. DELFI will not retaliate against you for filing a complaint.

CONTACT INFORMATION

When communicating with us regarding this Notice, our privacy practices, or your privacy rights, please contact DELFI’s Privacy Officer at the following email: privacy@delfidiagnostics.com. You may also write to us at:

DELFI Diagnostics, Inc.
Attn: Privacy Officer
1810 Embarcadero Road, Suite 100
Palo Alto, CA 94303