Notice of privacy practices (notice)

This notice describes how medical information about you may be used and disclosed, and how you can access the information. Please review it carefully.

Centers Business Office and Medical Director Services PC are legally affiliated entities. Centers Business Office provides administrative and billing services for Medical Director Services PC. This website is owned and operated by Centers Business Office, and any information collected through this website is subject to the privacy practices outlined in this statement.

Medical Director Services PC is required by law to maintain the privacy of Protected Health Information (PHI) and to provide individuals with notice of our legal duties and privacy practices with respect to PHI.

PHI is information that may identify you and that relates to your past, present or future physical or mental health condition and related health care services. This notice describes how the laboratory may use and disclose PHI to carry our treatment payment or health care operations and for other specified purposes that are permitted or required by law. This notice also describes your rights with respect to your PHI.


You have the following rights with respect to PHI:

  1. Obtain a paper copy of notice. Even if you have agreed to receive the notice electronically, you are still entitled to a paper copy.
  2. Request a restriction on certain uses and disclosures of PHI by sending a written request to the laboratory. We are not required to agree to those restrictions if law does not allow us to comply.
  3. Inspect and obtain a copy of your PHI contained in a designated record set for as long as the laboratory maintains the PHI the designated record test request from your physician and billing records. The request should be sent to the laboratory and you may be charged for the costs of copying and mailing that are necessary to fulfill your request. In certain limited circumstances, your request may be denied. In such cases, you have the right to request a review of the denial.
  4. Request an amendment of PHI if you feel it is incomplete or incorrect by sending a written request to the laboratory. You must include the reason that supports your request in certain cases. The laboratory may deny your request. You have the right to file a statement of disagreement with the decision and the laboratory may provide a rebuttal to your statement.

Receive an accounting of disclosures of PHI we have made after April 14, 2003 For most purposes other than treatment, payment or health care operations the right to receive accounting is subject to certain other exceptions, restrictions, and limitations. Your request must be sent to the laboratory in writing. The time period of notification may no be more than six months. The first request made within a 12 months period will be provided free of charge. You will be notified of any cost. You then have the right to withdraw your request.


The Health Insurance Portability & Accountability Act (HIPAA) was signed into law to take care of confidential health information as follows:

  1. Provide continuity and portability of health in between jobs.
  2. Insure security and privacy of individual’s health information.
  3. Reduce administrative cost in the health care system (estimated to be 25 % of health care cost).
  4. Provide uniforms standards for electronic health information transactions.
  5. Provide measures to combat fraud and abuse in health insurance and health care industry.

Medical Director Services PC is a covered entity (CE) under HIPAA. The regulation affects how the laboratory:

1.Carries out and ensures patient’s confidentiality and maintain’s security of information.

2.Requests or obtains Health Information.

  1. Shares information with others.

The HIPAA privacy regulations cover and set standards for collecting, sharing, and storage of a person’s protected health information (PHI).

PHI is the information that:

1.Relates to the past, present or future physical or mental health condition or payment provisions about health care.

2.Identifies the individual in a personal way.

3.Provides a reasonable basis to be used to identify the individuals.

4.Is created or received by a covered entity.

Any information that can identify an individual and relates to his/her health status is considered PHI. It can be created by the laboratory or be received from the third party for example the physician or anyone requiring services from the laboratory.

PHI disclosure takes place in one of two ways, one requiring authorization from a patient and or his representative, and the other not requiring authorization. In the case requiring authorization for disclosure of the PHI, verify legitimacy of request and the requestor. Document the request including the oral request for disclosure. Notify the patient about the request if he/she are not the requestor. The laboratory will not disclose the PHI if there is no appropriate permission from the patient and/or the permission does not conform to the requirements in the privacy regulation. PHI can be disclosed to a person or persons directly involved with patient care. Authorization for discloser can be verbal and/or written consent or authorization. The patient can revoke such authorization anytime in writing.

This notice describes how we may use and disclose PHI to third parties for the purpose of:

  1. Treatment – (use) and (disclose) the laboratory results to other physicians being seen by you to your physician via mail, phone or directly.
  2. Payment, contacting and billing your insurance company utilizing PHI.
  3. Health care-related operations.

Medical Director Services PC is prohibited from disclosing your PHI unless state or federal requires such disclosures or other exceptions including law enforcement procedures without your consent or authorization as in the following instances:

  1. Discussions with individuals involved in your care or in the payment for your care.
  2. To the City or State of Health Departments if deemed necessary and important in lessening or preventing impending or serious health or safety threats to you or the public.
  3. As required by law.
  4. Health oversight authorized by law including audits, investigations and inspections required. For licensure, government monitoring of health care programs and civil right issues.
  5. Coroners, medical directors and funeral directors in accordance with law to carry out their duties and functions.
  6. Organ and tissue procurement organization in accordance with law to carry out their duties and functions.
  7. Judicial and administrative proceedings.
  8. Correctional institutions if you become an inmate. i. Court Orders
  9. Assistance in or notification of family member, someone responsible for your care or your personal representative of your locations and condition.
  10. Victims of abuse, neglect, domestic violence to governmental authorities if we reasonably believe you are a victim.
  11. Military authorities if you are a member of Armed Services.
  12. National Security and Intelligence Activities to authorized federal officials as authorized law.