PathAI Notice of Health Information Privacy Practices
PathAI Diagnostics Billing & Patient Payment Policy
Effective July 14, 2022
While using our Platform, we may ask you to provide us with certain personally identifiable information (“Personal Information”). Personal Information is information that identifies, relates to, describes, can reasonably be associated with, or can reasonably be linked to a particular individual or household.
We collect information from you both when you provide it voluntarily and also automatically when you access our Platform. We also may collect Personal Information from other sources, as described below.
We collect Personal Information from you and any devices (including mobile devices) you use when you: use our Platform, contact PathAI via email or other means, connect with PathAI’s social media pages, or respond to PathAI’s communications to you such as surveys or requests for feedback.
In addition, we also collect Personal Information about you from third parties in connection with our Platform, including from the following sources:
You are under no obligation to provide Personal Information, but if you elect not to provide it, you may be unable to use certain features of the Platform, receive certain services, or communicate with us via the Platform.
When accessing our Platform, we may obtain and process Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Certain of our affiliated entities are required to comply with applicable federal and state health care privacy and security rules, including HIPAA, and similar rules in other countries, when receiving and processing your PHI. PHI should only be submitted through the Platform as permitted or required for use of the Platform. For more information about HIPAA and our use of PHI, please see our Notice of Health Information Privacy Practices.
When you visit the Platform, we and our service providers may use a variety of technologies that automatically or passively collect or store certain information related to your activities on the Platform (“Platform Usage Information”). Platform Usage Information may include Personal Information. Platform Usage Information may include:
We and our service providers may use a variety of technologies to collect or store Platform Usage Information. These technologies may set, change, alter or modify settings or configurations on your device. These technologies may include, without limitation, cookies, tracking pixels, embedded scripts or similar technologies.
Cookies are small pieces of data stored and managed by your web browser that enable certain Platform features and functionality. Cookies and similar technologies can be used to recognize you and your device when you visit the Platform, remember your preferences, and make your interactions with the Platform faster and more secure. Cookies are a built-in feature of the Web, but they can generally be managed, disabled, or removed using most commercial web browsers. Each browser you use will need to be set separately and different browsers offer different functionality and options for cookies. Please be aware that if you disable or remove cookies on your device, some parts of the Platform may not function properly, and that when you revisit our Platform your ability to limit cookies is subject to your browser settings and limitations. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org or aboutcookies.org.
We may use your Personal Information, Platform Usage Information and other information about you for various purposes as described in the chart below. Specific uses may include:
Where you have provided us with Personal Information or Demographic Information as part of an online application to provide services for us, we may use that information in order to allow us to make an informed decision about whether to proceed with your application. We may, as part of this recruitment process, collect information about your education, employment history and similar matters. However, we will not sell or rent your Personal Information to anyone.
The following chart sets out some of the types of Personal Information we collect, from where we collect it, how we use the information, the legal basis for such use where required by local law and third parties with whom it is shared:
|Type of Information||Categories of Sources||Business or commercial purposes||Legal Basis||Third parties with whom shared|
|Identifiers such as a name, address, unique personal identifier, Internet Protocol address, email, account name, and identifying numbers such as Social Security number, insurance number, driver’s license number, or passport number, telephone number, bank account and other financial information||Name, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, password, credit card information, or related system user details.||Provision of products or services, research, or to engage parties in commercial relationships.||Consent or contract.||Third party firms contracted to provide specialized data services.|
|Other information related to you such as signature, physical characteristics or description, education, employment, employment history, medical information, or health insurance information||Gender, age, medical information, physical characteristics, health insurance information, medical database identification numbers, employee records, compensation and benefits information, signature.||Provision of products or services, including, but not limited to, the provision of health care or the participation in research.||Consent or contract.||Health care providers authorized to receive information about you. Third party firms contracted to provide specialized data services. Third parties who receive protected health information or personally identifiable information operate under special contractual terms to protect these types of information.|
|Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies||Records related to business arrangements including personal contact information, business contact details, contracts to provide services to PathAI, invoices, purchasing agreements, or other standard business documents||Provision of products or services, research, or to engage parties in commercial relationships||Consent or contract.||Third party firms contracted to provide specialized data services.|
|Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding interactions with a website, application or advertisements.||IP addresses.||Provision of products or services, research, or to engage parties in commercial relationships||Consent or contract.||Third party firms contracted to provide specialized data services.|
Some web browsers may transmit “do not track” signals. At this time, we do not take steps to respond to such signals.
Third parties, including service providers, may use technologies that integrate with the Platform and may collect information about you, including Personal Information, without notice to you.
Some social networking services may facilitate registration or enhance or personalize your experience on our Platform. This includes if you “follow,” “like,” or link your social networking account to our Website. Your decision to use a social networking service in connection with our Platform is voluntary. You should make sure you are comfortable with the information your third-party social networking services may make available by reviewing the privacy policies of those providers and/or modifying your privacy settings directly with those networking services.
The Platform does not offer products or services to children and we do not knowingly collect any Personal Information from children younger than the age of thirteen (13). We will delete any Personal Information collected that we later determine to be from a person younger than the age of 13. If you believe that we may have inadvertently collected personal information from or about a child under the age of thirteen 13, please send us an email at firstname.lastname@example.org or call us at (617) 500-8457.
You may be presented with an option on the Platform to receive certain information directly from third parties or to have us send certain information to third parties or give them access to it. In these instances, your Personal Information and other information may be disclosed to third parties and all the information you disclose will be subject to the privacy policies and practices of such third parties. In addition, third parties may store, collect or otherwise have access to your information when you interact with their tracking technologies, content, tools, apps, or advertisements on the Platform or link to them from our posting or content sharing tools. We are not responsible for the privacy policies and practices of such third parties, and therefore you should review their privacy policies prior to providing information to, or otherwise interacting with, them.
We may share Personal Information with our service providers or contract partners in connection with the products or services we provide or when you have agreed to provide services to us. We also may share Personal Information with third parties who are part of a network of providers or who perform services on our behalf. This includes, without limitation, third parties that: provide direct services to you; host the Platform; operate certain functions or features of the Platform; archive data; send communications; analyze data; provide other services or functions on our behalf, including payment processing, business analytics, credential verification services, customer service, marketing, employment or hiring-related activities, data security functions, and fraud prevention.
We may share Personal Information, Demographic Information and Platform Usage Information with our affiliates and in connection with a merger, consolidation, or restructuring, the sale of substantially all of our ownership interests and/or assets, or other corporate change.
We also may disclose and transfer Personal Information to third parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
We also may share information that is not Personal Information, such as aggregated user statistics and de-identified information derived from Personal Information, with third parties for any purpose.
The Platform may contain content that is supplied by third parties, and those third parties may collect Platform Usage Information when pages from the Platforms are served to you. In addition, when you are on the Platform, you may be directed to other sites operated and controlled by third parties that we do not control. We are not responsible for the data collection and privacy practices used by any of these third parties or their sites. We encourage you to note when you leave the Platform and to review the third party privacy policies of all third party locations and exercise caution in connection with them.
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. The Platform may allow you to review, modify, correct or update Personal Information you have provided through the Platform’s settings interface or otherwise, and you may provide registration updates and changes by contacting us at the email address or phone number below. At any time, you also may contact us at the email address or phone number below to ask that we remove your name, contact information and email address from our databases. We will make good faith efforts to make any requested changes or removals in our then active databases as soon as reasonably practicable.
It is not always possible to completely remove or delete all of your information from our databases, and residual data may remain on backup media or we may retain it for other reasons as permitted by law. When you edit your Personal Information, information that you remove may persist internally for our administrative purposes. Note that if you request us to delete or remove any data, you may be unable to use certain features of the Platform or to communicate with us via the Platform. Further, we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect or if we cannot confirm the identity of the person making a request. We also may retain, and not delete, information for internal reasons such as to provide a service, perform obligations under, or receive the benefit of, a contract, for evidentiary purposes, to protect against fraud or improper attack, or if we need the information for internal purposes such as keeping records of any medical services or devices.
This section is applicable to residents of California. Please note that the following only applies to permanent residents of California:
A California resident who has provided personal data to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal data, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom personal data was disclosed in the preceding calendar year, as well as a list of the categories of personal data that were disclosed. California Customers may request further information about our compliance with this law by mailing us at the physical address or email address set out in the “Contact Us” section below. Please note that we are only required to respond to two requests per California Customer each year under Code Section 1798.83.
1. You have a Right to Know about Personal Information Collected, Disclosed, or Sold.
California residents have the right to request that PathAI disclose what personal information it collects, uses, discloses, and sells. This is called the “Right to Know”. Under the Right to Know, you can request a listing of the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you.
a. We will verify your identity. You may need to provide us with the following information – your name, your email, your address, name of institution where you have received medical services or participated in research – in order for us to verify that you are who you say you are.
b. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
c. We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
d. In certain cases, a Request to Know may be denied, for example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.
In the last 12 months, PathAI has collected the categories of personal information from individuals from the sources set forth in the chart above.
PathAI does not sell the personal information of minors under 16 years of age.
2. You have a Right to Request Deletion of Personal Information about You.
a. After you request deletion, you will need to confirm that you want your information deleted.
b. We will verify your identity. You will need to provide us the following information – your name, your email, your address, name of institution where you have received medical services or participated in research.
c. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
d. We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
e. In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity, the law requires that we maintain the information (e.g., in case of a recall) or if we need the information for internal purposes such as keeping records for potential recalls. If we deny your request, we will explain why we denied it and delete any other information that is not protected from deletion.
f. Right to Opt-Out of the Sale of Personal Information
California consumers have a right to opt-out of the sale of their personal information by covered businesses. PathAI does not sell personal information, however.
3. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have a right not to receive discriminatory treatment by PathAI for exercising any of your privacy rights conferred by the CCPA. PathAI will not discriminate against any California consumer because such person exercised any of the consumer’s rights under CCPA including, but not limited to:
a. Denying goods or services;
b. Charging different prices or rates for goods and services, including through the use of discounts or other benefits or imposing penalties;
c. Providing a different level or quality of goods or services;
d. Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
PathAI may, however, charge a different price or rate, or provide a different level or quality of goods or services, if that difference is related to the value provided by your data.
4. Authorized Agents
If you would like, you may designate an authorized agent to make a request under the CCPA on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.
5. Contact Information
To request additional information, or make any of the requests described above, you may call us or contact us through our website as described in the “Contact Us” section below.
The GDPR makes a distinction between organizations that process personal data for their own purposes (known as “Data Controllers”) and organizations that process personal data on behalf of other organizations (known as “Data Processors”). PathAI acts as a Data Controller for information where PathAI determines the nature and purpose of the processing, e.g., for information you enter when you register an account on our website or the information you submit when purchasing a service directly from PathAI. PathAI may be a Data Processor if it acts on behalf of a third party.
Christian Krautkramer, Chief Compliance Officer, PathAI
You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can find a list of Data Protection Authorities here.
PathAI takes the protection of personal data seriously, and has appointed DataRep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEA), so that PathAI’s customers can always raise the questions they want with them. DataRep has locations in Dublin, Ireland and London, UK.
If you want to raise a question to PathAI, or otherwise exercise your rights in respect of your Personal Data, you may do so by contacting our Data Protection Officer listed above or by:
Austria: DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium: DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria: DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia: DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus: DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic: DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
Denmark: DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia: DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland: DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France: DataRep, 72 rue de Lessard, Rouen, 76100, France
Germany: DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece: DataRep, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary: DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
Iceland: DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland
Ireland: DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy: DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy
Latvia: DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Liechtenstein: DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Lithuania: DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg: DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta: DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands: DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Norway: DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway
Poland: DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal: DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania: DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia: DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia: DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain: DataRep, Calle de Manzanares 4, Madrid, 28005, Spain
Sweden: DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden
United Kingdom: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom
PathAI processes the categories of Personal Data for the lawful purposes set forth in the chart above. We also may disclose your Personal Data as set forth in the above chart.
The purposes/lawful bases for our processing of data, as listed in the chart, may include the following:
As set out in the chart above, we share your Personal Data with our service providers on the basis set forth in the chart, e.g., based on your consent or in order to provide our services. The recipients of your Personal Data include our third party data processors, which include but are not limited to laboratory subcontractors and data administrators or cloud providers. When we share your Personal Data with these third party vendors, we do so subject to a Data Protection Agreement to ensure that they are in compliance with the requirements of International Privacy Laws.
These recipients may process Personal Data for the following purposes:
When we transfer Personal Data from the EU, UK, Norway, Iceland, or similar jurisdictions to entities within our organization located outside of the source country, we rely on either standard contractual clauses or a privacy shield to help establish adequate safeguards. If we transfer Personal Data from such a country to another party located outside the source country, we will rely on a legal framework that provides appropriate safeguards, which could include standard contractual clauses or privacy shields.
PathAI is responsible for ensuring that: (a) Personal Data collected is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the legitimate business purposes disclosed to the Data Subject and for any compatible purposes. PathAI will cooperate with reasonable requests for assistance in meeting these obligations.
Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of International Privacy Laws, a Data Subject may also request that Personal Data be corrected, amended or deleted. To request access to, or correction, amendment or deletion of, Personal Data, Data Subjects should contact PathAI’s Data Protection Officer (listed above). PathAI will cooperate with all reasonable requests to assist Data Subjects to exercise their rights as required under International Privacy Laws.
To the extent that processing of Personal Data is based on your consent, you have the right to withdraw that consent at any time, though any processing before you withdraw your consent will still be considered lawful.
PathAI utilizes machine learning and other types of artificial intelligence as part of its services. It does not, however, undertake decisions about individuals based on automated processing, and such artificial intelligence is utilized only to perform its services and/or based on your consent.
We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. All communications between our servers are encrypted in transit, and we take measures to protect the integrity of our servers and the data they collect, including but not limited to firewalls, access control lists, logging and monitoring, network isolation, and a variety of host hardening techniques.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for choosing a secure password and keeping this password confidential. We ask you not to share your password with anyone.
However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed to be completely secure. Please consider this prior to submitting Personal Information to us via the Platform.
Attn: Chief Compliance Officer & Privacy Officer
1325 Boylston St., Suite 10000
Boston, MA 02215
This Notice applies to PathAI (“PathAI, Inc.,” “PathAI Diagnostics,” “Poplar Healthcare LLC,”) and its affiliate Poplar Healthcare PLLC, (together “PathAI,” “we”, “us” or “our”) and explains to all individuals (“you,” “your”) your rights, your choices, our uses and disclosures, and our responsibilities related to how information about you and your health care status may be used in order to provide you, your physician, or other members of your health care team with products and services, including but not limited to, diagnostic anatomical pathology, cytology, molecular and genetic pathology, clinical chemistry, microbiology, hematology, coagulation, flow cytometry, cytogenetics, biochemical genetics, surgical and anatomic pathology, cytology, tissue typing, transfusion medicine, and blood donor services (“Services”) as well as engaging in research related to how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
|Get an electronic or paper copy of your medical record||• You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this. |
• We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.• The State of Tennessee requires us to provide a you or your representative a copy of your test report within 10 working days of a request made to us in writing.
• We will comply with any applicable state laws that require greater limits on disclosures.
|Ask us to correct your medical record||• You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
• We may say “no” to your request, but we’ll tell you why in writing within 60 days.
|Request confidential communications||• You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
•We will make every effort to fulfill reasonable requests.
|Ask us to limit what we use or share||• You can ask us not to use or share certain health information for treatment, payment, or our operations.|
• We are not required to agree to your request, and we may say “no” if it would affect your care.
• We are not required, and may be limited by law, to provide you with physical materials related to our products or services (including tissue, specimens, or other biological materials). We may provide certain physical materials as part of legal proceedings (see below).
• If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer.
• We will say “yes” unless a law requires us to share that information.
|Get a list of those with whom we’ve shared information||• You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why. |
• We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
|Get a copy of this privacy notice||• You can ask for a copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.|
|Choose someone to act for you||• If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. |
• We will make sure the person has this authority and can act for you before we take any action.
|File a complaint if you think your rights are violated||• We take any concerns about the way your health information is used, including if you believe if your rights have been violated. In many cases, we may be able to provide you with additional information. We encourage you to contact us to discuss your concerns. |
• While we encourage you to contact us first, you may also file a complaint with the US Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
• We will not retaliate against you for filing a complaint.
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
|In these cases, you have both the right and choice to tell us to:||• Share information with your family, close friends, or others involved in your care |
• Share information in a disaster relief situation• Include your information in a hospital directory •Contact you for fundraising efforts If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
|In these cases we never share your information unless you give us written permission:||• Marketing purposes |
•Sale of your information• Most sharing of psychotherapy notes • Some research (see below).
|In the case of fundraising:||• We may contact you for fundraising efforts, but you can tell us not to contact you again.|
How do we typically use or share your health information? We typically use or share your health information in the following ways.
|Treat you||• We can use your health information and share it with other professionals who are treating you.||Example: A doctor treating you for an injury asks another doctor about your overall health condition.|
|Run our organization||• We can use and share your health information to run our practice, improve your care,
and contact you when necessary.
|Example: We use health information about you to manage your treatment and services.|
|Bill for your services||• We can use and share your health information to bill and get payment from health plans or other entities.||Example: We give information about you to your health insurance plan so it will pay for your services.|
How else can we use or share your health information? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and
research. We comply with legal obligations before we share your information for these purposes. For more information visit the US Department of Health and Human Services Health Information Privacy site.
|Help with public health and safety issues||• We can share health information about you for certain situations such as: |
• Preventing disease • Helping with product recalls • Reporting adverse reactions to medications • Reporting suspected abuse, neglect, or domestic violence • Preventing or reducing a serious threat to anyone’s health or safety
|Do research||• We may use or share your information for health research, including research conducted within PathAI, Inc, Poplar Healthcare LLC, or Poplar Healthcare PLLC. |
• When we use or share your information, we comply with all applicable laws. • Unless you have provided specific consent, or we are otherwise permitted under a waiver of consent, we will not provide personal health information about you to a third party for the purpose of conducting research. • We will not share personally identifiable information about you with any organization outside of PathAI, Inc., or its affiliates or subsidiaries, including Poplar Healthcare LLC, or Poplar Healthcare PLLC.
|Comply with the law||• We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.|
|Respond to organ and tissue donation requests||• We can share health information about you with organ procurement organizations.|
|Work with a medical examiner or funeral director||• We can share health information with a coroner, medical examiner, or funeral director when an individual dies.|
|Address workers’ compensation, law enforcement, and other government requests||• We can use or share health information about you: |
• For workers’ compensation claims • For law enforcement purposes or with a law enforcement official, subject to individual federal or state laws, and only as required by law • With health oversight agencies for activities authorized by law • For special government functions such as military, national security, and presidential protective services
|Respond to lawsuits and legal actions||• We can share health information about you in response to a written court or administrative order. A court or administrative order is signed by a judge or similar officer, or by an official of an administrative body, and compels us to provide certain information to them. We may also provide your sample, tissues, or specimen for evaluation or analysis, although all original samples, tissues, or specimens remain our property. |
• We may also share information in response to a subpoena. A subpoena is a written document issued by a county clerk or an attorney who is representing a party to a lawsuit or potential lawsuit. However, before responding to a subpoena, we must receive evidence that there were reasonable efforts to notify you so you may object to the disclosure, or to seek a qualified protective order for the information from the court. • In both cases, we will only disclose the information specifically described in writing,
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
We can change the terms of this notice at any time, and the changes will apply to all information we have about you. The new notice will be available upon request.
If you have questions about this Notice you may contact us at:
Chief Compliance Officer & Privacy Officer
1325 Boylston St Suite 10000
Boston, MA 02215
For PathAI Diagnostics
3495 Hacks Cross Road
Memphis, TN 38125
This Notice applies to PathAI Diagnostics (“PathAI Diagnostics,” “Poplar Healthcare LLC,”) and its affiliate Poplar Healthcare PLLC, (together “PathAI Diagnostics,” “we”, “us” or “our”) and explains to all individuals (“you,” “your”) your rights, your choices, our uses and disclosures, and our responsibilities related to how information about you and your health care status may be used in order to bill and collect payment for related services. PathAI Diagnostics participates in most major health plans in the United States. PathAI Diagnostics, by being an in-network provider, reduces the cost of healthcare to patients and their employers, while providing a high level of quality and service.
We may charge your insurer, or you, when providing diagnostic health care services. We may share information about your health status, or the services we provide, with your physician, insurer, or other members of your health care team in order to perform (and bill for) services including diagnostic anatomical pathology, cytology, molecular and genetic pathology, clinical chemistry, microbiology, hematology, coagulation, flow cytometry, cytogenetics, biochemical genetics, surgical and anatomic pathology, cytology, tissue typing, transfusion medicine, and blood donor services (“Services”). Please review this Notice carefully.
PathAI Diagnostics Patient Self-Pay Fee Schedule
When you get emergency care or are treated by an out-of-network provider at an in-network hospital or ambulatory surgical center, you are protected from balance billing. In these cases, you shouldn’t be charged more than your plan’s copayments, coinsurance and/or deductible.
What is “balance billing” (sometimes called “surprise billing”)?
When you see a doctor or other health care provider, you may owe certain out-of-pocket costs, like a copayment, coinsurance, or deductible. You may have additional costs or have to pay the entire bill if you see a provider or visit a health care facility that isn’t in your health plan’s network. “Out-of-network” means providers and facilities that haven’t signed a contract with your health plan to provide services.
Out-of-network providers may be allowed to bill you for the difference between what your plan pays and the full amount charged for a service. This is called “balance billing.” This amount is likely more than in-network costs for the same service and might not count toward your plan’s deductible or annual out-of-pocket limit.
“Surprise billing” is an unexpected balance bill. This can happen when you can’t control who is involved in your care—like when you have an emergency or when you schedule a visit at an in-network facility but are unexpectedly treated by an out-of-network provider. Surprise medical bills could cost thousands of dollars depending on the procedure or service.
You’re protected from balance billing for:
You’re never required to give up your protections from balance billing. You also aren’t required to get out-of-network care. You can choose a provider or facility in your plan’s network.
Please note that certain states, including the one where you reside or receive health care, may also have balance billing laws or requirements or state-developed language regarding applicable state law requirements.
When balance billing isn’t allowed, you also have these protections:
If you have made a payment via the online web portal and it has been found that an overpayment has been made, PathAI Diagnostics will issue a refund to the original credit/debit card used to make the initial payment. All credit refund request must be made by contacting PathAI Diagnostics billing department.
Refunds may result from the following:
• Duplicate payment received
• Additional payments issued by the insurance carrier
Please allow 7 days for the processing of all refunds to be issued.
Commitment to Privacy
The Information We Collect
This notice applies to all information collected or submitted via the website for the purposes of billing for and collecting payments related to the services we provide to you. You can make request, pay bills, and register. We collect personal information that uniquely identifies such as: name, address, billing information, email address, phone number, and credit/debit card information. We protect your information and will not disclose, rent, sell or share any information used to process your payments related to the services we provide to any third parties for marketing purposes.
We may use and disclose medical information to ensure treatment and services you receive may be billed to and payment may be collected from you, an insurance company, or a third party. We may share your information with other health care providers that may treat you.
Using Data for Payment Processing
We use the personal and health information we collect to process your request, authenticate you, and inform you of relevant services or information.
Delivery and Timing
PathAI Diagnostics readily accepts payment for service bills using any of the following methods: Visa, or MasterCard, personal check, or money order.
You may mail any payments to:
PO Box 1000
Memphis, TN 38148
For questions about this Notice, or the bill you have received, or the payment you have been charged by PathAI Diagnostics, please contact us at:
PathAI Diagnostics Billing Collections
3495 Hacks Cross Road
If you believe you have been wrongly billed, we recommend you call our Billing team at (888) 274-7956. We can help explain your charges and, where appropriate, quickly resolve any errors or address other concerns. You also have the right to contact your state health agency responsible for enforcing your state’s balance or surprise billing protection laws. You may also visit www.cms.gov/nosurprises/consumers for more information about your rights under federal law, or may call 1-800-985-3059.