HIPAA Privacy Practices

Notice of Privacy Practices

This Notice Describes How Medical Information About You May Be Used and Disclosed and How You Can Get Access to This Information. Please Review It Carefully.

This Notice of Privacy Practices ("notice"), effective as of September 28, 2015, describes how Boston Scientific Cardiac Diagnostic Services, LLC* (“Boston Scientific CDx Services”) may use and disclose your Protected Health Information ("PHI"), and how you can get access to this information. Please review it carefully. Boston Scientific CDx Services is a wholly owned subsidiary of Boston Scientific Corporation ("BSC"). Reporting under this Policy may be directed to BSC Global Privacy.

Boston Scientific CDx Services reserves the right to change the terms of this notice and to make the new notice provisions effective for all PHI that it maintains. Changes to the notice will be available by accessing our website www.CDx.BostonScientific.com or by calling our office (281-760-0357) and requesting that a revised copy be mailed to you. See also Section entitled “Updates to Privacy Policy” below.

Information Collection

Boston Scientific CDx Services Portals collate patient and study subject information related to arrhythmia monitoring, cardiac event, digital Holter, pacemaker monitoring and ambulatory blood pressure monitoring for total patient cardiac management service, such as patient electrocardiogram data, date of birth and/or age, relevant symptoms and diagnoses, and other related information. This information may also include contact information for the patient or study subject, emergency contact information, mailing address, information about health insurance and/or other information necessary for Boston Scientific CDx Services to provide and bill for the technology and/or monitoring services. Information is managed in Boston Scientific CDx Services Portals, which allow the physician to access patient information from remote locations around the world. It also consolidates historical data and the results of other monitoring devices.

In performing these services, Boston Scientific CDx Services receives and produces information that is protected health information including electronic protected information (collectively, "PHI") as defined by federal regulations. PHI includes identifiable information that relates to the past, present, or future physical or mental health or condition of an individual, healthcare provided to an individual, or payment for healthcare provided to an individual. We may use such PHI for the purpose of treatment, payment and healthcare operations or other purposes permitted or required by law. We may not use or disclose any more PHI than is necessary to accomplish the purpose of the use or disclosure. Boston Scientific CDx Services is required by law to (i) maintain the privacy and security of your PHI; (ii) provide you with notice of its legal duties and privacy practices with respect to such information; (iii) notify you and/or any affected individuals following a breach of unsecured PHI that may have compromised the privacy and security of your information; and (iv) abide by the terms of the Notice of Privacy Practices currently in effect. We will also comply with more stringent state law(s) to the extent applicable.

Permitted Uses and Disclosures

This section describes the use and disclosure of your PHI. Other than as stated below or as otherwise required by law, Boston Scientific CDx Services will not disclose your PHI other than with your written authorization. If you authorize Boston Scientific CDx Services to use or disclose your health information, you may revoke that authorization in writing at any time, except to the extent that action has already been taken in reliance on the authorization. Boston Scientific CDx Services is not required to have your written consent or authorization to use and disclose PHI for the following purposes:

For Treatment

We will use and disclose your PHI to provide, coordinate, or manage your healthcare and any related services. This includes the coordination and/or management of your healthcare with a third party that has already obtained your permission to have access to your PHI. For example, we would disclose your PHI to a physician who ordered your study or to whom you have been referred as to ensure the necessary information is available to accurately treat or diagnose you.

To Make or Obtain Payment

Your PHI may be disclosed to obtain payment for healthcare services provided. This may include certain activities that your health insurance plan may undertake before it approves or pays for healthcare services we provide for you such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity and undertaking utilization review activities. For example, billing a private insurance carrier for the services Boston Scientific CDx Services provides requires Boston Scientific CDx Servicesto provide your PHI.

Healthcare Operations

We may use or disclose your PHI in order to support the business activities of Boston Scientific CDx Services. These activities include, but are not limited to, quality assessment and improvement activities, licensing, clinical guideline and protocol development, case management and care coordination, and conducting or arranging for other business activities. For example, we may use or disclose your PHI to technicians that perform various services related to tests performed. We may also share your PHI with third party business associates that perform various activities on behalf of Boston Scientific CDx Services. Whenever an arrangement between our office and a business associate involves use or disclosure of your PHI, we will have a written contract that contains terms that will protect the privacy and security of your PHI.

Public Health

We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. We may also disclose your PHI if directed by the public health authority to a foreign government agency that is collaborating with the public health authority. The disclosure will be made for the purpose of controlling disease, injury and disability.

Communicable Diseases

We may disclose your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.

Health Oversight Agencies

We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the healthcare system, government benefit programs, other government regulatory programs or civil rights laws.

Abuse or Neglect

We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your PHI if we believe that you have been a victim of abuse or domestic violence to the governmental agency authorized to receive such information. The disclosure will be made consistent with the requirements of applicable federal and state laws.

Food and Drug Administration

We may disclose your PHI to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products in order to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance as required.

For Law Enforcement Purposes

We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena or court order.

Coroners, Funeral Directors and Medical Examiners

We may disclose health information to funeral directors, medical examiners and coroners to carry out these duties consistent with applicable law.

Required by Law

We may use or disclose your PHI to the extent that the law requires. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law.

Research

We may disclose information to researchers when certain conditions have been met such as their research has been approved and established protocols are in place to ensure the privacy and security of your PHI.

Correctional Institution

We may disclose to the institution or agents thereof health information necessary for your health and the health and safety of other individuals, should you be an inmate of a correctional institution.

Threat to Health or Safety

We may use or disclose protected health information to avert a serious threat to your health or safety, or the health and safety of others.

Government Agencies

We may disclose protected health information to authorized government agencies when necessary for national security or intelligence purposes or for certain military and veteran’s activities.

For Workers’ Compensation

We may disclose protected health information with those who need it in order to provide benefits for work-related injuries or illnesses.

Persons Involved in Your Healthcare

Unless you object, we may disclose to a member of your family, other relative, or a close personal friend, or any other person identified by you, the protected health information directly relevant to that person’s involvement with your healthcare or payment for your healthcare.

Uses and Disclosures with Your Authorization

We will obtain your authorization for any use or disclosure of your PHI for purposes other than those summarized above, including (1) any use or disclosure of PHI for marketing, except for face-to-face communications with you and except for promotional gifts of nominal value; and (2) any disclosure of protected health information in exchange for direct or indirect payment (other than reasonable fees to cover the cost of preparation or other fees permitted by law), except for disclosures for treatment and payment purposes; for public health purposes; for certain research purposes; in connection with the sale of our business; to and from our accountants, attorneys and other business associates; in response to a request from you; or required by law.

Your Rights

This section describes your rights with respect to your protected health information.

Right to Request Restrictions

You have the right to request restrictions on our use or disclosure of your PHI for treatment, payment or healthcare operations. You also have the right to restrict the PHI we disclose about you to a family member, friend or other person who is involved in your care or the payment for your care. We are not required to agree to your requested restriction, except that we must agree to a request for a restriction of a disclosure for payment or healthcare operations purposes if you or someone else (other than your health plan) has already paid in full for the services to which the PHI relates, unless the disclosure is required by law. If we do agree to accept your requested restriction, we will comply with your request except as needed to provide you emergency treatment.

Right to Access Personal Health Information

You have the right to inspect and obtain a copy of your medical information that we maintain in a designated record set, which includes your medical and billing records. You may provide explicit consent to obtain your medical information via a written request such as completion of Boston Scientific CDx Services' medical information release authorization form. You may also provide implicit consent by providing written consent directly to your physician to obtain access to your records via Boston Scientific CDx Services secure physician portal. These records will be provided to you in the time frames established by law. We may charge a reasonable fee for our costs in copying and mailing your requested information.

We may deny your request to inspect or receive copies in certain limited circumstances. If you are denied access to PHI, we will give you a written denial including the reasons for the denial and in some cases you will have a right to request review of the denial.

Right to Amend Your Health Information

If you believe that any health information in your medical or billing records is incorrect or if you believe that important information is missing, you may request that we correct the existing information or add the missing information. Such requests must be made in writing and must provide a reason to support the amendment. We may deny your request for amendment in certain circumstances. If we deny your request for amendment, we will give you a written denial including the reasons for the denial and the right to submit a written statement disagreeing with the denial.

Right to an Accounting of Disclosures

You have the right to request an “accounting” of our disclosures of your personal health information. This is a listing of certain disclosures of your personal health information made by us or by others on our behalf, but does not include disclosures to you, disclosures for treatment, payment and healthcare operations, and certain other exceptions. To request an accounting of disclosures, you must submit a request in writing, stating a time period that is within six years prior to the date of your request. An accounting will include, if requested: the disclosure date; the name of the person or entity that received the information and address, if known; a brief description of the information disclosed; a brief statement of the purpose of the disclosure or a copy of the authorization request; or certain summary information concerning multiple similar disclosures. The first accounting provided within a 12-month period will be free; for further requests, we may charge you our costs.

Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this notice, even if you have agreed to receive this notice electronically. You may request of copy of this notice at any time.

Right to Receive Confidential Communications

You have the right to request that we communicate with you concerning personal health matters in a certain manner or at a certain location. For example, you can request that we contact you only at a certain phone number. We will accommodate your reasonable requests.

Right to Revoke Authorization

You may revoke an authorization to use or disclose PHI, except to the extent that action has already been taken in reliance on the authorization. This request must be made in writing and should be sent to the address below.

Right to Breach Notification

In certain instances, you have the right to be notified in the event that we, or one of our business associates, discover an inappropriate use or disclosure of your PHI.  Notice of any such use or disclosure will be made in accordance with applicable federal and state requirements.

Links to Other Sites

This Policy applies only to Boston Scientific CDx Services Sites and applications that link to this Policy. Our Sites include links to both our affiliated sites and to non-Boston Scientific CDx Services web sites, including access to content, products and services of such affiliated and non-affiliated sites (Other Sites). Boston Scientific CDx Services is not responsible for the privacy practices of Other Sites. You should directly contact these Other Sites to read their privacy policies and for more information about their practices.

California Privacy Rights and Do-Not-Track Disclosures

The Boston Scientific Cardiac Diagnostics Privacy Policy for California Residents, as applicable to Boston Scientific CDx Services, provides additional information for California residents under the California Consumer Privacy Act of 2018 (CCPA).

Updates to Privacy Policy

Boston Scientific CDx Services may, in its sole discretion, update this notice by posting the amended notice on this Site and to make the new notice provisions effective for all PHI that it maintains. Changes to the notice will be available by accessing our website www.cdx.bostonscientific.com or by calling our office and requesting that a revised copy be mailed to you.

This Policy was last updated on February 8, 2024.

For More Information

If you have questions or would like additional information about our privacy practices, please call or write:


Boston Scientific Cardiac Diagnostic Services, LLC
1717 N. Sam Houston Parkway West, Suite 100
Houston, TX 77038
Attn: Corporate Privacy Officer
phone:  (281-760-0357)

E-mail: privacy@CDxBsci.com

Complaints

Individuals may file complaints concerning privacy policy violations with Boston Scientific CDx Services by writing to the address above, or directly with the Secretary of the U.S. Department of Health and Human Services, 200 Independence Avenue, SW, Washington, DC 20201. Boston Scientific CDx Services will not retaliate against an individual for filing a complaint.

© 2019 – 2023 Boston Scientific Cardiac Diagnostic Services, LLC All Rights Reserved.
* Formerly known as Preventice Services, LLC