Privacy Practices

This notice describes how information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

At Progenix, we are committed to treating and using protected health information about you responsibly. This Notice of Privacy Practices describes the personal information we collect, and how and when we use or disclose that information. It also describes your rights as they relate to your protected health information. This Notice is effective January 1, 2011 and applies to all protected health information as defined by federal regulations.

Understanding Your Health Record/Information
Each time you receive equipment from Progenix, a record is made. Typically, this record contains your symptoms, examination and test results, diagnosis, treatment, and a plan for future care or treatment. This information, often referred to as your health or medical record, serves as:

Understanding what is in your record and how your health information is used helps you to: ensure its accuracy, better understand who, what, when, where, and why others may access your health information, and make more informed decisions when authorizing disclosures to others.

Your Health Information Rights
Although your health record is the physical property of Progenix, the information belongs to you. You have the right to:

Examples of Disclosures for Treatment, Payment, and Health Operations
Progenix may disclose your information without your specific authorization in the following circumstances:

We will use your health information for treatment. For example: Information obtained by a nurse, physician, physical therapist, or other member of your health team will be recorded in your record and used to determine the course of treatment that should work best for you. Your physician will document in your record his/her expectations of the members of your health care team (including orders for equipment), who will then record the actions they took and their observations and your response to the therapy. In that way, the physician will know how you are responding to treatment.

We will use your health information for payment. For example: A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and equipment/supplies used.

We will use your health information for regular health operations. For example: The risk management or quality improvement team may use information in your health record in an effort to continually improve the quality and effectiveness of the care, products and services we provide. We may use your billing information for review by our compliance department.

Other Required or Permitted Disclosures:

Our Responsibilities
Progenix is required to:

We will obtain your written authorization before using or disclosing your health information for purposes other than those listed in this notice or otherwise permitted or required by law. You may revoke an authorization in writing at any time. Upon receipt of a written revocation, we will discontinue using or disclosing your health information, except to the extent that we have already taken action in reliance on the authorization.

We reserve the right to change our practices and to make the new provisions effective for all protected health information we maintain. Should our information practices change, a copy of the revised notice will be available on our website, from any of our sales representatives, from our Privacy Officer at 703-383-0889, or by writing to us at the address at:

Progenix, LLC
PO Box 4070
Oakton, VA 22124
Attention: Privacy Officer

HITECH Amendments
Progenix is including HITECH Act provisions to its Notice as follows:

HITECH Notification Requirements Under HITECH, Progenix is required to notify patients whose PHI has been breached. Notification must occur by first class mail within 60 days of the event. A breach occurs when an unauthorized use or disclosure that compromises the privacy or security of PHI poses a significant risk for financial, reputational, or other harm to the individual. This notice must: (1) Contain a brief description of what happened, including the date of the breach and the date of discovery; (2) The steps the individual should take to protect themselves from potential harm resulting from the breach; (3) A brief description of what Progenix is doing to investigate the breach, mitigate losses, and to protect against further breaches.

Business Associates
Progenix Business Associate Agreements have been amended to provide that all HIPAA security administrative safeguards, physical safeguards, technical safeguards and security policies, procedures, and documentation requirements apply directly to the business associate.

Cash Patients/Clients
HITECH states that if a patient pays in full for their services out of pocket they can demand that the information regarding the service not be disclosed to the patient's third party payer since no claim is being made against the third party payer.

Access to E-Health Records
HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct Progenix to send the e-health record directly to a third party. Progenix may only charge for labor costs under the new rules.

Accounting of E-Health Records for Treatment, Payment, and Health
Progenix does not currently have to provide an accounting of disclosures of PHI to carry out treatment, payment, and health care operations. However, starting January 1, 2014, the Act will require Progenix to provide an accounting of disclosures through an e-health record to carry out treatment, payment, and health care operations. This new accounting requirement is limited to disclosures within the three-year period prior to the individual's request.

Examples of Disclosure for Treatment, Payment, and Healthcare Operations:
We will use your health information for treatment. Information obtained by our company will be documented in your healthcare record and will be used to provide you with durable medical equipment and/or supplies. The prescription that your physician has ordered will be part of the record and will determine the equipment and supplies that you receive.

We will use your health information for payment. In order to determine your eligibility for equipment and/or supplies, Progenix may contact your insurance company and disclose healthcare related information. Also, Progenix will bill you or a third-party payer for services that you receive from our company. The health information that identifies you, your diagnosis, equipment, and supplies may be included on this bill.

We will use your health information for healthcare operations. Progenix may use your health information to evaluate the quality of care you receive from us, to conduct cost management assessments, and to plan business activities. This information is used in an effort to continually improve the quality and effectiveness of the healthcare services we provide.

Other Uses or Disclosures:
Business Associates: There are some individuals who are under contract with Progenix and, from time to time, are engaged in the improvement or financial enhancement of our business. So that your health information is protected, however, we require any business associate to appropriately safeguard your information.

Public Health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability.Law Enforcement: We may disclose health information for law enforcement purposes as required by law, or in response to a valid subpoena.

Health Oversight Activities: We may disclose health information to health oversight agencies for activities authorized by law, including surveys, audits, and compliance inspections.Worker's Compensation: We may release your health information to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.

For More Information or to Report a Problem
If you have questions and would like additional information, you may contact the company's Privacy Officer at 703-383-0889.

If you believe your privacy rights have been violated, you can file a complaint with the company's Privacy Officer, or with the Office for Civil Rights, U.S. Department of Health and Human Services. There will be no retaliation against any individual for filing a complaint. The address for the OCR is: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Room 509F, HHH Building, Washington, D.C. 20201.