HIPAA
CareNexa HIPAA Notice of Privacy Practices (PHI)
Effective date: October 22, 2025
This Notice describes how your Protected Health Information (PHI) may be used and disclosed and how you can get access to this information. Please review it carefully.
Our Duties
- Maintain the privacy and security of your PHI.
- Provide you with this Notice and follow it.
- Notify you if a breach of unsecured PHI occurs.
- Use or disclose only the minimum necessary PHI for routine purposes.
How We May Use and Disclose PHI Without Your Authorization
We may use or disclose PHI for:
Treatment
To process your sample and deliver educational results through our CLIA-certified, CAP-accredited laboratory partner and wellness network.
Payment
To bill you or a responsible party, process refunds, or confirm eligibility for permitted programs.
Health Care Operations
For quality assessment, accreditation, auditing, training, and compliance.
Public Health and Safety
To authorized public health authorities; to prevent or lessen a serious threat to health or safety; for product recalls; for reporting when required by law.
Health Oversight and Legal
To health oversight agencies, law enforcement, courts, or regulators as permitted or required by law.
Business Associates
To contractors that perform services on our behalf under written agreements requiring HIPAA safeguards.
Research and Analytics Using De-Identified Data
We may use or disclose de-identified information that does not identify you.
Other uses and disclosures will be made only with your written authorization. You may revoke an authorization at any time in writing, except to the extent we have already relied on it.
Your Rights Regarding PHI
You have the right to:
Access and Copies
Request to see or get a copy of your test report and certain records in the format we maintain or a reasonable alternative.
Amend
Request we correct PHI that you believe is incorrect or incomplete. If we deny your request, we will tell you why in writing.
Accounting of Disclosures
Request a list of certain disclosures of your PHI made in the past six years, excluding those for treatment, payment, and operations, and other limited exceptions.
Request Restrictions
Ask us to limit how we use or share PHI for treatment, payment, or operations. We are not required to agree except for disclosures to a health plan for services you paid for in full out-of-pocket.
Confidential Communications
Request we contact you in a specific way (for example, at a different address or phone number). We will accommodate reasonable requests.
Paper or Electronic Copy of This Notice
Request a paper copy even if you received this Notice electronically.
To exercise any right, contact our Privacy Office (see Contact section). We will respond within the timeframes required by HIPAA.
Genetic Information
We treat genetic data as PHI. We do not use or disclose your identifiable genetic information for employment decisions or health insurance underwriting.
Data Retention and Disposal
We retain PHI only as long as required for testing, quality, and legal obligations. When retention ends, PHI is securely destroyed or de-identified.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with CareNexa's Privacy Office. You will not be retaliated against for filing a complaint.
Contact
CareNexa Privacy Office
Email: support@carenexa.health
We may change the terms of this Notice and make the new Notice effective for all PHI we maintain. The effective date above shows when it last changed.
Disclaimer:
For informational and educational purposes only. Not a medical device or diagnostic service.