HIPAA Notice

Last Updated: August 31, 2025

1. Notice of Privacy Practices (HIPAA)

This Notice explains how Ubertests, LLC (“Ubertests,” “we,” “us,” or “our”) uses and discloses your Protected Health Information (“PHI”), your rights over your PHI, and our responsibilities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). It applies when we arrange or deliver laboratory testing and related telehealth services with our physician-of-record network and laboratory partners (e.g., Labcorp).

Summary: We use your PHI to place lab orders, deliver results, process payment, and run our service. Some uses require your written authorization. You have rights to access, receive copies, request amendments, restrict certain disclosures, and choose how we contact you.

2. What Counts as PHI (and What Doesn’t)

  • PHI: Information that identifies you and relates to your past, present, or future physical/mental health, care, or payment—e.g., lab orders and results, date of birth, identifiers, information provided for telehealth.
  • Not PHI: De-identified or aggregated data (cannot reasonably identify you) and general website analytics that are not tied to your clinical records. We do not store or transmit lab results via marketing pixels.

3. How We May Use and Disclose PHI Without Your Written Authorization

  • Treatment: Coordinate your care, including sharing necessary information with our physician-of-record network and laboratories to place orders and deliver results.
  • Payment: Process payments and prevent fraud (e.g., provide limited info to a payment processor to complete a transaction).
  • Health Care Operations: Quality assurance, auditing, customer support, training, compliance, and improving services.
  • Business Associates: Vendors (e.g., secure hosting, email delivery) under Business Associate Agreements must safeguard PHI.
  • Public Health & Safety: As required or permitted by law (e.g., certain reportable conditions, FDA/public-health activities).
  • Health Oversight, Law Enforcement, Legal Requests: To comply with subpoenas, court orders, investigations, or avert serious threats to health or safety.
  • Research (limited): With Institutional Review Board/Privacy Board approval or using de-identified data.
  • Other Situations: Organ/tissue donation, coroners/medical examiners, workers’ compensation, and certain specialized government functions when applicable.

6. Our Responsibilities

  • Maintain the privacy and security of your PHI; provide this Notice; and follow it.
  • Notify you promptly of certain breaches that may have compromised your PHI.
  • Not use or share your PHI other than as described here unless you authorize us in writing; you may revoke that authorization.

7. Your Choices

  • Request additional limits on certain uses and disclosures.
  • Request alternative communication methods (e.g., a different email or mailing address).
  • Ask us not to share information with a health plan for payment/operations when you pay out-of-pocket in full.

8. Electronic Communications & Privacy

  • Secure Account: Results and order information are delivered through your secure account.
  • Email/Chat: Avoid sending PHI via regular email or chat. If you do, you accept the risks of unencrypted communication.
  • Cookies/Analytics: Website analytics are de-identified from clinical results systems; PHI is not stored or transmitted via marketing pixels.
  • De-identification: We may de-identify PHI for quality and analytics; de-identified data is not PHI.

9. State Laws and Partner Notices

Some states give extra protections (e.g., for HIV, genetic, mental health, or substance-use information). Where state law is more protective, we follow state law. Our physician group(s) and laboratories (e.g., Labcorp) are independent covered entities with their own Notices of Privacy Practices that apply when they handle your PHI.

10. Changes to This Notice

We may change this Notice at any time. The updated Notice applies to all PHI we maintain, including PHI created before the change. We will post the current Notice on our website with a new “Last Updated” date.

11. How to Contact Us (Requests, Questions, Complaints)

Ubertests – Privacy Office
[Company Address]
[City, State ZIP]
Email: privacy@ubertests.com
Phone: [Support Phone] (Mon–Fri, [Hours, Time Zone])

Requests: To access, amend, restrict, or receive an accounting of disclosures, contact us via the email or address above. We may need to verify your identity and, if applicable, your authority as a personal representative.

12. U.S. Department of Health & Human Services – Office for Civil Rights

You may also file a complaint with the U.S. Department of Health & Human Services, Office for Civil Rights (OCR). We will not retaliate if you file a complaint.
Phone: 1-800-368-1019 • TDD: 1-800-537-7697
Online: Search for “HHS OCR Complaint Portal”.

13. Additional Information We Are Required to Provide

  • Fundraising: We do not use PHI for fundraising.
  • Sale of PHI: We do not sell PHI.
  • Marketing: We do not use or disclose PHI for paid third-party marketing without your written authorization.
  • Minimum Necessary: We make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose.

14. Non-HIPAA Personal Information

Personal data collected for account management, checkout, or marketing that is not PHI is governed by our separate Privacy Policy.

Legal disclaimer: This template is not legal advice. HIPAA, state laws, and partner obligations may require edits. Please have counsel review before publishing.