NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Laboratory Sciences of Arizona and it’s subsidiary, Sonora Quest Laboratories, are committed to protecting the confidentiality of individuals’ laboratory test results and other protected health information (PHI) that we collect or create as part of our diagnostic testing activities.

We urge you to read this Notice of Privacy Practices carefully so that you will understand both our commitment to you and your privacy, and how you can participate in that commitment. Should you have any questions about this notice or our privacy practices, please call us at (602) 685-5343 or (800) 766-6721 or write to us at the following address:

Sonora Quest Laboratories/Laboratory Sciences of Arizona Attn: Privacy and Data Security Officer 1255 West Washington Street Tempe, Arizona 85281

This Notice is Effective as of: March 1, 2003

About Our Laboratories’ Privacy Policy

Our laboratory and its employees must obtain, maintain, use and disclose patient protected health information (PHI) in a manner that protects patient privacy and complies with all state and federal laws. We may only use or disclose the minimum amount of PHI necessary to perform a job or complete an activity.

We are required by law to provide patients with this Notice of Privacy Practices with respect to PHI, to maintain the privacy of PHI, to state the uses and disclosures of PHI that may be generated, and to list the rights of individuals and our legal duties with respect to their PHI. Your PHI includes medical information we obtain from your physician (such as name, address, date of birth, test ordered, etc.), health plan, or other sources, and the laboratory testing results that we create. An example of PHI is as follows: Jane Smith, Date of Birth: 2/15/68, resides at 123 Main Street, Anytown, AZ, cholesterol of 215 ng/ml.

We are required to abide by the terms of the Notice of Privacy Practices currently in effect and reserve the right to apply any changes to our policies and procedures to PHI created or received prior to the effective date of the Notice revision. The current Notice will be displayed on our website.

How we obtain and maintain your Protected Health Information

We obtain PHI from payers and, through the processing of testing orders, from physicians or other authorized persons who order laboratory tests. As a result of our testing activities, we create PHI -- laboratory results. We are required by law to maintain the PHI we collect and create for various reasons, including regulatory requirements, medical documentation, and laboratory certification and accreditation purposes. Whether your PHI is stored on paper, on a computer, or using other means, we will take reasonable care to maintain this information in a manner that will protect your privacy and confidentiality and the privacy and security of your PHI.

How we protect the privacy of your Protected Health Information

We protect the privacy of your PHI by training our employees and by requiring them to comply with company policies and procedures that allow access to and uses and disclosures of your PHI only for legitimate reasons. We verify the identity and check the authority of persons requesting PHI. We check that the appropriate information is provided to the requestor through a verification procedure, that is, by matching the information that the requestor must provide to us in advance with the information in our records. If the requestor cannot provide adequate information or the information provided does not match our records, we will not release your PHI. If the requestor is the patient, we will refer the requestor to his or her physician (or authorized person) to obtain the PHI. Our employees must comply with detailed policies and procedures regarding access to, and uses and disclosures of patients’ PHI. Our employees are required to use and disclose only the minimum amount of PHI needed for payment or other legitimate uses for our health care operations. Violation of these company policies or procedures is grounds for disciplinary action, up to and including termination of employment.

How we use and disclose your Protected Health Information

Your PHI will only be used or disclosed for treatment, payment, or healthcare operations purposes and other disclosures permitted or required by law, unless you send us written authorization permitting us to use or disclose your PHI for other purposes. You have the right to revoke your authorization at any time.

For Treatment: We may use your PHI or disclose your PHI to physicians and other authorized health care professionals who may need access to your PHI in order to treat you effectively. For example, in addition to your treating physician, we may provide a specialist consulting physician with information about your results to further validate the results before release to your physician.

For Payment: We may use your PHI or disclose your PHI to insurance companies, hospitals, physicians, health plans, or third parties to assist us in creating bills or claim forms for getting paid for our services. For example, we may send your name, date of service, test performed, diagnosis code, and other information to a health plan so that the plan will pay us for the services we provided.

For Healthcare Operations: We may use or disclose your PHI in the course of activities necessary to support our health care operations, such as performing quality checks on our testing, for teaching purposes, or for developing normal reference ranges for tests that we perform.

Disclosures to Business Associates: We may disclose your PHI to other companies or individuals who need your PHI in order to provide specific services to us. These other entities, known as “business associates,” must comply with strict contractual standards designed to ensure that they will maintain the privacy and security of the PHI we provide to them or which they create on our behalf. Our business associates must only use your PHI for designated treatment, payment, or health care operations purposes that we contract them to perform on our behalf. For example, we may disclose your PHI to the College of American Pathologists and other private accrediting organizations that inspect and certify the quality of our laboratories.

As Permitted or Required by Law: We may release your PHI for various public policy reasons that are authorized or required by law.

Public Health: We may disclose your PHI when reporting communicable disease results to public health departments as required by law.

Health Oversight: We may disclose your PHI in connection with governmental oversight, licensure, auditing, and other purposes. For example, governmental agencies periodically review our records to ensure that we are complying with the rules of various regulatory and licensing agencies. The U.S. Department of Health and Human Services and state Health Departments are examples of agencies that oversee aspects of our operations. Government agencies, such as OSHA or the FDA may require us to provide PHI in connection with an investigation or other proceeding.

Law Enforcement: We may also disclose PHI for law enforcement purposes. For example, we may be required to release PHI to identify or locate a suspect, fugitive, material witness, or missing person.

Public Safety: When the appropriate conditions apply, we may use or disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

Specialized Government Functions: We may disclose your PHI for military, national security, prisoner and government benefits (for health plans only) purposes.

Other: Here are other situations where, typically, the law permits or requires us to disclose your PHI:

• Various state and federal laws permit or require disclosure of PHI. For example, workers compensation programs may require that we provide the results of laboratory testing as part of the case file.
• Subpoenas, court orders, discovery requests or other legal process may require the disclosure of PHI in the context of a lawsuit or other legal proceeding.
• In cases where state law is more restrictive than federal law, we are required to follow the more restrictive state law; for example, in the state of Arizona, we are not permitted to release laboratory test results directly to a patient.

We may contact you for specific reasons

Sometimes, we may want to contact you regarding health-related products or services that may be of interest to you, such as to direct or recommend alternative treatments, therapies, health care providers, or settings of care or to tell you about other health-related products or services offered by our organization. You have the right to opt out of programs that we offer. In other cases, we will contact you to obtain your authorization before using or disclosing your PHI for marketing purposes.

Your rights concerning privacy and confidentiality

Access: You or your authorized or designated personal representative has the right to inspect your PHI. We will deny access to certain information for specific reasons, for example, where state law prohibits such patient access.

Amendments: You have the right to request amendments to your PHI (but not to require us to make the requested amendments).

Accounting: You have the right to receive an accounting of disclosures of your PHI that were made by us for a period of up to six years prior to the date of your written request, but not including any disclosures made prior to April 14, 2003 when the Privacy Rule went into effect. This accounting does not include disclosures made for purposes of treatment, payment, health care operations, or certain other excluded purposes, but includes other types of disclosures, including disclosures for public health reporting or in response to a subpoena or court order.

Restrictions: You have the right to request that we agree to restrictions on certain uses and disclosures of your PHI, but we are not required to agree to your request.

Confidential Communications: You have the right to request that we send your PHI to an alternate address.

Notice of Privacy Practices: You have the right to request a paper copy of this Notice.

Complaints: If you believe your privacy rights have been violated, you have the right to register a complaint with us or the U.S. Department of Health and Human Services. We will not retaliate against any individual for filing a complaint. You may file a complaint by calling us at (602) 685-5000 or (800) 766-6721, or by writing to us at the address located at the beginning of this Notice.

How to exercise your rights: Write to us with your specific written request and be sure to include sufficient information for us to identify all of your records. You may also contact us at the telephone number below to request an access form. We will consider your request and provide you a response within a reasonable timeframe. Should we deny your request, you have the right to ask for the denial to be reviewed by another healthcare professional designated by us. For additional details, or for instructions regarding how to exercise these rights, contact us, at: (602) 685-5000 or (800) 766-6721.

You may request a copy of this Notice in electronic and/or paper form by contacting us at (602) 685-5000 or (800) 766-6721, or by visiting our Website at www.sonoraquest.com.

We reserve the right to amend this Notice of Privacy Practices, at any time, to reflect changes in our privacy practices and these changes will apply retroactively. Any such changes will be applicable to and effective for all Protected Health Information (PHI) that we maintain, including PHI we created or received prior to the effective date of the notice revision. Additional copies and the current version of this Notice of Privacy Practices may be obtained by visiting our website: http://www.sonoraquest.com.