This Notice Describes How Medical Information About You May Be Used and Disclosed
Please review it carefully. This notice applies to all health-related information collected through AltaLumé's ADHD testing services, including IVA-2 Continuous Performance Test results and associated reports.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes national standards to protect individuals' medical records and other personal health information. HIPAA gives patients important rights over their health information and sets limits on who can access it.
AltaLumé Mental Health maintains administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of protected health information (PHI) in accordance with HIPAA and applicable state privacy laws.
How We May Use and Disclose Your Health Information
AltaLumé may use and disclose your protected health information for the following purposes without requiring your separate written authorization:
Testing & Service Delivery
We use your information to administer the IVA-2 Continuous Performance Test, generate your attention and response-control report, and deliver results to you.
Healthcare Operations
We may use your information for internal operations such as quality assurance, staff training, and improving our testing services.
Collaborative Care
With your consent, we may share your testing report with your primary care provider (PCP), psychiatrist, or other treating clinician to support a comprehensive evaluation.
Legal & Regulatory Compliance
We may disclose your information as required by law, including in response to court orders, subpoenas, or requests from public health authorities.
Business Associates
We may share information with trusted vendors (e.g., testing software platforms, data storage providers) who are contractually obligated to protect your information under a Business Associate Agreement.
Uses Requiring Your Written Authorization
Other uses and disclosures of your health information not described in this notice will be made only with your written authorization, including:
- Marketing communications
- Sale of your health information
- Disclosure to employers or insurance companies (unless required by law)
- Any use not otherwise permitted under HIPAA
Your Rights Under HIPAA
You have the following rights regarding your protected health information. To exercise any of these rights, please contact us using the information below.
Right to Access
You have the right to access and obtain a copy of your health information that we maintain.
Right to Amend
You may request corrections to your health information if you believe it is inaccurate or incomplete.
Right to an Accounting
You have the right to receive a list of certain disclosures we have made of your health information.
Right to Restrict
You may request restrictions on how we use or disclose your health information for treatment, payment, or operations.
Right to Confidential Communications
You may request that we communicate with you about your health information in a specific way or at a specific location.
Right to Revoke Authorization
If you have given us authorization to use or disclose your health information, you may revoke that authorization in writing at any time.
How We Protect Your Information
AltaLumé implements comprehensive safeguards to ensure the security and confidentiality of your protected health information.
Technical Safeguards
Encryption of data in transit and at rest, access controls, and audit logs to monitor access to protected health information.
Physical Safeguards
Controlled facility access, workstation security policies, and device and media controls to prevent unauthorized physical access.
Administrative Safeguards
Staff training on HIPAA requirements, designated privacy officer, risk assessments, and written policies and procedures.
Business Associate Agreements
All third-party vendors who handle protected health information are required to sign Business Associate Agreements (BAAs) ensuring HIPAA compliance.
Breach Notification
In the event of a breach of unsecured protected health information, AltaLumé will notify affected individuals without unreasonable delay and no later than 60 days following discovery of the breach, as required by the HIPAA Breach Notification Rule.
Notification will be provided via the contact information you have on file with us. If the breach affects 500 or more individuals in a state or jurisdiction, we will also notify prominent media outlets and the Secretary of the U.S. Department of Health and Human Services (HHS).
How to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with AltaLumé or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.
To file a complaint with HHS:
www.hhs.gov/hipaa/filing-a-complaintContact Our Privacy Officer
For questions about this notice, to exercise your rights, or to file a complaint, please contact us:
AltaLumé Mental Health
Privacy Officer