HIPPA Privacy Notice

Notice of Privacy Practices


Avellino Lab USA, Inc., and its wholly owned subsidiaries (collectively “Avellino”) are committed to protect the privacy of your identifiable health information (“protected health information” or “PHI”). PHI is personal information unique to you, such as your name, date of birth, medical record number, social security number, and genetic information. It also includes demographic information, medical history, laboratory results, and other health information that may be collected, generated, used, and communicated by Avellino to produce genetic testing results and bill for Avellino’s testing services.

Avellino is required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to maintain the privacy of your PHI. Avellino must provide you with this notice, which describes Avellino’s legal duties, privacy practices, as well as your patient rights under the HIPAA. Avellino is required to notify affected individuals in the event of a breach involving unsecured protected health information. This notice does not apply to non-diagnostic services that PHI may perform (e.g., clinical trial testing services).

How Avellino May Use or Disclose Your Health Information

Your PHI may be used for treatment, payment, healthcare operations, or for other purposes permitted or required by law. Avellino may use and disclose your health information for the following purposes:



Avellino provides laboratory testing for physicians and other healthcare professionals, and Avellino uses your information in its testing process. Avellino discloses your health information to authorized healthcare professionals who order tests or are otherwise involved in your care and need access to your test results for treatment purposes. Examples of other treatment-related purposes include disclosure to a genetic counselor to help interpret your test results. To the extent disclosure is made to a genetic counselor for treatment purposes, Avellino does not anticipate having access to the genetic counselor’s notes. Notwithstanding, Avellino may use or disclose your genetic counseling notes to the extent required by law; for treatment, payment, or healthcare operations; to defend itself in a legal action or other proceeding brought by you; or to avert a serious threat to health or safety. Any other use or disclosure of your genetic counseling notes requires your written consent.


Avellino will use and disclose your PHI for purposes of billing and payment. For example, Avellino may disclose your PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to obtain payment for Avellino’s services. If you are a minor or otherwise insured under another person’s health insurance policy (for example, parent, spouse, domestic partner, or a former spouse), Avellino may also send invoices to the subscriber whose policy covers your health services.

Healthcare Operations

Avellino may use and disclose your PHI for activities necessary to support its healthcare operations, such as performing quality checks on testing, internal audits, arranging for legal services, or developing reference ranges for tests.


Business Associates

Avellino may provide your PHI to third-party companies or individuals that need the information to provide services. For example, Avellino may provide information to companies that assist with billing. Avellino may use an outside collection agency to obtain payment to the extent necessary. These third-party entities are known as “business associates” under the law and, as a result, are also required to maintain the privacy and security of PHI.


Law Enforcement Activities and Legal Proceedings

Avellino may use and disclose your PHI, if necessary, to prevent or lessen a serious threat to your health and safety or that of the general public. To the extent so required, Avellino may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person.

Avellino may also disclose PHI to appropriate agencies, as required under the law, if it reasonably believes an individual to be a victim of abuse, neglect, or domestic violence. Avellino may also disclose your PHI as required to comply with a subpoena, court or administrative order, or other legal process.



Avellino may disclose PHI for research purposes when an Institutional Review Board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of your PHI and determined that the researcher does not need to obtain your authorization prior to using your PHI for research purposes. Avellino may also disclose information about decedents to researchers under certain circumstances.



Avellino will never sell your PHI to any third party without your express written consent.


As Required by Law

Avellino may use and disclose your PHI as required by law. For all of the purposes articulated herein, when state or municipal law is more restrictive than federal law, Avellino is required to and will follow the more restrictive law.


Other Uses and Disclosures

Avellino may disclose your PHI for public health-related activities -eg, reporting diseases to authorized public health authorities; public health investigations; or notifying a manufacturer of a product regulated by the U.S. Food and Drug Administration of a possible problem encountered when using the product in Avellino’s testing process.

Avellino may disclose your PHI to a healthcare oversight agency for activities that are authorized by law, such as audits, investigations, inspections, and licensure activities. For example, Avellino may disclose your PHI to agencies responsible for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.


Your Rights Regarding Your Medical Information

Right to Receive Test Information

You, or your authorized or designated personal representative, have the right to inspect and copy the PHI maintained by Avellino. Avellino may deny access to certain information for specific reasons, for example, if the access requested is reasonably likely to endanger the life or safety of you or another person. If your request for information is denied, you may request that the denial be reviewed.


Right to Amend Health Information

You may request amendments to your PHI by making a written request. However, Avellino may deny the request in some cases (such as if Avellino determines that the PHI is accurate), in which case Avellino will provide you with a written explanation of the reason for the denial and additional information regarding further actions that you may take.


Right to an Accounting of Disclosures

You have the right to receive a list of certain disclosures of your PHI made by Avellino in the past 6 years from the date of your written request. Under the law, this does not include disclosures made for purposes of treatment, payment, or healthcare operations or certain other purposes.

Right to Request Restrictions

You have the right to request restrictions on Avellino’s use and disclosure of your PHI. While Avellino will consider all requests for additional restrictions carefully, it is not required to agree to a requested restriction except for payment or operations restrictions where payment has been made “out-of-pocket” and paid-in-full. If Avellino agrees to a requested restriction, you will be notified in writing.

Right to Request Confidential Communications

You have the right to request that Avellino send your health information by alternative means or to an alternative address, and Avellino will accommodate reasonable requests.

Right to a Copy of this Notice

You have the right to obtain a paper copy of this notice upon request.

How to Exercise Your Rights

You may write or send an email to Avellino with your specific request, including requesting a form to complete to obtain a copy of your test results. Avellino will consider your request and provide you a response.

Information Breach Notification

Avellino is required to notify you following the discovery of a breach of unsecured PHI, unless there is a demonstration, based on a risk assessment, that there is a “low probability” that the PHI has been compromised. You will be notified in a timely fashion, no later than 60 days after discovery of the breach.


If you believe your privacy rights have been violated, you have the right to file a complaint with Avellino. You also have the right to file a complaint with the Secretary of the US Department of Health and Human Services, Office for Civil Rights. Avellino will not retaliate against any individual for filing a complaint. To file a complaint with Avellino, or should you have any questions about this notice, send an email to Privacy@Avellino.com, or write to Avellino at the following address: Avellino Lab USA, Inc., ATTN: Privacy Office, 4300 Bohannon Drive, Menlo Park, California 94025 USA.

Changes to this Privacy Notice

Avellino reserves the right to change its privacy practices and the terms of this notice at any time, provided such changes are permitted by applicable law. Avellino will promptly post any changes to this notice on its website at www.avellino.ai. Please review this website periodically to ensure that you are aware of any updates.

Questions About This Notice

If you have any questions about this supplemental Notice, please refer to the main Privacy Notice for more information. You may also contact us:

Avellino Lab USA, Inc.

ATTN: Privacy Office
4300 Bohannon Drive
Menlo Park, CA 94025 USA