![](/wp-content/uploads/2022/03/logocapital.png")
Introduction
Purpose:
At Capital Health Laboratory, we are committed to protecting the privacy and security of our patients’ personal and medical information. This Web Security and Privacy Policy outlines our practices for collecting, using, and safeguarding your data when you interact with us online or offline.
Scope:
This policy applies to all employees, contractors, and third-party service providers of Capital Health Laboratory and covers all personal and medical data collected, stored, and processed by the laboratory.
Data Collection and Use
Types of Data Collected:
We collect the following types of information:
- Personal identification information (e.g., name, address, phone number, email address)
- Medical records and health information (e.g., test results, diagnoses)
- Financial and billing information (e.g., insurance details, payment information)
Purpose of Data Collection:
The data we collect is used to:
- Provide medical testing and diagnostic services
- Communicate with patients and healthcare providers
- Process payments and insurance claims
- Conduct research and improve our services
Consent:
We obtain explicit consent from patients for the collection and use of their personal and medical information, in accordance with applicable laws and regulations.
Data Protection Measures
Access Control:
Access to sensitive data is restricted to authorized personnel only. We implement role-based access controls to ensure that individuals can only access the data necessary for their job functions.
Encryption:
All personal and medical data is encrypted both in transit and at rest to protect against unauthorized access.
Secure Data Storage:
We utilize secure servers, firewalls, and regular security audits to protect data storage. Physical security measures are also in place to protect our facilities and equipment.
Data Anonymization:
When possible, we anonymize data for research and other purposes to protect patient privacy.
Data Sharing and Disclosure
Third-Party Sharing:
We may share data with third-party service providers, such as other healthcare providers, insurance companies, and research institutions, only when necessary and with appropriate safeguards. These third parties are required to comply with our privacy and security standards.
Legal Requirements:
We may disclose personal information if required by law or to comply with legal processes, such as subpoenas or court orders.
User Rights and Controls
Access and Correction:
Patients have the right to access their personal and medical information. Requests for access or corrections can be made by contacting us at the information provided below.
Data Portability:
Patients can request a copy of their data or transfer it to another healthcare provider.
Deletion and Retention:
We retain personal and medical data only as long as necessary for the purposes for which it was collected. Data is securely deleted when no longer needed.
Security Breach Response
Incident Response Plan:
In the event of a data breach, we will take immediate action to contain the breach, investigate the incident, notify affected individuals, and implement corrective measures.
Reporting and Accountability:
We will report any significant breaches to relevant authorities and affected individuals as required by law.
Employee Training and Responsibilities
Training Programs:
All employees receive training on data protection and security best practices. Regular refresher courses are provided to keep staff updated on the latest security measures.
Confidentiality Agreements:
Employees and contractors are required to sign confidentiality agreements acknowledging their responsibilities in handling sensitive data.
Policy Review and Updates
Regular Review:
This policy is reviewed and updated regularly to ensure compliance with legal requirements and industry standards.
Notification of Changes:
Any significant changes to this policy will be communicated to our patients, employees, and other stakeholders through our website and other appropriate channels.
Contact Information
For any questions or concerns about this policy or your data, please contact:
Privacy Officer, Capital Health Laboratory
Email: [email protected]
Phone: 732.695.4700
Address: 152 route 35 Aberdeen NJ 07735 Ste 2
Legal and Regulatory Compliance
This policy is in compliance with all relevant laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), as applicable.